Theory Integration

theory Integration
imports Derivative Indicator_Function
(*  Author:     John Harrison
    Author:     Robert Himmelmann, TU Muenchen (Translation from HOL light)
*)

header {* Kurzweil-Henstock Gauge Integration in many dimensions. *}

theory Integration
imports
  Derivative
  "~~/src/HOL/Library/Indicator_Function"
begin

lemma cSup_abs_le: (* TODO: is this really needed? *)
  fixes S :: "real set"
  shows "S ≠ {} ==> (∀x∈S. ¦x¦ ≤ a) ==> ¦Sup S¦ ≤ a"
  by (auto simp add: abs_le_interval_iff intro: cSup_least) (metis cSup_upper2 bdd_aboveI)

lemma cInf_abs_ge: (* TODO: is this really needed? *)
  fixes S :: "real set"
  shows "S ≠ {} ==> (∀x∈S. ¦x¦ ≤ a) ==> ¦Inf S¦ ≤ a"
  by (simp add: Inf_real_def) (insert cSup_abs_le [of "uminus ` S"], auto)

lemma cSup_asclose: (* TODO: is this really needed? *)
  fixes S :: "real set"
  assumes S: "S ≠ {}"
    and b: "∀x∈S. ¦x - l¦ ≤ e"
  shows "¦Sup S - l¦ ≤ e"
proof -
  have th: "!!(x::real) l e. ¦x - l¦ ≤ e <-> l - e ≤ x ∧ x ≤ l + e"
    by arith
  have "bdd_above S"
    using b by (auto intro!: bdd_aboveI[of _ "l + e"])
  with S b show ?thesis
    unfolding th by (auto intro!: cSup_upper2 cSup_least)
qed

lemma cInf_asclose: (* TODO: is this really needed? *)
  fixes S :: "real set"
  assumes S: "S ≠ {}"
    and b: "∀x∈S. ¦x - l¦ ≤ e"
  shows "¦Inf S - l¦ ≤ e"
proof -
  have "¦- Sup (uminus ` S) - l¦ =  ¦Sup (uminus ` S) - (-l)¦"
    by auto
  also have "… ≤ e"
    apply (rule cSup_asclose)
    using abs_minus_add_cancel b by (auto simp add: S)
  finally have "¦- Sup (uminus ` S) - l¦ ≤ e" .
  then show ?thesis
    by (simp add: Inf_real_def)
qed

lemma cSup_finite_ge_iff:
  fixes S :: "real set"
  shows "finite S ==> S ≠ {} ==> a ≤ Sup S <-> (∃x∈S. a ≤ x)"
  by (metis cSup_eq_Max Max_ge_iff)

lemma cSup_finite_le_iff:
  fixes S :: "real set"
  shows "finite S ==> S ≠ {} ==> a ≥ Sup S <-> (∀x∈S. a ≥ x)"
  by (metis cSup_eq_Max Max_le_iff)

lemma cInf_finite_ge_iff:
  fixes S :: "real set"
  shows "finite S ==> S ≠ {} ==> a ≤ Inf S <-> (∀x∈S. a ≤ x)"
  by (metis cInf_eq_Min Min_ge_iff)

lemma cInf_finite_le_iff:
  fixes S :: "real set"
  shows "finite S ==> S ≠ {} ==> a ≥ Inf S <-> (∃x∈S. a ≥ x)"
  by (metis cInf_eq_Min Min_le_iff)

(*declare not_less[simp] not_le[simp]*)

lemmas scaleR_simps = scaleR_zero_left scaleR_minus_left scaleR_left_diff_distrib
  scaleR_zero_right scaleR_minus_right scaleR_right_diff_distrib scaleR_eq_0_iff
  scaleR_cancel_left scaleR_cancel_right scaleR_add_right scaleR_add_left real_vector_class.scaleR_one

lemma real_arch_invD:
  "0 < (e::real) ==> (∃n::nat. n ≠ 0 ∧ 0 < inverse (real n) ∧ inverse (real n) < e)"
  by (subst(asm) real_arch_inv)


subsection {* Sundries *}

lemma conjunctD2: assumes "a ∧ b" shows a b using assms by auto
lemma conjunctD3: assumes "a ∧ b ∧ c" shows a b c using assms by auto
lemma conjunctD4: assumes "a ∧ b ∧ c ∧ d" shows a b c d using assms by auto
lemma conjunctD5: assumes "a ∧ b ∧ c ∧ d ∧ e" shows a b c d e using assms by auto

declare norm_triangle_ineq4[intro]

lemma simple_image: "{f x |x . x ∈ s} = f ` s"
  by blast

lemma linear_simps:
  assumes "bounded_linear f"
  shows
    "f (a + b) = f a + f b"
    "f (a - b) = f a - f b"
    "f 0 = 0"
    "f (- a) = - f a"
    "f (s *R v) = s *R (f v)"
proof -
  interpret f: bounded_linear f by fact
  show "f (a + b) = f a + f b" by (rule f.add)
  show "f (a - b) = f a - f b" by (rule f.diff)
  show "f 0 = 0" by (rule f.zero)
  show "f (- a) = - f a" by (rule f.minus)
  show "f (s *R v) = s *R (f v)" by (rule f.scaleR)
qed

lemma bounded_linearI:
  assumes "!!x y. f (x + y) = f x + f y"
    and "!!r x. f (r *R x) = r *R f x"
    and "!!x. norm (f x) ≤ norm x * K"
  shows "bounded_linear f"
  using assms by (rule bounded_linear_intro) (* FIXME: duplicate *)

lemma bounded_linear_component [intro]: "bounded_linear (λx::'a::euclidean_space. x • k)"
  by (rule bounded_linear_inner_left)

lemma transitive_stepwise_lt_eq:
  assumes "(!!x y z::nat. R x y ==> R y z ==> R x z)"
  shows "((∀m. ∀n>m. R m n) <-> (∀n. R n (Suc n)))"
  (is "?l = ?r")
proof safe
  assume ?r
  fix n m :: nat
  assume "m < n"
  then show "R m n"
  proof (induct n arbitrary: m)
    case 0
    then show ?case by auto
  next
    case (Suc n)
    show ?case
    proof (cases "m < n")
      case True
      show ?thesis
        apply (rule assms[OF Suc(1)[OF True]])
        using `?r`
        apply auto
        done
    next
      case False
      then have "m = n"
        using Suc(2) by auto
      then show ?thesis
        using `?r` by auto
    qed
  qed
qed auto

lemma transitive_stepwise_gt:
  assumes "!!x y z. R x y ==> R y z ==> R x z" "!!n. R n (Suc n)"
  shows "∀n>m. R m n"
proof -
  have "∀m. ∀n>m. R m n"
    apply (subst transitive_stepwise_lt_eq)
    apply (rule assms)
    apply assumption
    apply assumption
    using assms(2) apply auto
    done
  then show ?thesis by auto
qed

lemma transitive_stepwise_le_eq:
  assumes "!!x. R x x" "!!x y z. R x y ==> R y z ==> R x z"
  shows "(∀m. ∀n≥m. R m n) <-> (∀n. R n (Suc n))"
  (is "?l = ?r")
proof safe
  assume ?r
  fix m n :: nat
  assume "m ≤ n"
  then show "R m n"
  proof (induct n arbitrary: m)
    case 0
    with assms show ?case by auto
  next
    case (Suc n)
    show ?case
    proof (cases "m ≤ n")
      case True
      show ?thesis
        apply (rule assms(2))
        apply (rule Suc(1)[OF True])
        using `?r` apply auto
        done
    next
      case False
      then have "m = Suc n"
        using Suc(2) by auto
      then show ?thesis
        using assms(1) by auto
    qed
  qed
qed auto

lemma transitive_stepwise_le:
  assumes "!!x. R x x" "!!x y z. R x y ==> R y z ==> R x z"
    and "!!n. R n (Suc n)"
  shows "∀n≥m. R m n"
proof -
  have "∀m. ∀n≥m. R m n"
    apply (subst transitive_stepwise_le_eq)
    apply (rule assms)
    apply (rule assms,assumption,assumption)
    using assms(3)
    apply auto
    done
  then show ?thesis by auto
qed


subsection {* Some useful lemmas about intervals. *}

lemma empty_as_interval: "{} = cbox One (0::'a::euclidean_space)"
  using nonempty_Basis
  by (fastforce simp add: set_eq_iff mem_box)

lemma interior_subset_union_intervals:
  assumes "i = cbox a b"
    and "j = cbox c d"
    and "interior j ≠ {}"
    and "i ⊆ j ∪ s"
    and "interior i ∩ interior j = {}"
  shows "interior i ⊆ interior s"
proof -
  have "box a b ∩ cbox c d = {}"
     using inter_interval_mixed_eq_empty[of c d a b] and assms(3,5)
     unfolding assms(1,2) interior_cbox by auto
  moreover
  have "box a b ⊆ cbox c d ∪ s"
    apply (rule order_trans,rule box_subset_cbox)
    using assms(4) unfolding assms(1,2)
    apply auto
    done
  ultimately
  show ?thesis
    apply -
    apply (rule interior_maximal)
    defer
    apply (rule open_interior)
    unfolding assms(1,2) interior_cbox
    apply auto
    done
qed

lemma inter_interior_unions_intervals:
  fixes f::"('a::euclidean_space) set set"
  assumes "finite f"
    and "open s"
    and "∀t∈f. ∃a b. t = cbox a b"
    and "∀t∈f. s ∩ (interior t) = {}"
  shows "s ∩ interior (\<Union>f) = {}"
proof (rule ccontr, unfold ex_in_conv[symmetric])
  case goal1
  have lem1: "!!x e s U. ball x e ⊆ s ∩ interior U <-> ball x e ⊆ s ∩ U"
    apply rule
    defer
    apply (rule_tac Int_greatest)
    unfolding open_subset_interior[OF open_ball]
    using interior_subset
    apply auto
    done
  have lem2: "!!x s P. ∃x∈s. P x ==> ∃x∈insert x s. P x" by auto
  have "!!f. finite f ==> ∀t∈f. ∃a b. t = cbox a b ==>
    ∃x. x ∈ s ∩ interior (\<Union>f) ==> ∃t∈f. ∃x. ∃e>0. ball x e ⊆ s ∩ t"
  proof -
    case goal1
    then show ?case
    proof (induct rule: finite_induct)
      case empty
      obtain x where "x ∈ s ∩ interior (\<Union>{})"
        using empty(2) ..
      then have False
        unfolding Union_empty interior_empty by auto
      then show ?case by auto
    next
      case (insert i f)
      obtain x where x: "x ∈ s ∩ interior (\<Union>insert i f)"
        using insert(5) ..
      then obtain e where e: "0 < e ∧ ball x e ⊆ s ∩ interior (\<Union>insert i f)"
        unfolding open_contains_ball_eq[OF open_Int[OF assms(2) open_interior], rule_format] ..
      obtain a where "∃b. i = cbox a b"
        using insert(4)[rule_format,OF insertI1] ..
      then obtain b where ab: "i = cbox a b" ..
      show ?case
      proof (cases "x ∈ i")
        case False
        then have "x ∈ UNIV - cbox a b"
          unfolding ab by auto
        then obtain d where "0 < d ∧ ball x d ⊆ UNIV - cbox a b"
          unfolding open_contains_ball_eq[OF open_Diff[OF open_UNIV closed_cbox],rule_format] ..
        then have "0 < d" "ball x (min d e) ⊆ UNIV - i"
          unfolding ab ball_min_Int by auto
        then have "ball x (min d e) ⊆ s ∩ interior (\<Union>f)"
          using e unfolding lem1 unfolding  ball_min_Int by auto
        then have "x ∈ s ∩ interior (\<Union>f)" using `d>0` e by auto
        then have "∃t∈f. ∃x e. 0 < e ∧ ball x e ⊆ s ∩ t"
          apply -
          apply (rule insert(3))
          using insert(4)
          apply auto
          done
        then show ?thesis by auto
      next
        case True show ?thesis
        proof (cases "x∈box a b")
          case True
          then obtain d where "0 < d ∧ ball x d ⊆ box a b"
            unfolding open_contains_ball_eq[OF open_box,rule_format] ..
          then show ?thesis
            apply (rule_tac x=i in bexI, rule_tac x=x in exI, rule_tac x="min d e" in exI)
            unfolding ab
            using box_subset_cbox[of a b] and e
            apply fastforce+
            done
        next
          case False
          then obtain k where "x•k ≤ a•k ∨ x•k ≥ b•k" and k: "k ∈ Basis"
            unfolding mem_box by (auto simp add: not_less)
          then have "x•k = a•k ∨ x•k = b•k"
            using True unfolding ab and mem_box
              apply (erule_tac x = k in ballE)
              apply auto
              done
          then have "∃x. ball x (e/2) ⊆ s ∩ (\<Union>f)"
          proof (rule disjE)
            let ?z = "x - (e/2) *R k"
            assume as: "x•k = a•k"
            have "ball ?z (e / 2) ∩ i = {}"
              apply (rule ccontr)
              unfolding ex_in_conv[symmetric]
              apply (erule exE)
            proof -
              fix y
              assume "y ∈ ball ?z (e / 2) ∩ i"
              then have "dist ?z y < e/2" and yi:"y∈i" by auto
              then have "¦(?z - y) • k¦ < e/2"
                using Basis_le_norm[OF k, of "?z - y"] unfolding dist_norm by auto
              then have "y•k < a•k"
                using e[THEN conjunct1] k
                by (auto simp add: field_simps abs_less_iff as inner_simps)
              then have "y ∉ i"
                unfolding ab mem_box by (auto intro!: bexI[OF _ k])
              then show False using yi by auto
            qed
            moreover
            have "ball ?z (e/2) ⊆ s ∩ (\<Union>insert i f)"
              apply (rule order_trans[OF _ e[THEN conjunct2, unfolded lem1]])
            proof
              fix y
              assume as: "y ∈ ball ?z (e/2)"
              have "norm (x - y) ≤ ¦e¦ / 2 + norm (x - y - (e / 2) *R k)"
                apply -
                apply (rule order_trans,rule norm_triangle_sub[of "x - y" "(e/2) *R k"])
                unfolding norm_scaleR norm_Basis[OF k]
                apply auto
                done
              also have "… < ¦e¦ / 2 + ¦e¦ / 2"
                apply (rule add_strict_left_mono)
                using as
                unfolding mem_ball dist_norm
                using e
                apply (auto simp add: field_simps)
                done
              finally show "y ∈ ball x e"
                unfolding mem_ball dist_norm using e by (auto simp add:field_simps)
            qed
            ultimately show ?thesis
              apply (rule_tac x="?z" in exI)
              unfolding Union_insert
              apply auto
              done
          next
            let ?z = "x + (e/2) *R k"
            assume as: "x•k = b•k"
            have "ball ?z (e / 2) ∩ i = {}"
              apply (rule ccontr)
              unfolding ex_in_conv[symmetric]
              apply (erule exE)
            proof -
              fix y
              assume "y ∈ ball ?z (e / 2) ∩ i"
              then have "dist ?z y < e/2" and yi: "y ∈ i"
                by auto
              then have "¦(?z - y) • k¦ < e/2"
                using Basis_le_norm[OF k, of "?z - y"]
                unfolding dist_norm by auto
              then have "y•k > b•k"
                using e[THEN conjunct1] k
                by (auto simp add:field_simps inner_simps inner_Basis as)
              then have "y ∉ i"
                unfolding ab mem_box by (auto intro!: bexI[OF _ k])
              then show False using yi by auto
            qed
            moreover
            have "ball ?z (e/2) ⊆ s ∩ (\<Union>insert i f)"
              apply (rule order_trans[OF _ e[THEN conjunct2, unfolded lem1]])
            proof
              fix y
              assume as: "y∈ ball ?z (e/2)"
              have "norm (x - y) ≤ ¦e¦ / 2 + norm (x - y + (e / 2) *R k)"
                apply -
                apply (rule order_trans,rule norm_triangle_sub[of "x - y" "- (e/2) *R k"])
                unfolding norm_scaleR
                apply (auto simp: k)
                done
              also have "… < ¦e¦ / 2 + ¦e¦ / 2"
                apply (rule add_strict_left_mono)
                using as unfolding mem_ball dist_norm
                using e apply (auto simp add: field_simps)
                done
              finally show "y ∈ ball x e"
                unfolding mem_ball dist_norm using e by (auto simp add:field_simps)
            qed
            ultimately show ?thesis
              apply (rule_tac x="?z" in exI)
              unfolding Union_insert
              apply auto
              done
          qed
          then obtain x where "ball x (e / 2) ⊆ s ∩ \<Union>f" ..
          then have "x ∈ s ∩ interior (\<Union>f)"
            unfolding lem1[where U="\<Union>f", symmetric]
            using centre_in_ball e[THEN conjunct1] by auto
          then show ?thesis
            apply -
            apply (rule lem2, rule insert(3))
            using insert(4)
            apply auto
            done
        qed
      qed
    qed
  qed
  from this[OF assms(1,3) goal1]
  obtain t x e where "t ∈ f" "0 < e" "ball x e ⊆ s ∩ t"
    by blast
  then have "x ∈ s" "x ∈ interior t"
    using open_subset_interior[OF open_ball, of x e t]
    by auto
  then show False
    using `t ∈ f` assms(4) by auto
qed

