+in aux : ∀l1,l2,m.∃z.∀s.spec s l1 l2 m z); unfold spec;
+[9: clearbody aux; unfold spec in aux; clear spec;
+ cases (q_cmp s1 s2);
+ [1: cases (aux l1 l2 (S (len l1 + len l2)));
+ cases (H1 s1 (le_n ?)); clear H1;
+ exists [apply 〈mk_q_f s1 (\fst w), mk_q_f s2 (\snd w)〉] split;
+ [1,2: assumption;
+ |3: intro; apply (H3 input);
+ |4: intro; rewrite > H in H4;
+ rewrite > (H4 input) in ⊢ (? ? % ?); reflexivity;]
+ |2: letin l2' ≝ (〈\fst (unpos (s2-s1) ?),OQ〉::l2);[
+ apply q_lt_minus; rewrite > q_plus_sym; rewrite > q_plus_OQ;
+ assumption]
+ cases (aux l1 l2' (S (len l1 + len l2')));
+ cases (H1 s1 (le_n ?)); clear H1 aux;
+ exists [apply 〈mk_q_f s1 (\fst w), mk_q_f s1 (\snd w)〉] split;
+ [1: reflexivity
+ |2: assumption;
+ |3: assumption;
+ |4: intro;
+ rewrite > (initial_shift_same_values (mk_q_f s2 l2) s1 H input) in ⊢ (? ? % ?);
+ rewrite < (H4 input)in ⊢ (? ? ? %); reflexivity;]
+ |3: letin l1' ≝ (〈\fst (unpos (s1-s2) ?),OQ〉::l1);[
+ apply q_lt_minus; rewrite > q_plus_sym; rewrite > q_plus_OQ;
+ assumption]
+ cases (aux l1' l2 (S (len l1' + len l2)));
+ cases (H1 s2 (le_n ?)); clear H1 aux;
+ exists [apply 〈mk_q_f s2 (\fst w), mk_q_f s2 (\snd w)〉] split;
+ [1: reflexivity
+ |2: assumption;
+ |4: assumption;
+ |3: intro; simplify in ⊢ (? ? ? (? ? ? (? ? ? (? % ?))));
+ rewrite > (initial_shift_same_values (mk_q_f s1 l1) s2 H input) in ⊢ (? ? % ?);
+ rewrite < (H3 input) in ⊢ (? ? ? %); reflexivity;]]
+|1,2: unfold rest; apply q_lt_minus; rewrite > q_plus_sym; rewrite > q_plus_OQ;
+ assumption;
+|8: intros; cases (?:False); apply (not_le_Sn_O ? H1);
+|3: intros; generalize in match (unpos ??); intro X; cases X; clear X;
+ simplify in ⊢ (???? (??? (??? (??? (?? (? (?? (??? % ?) ?) ??)))) ?));
+ simplify in ⊢ (???? (???? (??? (??? (?? (? (?? (??? % ?) ?) ??))))));
+ clear H4; cases (aux (〈w,\snd b〉::l4) l5 n1); clear aux;
+ cut (len (〈w,\snd b〉::l4) + len l5 < n1) as K;[2:
+ simplify in H5; simplify; rewrite > sym_plus in H5; simplify in H5;
+ rewrite > sym_plus in H5; apply le_S_S_to_le; apply H5;]
+ split;
+ [1: simplify in ⊢ (? % ?); simplify in ⊢ (? ? %);
+ cases (H4 s K); clear K H4; intro input; cases input; [reflexivity]
+ simplify; apply H7;
+ |2: simplify in ⊢ (? ? %); cases (H4 s K); clear H4 K H5 spec;
+ intro;
+ (* input < s + b1 || input >= s + b1 *)
+ |3: simplify in ⊢ (? ? %);]
+|4: intros; generalize in match (unpos ??); intro X; cases X; clear X;
+ (* duale del 3 *)
+|5: intros; (* triviale, caso in cui non fa nulla *)
+|6,7: (* casi base in cui allunga la lista più corta *)
+]
+elim devil;
+qed.
+
+include "Q/q/qtimes.ma".
+
+let rec area (l:list bar) on l ≝
+ match l with
+ [ nil ⇒ OQ
+ | cons he tl ⇒ area tl + Qpos (\fst he) * ⅆ[OQ,\snd he]].
+
+alias symbol "pi1" = "exT \fst".
+alias symbol "minus" = "Q minus".
+alias symbol "exists" = "CProp exists".
+definition minus_spec_bar ≝
+ λf,g,h:list bar.
+ same_bases f g → len f = len g →
+ ∀s,i:ℚ. \snd (\fst (value (mk_q_f s h) i)) =
+ \snd (\fst (value (mk_q_f s f) i)) - \snd (\fst (value (mk_q_f s g) i)).
+
+definition minus_spec ≝
+ λf,g:q_f.
+ ∃h:q_f.
+ ∀i:ℚ. \snd (\fst (value h i)) =
+ \snd (\fst (value f i)) - \snd (\fst (value g i)).
+
+definition eject_bar : ∀P:list bar → CProp.(∃l:list bar.P l) → list bar ≝
+ λP.λp.match p with [ex_introT x _ ⇒ x].
+definition inject_bar ≝ ex_introT (list bar).
+
+coercion inject_bar with 0 1 nocomposites.
+coercion eject_bar with 0 0 nocomposites.
+
+lemma minus_q_f : ∀f,g. minus_spec f g.
+intros;
+letin aux ≝ (
+ let rec aux (l1, l2 : list bar) on l1 ≝
+ match l1 with
+ [ nil ⇒ []
+ | cons he1 tl1 ⇒
+ match l2 with
+ [ nil ⇒ []
+ | cons he2 tl2 ⇒ 〈\fst he1, \snd he1 - \snd he2〉 :: aux tl1 tl2]]
+ in aux : ∀l1,l2 : list bar.∃h.minus_spec_bar l1 l2 h);
+[2: intros 4; simplify in H3; destruct H3;
+|3: intros 4; simplify in H3; cases l1 in H2; [2: intro X; simplify in X; destruct X]
+ intros; rewrite > (value_OQ_e (mk_q_f s []) i); [2: reflexivity]
+ rewrite > q_elim_minus; rewrite > q_plus_OQ; reflexivity;
+|1: cases (aux l2 l3); unfold in H2; intros 4;
+ simplify in ⊢ (? ? (? ? ? (? ? ? (? % ?))) ?);
+ cases (q_cmp i (s + Qpos (\fst b)));
+
+
+
+definition excess ≝
+ λf,g.∃i.\snd (\fst (value f i)) < \snd (\fst (value g i)).
+