subsection {* Bounds on intervals where they exist. *}

definition interval_upperbound :: "('a::euclidean_space) set => 'a"
  where "interval_upperbound s = (∑i∈Basis. (SUP x:s. x•i) *R i)"

definition interval_lowerbound :: "('a::euclidean_space) set => 'a"
   where "interval_lowerbound s = (∑i∈Basis. (INF x:s. x•i) *R i)"

lemma interval_upperbound[simp]:
  "∀i∈Basis. a•i ≤ b•i ==>
    interval_upperbound (cbox a b) = (b::'a::euclidean_space)"
  unfolding interval_upperbound_def euclidean_representation_setsum cbox_def SUP_def
  by (safe intro!: cSup_eq) auto

lemma interval_lowerbound[simp]:
  "∀i∈Basis. a•i ≤ b•i ==>
    interval_lowerbound (cbox a b) = (a::'a::euclidean_space)"
  unfolding interval_lowerbound_def euclidean_representation_setsum cbox_def INF_def
  by (safe intro!: cInf_eq) auto

lemmas interval_bounds = interval_upperbound interval_lowerbound

lemma
  fixes X::"real set"
  shows interval_upperbound_real[simp]: "interval_upperbound X = Sup X"
    and interval_lowerbound_real[simp]: "interval_lowerbound X = Inf X"
  by (auto simp: interval_upperbound_def interval_lowerbound_def SUP_def INF_def)

lemma interval_bounds'[simp]:
  assumes "cbox a b ≠ {}"
  shows "interval_upperbound (cbox a b) = b"
    and "interval_lowerbound (cbox a b) = a"
  using assms unfolding box_ne_empty by auto

subsection {* Content (length, area, volume...) of an interval. *}

definition "content (s::('a::euclidean_space) set) =
  (if s = {} then 0 else (∏i∈Basis. (interval_upperbound s)•i - (interval_lowerbound s)•i))"

lemma interval_not_empty: "∀i∈Basis. a•i ≤ b•i ==> cbox a b ≠ {}"
  unfolding box_eq_empty unfolding not_ex not_less by auto

lemma content_cbox:
  fixes a :: "'a::euclidean_space"
  assumes "∀i∈Basis. a•i ≤ b•i"
  shows "content (cbox a b) = (∏i∈Basis. b•i - a•i)"
  using interval_not_empty[OF assms]
  unfolding content_def
  by (auto simp: )

lemma content_cbox':
  fixes a :: "'a::euclidean_space"
  assumes "cbox a b ≠ {}"
  shows "content (cbox a b) = (∏i∈Basis. b•i - a•i)"
  apply (rule content_cbox)
  using assms
  unfolding box_ne_empty
  apply assumption
  done

lemma content_real: "a ≤ b ==> content {a..b} = b - a"
  by (auto simp: interval_upperbound_def interval_lowerbound_def SUP_def INF_def content_def)

lemma content_singleton[simp]: "content {a} = 0"
proof -
  have "content (cbox a a) = 0"
    by (subst content_cbox) (auto simp: ex_in_conv)
  then show ?thesis by (simp add: cbox_sing)
qed

lemma content_unit[intro]: "content(cbox 0 (One::'a::euclidean_space)) = 1"
 proof -
   have *: "∀i∈Basis. (0::'a)•i ≤ (One::'a)•i"
    by auto
  have "0 ∈ cbox 0 (One::'a)"
    unfolding mem_box by auto
  then show ?thesis
     unfolding content_def interval_bounds[OF *] using setprod.neutral_const by auto
 qed

lemma content_pos_le[intro]:
  fixes a::"'a::euclidean_space"
  shows "0 ≤ content (cbox a b)"
proof (cases "cbox a b = {}")
  case False
  then have *: "∀i∈Basis. a • i ≤ b • i"
    unfolding box_ne_empty .
  have "0 ≤ (∏i∈Basis. interval_upperbound (cbox a b) • i - interval_lowerbound (cbox a b) • i)"
    apply (rule setprod_nonneg)
    unfolding interval_bounds[OF *]
    using *
    apply auto
    done
  also have "… = content (cbox a b)" using False by (simp add: content_def)
  finally show ?thesis .
qed (simp add: content_def)

lemma content_pos_lt:
  fixes a :: "'a::euclidean_space"
  assumes "∀i∈Basis. a•i < b•i"
  shows "0 < content (cbox a b)"
  using assms
  by (auto simp: content_def box_eq_empty intro!: setprod_pos)

lemma content_eq_0:
  "content (cbox a b) = 0 <-> (∃i∈Basis. b•i ≤ a•i)"
  by (auto simp: content_def box_eq_empty intro!: setprod_pos bexI)

lemma cond_cases: "(P ==> Q x) ==> (¬ P ==> Q y) ==> Q (if P then x else y)"
  by auto

lemma content_cbox_cases:
  "content (cbox a (b::'a::euclidean_space)) =
    (if ∀i∈Basis. a•i ≤ b•i then setprod (λi. b•i - a•i) Basis else 0)"
  by (auto simp: not_le content_eq_0 intro: less_imp_le content_cbox)

lemma content_eq_0_interior: "content (cbox a b) = 0 <-> interior(cbox a b) = {}"
  unfolding content_eq_0 interior_cbox box_eq_empty
  by auto

lemma content_pos_lt_eq:
  "0 < content (cbox a (b::'a::euclidean_space)) <-> (∀i∈Basis. a•i < b•i)"
  apply rule
  defer
  apply (rule content_pos_lt, assumption)
proof -
  assume "0 < content (cbox a b)"
  then have "content (cbox a b) ≠ 0" by auto
  then show "∀i∈Basis. a•i < b•i"
    unfolding content_eq_0 not_ex not_le by fastforce
qed

lemma content_empty [simp]: "content {} = 0"
  unfolding content_def by auto

lemma content_subset:
  assumes "cbox a b ⊆ cbox c d"
  shows "content (cbox a b) ≤ content (cbox c d)"
proof (cases "cbox a b = {}")
  case True
  then show ?thesis
    using content_pos_le[of c d] by auto
next
  case False
  then have ab_ne: "∀i∈Basis. a • i ≤ b • i"
    unfolding box_ne_empty by auto
  then have ab_ab: "a∈cbox a b" "b∈cbox a b"
    unfolding mem_box by auto
  have "cbox c d ≠ {}" using assms False by auto
  then have cd_ne: "∀i∈Basis. c • i ≤ d • i"
    using assms unfolding box_ne_empty by auto
  show ?thesis
    unfolding content_def
    unfolding interval_bounds[OF ab_ne] interval_bounds[OF cd_ne]
    unfolding if_not_P[OF False] if_not_P[OF `cbox c d ≠ {}`]
    apply (rule setprod_mono)
    apply rule
  proof
    fix i :: 'a
    assume i: "i ∈ Basis"
    show "0 ≤ b • i - a • i"
      using ab_ne[THEN bspec, OF i] i by auto
    show "b • i - a • i ≤ d • i - c • i"
      using assms[unfolded subset_eq mem_box,rule_format,OF ab_ab(2),of i]
      using assms[unfolded subset_eq mem_box,rule_format,OF ab_ab(1),of i]
      using i by auto
  qed
qed

lemma content_lt_nz: "0 < content (cbox a b) <-> content (cbox a b) ≠ 0"
  unfolding content_pos_lt_eq content_eq_0 unfolding not_ex not_le by fastforce


subsection {* The notion of a gauge --- simply an open set containing the point. *}

definition "gauge d <-> (∀x. x ∈ d x ∧ open (d x))"

lemma gaugeI:
  assumes "!!x. x ∈ g x"
    and "!!x. open (g x)"
  shows "gauge g"
  using assms unfolding gauge_def by auto

lemma gaugeD[dest]:
  assumes "gauge d"
  shows "x ∈ d x"
    and "open (d x)"
  using assms unfolding gauge_def by auto

lemma gauge_ball_dependent: "∀x. 0 < e x ==> gauge (λx. ball x (e x))"
  unfolding gauge_def by auto

lemma gauge_ball[intro]: "0 < e ==> gauge (λx. ball x e)"
  unfolding gauge_def by auto

lemma gauge_trivial[intro]: "gauge (λx. ball x 1)"
  by (rule gauge_ball) auto

lemma gauge_inter[intro]: "gauge d1 ==> gauge d2 ==> gauge (λx. d1 x ∩ d2 x)"
  unfolding gauge_def by auto

lemma gauge_inters:
  assumes "finite s"
    and "∀d∈s. gauge (f d)"
  shows "gauge (λx. \<Inter> {f d x | d. d ∈ s})"
proof -
  have *: "!!x. {f d x |d. d ∈ s} = (λd. f d x) ` s"
    by auto
  show ?thesis
    unfolding gauge_def unfolding *
    using assms unfolding Ball_def Inter_iff mem_Collect_eq gauge_def by auto
qed

lemma gauge_existence_lemma:
  "(∀x. ∃d :: real. p x --> 0 < d ∧ q d x) <-> (∀x. ∃d>0. p x --> q d x)"
  by (metis zero_less_one)


subsection {* Divisions. *}

definition division_of (infixl "division'_of" 40)
where
  "s division_of i <->
    finite s ∧
    (∀k∈s. k ⊆ i ∧ k ≠ {} ∧ (∃a b. k = cbox a b)) ∧
    (∀k1∈s. ∀k2∈s. k1 ≠ k2 --> interior(k1) ∩ interior(k2) = {}) ∧
    (\<Union>s = i)"

lemma division_ofD[dest]:
  assumes "s division_of i"
  shows "finite s"
    and "!!k. k ∈ s ==> k ⊆ i"
    and "!!k. k ∈ s ==> k ≠ {}"
    and "!!k. k ∈ s ==> ∃a b. k = cbox a b"
    and "!!k1 k2. k1 ∈ s ==> k2 ∈ s ==> k1 ≠ k2 ==> interior(k1) ∩ interior(k2) = {}"
    and "\<Union>s = i"
  using assms unfolding division_of_def by auto

lemma division_ofI:
  assumes "finite s"
    and "!!k. k ∈ s ==> k ⊆ i"
    and "!!k. k ∈ s ==> k ≠ {}"
    and "!!k. k ∈ s ==> ∃a b. k = cbox a b"
    and "!!k1 k2. k1 ∈ s ==> k2 ∈ s ==> k1 ≠ k2 ==> interior k1 ∩ interior k2 = {}"
    and "\<Union>s = i"
  shows "s division_of i"
  using assms unfolding division_of_def by auto

lemma division_of_finite: "s division_of i ==> finite s"
  unfolding division_of_def by auto

lemma division_of_self[intro]: "cbox a b ≠ {} ==> {cbox a b} division_of (cbox a b)"
  unfolding division_of_def by auto

lemma division_of_trivial[simp]: "s division_of {} <-> s = {}"
  unfolding division_of_def by auto

lemma division_of_sing[simp]:
  "s division_of cbox a (a::'a::euclidean_space) <-> s = {cbox a a}"
  (is "?l = ?r")
proof
  assume ?r
  moreover
  {
    assume "s = {{a}}"
    moreover fix k assume "k∈s"
    ultimately have"∃x y. k = cbox x y"
      apply (rule_tac x=a in exI)+
      unfolding cbox_sing
      apply auto
      done
  }
  ultimately show ?l
    unfolding division_of_def cbox_sing by auto
next
  assume ?l
  note * = conjunctD4[OF this[unfolded division_of_def cbox_sing]]
  {
    fix x
    assume x: "x ∈ s" have "x = {a}"
      using *(2)[rule_format,OF x] by auto
  }
  moreover have "s ≠ {}"
    using *(4) by auto
  ultimately show ?r
    unfolding cbox_sing by auto
qed

lemma elementary_empty: obtains p where "p division_of {}"
  unfolding division_of_trivial by auto

lemma elementary_interval: obtains p where "p division_of (cbox a b)"
  by (metis division_of_trivial division_of_self)

lemma division_contains: "s division_of i ==> ∀x∈i. ∃k∈s. x ∈ k"
  unfolding division_of_def by auto

lemma forall_in_division:
  "d division_of i ==> (∀x∈d. P x) <-> (∀a b. cbox a b ∈ d --> P (cbox a b))"
  unfolding division_of_def by fastforce

lemma division_of_subset:
  assumes "p division_of (\<Union>p)"
    and "q ⊆ p"
  shows "q division_of (\<Union>q)"
proof (rule division_ofI)
  note * = division_ofD[OF assms(1)]
  show "finite q"
    apply (rule finite_subset)
    using *(1) assms(2)
    apply auto
    done
  {
    fix k
    assume "k ∈ q"
    then have kp: "k ∈ p"
      using assms(2) by auto
    show "k ⊆ \<Union>q"
      using `k ∈ q` by auto
    show "∃a b. k = cbox a b"
      using *(4)[OF kp] by auto
    show "k ≠ {}"
      using *(3)[OF kp] by auto
  }
  fix k1 k2
  assume "k1 ∈ q" "k2 ∈ q" "k1 ≠ k2"
  then have **: "k1 ∈ p" "k2 ∈ p" "k1 ≠ k2"
    using assms(2) by auto
  show "interior k1 ∩ interior k2 = {}"
    using *(5)[OF **] by auto
qed auto

lemma division_of_union_self[intro]: "p division_of s ==> p division_of (\<Union>p)"
  unfolding division_of_def by auto

lemma division_of_content_0:
  assumes "content (cbox a b) = 0" "d division_of (cbox a b)"
  shows "∀k∈d. content k = 0"
  unfolding forall_in_division[OF assms(2)]
  apply (rule,rule,rule)
  apply (drule division_ofD(2)[OF assms(2)])
  apply (drule content_subset) unfolding assms(1)
proof -
  case goal1
  then show ?case using content_pos_le[of a b] by auto
qed

lemma division_inter:
  fixes s1 s2 :: "'a::euclidean_space set"
  assumes "p1 division_of s1"
    and "p2 division_of s2"
  shows "{k1 ∩ k2 | k1 k2 .k1 ∈ p1 ∧ k2 ∈ p2 ∧ k1 ∩ k2 ≠ {}} division_of (s1 ∩ s2)"
  (is "?A' division_of _")
proof -
  let ?A = "{s. s ∈  (λ(k1,k2). k1 ∩ k2) ` (p1 × p2) ∧ s ≠ {}}"
  have *: "?A' = ?A" by auto
  show ?thesis
    unfolding *
  proof (rule division_ofI)
    have "?A ⊆ (λ(x, y). x ∩ y) ` (p1 × p2)"
      by auto
    moreover have "finite (p1 × p2)"
      using assms unfolding division_of_def by auto
    ultimately show "finite ?A" by auto
    have *: "!!s. \<Union>{x∈s. x ≠ {}} = \<Union>s"
      by auto
    show "\<Union>?A = s1 ∩ s2"
      apply (rule set_eqI)
      unfolding * and Union_image_eq UN_iff
      using division_ofD(6)[OF assms(1)] and division_ofD(6)[OF assms(2)]
      apply auto
      done
    {
      fix k
      assume "k ∈ ?A"
      then obtain k1 k2 where k: "k = k1 ∩ k2" "k1 ∈ p1" "k2 ∈ p2" "k ≠ {}"
        by auto
      then show "k ≠ {}"
        by auto
      show "k ⊆ s1 ∩ s2"
        using division_ofD(2)[OF assms(1) k(2)] and division_ofD(2)[OF assms(2) k(3)]
        unfolding k by auto
      obtain a1 b1 where k1: "k1 = cbox a1 b1"
        using division_ofD(4)[OF assms(1) k(2)] by blast
      obtain a2 b2 where k2: "k2 = cbox a2 b2"
        using division_ofD(4)[OF assms(2) k(3)] by blast
      show "∃a b. k = cbox a b"
        unfolding k k1 k2 unfolding inter_interval by auto
    }
    fix k1 k2
    assume "k1 ∈ ?A"
    then obtain x1 y1 where k1: "k1 = x1 ∩ y1" "x1 ∈ p1" "y1 ∈ p2" "k1 ≠ {}"
      by auto
    assume "k2 ∈ ?A"
    then obtain x2 y2 where k2: "k2 = x2 ∩ y2" "x2 ∈ p1" "y2 ∈ p2" "k2 ≠ {}"
      by auto
    assume "k1 ≠ k2"
    then have th: "x1 ≠ x2 ∨ y1 ≠ y2"
      unfolding k1 k2 by auto
    have *: "interior x1 ∩ interior x2 = {} ∨ interior y1 ∩ interior y2 = {} ==>
      interior (x1 ∩ y1) ⊆ interior x1 ==> interior (x1 ∩ y1) ⊆ interior y1 ==>
      interior (x2 ∩ y2) ⊆ interior x2 ==> interior (x2 ∩ y2) ⊆ interior y2 ==>
      interior (x1 ∩ y1) ∩ interior (x2 ∩ y2) = {}" by auto
    show "interior k1 ∩ interior k2 = {}"
      unfolding k1 k2
      apply (rule *)
      defer
      apply (rule_tac[1-4] interior_mono)
      using division_ofD(5)[OF assms(1) k1(2) k2(2)]
      using division_ofD(5)[OF assms(2) k1(3) k2(3)]
      using th
      apply auto
      done
  qed
qed

lemma division_inter_1:
  assumes "d division_of i"
    and "cbox a (b::'a::euclidean_space) ⊆ i"
  shows "{cbox a b ∩ k | k. k ∈ d ∧ cbox a b ∩ k ≠ {}} division_of (cbox a b)"
proof (cases "cbox a b = {}")
  case True
  show ?thesis
    unfolding True and division_of_trivial by auto
next
  case False
  have *: "cbox a b ∩ i = cbox a b" using assms(2) by auto
  show ?thesis
    using division_inter[OF division_of_self[OF False] assms(1)]
    unfolding * by auto
qed

lemma elementary_inter:
  fixes s t :: "'a::euclidean_space set"
  assumes "p1 division_of s"
    and "p2 division_of t"
  shows "∃p. p division_of (s ∩ t)"
  apply rule
  apply (rule division_inter[OF assms])
  done

lemma elementary_inters:
  assumes "finite f"
    and "f ≠ {}"
    and "∀s∈f. ∃p. p division_of (s::('a::euclidean_space) set)"
  shows "∃p. p division_of (\<Inter> f)"
  using assms
proof (induct f rule: finite_induct)
  case (insert x f)
  show ?case
  proof (cases "f = {}")
    case True
    then show ?thesis
      unfolding True using insert by auto
  next
    case False
    obtain p where "p division_of \<Inter>f"
      using insert(3)[OF False insert(5)[unfolded ball_simps,THEN conjunct2]] ..
    moreover obtain px where "px division_of x"
      using insert(5)[rule_format,OF insertI1] ..
    ultimately show ?thesis
      apply -
      unfolding Inter_insert
      apply (rule elementary_inter)
      apply assumption
      apply assumption
      done
  qed
qed auto

lemma division_disjoint_union:
  assumes "p1 division_of s1"
    and "p2 division_of s2"
    and "interior s1 ∩ interior s2 = {}"
  shows "(p1 ∪ p2) division_of (s1 ∪ s2)"
proof (rule division_ofI)
  note d1 = division_ofD[OF assms(1)]
  note d2 = division_ofD[OF assms(2)]
  show "finite (p1 ∪ p2)"
    using d1(1) d2(1) by auto
  show "\<Union>(p1 ∪ p2) = s1 ∪ s2"
    using d1(6) d2(6) by auto
  {
    fix k1 k2
    assume as: "k1 ∈ p1 ∪ p2" "k2 ∈ p1 ∪ p2" "k1 ≠ k2"
    moreover
    let ?g="interior k1 ∩ interior k2 = {}"
    {
      assume as: "k1∈p1" "k2∈p2"
      have ?g
        using interior_mono[OF d1(2)[OF as(1)]] interior_mono[OF d2(2)[OF as(2)]]
        using assms(3) by blast
    }
    moreover
    {
      assume as: "k1∈p2" "k2∈p1"
      have ?g
        using interior_mono[OF d1(2)[OF as(2)]] interior_mono[OF d2(2)[OF as(1)]]
        using assms(3) by blast
    }
    ultimately show ?g
      using d1(5)[OF _ _ as(3)] and d2(5)[OF _ _ as(3)] by auto
  }
  fix k
  assume k: "k ∈ p1 ∪ p2"
  show "k ⊆ s1 ∪ s2"
    using k d1(2) d2(2) by auto
  show "k ≠ {}"
    using k d1(3) d2(3) by auto
  show "∃a b. k = cbox a b"
    using k d1(4) d2(4) by auto
qed

lemma partial_division_extend_1:
  fixes a b c d :: "'a::euclidean_space"
  assumes incl: "cbox c d ⊆ cbox a b"
    and nonempty: "cbox c d ≠ {}"
  obtains p where "p division_of (cbox a b)" "cbox c d ∈ p"
proof
  let ?B = "λf::'a=>'a × 'a.
    cbox (∑i∈Basis. (fst (f i) • i) *R i) (∑i∈Basis. (snd (f i) • i) *R i)"
  def p  "?B ` (Basis ->E {(a, c), (c, d), (d, b)})"

  show "cbox c d ∈ p"
    unfolding p_def
    by (auto simp add: box_eq_empty cbox_def intro!: image_eqI[where x="λ(i::'a)∈Basis. (c, d)"])
  {
    fix i :: 'a
    assume "i ∈ Basis"
    with incl nonempty have "a • i ≤ c • i" "c • i ≤ d • i" "d • i ≤ b • i"
      unfolding box_eq_empty subset_box by (auto simp: not_le)
  }
  note ord = this

  show "p division_of (cbox a b)"
  proof (rule division_ofI)
    show "finite p"
      unfolding p_def by (auto intro!: finite_PiE)
    {
      fix k
      assume "k ∈ p"
      then obtain f where f: "f ∈ Basis ->E {(a, c), (c, d), (d, b)}" and k: "k = ?B f"
        by (auto simp: p_def)
      then show "∃a b. k = cbox a b"
        by auto
      have "k ⊆ cbox a b ∧ k ≠ {}"
      proof (simp add: k box_eq_empty subset_box not_less, safe)
        fix i :: 'a
        assume i: "i ∈ Basis"
        with f have "f i = (a, c) ∨ f i = (c, d) ∨ f i = (d, b)"
          by (auto simp: PiE_iff)
        with i ord[of i]
        show "a • i ≤ fst (f i) • i" "snd (f i) • i ≤ b • i" "fst (f i) • i ≤ snd (f i) • i"
          by auto
      qed
      then show "k ≠ {}" "k ⊆ cbox a b"
        by auto
      {
        fix l
        assume "l ∈ p"
        then obtain g where g: "g ∈ Basis ->E {(a, c), (c, d), (d, b)}" and l: "l = ?B g"
          by (auto simp: p_def)
        assume "l ≠ k"
        have "∃i∈Basis. f i ≠ g i"
        proof (rule ccontr)
          assume "¬ ?thesis"
          with f g have "f = g"
            by (auto simp: PiE_iff extensional_def intro!: ext)
          with `l ≠ k` show False
            by (simp add: l k)
        qed
        then obtain i where *: "i ∈ Basis" "f i ≠ g i" ..
        then have "f i = (a, c) ∨ f i = (c, d) ∨ f i = (d, b)"
            "g i = (a, c) ∨ g i = (c, d) ∨ g i = (d, b)"
          using f g by (auto simp: PiE_iff)
        with * ord[of i] show "interior l ∩ interior k = {}"
          by (auto simp add: l k interior_cbox disjoint_interval intro!: bexI[of _ i])
      }
      note `k ⊆ cbox a b`
    }
    moreover
    {
      fix x assume x: "x ∈ cbox a b"
      have "∀i∈Basis. ∃l. x • i ∈ {fst l • i .. snd l • i} ∧ l ∈ {(a, c), (c, d), (d, b)}"
      proof
        fix i :: 'a
        assume "i ∈ Basis"
        with x ord[of i]
        have "(a • i ≤ x • i ∧ x • i ≤ c • i) ∨ (c • i ≤ x • i ∧ x • i ≤ d • i) ∨
            (d • i ≤ x • i ∧ x • i ≤ b • i)"
          by (auto simp: cbox_def)
        then show "∃l. x • i ∈ {fst l • i .. snd l • i} ∧ l ∈ {(a, c), (c, d), (d, b)}"
          by auto
      qed
      then obtain f where
        f: "∀i∈Basis. x • i ∈ {fst (f i) • i..snd (f i) • i} ∧ f i ∈ {(a, c), (c, d), (d, b)}"
        unfolding bchoice_iff ..
      moreover from f have "restrict f Basis ∈ Basis ->E {(a, c), (c, d), (d, b)}"
        by auto
      moreover from f have "x ∈ ?B (restrict f Basis)"
        by (auto simp: mem_box)
      ultimately have "∃k∈p. x ∈ k"
        unfolding p_def by blast
    }
    ultimately show "\<Union>p = cbox a b"
      by auto
  qed
qed

lemma partial_division_extend_interval:
  assumes "p division_of (\<Union>p)" "(\<Union>p) ⊆ cbox a b"
  obtains q where "p ⊆ q" "q division_of cbox a (b::'a::euclidean_space)"
proof (cases "p = {}")
  case True
  obtain q where "q division_of (cbox a b)"
    by (rule elementary_interval)
  then show ?thesis
    apply -
    apply (rule that[of q])
    unfolding True
    apply auto
    done
next
  case False
  note p = division_ofD[OF assms(1)]
  have *: "∀k∈p. ∃q. q division_of cbox a b ∧ k ∈ q"
  proof
    case goal1
    obtain c d where k: "k = cbox c d"
      using p(4)[OF goal1] by blast
    have *: "cbox c d ⊆ cbox a b" "cbox c d ≠ {}"
      using p(2,3)[OF goal1, unfolded k] using assms(2)
      by (blast intro: order.trans)+
    obtain q where "q division_of cbox a b" "cbox c d ∈ q"
      by (rule partial_division_extend_1[OF *])
    then show ?case
      unfolding k by auto
  qed
  obtain q where q: "!!x. x ∈ p ==> q x division_of cbox a b" "!!x. x ∈ p ==> x ∈ q x"
    using bchoice[OF *] by blast
  have "!!x. x ∈ p ==> ∃d. d division_of \<Union>(q x - {x})"
    apply rule
    apply (rule_tac p="q x" in division_of_subset)
  proof -
    fix x
    assume x: "x ∈ p"
    show "q x division_of \<Union>q x"
      apply -
      apply (rule division_ofI)
      using division_ofD[OF q(1)[OF x]]
      apply auto
      done
    show "q x - {x} ⊆ q x"
      by auto
  qed
  then have "∃d. d division_of \<Inter> ((λi. \<Union>(q i - {i})) ` p)"
    apply -
    apply (rule elementary_inters)
    apply (rule finite_imageI[OF p(1)])
    unfolding image_is_empty
    apply (rule False)
    apply auto
    done
  then obtain d where d: "d division_of \<Inter>((λi. \<Union>(q i - {i})) ` p)" ..
  show ?thesis
    apply (rule that[of "d ∪ p"])
  proof -
    have *: "!!s f t. s ≠ {} ==> ∀i∈s. f i ∪ i = t ==> t = \<Inter>(f ` s) ∪ \<Union>s" by auto
    have *: "cbox a b = \<Inter>((λi. \<Union>(q i - {i})) ` p) ∪ \<Union>p"
      apply (rule *[OF False])
    proof
      fix i
      assume i: "i ∈ p"
      show "\<Union>(q i - {i}) ∪ i = cbox a b"
        using division_ofD(6)[OF q(1)[OF i]] using q(2)[OF i] by auto
    qed
    show "d ∪ p division_of (cbox a b)"
      unfolding *
      apply (rule division_disjoint_union[OF d assms(1)])
      apply (rule inter_interior_unions_intervals)
      apply (rule p open_interior ballI)+
      apply assumption
    proof
      fix k
      assume k: "k ∈ p"
      have *: "!!u t s. u ⊆ s ==> s ∩ t = {} ==> u ∩ t = {}"
        by auto
      show "interior (\<Inter> ((λi. \<Union>(q i - {i})) ` p)) ∩ interior k = {}"
        apply (rule *[of _ "interior (\<Union>(q k - {k}))"])
        defer
        apply (subst Int_commute)
        apply (rule inter_interior_unions_intervals)
      proof -
        note qk=division_ofD[OF q(1)[OF k]]
        show "finite (q k - {k})" "open (interior k)" "∀t∈q k - {k}. ∃a b. t = cbox a b"
          using qk by auto
        show "∀t∈q k - {k}. interior k ∩ interior t = {}"
          using qk(5) using q(2)[OF k] by auto
        have *: "!!x s. x ∈ s ==> \<Inter>s ⊆ x"
          by auto
        show "interior (\<Inter> ((λi. \<Union>(q i - {i})) ` p)) ⊆ interior (\<Union>(q k - {k}))"
          apply (rule interior_mono *)+
          using k
          apply auto
          done
      qed
    qed
  qed auto
qed

lemma elementary_bounded[dest]:
  fixes s :: "'a::euclidean_space set"
  shows "p division_of s ==> bounded s"
  unfolding division_of_def by (metis bounded_Union bounded_cbox)

lemma elementary_subset_cbox:
  "p division_of s ==> ∃a b. s ⊆ cbox a (b::'a::euclidean_space)"
  by (meson elementary_bounded bounded_subset_cbox)

lemma division_union_intervals_exists:
  fixes a b :: "'a::euclidean_space"
  assumes "cbox a b ≠ {}"
  obtains p where "(insert (cbox a b) p) division_of (cbox a b ∪ cbox c d)"
proof (cases "cbox c d = {}")
  case True
  show ?thesis
    apply (rule that[of "{}"])
    unfolding True
    using assms
    apply auto
    done
next
  case False
  show ?thesis
  proof (cases "cbox a b ∩ cbox c d = {}")
    case True
    have *: "!!a b. {a, b} = {a} ∪ {b}" by auto
    show ?thesis
      apply (rule that[of "{cbox c d}"])
      unfolding *
      apply (rule division_disjoint_union)
      using `cbox c d ≠ {}` True assms
      using interior_subset
      apply auto
      done
  next
    case False
    obtain u v where uv: "cbox a b ∩ cbox c d = cbox u v"
      unfolding inter_interval by auto
    have *: "cbox u v ⊆ cbox c d" using uv by auto
    obtain p where "p division_of cbox c d" "cbox u v ∈ p"
      by (rule partial_division_extend_1[OF * False[unfolded uv]])
    note p = this division_ofD[OF this(1)]
    have *: "cbox a b ∪ cbox c d = cbox a b ∪ \<Union>(p - {cbox u v})" "!!x s. insert x s = {x} ∪ s"
      using p(8) unfolding uv[symmetric] by auto
    show ?thesis
      apply (rule that[of "p - {cbox u v}"])
      unfolding *(1)
      apply (subst *(2))
      apply (rule division_disjoint_union)
      apply (rule, rule assms)
      apply (rule division_of_subset[of p])
      apply (rule division_of_union_self[OF p(1)])
      defer
      unfolding interior_inter[symmetric]
    proof -
      have *: "!!cd p uv ab. p ⊆ cd ==> ab ∩ cd = uv ==> ab ∩ p = uv ∩ p" by auto
      have "interior (cbox a b ∩ \<Union>(p - {cbox u v})) = interior(cbox u v ∩ \<Union>(p - {cbox u v}))"
        apply (rule arg_cong[of _ _ interior])
        apply (rule *[OF _ uv])
        using p(8)
        apply auto
        done
      also have "… = {}"
        unfolding interior_inter
        apply (rule inter_interior_unions_intervals)
        using p(6) p(7)[OF p(2)] p(3)
        apply auto
        done
      finally show "interior (cbox a b ∩ \<Union>(p - {cbox u v})) = {}" .
    qed auto
  qed
qed

lemma division_of_unions:
  assumes "finite f"
    and "!!p. p ∈ f ==> p division_of (\<Union>p)"
    and "!!k1 k2. k1 ∈ \<Union>f ==> k2 ∈ \<Union>f ==> k1 ≠ k2 ==> interior k1 ∩ interior k2 = {}"
  shows "\<Union>f division_of \<Union>\<Union>f"
  apply (rule division_ofI)
  prefer 5
  apply (rule assms(3)|assumption)+
  apply (rule finite_Union assms(1))+
  prefer 3
  apply (erule UnionE)
  apply (rule_tac s=X in division_ofD(3)[OF assms(2)])
  using division_ofD[OF assms(2)]
  apply auto
  done

lemma elementary_union_interval:
  fixes a b :: "'a::euclidean_space"
  assumes "p division_of \<Union>p"
  obtains q where "q division_of (cbox a b ∪ \<Union>p)"
proof -
  note assm = division_ofD[OF assms]
  have lem1: "!!f s. \<Union>\<Union>(f ` s) = \<Union>((λx. \<Union>(f x)) ` s)"
    by auto
  have lem2: "!!f s. f ≠ {} ==> \<Union>{s ∪ t |t. t ∈ f} = s ∪ \<Union>f"
    by auto
  {
    presume "p = {} ==> thesis"
      "cbox a b = {} ==> thesis"
      "cbox a b ≠ {} ==> interior (cbox a b) = {} ==> thesis"
      "p ≠ {} ==> interior (cbox a b)≠{} ==> cbox a b ≠ {} ==> thesis"
    then show thesis by auto
  next
    assume as: "p = {}"
    obtain p where "p division_of (cbox a b)"
      by (rule elementary_interval)
    then show thesis
      apply -
      apply (rule that[of p])
      unfolding as
      apply auto
      done
  next
    assume as: "cbox a b = {}"
    show thesis
      apply (rule that)
      unfolding as
      using assms
      apply auto
      done
  next
    assume as: "interior (cbox a b) = {}" "cbox a b ≠ {}"
    show thesis
      apply (rule that[of "insert (cbox a b) p"],rule division_ofI)
      unfolding finite_insert
      apply (rule assm(1)) unfolding Union_insert
      using assm(2-4) as
      apply -
      apply (fast dest: assm(5))+
      done
  next
    assume as: "p ≠ {}" "interior (cbox a b) ≠ {}" "cbox a b ≠ {}"
    have "∀k∈p. ∃q. (insert (cbox a b) q) division_of (cbox a b ∪ k)"
    proof
      case goal1
      from assm(4)[OF this] obtain c d where "k = cbox c d" by blast
      then show ?case
        apply -
        apply (rule division_union_intervals_exists[OF as(3), of c d])
        apply auto
        done
    qed
    from bchoice[OF this] obtain q where "∀x∈p. insert (cbox a b) (q x) division_of (cbox a b) ∪ x" ..
    note q = division_ofD[OF this[rule_format]]
    let ?D = "\<Union>{insert (cbox a b) (q k) | k. k ∈ p}"
    show thesis
      apply (rule that[of "?D"])
      apply (rule division_ofI)
    proof -
      have *: "{insert (cbox a b) (q k) |k. k ∈ p} = (λk. insert (cbox a b) (q k)) ` p"
        by auto
      show "finite ?D"
        apply (rule finite_Union)
        unfolding *
        apply (rule finite_imageI)
        using assm(1) q(1)
        apply auto
        done
      show "\<Union>?D = cbox a b ∪ \<Union>p"
        unfolding * lem1
        unfolding lem2[OF as(1), of "cbox a b", symmetric]
        using q(6)
        by auto
      fix k
      assume k: "k ∈ ?D"
      then show "k ⊆ cbox a b ∪ \<Union>p"
        using q(2) by auto
      show "k ≠ {}"
        using q(3) k by auto
      show "∃a b. k = cbox a b"
        using q(4) k by auto
      fix k'
      assume k': "k' ∈ ?D" "k ≠ k'"
      obtain x where x: "k ∈ insert (cbox a b) (q x)" "x∈p"
        using k by auto
      obtain x' where x': "k'∈insert (cbox a b) (q x')" "x'∈p"
        using k' by auto
      show "interior k ∩ interior k' = {}"
      proof (cases "x = x'")
        case True
        show ?thesis
          apply(rule q(5))
          using x x' k'
          unfolding True
          apply auto
          done
      next
        case False
        {
          presume "k = cbox a b ==> ?thesis"
            and "k' = cbox a b ==> ?thesis"
            and "k ≠ cbox a b ==> k' ≠ cbox a b ==> ?thesis"
          then show ?thesis by auto
        next
          assume as': "k  = cbox a b"
          show ?thesis
            apply (rule q(5))
            using x' k'(2)
            unfolding as'
            apply auto
            done
        next
          assume as': "k' = cbox a b"
          show ?thesis
            apply (rule q(5))
            using x  k'(2)
            unfolding as'
            apply auto
            done
        }
        assume as': "k ≠ cbox a b" "k' ≠ cbox a b"
        obtain c d where k: "k = cbox c d"
          using q(4)[OF x(2,1)] by blast
        have "interior k ∩ interior (cbox a b) = {}"
          apply (rule q(5))
          using x k'(2)
          using as'
          apply auto
          done
        then have "interior k ⊆ interior x"
          apply -
          apply (rule interior_subset_union_intervals[OF k _ as(2) q(2)[OF x(2,1)]])
          apply auto
          done
        moreover
        obtain c d where c_d: "k' = cbox c d"
          using q(4)[OF x'(2,1)] by blast
        have "interior k' ∩ interior (cbox a b) = {}"
          apply (rule q(5))
          using x' k'(2)
          using as'
          apply auto
          done
        then have "interior k' ⊆ interior x'"
          apply -
          apply (rule interior_subset_union_intervals[OF c_d _ as(2) q(2)[OF x'(2,1)]])
          apply auto
          done
        ultimately show ?thesis
          using assm(5)[OF x(2) x'(2) False] by auto
      qed
    qed
  }
qed

lemma elementary_unions_intervals:
  assumes fin: "finite f"
    and "!!s. s ∈ f ==> ∃a b. s = cbox a (b::'a::euclidean_space)"
  obtains p where "p division_of (\<Union>f)"
proof -
  have "∃p. p division_of (\<Union>f)"
  proof (induct_tac f rule:finite_subset_induct)
    show "∃p. p division_of \<Union>{}" using elementary_empty by auto
  next
    fix x F
    assume as: "finite F" "x ∉ F" "∃p. p division_of \<Union>F" "x∈f"
    from this(3) obtain p where p: "p division_of \<Union>F" ..
    from assms(2)[OF as(4)] obtain a b where x: "x = cbox a b" by blast
    have *: "\<Union>F = \<Union>p"
      using division_ofD[OF p] by auto
    show "∃p. p division_of \<Union>insert x F"
      using elementary_union_interval[OF p[unfolded *], of a b]
      unfolding Union_insert x * by auto
  qed (insert assms, auto)
  then show ?thesis
    apply -
    apply (erule exE)
    apply (rule that)
    apply auto
    done
qed

lemma elementary_union:
  fixes s t :: "'a::euclidean_space set"
  assumes "ps division_of s"
    and "pt division_of t"
  obtains p where "p division_of (s ∪ t)"
proof -
  have "s ∪ t = \<Union>ps ∪ \<Union>pt"
    using assms unfolding division_of_def by auto
  then have *: "\<Union>(ps ∪ pt) = s ∪ t" by auto
  show ?thesis
    apply -
    apply (rule elementary_unions_intervals[of "ps ∪ pt"])
    unfolding *
    prefer 3
    apply (rule_tac p=p in that)
    using assms[unfolded division_of_def]
    apply auto
    done
qed

lemma partial_division_extend:
  fixes t :: "'a::euclidean_space set"
  assumes "p division_of s"
    and "q division_of t"
    and "s ⊆ t"
  obtains r where "p ⊆ r" and "r division_of t"
proof -
  note divp = division_ofD[OF assms(1)] and divq = division_ofD[OF assms(2)]
  obtain a b where ab: "t ⊆ cbox a b"
    using elementary_subset_cbox[OF assms(2)] by auto
  obtain r1 where "p ⊆ r1" "r1 division_of (cbox a b)"
    apply (rule partial_division_extend_interval)
    apply (rule assms(1)[unfolded divp(6)[symmetric]])
    apply (rule subset_trans)
    apply (rule ab assms[unfolded divp(6)[symmetric]])+
    apply assumption
    done
  note r1 = this division_ofD[OF this(2)]
  obtain p' where "p' division_of \<Union>(r1 - p)"
    apply (rule elementary_unions_intervals[of "r1 - p"])
    using r1(3,6)
    apply auto
    done
  then obtain r2 where r2: "r2 division_of (\<Union>(r1 - p)) ∩ (\<Union>q)"
    apply -
    apply (drule elementary_inter[OF _ assms(2)[unfolded divq(6)[symmetric]]])
    apply auto
    done
  {
    fix x
    assume x: "x ∈ t" "x ∉ s"
    then have "x∈\<Union>r1"
      unfolding r1 using ab by auto
    then obtain r where r: "r ∈ r1" "x ∈ r"
      unfolding Union_iff ..
    moreover
    have "r ∉ p"
    proof
      assume "r ∈ p"
      then have "x ∈ s" using divp(2) r by auto
      then show False using x by auto
    qed
    ultimately have "x∈\<Union>(r1 - p)" by auto
  }
  then have *: "t = \<Union>p ∪ (\<Union>(r1 - p) ∩ \<Union>q)"
    unfolding divp divq using assms(3) by auto
  show ?thesis
    apply (rule that[of "p ∪ r2"])
    unfolding *
    defer
    apply (rule division_disjoint_union)
    unfolding divp(6)
    apply(rule assms r2)+
  proof -
    have "interior s ∩ interior (\<Union>(r1-p)) = {}"
    proof (rule inter_interior_unions_intervals)
      show "finite (r1 - p)" and "open (interior s)" and "∀t∈r1-p. ∃a b. t = cbox a b"
        using r1 by auto
      have *: "!!s. (!!x. x ∈ s ==> False) ==> s = {}"
        by auto
      show "∀t∈r1-p. interior s ∩ interior t = {}"
      proof
        fix m x
        assume as: "m ∈ r1 - p"
        have "interior m ∩ interior (\<Union>p) = {}"
        proof (rule inter_interior_unions_intervals)
          show "finite p" and "open (interior m)" and "∀t∈p. ∃a b. t = cbox a b"
            using divp by auto
          show "∀t∈p. interior m ∩ interior t = {}"
            apply (rule, rule r1(7))
            using as
            using r1 
            apply auto
            done
        qed
        then show "interior s ∩ interior m = {}"
          unfolding divp by auto
      qed
    qed
    then show "interior s ∩ interior (\<Union>(r1-p) ∩ (\<Union>q)) = {}"
      using interior_subset by auto
  qed auto
qed


subsection {* Tagged (partial) divisions. *}

definition tagged_partial_division_of (infixr "tagged'_partial'_division'_of" 40)
  where "s tagged_partial_division_of i <->
    finite s ∧
    (∀x k. (x, k) ∈ s --> x ∈ k ∧ k ⊆ i ∧ (∃a b. k = cbox a b)) ∧
    (∀x1 k1 x2 k2. (x1, k1) ∈ s ∧ (x2, k2) ∈ s ∧ (x1, k1) ≠ (x2, k2) -->
      interior k1 ∩ interior k2 = {})"

lemma tagged_partial_division_ofD[dest]:
  assumes "s tagged_partial_division_of i"
  shows "finite s"
    and "!!x k. (x,k) ∈ s ==> x ∈ k"
    and "!!x k. (x,k) ∈ s ==> k ⊆ i"
    and "!!x k. (x,k) ∈ s ==> ∃a b. k = cbox a b"
    and "!!x1 k1 x2 k2. (x1,k1) ∈ s ==>
      (x2, k2) ∈ s ==> (x1, k1) ≠ (x2, k2) ==> interior k1 ∩ interior k2 = {}"
  using assms unfolding tagged_partial_division_of_def by blast+

definition tagged_division_of (infixr "tagged'_division'_of" 40)
  where "s tagged_division_of i <-> s tagged_partial_division_of i ∧ (\<Union>{k. ∃x. (x,k) ∈ s} = i)"

lemma tagged_division_of_finite: "s tagged_division_of i ==> finite s"
  unfolding tagged_division_of_def tagged_partial_division_of_def by auto

lemma tagged_division_of:
  "s tagged_division_of i <->
    finite s ∧
    (∀x k. (x, k) ∈ s --> x ∈ k ∧ k ⊆ i ∧ (∃a b. k = cbox a b)) ∧
    (∀x1 k1 x2 k2. (x1, k1) ∈ s ∧ (x2, k2) ∈ s ∧ (x1, k1) ≠ (x2, k2) -->
      interior k1 ∩ interior k2 = {}) ∧
    (\<Union>{k. ∃x. (x,k) ∈ s} = i)"
  unfolding tagged_division_of_def tagged_partial_division_of_def by auto

lemma tagged_division_ofI:
  assumes "finite s"
    and "!!x k. (x,k) ∈ s ==> x ∈ k"
    and "!!x k. (x,k) ∈ s ==> k ⊆ i"
    and "!!x k. (x,k) ∈ s ==> ∃a b. k = cbox a b"
    and "!!x1 k1 x2 k2. (x1,k1) ∈ s ==> (x2, k2) ∈ s ==> (x1, k1) ≠ (x2, k2) ==>
      interior k1 ∩ interior k2 = {}"
    and "(\<Union>{k. ∃x. (x,k) ∈ s} = i)"
  shows "s tagged_division_of i"
  unfolding tagged_division_of
  apply rule
  defer
  apply rule
  apply (rule allI impI conjI assms)+
  apply assumption
  apply rule
  apply (rule assms)
  apply assumption
  apply (rule assms)
  apply assumption
  using assms(1,5-)
  apply blast+
  done

lemma tagged_division_ofD[dest]:
  assumes "s tagged_division_of i"
  shows "finite s"
    and "!!x k. (x,k) ∈ s ==> x ∈ k"
    and "!!x k. (x,k) ∈ s ==> k ⊆ i"
    and "!!x k. (x,k) ∈ s ==> ∃a b. k = cbox a b"
    and "!!x1 k1 x2 k2. (x1, k1) ∈ s ==> (x2, k2) ∈ s ==> (x1, k1) ≠ (x2, k2) ==>
      interior k1 ∩ interior k2 = {}"
    and "(\<Union>{k. ∃x. (x,k) ∈ s} = i)"
  using assms unfolding tagged_division_of by blast+

lemma division_of_tagged_division:
  assumes "s tagged_division_of i"
  shows "(snd ` s) division_of i"
proof (rule division_ofI)
  note assm = tagged_division_ofD[OF assms]
  show "\<Union>(snd ` s) = i" "finite (snd ` s)"
    using assm by auto
  fix k
  assume k: "k ∈ snd ` s"
  then obtain xk where xk: "(xk, k) ∈ s"
    by auto
  then show "k ⊆ i" "k ≠ {}" "∃a b. k = cbox a b"
    using assm by fastforce+
  fix k'
  assume k': "k' ∈ snd ` s" "k ≠ k'"
  from this(1) obtain xk' where xk': "(xk', k') ∈ s"
    by auto
  then show "interior k ∩ interior k' = {}"
    apply -
    apply (rule assm(5))
    apply (rule xk xk')+
    using k'
    apply auto
    done
qed

lemma partial_division_of_tagged_division:
  assumes "s tagged_partial_division_of i"
  shows "(snd ` s) division_of \<Union>(snd ` s)"
proof (rule division_ofI)
  note assm = tagged_partial_division_ofD[OF assms]
  show "finite (snd ` s)" "\<Union>(snd ` s) = \<Union>(snd ` s)"
    using assm by auto
  fix k
  assume k: "k ∈ snd ` s"
  then obtain xk where xk: "(xk, k) ∈ s"
    by auto
  then show "k ≠ {}" "∃a b. k = cbox a b" "k ⊆ \<Union>(snd ` s)"
    using assm by auto
  fix k'
  assume k': "k' ∈ snd ` s" "k ≠ k'"
  from this(1) obtain xk' where xk': "(xk', k') ∈ s"
    by auto
  then show "interior k ∩ interior k' = {}"
    apply -
    apply (rule assm(5))
    apply(rule xk xk')+
    using k'
    apply auto
    done
qed

lemma tagged_partial_division_subset:
  assumes "s tagged_partial_division_of i"
    and "t ⊆ s"
  shows "t tagged_partial_division_of i"
  using assms
  unfolding tagged_partial_division_of_def
  using finite_subset[OF assms(2)]
  by blast

lemma setsum_over_tagged_division_lemma:
  assumes "p tagged_division_of i"
    and "!!u v. cbox u v ≠ {} ==> content (cbox u v) = 0 ==> d (cbox u v) = 0"
  shows "setsum (λ(x,k). d k) p = setsum d (snd ` p)"
proof -
  have *: "(λ(x,k). d k) = d o snd"
    unfolding o_def by (rule ext) auto
  note assm = tagged_division_ofD[OF assms(1)]
  show ?thesis
    unfolding *
  proof (rule setsum.reindex_nontrivial[symmetric])
    show "finite p"
      using assm by auto
    fix x y
    assume "x∈p" "y∈p" "x≠y" "snd x = snd y"
    obtain a b where ab: "snd x = cbox a b"
      using assm(4)[of "fst x" "snd x"] `x∈p` by auto
    have "(fst x, snd y) ∈ p" "(fst x, snd y) ≠ y"
      by (metis pair_collapse `x∈p` `snd x = snd y` `x ≠ y`)+
    with `x∈p` `y∈p` have "interior (snd x) ∩ interior (snd y) = {}"
      by (intro assm(5)[of "fst x" _ "fst y"]) auto
    then have "content (cbox a b) = 0"
      unfolding `snd x = snd y`[symmetric] ab content_eq_0_interior by auto
    then have "d (cbox a b) = 0"
      using assm(2)[of "fst x" "snd x"] `x∈p` ab[symmetric] by (intro assms(2)) auto
    then show "d (snd x) = 0"
      unfolding ab by auto
  qed
qed

lemma tag_in_interval: "p tagged_division_of i ==> (x, k) ∈ p ==> x ∈ i"
  by auto

lemma tagged_division_of_empty: "{} tagged_division_of {}"
  unfolding tagged_division_of by auto

lemma tagged_partial_division_of_trivial[simp]: "p tagged_partial_division_of {} <-> p = {}"
  unfolding tagged_partial_division_of_def by auto

lemma tagged_division_of_trivial[simp]: "p tagged_division_of {} <-> p = {}"
  unfolding tagged_division_of by auto

lemma tagged_division_of_self: "x ∈ cbox a b ==> {(x,cbox a b)} tagged_division_of (cbox a b)"
  by (rule tagged_division_ofI) auto

lemma tagged_division_of_self_real: "x ∈ {a .. b::real} ==> {(x,{a .. b})} tagged_division_of {a .. b}"
  unfolding box_real[symmetric]
  by (rule tagged_division_of_self)

lemma tagged_division_union:
  assumes "p1 tagged_division_of s1"
    and "p2 tagged_division_of s2"
    and "interior s1 ∩ interior s2 = {}"
  shows "(p1 ∪ p2) tagged_division_of (s1 ∪ s2)"
proof (rule tagged_division_ofI)
  note p1 = tagged_division_ofD[OF assms(1)]
  note p2 = tagged_division_ofD[OF assms(2)]
  show "finite (p1 ∪ p2)"
    using p1(1) p2(1) by auto
  show "\<Union>{k. ∃x. (x, k) ∈ p1 ∪ p2} = s1 ∪ s2"
    using p1(6) p2(6) by blast
  fix x k
  assume xk: "(x, k) ∈ p1 ∪ p2"
  show "x ∈ k" "∃a b. k = cbox a b"
    using xk p1(2,4) p2(2,4) by auto
  show "k ⊆ s1 ∪ s2"
    using xk p1(3) p2(3) by blast
  fix x' k'
  assume xk': "(x', k') ∈ p1 ∪ p2" "(x, k) ≠ (x', k')"
  have *: "!!a b. a ⊆ s1 ==> b ⊆ s2 ==> interior a ∩ interior b = {}"
    using assms(3) interior_mono by blast
  show "interior k ∩ interior k' = {}"
    apply (cases "(x, k) ∈ p1")
    apply (case_tac[!] "(x',k') ∈ p1")
    apply (rule p1(5))
    prefer 4
    apply (rule *)
    prefer 6
    apply (subst Int_commute)
    apply (rule *)
    prefer 8
    apply (rule p2(5))
    using p1(3) p2(3)
    using xk xk'
    apply auto
    done
qed

lemma tagged_division_unions:
  assumes "finite iset"
    and "∀i∈iset. pfn i tagged_division_of i"
    and "∀i1∈iset. ∀i2∈iset. i1 ≠ i2 --> interior(i1) ∩ interior(i2) = {}"
  shows "\<Union>(pfn ` iset) tagged_division_of (\<Union>iset)"
proof (rule tagged_division_ofI)
  note assm = tagged_division_ofD[OF assms(2)[rule_format]]
  show "finite (\<Union>(pfn ` iset))"
    apply (rule finite_Union)
    using assms
    apply auto
    done
  have "\<Union>{k. ∃x. (x, k) ∈ \<Union>(pfn ` iset)} = \<Union>((λi. \<Union>{k. ∃x. (x, k) ∈ pfn i}) ` iset)"
    by blast
  also have "… = \<Union>iset"
    using assm(6) by auto
  finally show "\<Union>{k. ∃x. (x, k) ∈ \<Union>(pfn ` iset)} = \<Union>iset" .
  fix x k
  assume xk: "(x, k) ∈ \<Union>(pfn ` iset)"
  then obtain i where i: "i ∈ iset" "(x, k) ∈ pfn i"
    by auto
  show "x ∈ k" "∃a b. k = cbox a b" "k ⊆ \<Union>iset"
    using assm(2-4)[OF i] using i(1) by auto
  fix x' k'
  assume xk': "(x', k') ∈ \<Union>(pfn ` iset)" "(x, k) ≠ (x', k')"
  then obtain i' where i': "i' ∈ iset" "(x', k') ∈ pfn i'"
    by auto
  have *: "!!a b. i ≠ i' ==> a ⊆ i ==> b ⊆ i' ==> interior a ∩ interior b = {}"
    using i(1) i'(1)
    using assms(3)[rule_format] interior_mono
    by blast
  show "interior k ∩ interior k' = {}"
    apply (cases "i = i'")
    using assm(5)[OF i _ xk'(2)] i'(2)
    using assm(3)[OF i] assm(3)[OF i']
    defer
    apply -
    apply (rule *)
    apply auto
    done
qed

lemma tagged_partial_division_of_union_self:
  assumes "p tagged_partial_division_of s"
  shows "p tagged_division_of (\<Union>(snd ` p))"
  apply (rule tagged_division_ofI)
  using tagged_partial_division_ofD[OF assms]
  apply auto
  done

lemma tagged_division_of_union_self:
  assumes "p tagged_division_of s"
  shows "p tagged_division_of (\<Union>(snd ` p))"
  apply (rule tagged_division_ofI)
  using tagged_division_ofD[OF assms]
  apply auto
  done


subsection {* Fine-ness of a partition w.r.t. a gauge. *}

definition fine  (infixr "fine" 46)
  where "d fine s <-> (∀(x,k) ∈ s. k ⊆ d x)"

lemma fineI:
  assumes "!!x k. (x, k) ∈ s ==> k ⊆ d x"
  shows "d fine s"
  using assms unfolding fine_def by auto

lemma fineD[dest]:
  assumes "d fine s"
  shows "!!x k. (x,k) ∈ s ==> k ⊆ d x"
  using assms unfolding fine_def by auto

lemma fine_inter: "(λx. d1 x ∩ d2 x) fine p <-> d1 fine p ∧ d2 fine p"
  unfolding fine_def by auto

lemma fine_inters:
 "(λx. \<Inter> {f d x | d.  d ∈ s}) fine p <-> (∀d∈s. (f d) fine p)"
  unfolding fine_def by blast

lemma fine_union: "d fine p1 ==> d fine p2 ==> d fine (p1 ∪ p2)"
  unfolding fine_def by blast

lemma fine_unions: "(!!p. p ∈ ps ==> d fine p) ==> d fine (\<Union>ps)"
  unfolding fine_def by auto

lemma fine_subset: "p ⊆ q ==> d fine q ==> d fine p"
  unfolding fine_def by blast


subsection {* Gauge integral. Define on compact intervals first, then use a limit. *}

definition has_integral_compact_interval (infixr "has'_integral'_compact'_interval" 46)
  where "(f has_integral_compact_interval y) i <->
    (∀e>0. ∃d. gauge d ∧
      (∀p. p tagged_division_of i ∧ d fine p -->
        norm (setsum (λ(x,k). content k *R f x) p - y) < e))"

definition has_integral ::
    "('n::euclidean_space => 'b::real_normed_vector) => 'b => 'n set => bool"
  (infixr "has'_integral" 46)
  where "(f has_integral y) i <->
    (if ∃a b. i = cbox a b
     then (f has_integral_compact_interval y) i
     else (∀e>0. ∃B>0. ∀a b. ball 0 B ⊆ cbox a b -->
      (∃z. ((λx. if x ∈ i then f x else 0) has_integral_compact_interval z) (cbox a b) ∧
        norm (z - y) < e)))"

lemma has_integral:
  "(f has_integral y) (cbox a b) <->
    (∀e>0. ∃d. gauge d ∧
      (∀p. p tagged_division_of (cbox a b) ∧ d fine p -->
        norm (setsum (λ(x,k). content(k) *R f x) p - y) < e))"
  unfolding has_integral_def has_integral_compact_interval_def
  by auto

lemma has_integral_real:
  "(f has_integral y) {a .. b::real} <->
    (∀e>0. ∃d. gauge d ∧
      (∀p. p tagged_division_of {a .. b} ∧ d fine p -->
        norm (setsum (λ(x,k). content(k) *R f x) p - y) < e))"
  unfolding box_real[symmetric]
  by (rule has_integral)

lemma has_integralD[dest]:
  assumes "(f has_integral y) (cbox a b)"
    and "e > 0"
  obtains d where "gauge d"
    and "!!p. p tagged_division_of (cbox a b) ==> d fine p ==>
      norm (setsum (λ(x,k). content(k) *R f(x)) p - y) < e"
  using assms unfolding has_integral by auto

lemma has_integral_alt:
  "(f has_integral y) i <->
    (if ∃a b. i = cbox a b
     then (f has_integral y) i
     else (∀e>0. ∃B>0. ∀a b. ball 0 B ⊆ cbox a b -->
      (∃z. ((λx. if x ∈ i then f(x) else 0) has_integral z) (cbox a b) ∧ norm (z - y) < e)))"
  unfolding has_integral
  unfolding has_integral_compact_interval_def has_integral_def
  by auto

lemma has_integral_altD:
  assumes "(f has_integral y) i"
    and "¬ (∃a b. i = cbox a b)"
    and "e>0"
  obtains B where "B > 0"
    and "∀a b. ball 0 B ⊆ cbox a b -->
      (∃z. ((λx. if x ∈ i then f(x) else 0) has_integral z) (cbox a b) ∧ norm(z - y) < e)"
  using assms
  unfolding has_integral
  unfolding has_integral_compact_interval_def has_integral_def
  by auto

definition integrable_on (infixr "integrable'_on" 46)
  where "f integrable_on i <-> (∃y. (f has_integral y) i)"

definition "integral i f = (SOME y. (f has_integral y) i)"

lemma integrable_integral[dest]: "f integrable_on i ==> (f has_integral (integral i f)) i"
  unfolding integrable_on_def integral_def by (rule someI_ex)

lemma has_integral_integrable[intro]: "(f has_integral i) s ==> f integrable_on s"
  unfolding integrable_on_def by auto

lemma has_integral_integral: "f integrable_on s <-> (f has_integral (integral s f)) s"
  by auto

lemma setsum_content_null:
  assumes "content (cbox a b) = 0"
    and "p tagged_division_of (cbox a b)"
  shows "setsum (λ(x,k). content k *R f x) p = (0::'a::real_normed_vector)"
proof (rule setsum.neutral, rule)
  fix y
  assume y: "y ∈ p"
  obtain x k where xk: "y = (x, k)"
    using surj_pair[of y] by blast
  note assm = tagged_division_ofD(3-4)[OF assms(2) y[unfolded xk]]
  from this(2) obtain c d where k: "k = cbox c d" by blast
  have "(λ(x, k). content k *R f x) y = content k *R f x"
    unfolding xk by auto
  also have "… = 0"
    using content_subset[OF assm(1)[unfolded k]] content_pos_le[of c d]
    unfolding assms(1) k
    by auto
  finally show "(λ(x, k). content k *R f x) y = 0" .
qed


subsection {* Some basic combining lemmas. *}

lemma tagged_division_unions_exists:
  assumes "finite iset"
    and "∀i∈iset. ∃p. p tagged_division_of i ∧ d fine p"
    and "∀i1∈iset. ∀i2∈iset. i1 ≠ i2 --> interior i1 ∩ interior i2 = {}"
    and "\<Union>iset = i"
   obtains p where "p tagged_division_of i" and "d fine p"
proof -
  obtain pfn where pfn:
    "!!x. x ∈ iset ==> pfn x tagged_division_of x"
    "!!x. x ∈ iset ==> d fine pfn x"
    using bchoice[OF assms(2)] by auto
  show thesis
    apply (rule_tac p="\<Union>(pfn ` iset)" in that)
    unfolding assms(4)[symmetric]
    apply (rule tagged_division_unions[OF assms(1) _ assms(3)])
    defer
    apply (rule fine_unions)
    using pfn
    apply auto
    done
qed


subsection {* The set we're concerned with must be closed. *}

lemma division_of_closed:
  fixes i :: "'n::euclidean_space set"
  shows "s division_of i ==> closed i"
  unfolding division_of_def by fastforce

subsection {* General bisection principle for intervals; might be useful elsewhere. *}

lemma interval_bisection_step:
  fixes type :: "'a::euclidean_space"
  assumes "P {}"
    and "∀s t. P s ∧ P t ∧ interior(s) ∩ interior(t) = {} --> P (s ∪ t)"
    and "¬ P (cbox a (b::'a))"
  obtains c d where "¬ P (cbox c d)"
    and "∀i∈Basis. a•i ≤ c•i ∧ c•i ≤ d•i ∧ d•i ≤ b•i ∧ 2 * (d•i - c•i) ≤ b•i - a•i"
proof -
  have "cbox a b ≠ {}"
    using assms(1,3) by metis
  then have ab: "!!i. i∈Basis ==> a • i ≤ b • i"
    by (force simp: mem_box)
  {
    fix f
    have "finite f ==>
      ∀s∈f. P s ==>
      ∀s∈f. ∃a b. s = cbox a b ==>
      ∀s∈f.∀t∈f. s ≠ t --> interior s ∩ interior t = {} ==> P (\<Union>f)"
    proof (induct f rule: finite_induct)
      case empty
      show ?case
        using assms(1) by auto
    next
      case (insert x f)
      show ?case
        unfolding Union_insert
        apply (rule assms(2)[rule_format])
        apply rule
        defer
        apply rule
        defer
        apply (rule inter_interior_unions_intervals)
        using insert
        apply auto
        done
    qed
  } note * = this
  let ?A = "{cbox c d | c d::'a. ∀i∈Basis. (c•i = a•i) ∧ (d•i = (a•i + b•i) / 2) ∨
    (c•i = (a•i + b•i) / 2) ∧ (d•i = b•i)}"
  let ?PP = "λc d. ∀i∈Basis. a•i ≤ c•i ∧ c•i ≤ d•i ∧ d•i ≤ b•i ∧ 2 * (d•i - c•i) ≤ b•i - a•i"
  {
    presume "∀c d. ?PP c d --> P (cbox c d) ==> False"
    then show thesis
      unfolding atomize_not not_all
      apply -
      apply (erule exE)+
      apply (rule_tac c=x and d=xa in that)
      apply auto
      done
  }
  assume as: "∀c d. ?PP c d --> P (cbox c d)"
  have "P (\<Union> ?A)"
    apply (rule *)
    apply (rule_tac[2-] ballI)
    apply (rule_tac[4] ballI)
    apply (rule_tac[4] impI)
  proof -
    let ?B = "(λs. cbox (∑i∈Basis. (if i ∈ s then a•i else (a•i + b•i) / 2) *R i::'a)
      (∑i∈Basis. (if i ∈ s then (a•i + b•i) / 2 else b•i) *R i)) ` {s. s ⊆ Basis}"
    have "?A ⊆ ?B"
    proof
      case goal1
      then obtain c d where x: "x = cbox c d"
        "!!i. i ∈ Basis ==>
          c • i = a • i ∧ d • i = (a • i + b • i) / 2 ∨
          c • i = (a • i + b • i) / 2 ∧ d • i = b • i" by blast
      have *: "!!a b c d. a = c ==> b = d ==> cbox a b = cbox c d"
        by auto
      show "x ∈ ?B"
        unfolding image_iff
        apply (rule_tac x="{i. i∈Basis ∧ c•i = a•i}" in bexI)
        unfolding x
        apply (rule *)
        apply (simp_all only: euclidean_eq_iff[where 'a='a] inner_setsum_left_Basis mem_Collect_eq simp_thms
          cong: ball_cong)
        apply safe
      proof -
        fix i :: 'a
        assume i: "i ∈ Basis"
        then show "c • i = (if c • i = a • i then a • i else (a • i + b • i) / 2)"
          and "d • i = (if c • i = a • i then (a • i + b • i) / 2 else b • i)"
          using x(2)[of i] ab[OF i] by (auto simp add:field_simps)
      qed
    qed
    then show "finite ?A"
      by (rule finite_subset) auto
    fix s
    assume "s ∈ ?A"
    then obtain c d where s:
      "s = cbox c d"
      "!!i. i ∈ Basis ==>
         c • i = a • i ∧ d • i = (a • i + b • i) / 2 ∨
         c • i = (a • i + b • i) / 2 ∧ d • i = b • i"
      by blast
    show "P s"
      unfolding s
      apply (rule as[rule_format])
    proof -
      case goal1
      then show ?case
        using s(2)[of i] using ab[OF `i ∈ Basis`] by auto
    qed
    show "∃a b. s = cbox a b"
      unfolding s by auto
    fix t
    assume "t ∈ ?A"
    then obtain e f where t:
      "t = cbox e f"
      "!!i. i ∈ Basis ==>
        e • i = a • i ∧ f • i = (a • i + b • i) / 2 ∨
        e • i = (a • i + b • i) / 2 ∧ f • i = b • i"
      by blast
    assume "s ≠ t"
    then have "¬ (c = e ∧ d = f)"
      unfolding s t by auto
    then obtain i where "c•i ≠ e•i ∨ d•i ≠ f•i" and i': "i ∈ Basis"
      unfolding euclidean_eq_iff[where 'a='a] by auto
    then have i: "c•i ≠ e•i" "d•i ≠ f•i"
      apply -
      apply(erule_tac[!] disjE)
    proof -
      assume "c•i ≠ e•i"
      then show "d•i ≠ f•i"
        using s(2)[OF i'] t(2)[OF i'] by fastforce
    next
      assume "d•i ≠ f•i"
      then show "c•i ≠ e•i"
        using s(2)[OF i'] t(2)[OF i'] by fastforce
    qed
    have *: "!!s t. (!!a. a ∈ s ==> a ∈ t ==> False) ==> s ∩ t = {}"
      by auto
    show "interior s ∩ interior t = {}"
      unfolding s t interior_cbox
    proof (rule *)
      fix x
      assume "x ∈ box c d" "x ∈ box e f"
      then have x: "c•i < d•i" "e•i < f•i" "c•i < f•i" "e•i < d•i"
        unfolding mem_box using i'
        apply -
        apply (erule_tac[!] x=i in ballE)+
        apply auto
        done
      show False
        using s(2)[OF i']
        apply -
        apply (erule_tac disjE)
        apply (erule_tac[!] conjE)
      proof -
        assume as: "c • i = a • i" "d • i = (a • i + b • i) / 2"
        show False
          using t(2)[OF i'] and i x unfolding as by (fastforce simp add:field_simps)
      next
        assume as: "c • i = (a • i + b • i) / 2" "d • i = b • i"
        show False
          using t(2)[OF i'] and i x unfolding as by(fastforce simp add:field_simps)
      qed
    qed
  qed
  also have "\<Union> ?A = cbox a b"
  proof (rule set_eqI,rule)
    fix x
    assume "x ∈ \<Union>?A"
    then obtain c d where x:
      "x ∈ cbox c d"
      "!!i. i ∈ Basis ==>
        c • i = a • i ∧ d • i = (a • i + b • i) / 2 ∨
        c • i = (a • i + b • i) / 2 ∧ d • i = b • i" by blast
    show "x∈cbox a b"
      unfolding mem_box
    proof safe
      fix i :: 'a
      assume i: "i ∈ Basis"
      then show "a • i ≤ x • i" "x • i ≤ b • i"
        using x(2)[OF i] x(1)[unfolded mem_box,THEN bspec, OF i] by auto
    qed
  next
    fix x
    assume x: "x ∈ cbox a b"
    have "∀i∈Basis.
      ∃c d. (c = a•i ∧ d = (a•i + b•i) / 2 ∨ c = (a•i + b•i) / 2 ∧ d = b•i) ∧ c≤x•i ∧ x•i ≤ d"
      (is "∀i∈Basis. ∃c d. ?P i c d")
      unfolding mem_box
    proof
      fix i :: 'a
      assume i: "i ∈ Basis"
      have "?P i (a•i) ((a • i + b • i) / 2) ∨ ?P i ((a • i + b • i) / 2) (b•i)"
        using x[unfolded mem_box,THEN bspec, OF i] by auto
      then show "∃c d. ?P i c d"
        by blast
    qed
    then show "x∈\<Union>?A"
      unfolding Union_iff Bex_def mem_Collect_eq choice_Basis_iff
      apply -
      apply (erule exE)+
      apply (rule_tac x="cbox xa xaa" in exI)
      unfolding mem_box
      apply auto
      done
  qed
  finally show False
    using assms by auto
qed

lemma interval_bisection:
  fixes type :: "'a::euclidean_space"
  assumes "P {}"
    and "(∀s t. P s ∧ P t ∧ interior(s) ∩ interior(t) = {} --> P(s ∪ t))"
    and "¬ P (cbox a (b::'a))"
  obtains x where "x ∈ cbox a b"
    and "∀e>0. ∃c d. x ∈ cbox c d ∧ cbox c d ⊆ ball x e ∧ cbox c d ⊆ cbox a b ∧ ¬ P (cbox c d)"
proof -
  have "∀x. ∃y. ¬ P (cbox (fst x) (snd x)) --> (¬ P (cbox (fst y) (snd y)) ∧
    (∀i∈Basis. fst x•i ≤ fst y•i ∧ fst y•i ≤ snd y•i ∧ snd y•i ≤ snd x•i ∧
       2 * (snd y•i - fst y•i) ≤ snd x•i - fst x•i))"
  proof
    case goal1
    then show ?case
    proof -
      presume "¬ P (cbox (fst x) (snd x)) ==> ?thesis"
      then show ?thesis by (cases "P (cbox (fst x) (snd x))") auto
    next
      assume as: "¬ P (cbox (fst x) (snd x))"
      obtain c d where "¬ P (cbox c d)"
        "∀i∈Basis.
           fst x • i ≤ c • i ∧
           c • i ≤ d • i ∧
           d • i ≤ snd x • i ∧
           2 * (d • i - c • i) ≤ snd x • i - fst x • i"
        by (rule interval_bisection_step[of P, OF assms(1-2) as])
      then show ?thesis
        apply -
        apply (rule_tac x="(c,d)" in exI)
        apply auto
        done
    qed
  qed
  then obtain f where f:
    "∀x.
      ¬ P (cbox (fst x) (snd x)) -->
      ¬ P (cbox (fst (f x)) (snd (f x))) ∧
        (∀i∈Basis.
            fst x • i ≤ fst (f x) • i ∧
            fst (f x) • i ≤ snd (f x) • i ∧
            snd (f x) • i ≤ snd x • i ∧
            2 * (snd (f x) • i - fst (f x) • i) ≤ snd x • i - fst x • i)"
    apply -
    apply (drule choice)
    apply blast
    done
  def AB  "λn. (f ^^ n) (a,b)"
  def A  "λn. fst(AB n)"
  def B  "λn. snd(AB n)"
  note ab_def = A_def B_def AB_def
  have "A 0 = a" "B 0 = b" "!!n. ¬ P (cbox (A(Suc n)) (B(Suc n))) ∧
    (∀i∈Basis. A(n)•i ≤ A(Suc n)•i ∧ A(Suc n)•i ≤ B(Suc n)•i ∧ B(Suc n)•i ≤ B(n)•i ∧
    2 * (B(Suc n)•i - A(Suc n)•i) ≤ B(n)•i - A(n)•i)" (is "!!n. ?P n")
  proof -
    show "A 0 = a" "B 0 = b"
      unfolding ab_def by auto
    case goal3
    note S = ab_def funpow.simps o_def id_apply
    show ?case
    proof (induct n)
      case 0
      then show ?case
        unfolding S
        apply (rule f[rule_format]) using assms(3)
        apply auto
        done
    next
      case (Suc n)
      show ?case
        unfolding S
        apply (rule f[rule_format])
        using Suc
        unfolding S
        apply auto
        done
    qed
  qed
  note AB = this(1-2) conjunctD2[OF this(3),rule_format]

  have interv: "!!e. 0 < e ==> ∃n. ∀x∈cbox (A n) (B n). ∀y∈cbox (A n) (B n). dist x y < e"
  proof -
    case goal1
    obtain n where n: "(∑i∈Basis. b • i - a • i) / e < 2 ^ n"
      using real_arch_pow2[of "(setsum (λi. b•i - a•i) Basis) / e"] ..
    show ?case
      apply (rule_tac x=n in exI)
      apply rule
      apply rule
    proof -
      fix x y
      assume xy: "x∈cbox (A n) (B n)" "y∈cbox (A n) (B n)"
      have "dist x y ≤ setsum (λi. abs((x - y)•i)) Basis"
        unfolding dist_norm by(rule norm_le_l1)
      also have "… ≤ setsum (λi. B n•i - A n•i) Basis"
      proof (rule setsum_mono)
        fix i :: 'a
        assume i: "i ∈ Basis"
        show "¦(x - y) • i¦ ≤ B n • i - A n • i"
          using xy[unfolded mem_box,THEN bspec, OF i]
          by (auto simp: inner_diff_left)
      qed
      also have "… ≤ setsum (λi. b•i - a•i) Basis / 2^n"
        unfolding setsum_divide_distrib
      proof (rule setsum_mono)
        case goal1
        then show ?case
        proof (induct n)
          case 0
          then show ?case
            unfolding AB by auto
        next
          case (Suc n)
          have "B (Suc n) • i - A (Suc n) • i ≤ (B n • i - A n • i) / 2"
            using AB(4)[of i n] using goal1 by auto
          also have "… ≤ (b • i - a • i) / 2 ^ Suc n"
            using Suc by (auto simp add:field_simps)
          finally show ?case .
        qed
      qed
      also have "… < e"
        using n using goal1 by (auto simp add:field_simps)
      finally show "dist x y < e" .
    qed
  qed
  {
    fix n m :: nat
    assume "m ≤ n" then have "cbox (A n) (B n) ⊆ cbox (A m) (B m)"
    proof (induction rule: inc_induct)
      case (step i)
      show ?case
        using AB(4) by (intro order_trans[OF step.IH] subset_box_imp) auto
    qed simp
  } note ABsubset = this
  have "∃a. ∀n. a∈ cbox (A n) (B n)"
    by (rule decreasing_closed_nest[rule_format,OF closed_cbox _ ABsubset interv])
      (metis nat.exhaust AB(1-3) assms(1,3))
  then obtain x0 where x0: "!!n. x0 ∈ cbox (A n) (B n)"
    by blast
  show thesis
  proof (rule that[rule_format, of x0])
    show "x0∈cbox a b"
      using x0[of 0] unfolding AB .
    fix e :: real
    assume "e > 0"
    from interv[OF this] obtain n
      where n: "∀x∈cbox (A n) (B n). ∀y∈cbox (A n) (B n). dist x y < e" ..
    show "∃c d. x0 ∈ cbox c d ∧ cbox c d ⊆ ball x0 e ∧ cbox c d ⊆ cbox a b ∧ ¬ P (cbox c d)"
      apply (rule_tac x="A n" in exI)
      apply (rule_tac x="B n" in exI)
      apply rule
      apply (rule x0)
      apply rule
      defer
      apply rule
    proof -
      show "¬ P (cbox (A n) (B n))"
        apply (cases "0 < n")
        using AB(3)[of "n - 1"] assms(3) AB(1-2)
        apply auto
        done
      show "cbox (A n) (B n) ⊆ ball x0 e"
        using n using x0[of n] by auto
      show "cbox (A n) (B n) ⊆ cbox a b"
        unfolding AB(1-2)[symmetric] by (rule ABsubset) auto
    qed
  qed
qed


subsection {* Cousin's lemma. *}

lemma fine_division_exists:
  fixes a b :: "'a::euclidean_space"
  assumes "gauge g"
  obtains p where "p tagged_division_of (cbox a b)" "g fine p"
proof -
  presume "¬ (∃p. p tagged_division_of (cbox a b) ∧ g fine p) ==> False"
  then obtain p where "p tagged_division_of (cbox a b)" "g fine p"
    by blast
  then show thesis ..
next
  assume as: "¬ (∃p. p tagged_division_of (cbox a b) ∧ g fine p)"
  obtain x where x:
    "x ∈ (cbox a b)"
    "!!e. 0 < e ==>
      ∃c d.
        x ∈ cbox c d ∧
        cbox c d ⊆ ball x e ∧
        cbox c d ⊆ (cbox a b) ∧
        ¬ (∃p. p tagged_division_of cbox c d ∧ g fine p)"
    apply (rule interval_bisection[of "λs. ∃p. p tagged_division_of s ∧ g fine p",rule_format,OF _ _ as])
    apply (rule_tac x="{}" in exI)
    defer
    apply (erule conjE exE)+
  proof -
    show "{} tagged_division_of {} ∧ g fine {}"
      unfolding fine_def by auto
    fix s t p p'
    assume "p tagged_division_of s" "g fine p" "p' tagged_division_of t" "g fine p'"
      "interior s ∩ interior t = {}"
    then show "∃p. p tagged_division_of s ∪ t ∧ g fine p"
      apply -
      apply (rule_tac x="p ∪ p'" in exI)
      apply rule
      apply (rule tagged_division_union)
      prefer 4
      apply (rule fine_union)
      apply auto
      done
  qed blast
  obtain e where e: "e > 0" "ball x e ⊆ g x"
    using gaugeD[OF assms, of x] unfolding open_contains_ball by auto
  from x(2)[OF e(1)] obtain c d where c_d:
    "x ∈ cbox c d"
    "cbox c d ⊆ ball x e"
    "cbox c d ⊆ cbox a b"
    "¬ (∃p. p tagged_division_of cbox c d ∧ g fine p)"
    by blast
  have "g fine {(x, cbox c d)}"
    unfolding fine_def using e using c_d(2) by auto
  then show False
    using tagged_division_of_self[OF c_d(1)] using c_d by auto
qed

lemma fine_division_exists_real:
  fixes a b :: real
  assumes "gauge g"
  obtains p where "p tagged_division_of {a .. b}" "g fine p"
  by (metis assms box_real(2) fine_division_exists)

subsection {* Basic theorems about integrals. *}

lemma has_integral_unique:
  fixes f :: "'n::euclidean_space => 'a::real_normed_vector"
  assumes "(f has_integral k1) i"
    and "(f has_integral k2) i"
  shows "k1 = k2"
proof (rule ccontr)
  let ?e = "norm (k1 - k2) / 2"
  assume as:"k1 ≠ k2"
  then have e: "?e > 0"
    by auto
  have lem: "!!f::'n => 'a.  !!a b k1 k2.
    (f has_integral k1) (cbox a b) ==> (f has_integral k2) (cbox a b) ==> k1 ≠ k2 ==> False"
  proof -
    case goal1
    let ?e = "norm (k1 - k2) / 2"
    from goal1(3) have e: "?e > 0" by auto
    obtain d1 where d1:
        "gauge d1"
        "!!p. p tagged_division_of cbox a b ==>
          d1 fine p ==> norm ((∑(x, k)∈p. content k *R f x) - k1) < norm (k1 - k2) / 2"
      by (rule has_integralD[OF goal1(1) e]) blast
    obtain d2 where d2:
        "gauge d2"
        "!!p. p tagged_division_of cbox a b ==>
          d2 fine p ==> norm ((∑(x, k)∈p. content k *R f x) - k2) < norm (k1 - k2) / 2"
      by (rule has_integralD[OF goal1(2) e]) blast
    obtain p where p:
        "p tagged_division_of cbox a b"
        "(λx. d1 x ∩ d2 x) fine p"
      by (rule fine_division_exists[OF gauge_inter[OF d1(1) d2(1)]])
    let ?c = "(∑(x, k)∈p. content k *R f x)"
    have "norm (k1 - k2) ≤ norm (?c - k2) + norm (?c - k1)"
      using norm_triangle_ineq4[of "k1 - ?c" "k2 - ?c"]
      by (auto simp add:algebra_simps norm_minus_commute)
    also have "… < norm (k1 - k2) / 2 + norm (k1 - k2) / 2"
      apply (rule add_strict_mono)
      apply (rule_tac[!] d2(2) d1(2))
      using p unfolding fine_def
      apply auto
      done
    finally show False by auto
  qed
  {
    presume "¬ (∃a b. i = cbox a b) ==> False"
    then show False
      apply -
      apply (cases "∃a b. i = cbox a b")
      using assms
      apply (auto simp add:has_integral intro:lem[OF _ _ as])
      done
  }
  assume as: "¬ (∃a b. i = cbox a b)"
  obtain B1 where B1:
      "0 < B1"
      "!!a b. ball 0 B1 ⊆ cbox a b ==>
        ∃z. ((λx. if x ∈ i then f x else 0) has_integral z) (cbox a b) ∧
          norm (z - k1) < norm (k1 - k2) / 2"
    by (rule has_integral_altD[OF assms(1) as,OF e]) blast
  obtain B2 where B2:
      "0 < B2"
      "!!a b. ball 0 B2 ⊆ cbox a b ==>
        ∃z. ((λx. if x ∈ i then f x else 0) has_integral z) (cbox a b) ∧
          norm (z - k2) < norm (k1 - k2) / 2"
    by (rule has_integral_altD[OF assms(2) as,OF e]) blast
  have "∃a b::'n. ball 0 B1 ∪ ball 0 B2 ⊆ cbox a b"
    apply (rule bounded_subset_cbox)
    using bounded_Un bounded_ball
    apply auto
    done
  then obtain a b :: 'n where ab: "ball 0 B1 ⊆ cbox a b" "ball 0 B2 ⊆ cbox a b"
    by blast
  obtain w where w:
    "((λx. if x ∈ i then f x else 0) has_integral w) (cbox a b)"
    "norm (w - k1) < norm (k1 - k2) / 2"
    using B1(2)[OF ab(1)] by blast
  obtain z where z:
    "((λx. if x ∈ i then f x else 0) has_integral z) (cbox a b)"
    "norm (z - k2) < norm (k1 - k2) / 2"
    using B2(2)[OF ab(2)] by blast
  have "z = w"
    using lem[OF w(1) z(1)] by auto
  then have "norm (k1 - k2) ≤ norm (z - k2) + norm (w - k1)"
    using norm_triangle_ineq4 [of "k1 - w" "k2 - z"]
    by (auto simp add: norm_minus_commute)
  also have "… < norm (k1 - k2) / 2 + norm (k1 - k2) / 2"
    apply (rule add_strict_mono)
    apply (rule_tac[!] z(2) w(2))
    done
  finally show False by auto
qed

lemma integral_unique [intro]: "(f has_integral y) k ==> integral k f = y"
  unfolding integral_def
  by (rule some_equality) (auto intro: has_integral_unique)

lemma has_integral_is_0:
  fixes f :: "'n::euclidean_space => 'a::real_normed_vector"
  assumes "∀x∈s. f x = 0"
  shows "(f has_integral 0) s"
proof -
  have lem: "!!a b. !!f::'n => 'a.
    (∀x∈cbox a b. f(x) = 0) ==> (f has_integral 0) (cbox a b)"
    unfolding has_integral
    apply rule
    apply rule
  proof -
    fix a b e
    fix f :: "'n => 'a"
    assume as: "∀x∈cbox a b. f x = 0" "0 < (e::real)"
    show "∃d. gauge d ∧
      (∀p. p tagged_division_of (cbox a b) ∧ d fine p --> norm ((∑(x, k)∈p. content k *R f x) - 0) < e)"
      apply (rule_tac x="λx. ball x 1" in exI)
      apply rule
      apply (rule gaugeI)
      unfolding centre_in_ball
      defer
      apply (rule open_ball)
      apply rule
      apply rule
      apply (erule conjE)
    proof -
      case goal1
      have "(∑(x, k)∈p. content k *R f x) = 0"
      proof (rule setsum.neutral, rule)
        fix x
        assume x: "x ∈ p"
        have "f (fst x) = 0"
          using tagged_division_ofD(2-3)[OF goal1(1), of "fst x" "snd x"] using as x by auto
        then show "(λ(x, k). content k *R f x) x = 0"
          apply (subst surjective_pairing[of x])
          unfolding split_conv
          apply auto
          done
      qed
      then show ?case
        using as by auto
    qed auto
  qed
  {
    presume "¬ (∃a b. s = cbox a b) ==> ?thesis"
    then show ?thesis
      apply -
      apply (cases "∃a b. s = cbox a b")
      using assms
      apply (auto simp add:has_integral intro: lem)
      done
  }
  have *: "(λx. if x ∈ s then f x else 0) = (λx. 0)"
    apply (rule ext)
    using assms
    apply auto
    done
  assume "¬ (∃a b. s = cbox a b)"
  then show ?thesis
    apply (subst has_integral_alt)
    unfolding if_not_P *
    apply rule
    apply rule
    apply (rule_tac x=1 in exI)
    apply rule
    defer
    apply rule
    apply rule
    apply rule
  proof -
    fix e :: real
    fix a b
    assume "e > 0"
    then show "∃z. ((λx::'n. 0::'a) has_integral z) (cbox a b) ∧ norm (z - 0) < e"
      apply (rule_tac x=0 in exI)
      apply(rule,rule lem)
      apply auto
      done
  qed auto
qed

lemma has_integral_0[simp]: "((λx::'n::euclidean_space. 0) has_integral 0) s"
  by (rule has_integral_is_0) auto

lemma has_integral_0_eq[simp]: "((λx. 0) has_integral i) s <-> i = 0"
  using has_integral_unique[OF has_integral_0] by auto

lemma has_integral_linear:
  fixes f :: "'n::euclidean_space => 'a::real_normed_vector"
  assumes "(f has_integral y) s"
    and "bounded_linear h"
  shows "((h o f) has_integral ((h y))) s"
proof -
  interpret bounded_linear h
    using assms(2) .
  from pos_bounded obtain B where B: "0 < B" "!!x. norm (h x) ≤ norm x * B"
    by blast
  have lem: "!!(f :: 'n => 'a) y a b.
    (f has_integral y) (cbox a b) ==> ((h o f) has_integral h y) (cbox a b)"
    apply (subst has_integral)
    apply rule
    apply rule
  proof -
    case goal1
    from pos_bounded
    obtain B where B: "0 < B" "!!x. norm (h x) ≤ norm x * B"
      by blast
    have *: "e / B > 0" using goal1(2) B by simp
    obtain g where g:
      "gauge g"
      "!!p. p tagged_division_of (cbox a b) ==> g fine p ==>
        norm ((∑(x, k)∈p. content k *R f x) - y) < e / B"
      by (rule has_integralD[OF goal1(1) *]) blast
    show ?case
      apply (rule_tac x=g in exI)
      apply rule
      apply (rule g(1))
      apply rule
      apply rule
      apply (erule conjE)
    proof -
      fix p
      assume as: "p tagged_division_of (cbox a b)" "g fine p"
      have *: "!!x k. h ((λ(x, k). content k *R f x) x) = (λ(x, k). h (content k *R f x)) x"
        by auto
      have "(∑(x, k)∈p. content k *R (h o f) x) = setsum (h o (λ(x, k). content k *R f x)) p"
        unfolding o_def unfolding scaleR[symmetric] * by simp
      also have "… = h (∑(x, k)∈p. content k *R f x)"
        using setsum[of "λ(x,k). content k *R f x" p] using as by auto
      finally have *: "(∑(x, k)∈p. content k *R (h o f) x) = h (∑(x, k)∈p. content k *R f x)" .
      show "norm ((∑(x, k)∈p. content k *R (h o f) x) - h y) < e"
        unfolding * diff[symmetric]
        apply (rule le_less_trans[OF B(2)])
        using g(2)[OF as] B(1)
        apply (auto simp add: field_simps)
        done
    qed
  qed
  {
    presume "¬ (∃a b. s = cbox a b) ==> ?thesis"
    then show ?thesis
      apply -
      apply (cases "∃a b. s = cbox a b")
      using assms
      apply (auto simp add:has_integral intro!:lem)
      done
  }
  assume as: "¬ (∃a b. s = cbox a b)"
  then show ?thesis
    apply (subst has_integral_alt)
    unfolding if_not_P
    apply rule
    apply rule
  proof -
    fix e :: real
    assume e: "e > 0"
    have *: "0 < e/B" using e B(1) by simp
    obtain M where M:
      "M > 0"
      "!!a b. ball 0 M ⊆ cbox a b ==>
        ∃z. ((λx. if x ∈ s then f x else 0) has_integral z) (cbox a b) ∧ norm (z - y) < e / B"
      using has_integral_altD[OF assms(1) as *] by blast
    show "∃B>0. ∀a b. ball 0 B ⊆ cbox a b -->
      (∃z. ((λx. if x ∈ s then (h o f) x else 0) has_integral z) (cbox a b) ∧ norm (z - h y) < e)"
      apply (rule_tac x=M in exI)
      apply rule
      apply (rule M(1))
      apply rule
      apply rule
      apply rule
    proof -
      case goal1
      obtain z where z:
        "((λx. if x ∈ s then f x else 0) has_integral z) (cbox a b)"
        "norm (z - y) < e / B"
        using M(2)[OF goal1(1)] by blast
      have *: "(λx. if x ∈ s then (h o f) x else 0) = h o (λx. if x ∈ s then f x else 0)"
        unfolding o_def
        apply (rule ext)
        using zero
        apply auto
        done
      show ?case
        apply (rule_tac x="h z" in exI)
        apply rule
        unfolding *
        apply (rule lem[OF z(1)])
        unfolding diff[symmetric]
        apply (rule le_less_trans[OF B(2)])
        using B(1) z(2)
        apply (auto simp add: field_simps)
        done
    qed
  qed
qed

lemma has_integral_scaleR_left: 
  "(f has_integral y) s ==> ((λx. f x *R c) has_integral (y *R c)) s"
  using has_integral_linear[OF _ bounded_linear_scaleR_left] by (simp add: comp_def)

lemma has_integral_mult_left:
  fixes c :: "_ :: {real_normed_algebra}"
  shows "(f has_integral y) s ==> ((λx. f x * c) has_integral (y * c)) s"
  using has_integral_linear[OF _ bounded_linear_mult_left] by (simp add: comp_def)

lemma has_integral_cmul: "(f has_integral k) s ==> ((λx. c *R f x) has_integral (c *R k)) s"
  unfolding o_def[symmetric]
  apply (rule has_integral_linear,assumption)
  apply (rule bounded_linear_scaleR_right)
  done

lemma has_integral_cmult_real:
  fixes c :: real
  assumes "c ≠ 0 ==> (f has_integral x) A"
  shows "((λx. c * f x) has_integral c * x) A"
proof (cases "c = 0")
  case True
  then show ?thesis by simp
next
  case False
  from has_integral_cmul[OF assms[OF this], of c] show ?thesis
    unfolding real_scaleR_def .
qed

lemma has_integral_neg: "(f has_integral k) s ==> ((λx. -(f x)) has_integral (-k)) s"
  apply (drule_tac c="-1" in has_integral_cmul)
  apply auto
  done

lemma has_integral_add:
  fixes f :: "'n::euclidean_space => 'a::real_normed_vector"
  assumes "(f has_integral k) s"
    and "(g has_integral l) s"
  shows "((λx. f x + g x) has_integral (k + l)) s"
proof -
  have lem:"!!(f:: 'n => 'a) g a b k l.
    (f has_integral k) (cbox a b) ==>
    (g has_integral l) (cbox a b) ==>
    ((λx. f x + g x) has_integral (k + l)) (cbox a b)"
  proof -
    case goal1
    show ?case
      unfolding has_integral
      apply rule
      apply rule
    proof -
      fix e :: real
      assume e: "e > 0"
      then have *: "e/2 > 0"
        by auto
      obtain d1 where d1:
        "gauge d1"
        "!!p. p tagged_division_of (cbox a b) ==> d1 fine p ==>
          norm ((∑(x, k)∈p. content k *R f x) - k) < e / 2"
        using has_integralD[OF goal1(1) *] by blast
      obtain d2 where d2:
        "gauge d2"
        "!!p. p tagged_division_of (cbox a b) ==> d2 fine p ==>
          norm ((∑(x, k)∈p. content k *R g x) - l) < e / 2"
        using has_integralD[OF goal1(2) *] by blast
      show "∃d. gauge d ∧ (∀p. p tagged_division_of (cbox a b) ∧ d fine p -->
        norm ((∑(x, k)∈p. content k *R (f x + g x)) - (k + l)) < e)"
        apply (rule_tac x="λx. (d1 x) ∩ (d2 x)" in exI)
        apply rule
        apply (rule gauge_inter[OF d1(1) d2(1)])
        apply (rule,rule,erule conjE)
      proof -
        fix p
        assume as: "p tagged_division_of (cbox a b)" "(λx. d1 x ∩ d2 x) fine p"
        have *: "(∑(x, k)∈p. content k *R (f x + g x)) =
          (∑(x, k)∈p. content k *R f x) + (∑(x, k)∈p. content k *R g x)"
          unfolding scaleR_right_distrib setsum.distrib[of "λ(x,k). content k *R f x" "λ(x,k). content k *R g x" p,symmetric]
          by (rule setsum.cong) auto
        have "norm ((∑(x, k)∈p. content k *R (f x + g x)) - (k + l)) =
          norm (((∑(x, k)∈p. content k *R f x) - k) + ((∑(x, k)∈p. content k *R g x) - l))"
          unfolding * by (auto simp add: algebra_simps)
        also
        let ?res = "…"
        from as have *: "d1 fine p" "d2 fine p"
          unfolding fine_inter by auto
        have "?res < e/2 + e/2"
          apply (rule le_less_trans[OF norm_triangle_ineq])
          apply (rule add_strict_mono)
          using d1(2)[OF as(1) *(1)] and d2(2)[OF as(1) *(2)]
          apply auto
          done
        finally show "norm ((∑(x, k)∈p. content k *R (f x + g x)) - (k + l)) < e"
          by auto
      qed
    qed
  qed
  {
    presume "¬ (∃a b. s = cbox a b) ==> ?thesis"
    then show ?thesis
      apply -
      apply (cases "∃a b. s = cbox a b")
      using assms
      apply (auto simp add:has_integral intro!:lem)
      done
  }
  assume as: "¬ (∃a b. s = cbox a b)"
  then show ?thesis
    apply (subst has_integral_alt)
    unfolding if_not_P
    apply rule
    apply rule
  proof -
    case goal1
    then have *: "e/2 > 0"
      by auto
    from has_integral_altD[OF assms(1) as *]
    obtain B1 where B1:
        "0 < B1"
        "!!a b. ball 0 B1 ⊆ cbox a b ==>
          ∃z. ((λx. if x ∈ s then f x else 0) has_integral z) (cbox a b) ∧ norm (z - k) < e / 2"
      by blast
    from has_integral_altD[OF assms(2) as *]
    obtain B2 where B2:
        "0 < B2"
        "!!a b. ball 0 B2 ⊆ (cbox a b) ==>
          ∃z. ((λx. if x ∈ s then g x else 0) has_integral z) (cbox a b) ∧ norm (z - l) < e / 2"
      by blast
    show ?case
      apply (rule_tac x="max B1 B2" in exI)
      apply rule
      apply (rule max.strict_coboundedI1)
      apply (rule B1)
      apply rule
      apply rule
      apply rule
    proof -
      fix a b
      assume "ball 0 (max B1 B2) ⊆ cbox a (b::'n)"
      then have *: "ball 0 B1 ⊆ cbox a (b::'n)" "ball 0 B2 ⊆ cbox a (b::'n)"
        by auto
      obtain w where w:
        "((λx. if x ∈ s then f x else 0) has_integral w) (cbox a b)"
        "norm (w - k) < e / 2"
        using B1(2)[OF *(1)] by blast
      obtain z where z:
        "((λx. if x ∈ s then g x else 0) has_integral z) (cbox a b)"
        "norm (z - l) < e / 2"
        using B2(2)[OF *(2)] by blast
      have *: "!!x. (if x ∈ s then f x + g x else 0) =
        (if x ∈ s then f x else 0) + (if x ∈ s then g x else 0)"
        by auto
      show "∃z. ((λx. if x ∈ s then f x + g x else 0) has_integral z) (cbox a b) ∧ norm (z - (k + l)) < e"
        apply (rule_tac x="w + z" in exI)
        apply rule
        apply (rule lem[OF w(1) z(1), unfolded *[symmetric]])
        using norm_triangle_ineq[of "w - k" "z - l"] w(2) z(2)
        apply (auto simp add: field_simps)
        done
    qed
  qed
qed

lemma has_integral_sub:
  "(f has_integral k) s ==> (g has_integral l) s ==>
    ((λx. f x - g x) has_integral (k - l)) s"
  using has_integral_add[OF _ has_integral_neg, of f k s g l]
  unfolding algebra_simps
  by auto

lemma integral_0:
  "integral s (λx::'n::euclidean_space. 0::'m::real_normed_vector) = 0"
  by (rule integral_unique has_integral_0)+

lemma integral_add: "f integrable_on s ==> g integrable_on s ==>
    integral s (λx. f x + g x) = integral s f + integral s g"
  apply (rule integral_unique)
  apply (drule integrable_integral)+
  apply (rule has_integral_add)
  apply assumption+
  done

lemma integral_cmul: "f integrable_on s ==> integral s (λx. c *R f x) = c *R integral s f"
  apply (rule integral_unique)
  apply (drule integrable_integral)+
  apply (rule has_integral_cmul)
  apply assumption+
  done

lemma integral_neg: "f integrable_on s ==> integral s (λx. - f x) = - integral s f"
  apply (rule integral_unique)
  apply (drule integrable_integral)+
  apply (rule has_integral_neg)
  apply assumption+
  done

lemma integral_sub: "f integrable_on s ==> g integrable_on s ==>
    integral s (λx. f x - g x) = integral s f - integral s g"
  apply (rule integral_unique)
  apply (drule integrable_integral)+
  apply (rule has_integral_sub)
  apply assumption+
  done

lemma integrable_0: "(λx. 0) integrable_on s"
  unfolding integrable_on_def using has_integral_0 by auto

lemma integrable_add: "f integrable_on s ==> g integrable_on s ==> (λx. f x + g x) integrable_on s"
  unfolding integrable_on_def by(auto intro: has_integral_add)

lemma integrable_cmul: "f integrable_on s ==> (λx. c *R f(x)) integrable_on s"
  unfolding integrable_on_def by(auto intro: has_integral_cmul)

lemma integrable_on_cmult_iff:
  fixes c :: real
  assumes "c ≠ 0"
  shows "(λx. c * f x) integrable_on s <-> f integrable_on s"
  using integrable_cmul[of "λx. c * f x" s "1 / c"] integrable_cmul[of f s c] `c ≠ 0`
  by auto

lemma integrable_neg: "f integrable_on s ==> (λx. -f(x)) integrable_on s"
  unfolding integrable_on_def by(auto intro: has_integral_neg)

lemma integrable_sub:
  "f integrable_on s ==> g integrable_on s ==> (λx. f x - g x) integrable_on s"
  unfolding integrable_on_def by(auto intro: has_integral_sub)

lemma integrable_linear:
  "f integrable_on s ==> bounded_linear h ==> (h o f) integrable_on s"
  unfolding integrable_on_def by(auto intro: has_integral_linear)

lemma integral_linear:
  "f integrable_on s ==> bounded_linear h ==> integral s (h o f) = h (integral s f)"
  apply (rule has_integral_unique)
  defer
  unfolding has_integral_integral
  apply (drule (2) has_integral_linear)
  unfolding has_integral_integral[symmetric]
  apply (rule integrable_linear)
  apply assumption+
  done

lemma integral_component_eq[simp]:
  fixes f :: "'n::euclidean_space => 'm::euclidean_space"
  assumes "f integrable_on s"
  shows "integral s (λx. f x • k) = integral s f • k"
  unfolding integral_linear[OF assms(1) bounded_linear_component,unfolded o_def] ..

lemma has_integral_setsum:
  assumes "finite t"
    and "∀a∈t. ((f a) has_integral (i a)) s"
  shows "((λx. setsum (λa. f a x) t) has_integral (setsum i t)) s"
  using assms(1) subset_refl[of t]
proof (induct rule: finite_subset_induct)
  case empty
  then show ?case by auto
next
  case (insert x F)
  show ?case
    unfolding setsum.insert[OF insert(1,3)]
    apply (rule has_integral_add)
    using insert assms
    apply auto
    done
qed

lemma integral_setsum: "finite t ==> ∀a∈t. (f a) integrable_on s ==>
  integral s (λx. setsum (λa. f a x) t) = setsum (λa. integral s (f a)) t"
  apply (rule integral_unique)
  apply (rule has_integral_setsum)
  using integrable_integral
  apply auto
  done

lemma integrable_setsum:
  "finite t ==> ∀a ∈ t. (f a) integrable_on s ==> (λx. setsum (λa. f a x) t) integrable_on s"
  unfolding integrable_on_def
  apply (drule bchoice)
  using has_integral_setsum[of t]
  apply auto
  done

lemma has_integral_eq:
  assumes "∀x∈s. f x = g x"
    and "(f has_integral k) s"
  shows "(g has_integral k) s"
  using has_integral_sub[OF assms(2), of "λx. f x - g x" 0]
  using has_integral_is_0[of s "λx. f x - g x"]
  using assms(1)
  by auto

lemma integrable_eq: "∀x∈s. f x = g x ==> f integrable_on s ==> g integrable_on s"
  unfolding integrable_on_def
  using has_integral_eq[of s f g]
  by auto

lemma has_integral_eq_eq: "∀x∈s. f x = g x ==> (f has_integral k) s <-> (g has_integral k) s"
  using has_integral_eq[of s f g] has_integral_eq[of s g f]
  by auto

lemma has_integral_null[dest]:
  assumes "content(cbox a b) = 0"
  shows "(f has_integral 0) (cbox a b)"
  unfolding has_integral
  apply rule
  apply rule
  apply (rule_tac x="λx. ball x 1" in exI)
  apply rule
  defer
  apply rule
  apply rule
  apply (erule conjE)
proof -
  fix e :: real
  assume e: "e > 0"
  then show "gauge (λx. ball x 1)"
    by auto
  fix p
  assume p: "p tagged_division_of (cbox a b)"
  have "norm ((∑(x, k)∈p. content k *R f x) - 0) = 0"
    unfolding norm_eq_zero diff_0_right
    using setsum_content_null[OF assms(1) p, of f] .
  then show "norm ((∑(x, k)∈p. content k *R f x) - 0) < e"
    using e by auto
qed

lemma has_integral_null_real[dest]:
  assumes "content {a .. b::real} = 0"
  shows "(f has_integral 0) {a .. b}"
  by (metis assms box_real(2) has_integral_null)

lemma has_integral_null_eq[simp]: "content (cbox a b) = 0 ==> (f has_integral i) (cbox a b) <-> i = 0"
  apply rule
  apply (rule has_integral_unique)
  apply assumption
  apply (drule (1) has_integral_null)
  apply (drule has_integral_null)
  apply auto
  done

lemma integral_null[dest]: "content (cbox a b) = 0 ==> integral (cbox a b) f = 0"
  apply (rule integral_unique)
  apply (drule has_integral_null)
  apply assumption
  done

lemma integrable_on_null[dest]: "content (cbox a b) = 0 ==> f integrable_on (cbox a b)"
  unfolding integrable_on_def
  apply (drule has_integral_null)
  apply auto
  done

lemma has_integral_empty[intro]: "(f has_integral 0) {}"
  unfolding empty_as_interval
  apply (rule has_integral_null)
  using content_empty
  unfolding empty_as_interval
  apply assumption
  done

lemma has_integral_empty_eq[simp]: "(f has_integral i) {} <-> i = 0"
  apply rule
  apply (rule has_integral_unique)
  apply assumption
  apply auto
  done

lemma integrable_on_empty[intro]: "f integrable_on {}"
  unfolding integrable_on_def by auto

lemma integral_empty[simp]: "integral {} f = 0"
  by (rule integral_unique) (rule has_integral_empty)

lemma has_integral_refl[intro]:
  fixes a :: "'a::euclidean_space"
  shows "(f has_integral 0) (cbox a a)"
    and "(f has_integral 0) {a}"
proof -
  have *: "{a} = cbox a a"
    apply (rule set_eqI)
    unfolding mem_box singleton_iff euclidean_eq_iff[where 'a='a]
    apply safe
    prefer 3
    apply (erule_tac x=b in ballE)
    apply (auto simp add: field_simps)
    done
  show "(f has_integral 0) (cbox a a)" "(f has_integral 0) {a}"
    unfolding *
    apply (rule_tac[!] has_integral_null)
    unfolding content_eq_0_interior
    unfolding interior_cbox
    using box_sing
    apply auto
    done
qed

lemma integrable_on_refl[intro]: "f integrable_on cbox a a"
  unfolding integrable_on_def by auto

lemma integral_refl: "integral (cbox a a) f = 0"
  by (rule integral_unique) auto


subsection {* Cauchy-type criterion for integrability. *}

(* XXXXXXX *)
lemma integrable_cauchy:
  fixes f :: "'n::euclidean_space => 'a::{real_normed_vector,complete_space}"
  shows "f integrable_on cbox a b <->
    (∀e>0.∃d. gauge d ∧
      (∀p1 p2. p1 tagged_division_of (cbox a b) ∧ d fine p1 ∧
        p2 tagged_division_of (cbox a b) ∧ d fine p2 -->
        norm (setsum (λ(x,k). content k *R f x) p1 -
        setsum (λ(x,k). content k *R f x) p2) < e))"
  (is "?l = (∀e>0. ∃d. ?P e d)")
proof
  assume ?l
  then guess y unfolding integrable_on_def has_integral .. note y=this
  show "∀e>0. ∃d. ?P e d"
  proof (rule, rule)
    case goal1
    then have "e/2 > 0" by auto
    then guess d
      apply -
      apply (drule y[rule_format])
      apply (elim exE conjE)
      done
    note d=this[rule_format]
    show ?case
      apply (rule_tac x=d in exI)
      apply rule
      apply (rule d)
      apply rule
      apply rule
      apply rule
      apply (erule conjE)+
    proof -
      fix p1 p2
      assume as: "p1 tagged_division_of (cbox a b)" "d fine p1"
        "p2 tagged_division_of (cbox a b)" "d fine p2"
      show "norm ((∑(x, k)∈p1. content k *R f x) - (∑(x, k)∈p2. content k *R f x)) < e"
        apply (rule dist_triangle_half_l[where y=y,unfolded dist_norm])
        using d(2)[OF conjI[OF as(1-2)]] d(2)[OF conjI[OF as(3-4)]] .
    qed
  qed
next
  assume "∀e>0. ∃d. ?P e d"
  then have "∀n::nat. ∃d. ?P (inverse(real (n + 1))) d"
    by auto
  from choice[OF this] guess d .. note d=conjunctD2[OF this[rule_format],rule_format]
  have "!!n. gauge (λx. \<Inter>{d i x |i. i ∈ {0..n}})"
    apply (rule gauge_inters)
    using d(1)
    apply auto
    done
  then have "∀n. ∃p. p tagged_division_of (cbox a b) ∧ (λx. \<Inter>{d i x |i. i ∈ {0..n}}) fine p"
    apply -
  proof
    case goal1
    from this[of n]
    show ?case
      apply (drule_tac fine_division_exists)
      apply auto
      done
  qed
  from choice[OF this] guess p .. note p = conjunctD2[OF this[rule_format]]
  have dp: "!!i n. i≤n ==> d i fine p n"
    using p(2) unfolding fine_inters by auto
  have "Cauchy (λn. setsum (λ(x,k). content k *R (f x)) (p n))"
  proof (rule CauchyI)
    case goal1
    then guess N unfolding real_arch_inv[of e] .. note N=this
    show ?case
      apply (rule_tac x=N in exI)
    proof (rule, rule, rule, rule)
      fix m n
      assume mn: "N ≤ m" "N ≤ n"
      have *: "N = (N - 1) + 1" using N by auto
      show "norm ((∑(x, k)∈p m. content k *R f x) - (∑(x, k)∈p n. content k *R f x)) < e"
        apply (rule less_trans[OF _ N[THEN conjunct2,THEN conjunct2]])
        apply(subst *)
        apply(rule d(2))
        using dp p(1)
        using mn
        apply auto
        done
    qed
  qed
  then guess y unfolding convergent_eq_cauchy[symmetric] .. note y=this[THEN LIMSEQ_D]
  show ?l
    unfolding integrable_on_def has_integral
    apply (rule_tac x=y in exI)
  proof (rule, rule)
    fix e :: real
    assume "e>0"
    then have *:"e/2 > 0" by auto
    then guess N1 unfolding real_arch_inv[of "e/2"] .. note N1=this
    then have N1': "N1 = N1 - 1 + 1"
      by auto
    guess N2 using y[OF *] .. note N2=this
    show "∃d. gauge d ∧
      (∀p. p tagged_division_of (cbox a b) ∧ d fine p -->
        norm ((∑(x, k)∈p. content k *R f x) - y) < e)"
      apply (rule_tac x="d (N1 + N2)" in exI)
      apply rule
      defer
    proof (rule, rule, erule conjE)
      show "gauge (d (N1 + N2))"
        using d by auto
      fix q
      assume as: "q tagged_division_of (cbox a b)" "d (N1 + N2) fine q"
      have *: "inverse (real (N1 + N2 + 1)) < e / 2"
        apply (rule less_trans)
        using N1
        apply auto
        done
      show "norm ((∑(x, k)∈q. content k *R f x) - y) < e"
        apply (rule norm_triangle_half_r)
        apply (rule less_trans[OF _ *])
        apply (subst N1', rule d(2)[of "p (N1+N2)"])
        defer
        using N2[rule_format,of "N1+N2"]
        using as dp[of "N1 - 1 + 1 + N2" "N1 + N2"]
        using p(1)[of "N1 + N2"]
        using N1
        apply auto
        done
    qed
  qed
qed


subsection {* Additivity of integral on abutting intervals. *}

lemma interval_split:
  fixes a :: "'a::euclidean_space"
  assumes "k ∈ Basis"
  shows
    "cbox a b ∩ {x. x•k ≤ c} = cbox a (∑i∈Basis. (if i = k then min (b•k) c else b•i) *R i)"
    "cbox a b ∩ {x. x•k ≥ c} = cbox (∑i∈Basis. (if i = k then max (a•k) c else a•i) *R i) b"
  apply (rule_tac[!] set_eqI)
  unfolding Int_iff mem_box mem_Collect_eq
  using assms
  apply auto
  done

lemma content_split:
  fixes a :: "'a::euclidean_space"
  assumes "k ∈ Basis"
  shows "content (cbox a b) = content(cbox a b ∩ {x. x•k ≤ c}) + content(cbox a b ∩ {x. x•k ≥ c})"
proof cases
  note simps = interval_split[OF assms] content_cbox_cases
  have *: "Basis = insert k (Basis - {k})" "!!x. finite (Basis-{x})" "!!x. x∉Basis-{x}"
    using assms by auto
  have *: "!!X Y Z. (∏i∈Basis. Z i (if i = k then X else Y i)) = Z k X * (∏i∈Basis-{k}. Z i (Y i))"
    "(∏i∈Basis. b•i - a•i) = (∏i∈Basis-{k}. b•i - a•i) * (b•k - a•k)"
    apply (subst *(1))
    defer
    apply (subst *(1))
    unfolding setprod.insert[OF *(2-)]
    apply auto
    done
  assume as: "∀i∈Basis. a • i ≤ b • i"
  moreover
  have "!!x. min (b • k) c = max (a • k) c ==>
    x * (b•k - a•k) = x * (max (a • k) c - a • k) + x * (b • k - max (a • k) c)"
    by  (auto simp add: field_simps)
  moreover
  have **: "(∏i∈Basis. ((∑i∈Basis. (if i = k then min (b • k) c else b • i) *R i) • i - a • i)) =
      (∏i∈Basis. (if i = k then min (b • k) c else b • i) - a • i)"
    "(∏i∈Basis. b • i - ((∑i∈Basis. (if i = k then max (a • k) c else a • i) *R i) • i)) =
      (∏i∈Basis. b • i - (if i = k then max (a • k) c else a • i))"
    by (auto intro!: setprod.cong)
  have "¬ a • k ≤ c ==> ¬ c ≤ b • k ==> False"
    unfolding not_le
    using as[unfolded ,rule_format,of k] assms
    by auto
  ultimately show ?thesis
    using assms
    unfolding simps **
    unfolding *(1)[of "λi x. b•i - x"] *(1)[of "λi x. x - a•i"]
    unfolding *(2)
    by auto
next
  assume "¬ (∀i∈Basis. a • i ≤ b • i)"
  then have "cbox a b = {}"
    unfolding box_eq_empty by (auto simp: not_le)
  then show ?thesis
    by (auto simp: not_le)
qed

lemma division_split_left_inj:
  fixes type :: "'a::euclidean_space"
  assumes "d division_of i"
    and "k1 ∈ d"
    and "k2 ∈ d"
    and "k1 ≠ k2"
    and "k1 ∩ {x::'a. x•k ≤ c} = k2 ∩ {x. x•k ≤ c}"
    and k: "k∈Basis"
  shows "content(k1 ∩ {x. x•k ≤ c}) = 0"
proof -
  note d=division_ofD[OF assms(1)]
  have *: "!!(a::'a) b c. content (cbox a b ∩ {x. x•k ≤ c}) = 0 <->
    interior(cbox a b ∩ {x. x•k ≤ c}) = {}"
    unfolding  interval_split[OF k] content_eq_0_interior by auto
  guess u1 v1 using d(4)[OF assms(2)] by (elim exE) note uv1=this
  guess u2 v2 using d(4)[OF assms(3)] by (elim exE) note uv2=this
  have **: "!!s t u. s ∩ t = {} ==> u ⊆ s ==> u ⊆ t ==> u = {}"
    by auto
  show ?thesis
    unfolding uv1 uv2 *
    apply (rule **[OF d(5)[OF assms(2-4)]])
    defer
    apply (subst assms(5)[unfolded uv1 uv2])
    unfolding uv1 uv2
    apply auto
    done
qed

lemma division_split_right_inj:
  fixes type :: "'a::euclidean_space"
  assumes "d division_of i"
    and "k1 ∈ d"
    and "k2 ∈ d"
    and "k1 ≠ k2"
    and "k1 ∩ {x::'a. x•k ≥ c} = k2 ∩ {x. x•k ≥ c}"
    and k: "k ∈ Basis"
  shows "content (k1 ∩ {x. x•k ≥ c}) = 0"
proof -
  note d=division_ofD[OF assms(1)]
  have *: "!!a b::'a. !!c. content(cbox a b ∩ {x. x•k ≥ c}) = 0 <->
    interior(cbox a b ∩ {x. x•k ≥ c}) = {}"
    unfolding interval_split[OF k] content_eq_0_interior by auto
  guess u1 v1 using d(4)[OF assms(2)] by (elim exE) note uv1=this
  guess u2 v2 using d(4)[OF assms(3)] by (elim exE) note uv2=this
  have **: "!!s t u. s ∩ t = {} ==> u ⊆ s ==> u ⊆ t ==> u = {}"
    by auto
  show ?thesis
    unfolding uv1 uv2 *
    apply (rule **[OF d(5)[OF assms(2-4)]])
    defer
    apply (subst assms(5)[unfolded uv1 uv2])
    unfolding uv1 uv2
    apply auto
    done
qed

lemma tagged_division_split_left_inj:
  fixes x1 :: "'a::euclidean_space"
  assumes "d tagged_division_of i"
    and "(x1, k1) ∈ d"
    and "(x2, k2) ∈ d"
    and "k1 ≠ k2"
    and "k1 ∩ {x. x•k ≤ c} = k2 ∩ {x. x•k ≤ c}"
    and k: "k ∈ Basis"
  shows "content (k1 ∩ {x. x•k ≤ c}) = 0"
proof -
  have *: "!!a b c. (a,b) ∈ c ==> b ∈ snd ` c"
    unfolding image_iff
    apply (rule_tac x="(a,b)" in bexI)
    apply auto
    done
  show ?thesis
    apply (rule division_split_left_inj[OF division_of_tagged_division[OF assms(1)]])
    apply (rule_tac[1-2] *)
    using assms(2-)
    apply auto
    done
qed

lemma tagged_division_split_right_inj:
  fixes x1 :: "'a::euclidean_space"
  assumes "d tagged_division_of i"
    and "(x1, k1) ∈ d"
    and "(x2, k2) ∈ d"
    and "k1 ≠ k2"
    and "k1 ∩ {x. x•k ≥ c} = k2 ∩ {x. x•k ≥ c}"
  and k: "k ∈ Basis"
  shows "content (k1 ∩ {x. x•k ≥ c}) = 0"
proof -
  have *: "!!a b c. (a,b) ∈ c ==> b ∈ snd ` c"
    unfolding image_iff
    apply (rule_tac x="(a,b)" in bexI)
    apply auto
    done
  show ?thesis
    apply (rule division_split_right_inj[OF division_of_tagged_division[OF assms(1)]])
    apply (rule_tac[1-2] *)
    using assms(2-)
    apply auto
    done
qed

lemma division_split:
  fixes a :: "'a::euclidean_space"
  assumes "p division_of (cbox a b)"
    and k: "k∈Basis"
  shows "{l ∩ {x. x•k ≤ c} | l. l ∈ p ∧ l ∩ {x. x•k ≤ c} ≠ {}} division_of(cbox a b ∩ {x. x•k ≤ c})"
      (is "?p1 division_of ?I1")
    and "{l ∩ {x. x•k ≥ c} | l. l ∈ p ∧ l ∩ {x. x•k ≥ c} ≠ {}} division_of (cbox a b ∩ {x. x•k ≥ c})"
      (is "?p2 division_of ?I2")
proof (rule_tac[!] division_ofI)
  note p = division_ofD[OF assms(1)]
  show "finite ?p1" "finite ?p2"
    using p(1) by auto
  show "\<Union>?p1 = ?I1" "\<Union>?p2 = ?I2"
    unfolding p(6)[symmetric] by auto
  {
    fix k
    assume "k ∈ ?p1"
    then guess l unfolding mem_Collect_eq by (elim exE conjE) note l=this
    guess u v using p(4)[OF l(2)] by (elim exE) note uv=this
    show "k ⊆ ?I1" "k ≠ {}" "∃a b. k = cbox a b"
      unfolding l
      using p(2-3)[OF l(2)] l(3)
      unfolding uv
      apply -
      prefer 3
      apply (subst interval_split[OF k])
      apply (auto intro: order.trans)
      done
    fix k'
    assume "k' ∈ ?p1"
    then guess l' unfolding mem_Collect_eq by (elim exE conjE) note l'=this
    assume "k ≠ k'"
    then show "interior k ∩ interior k' = {}"
      unfolding l l' using p(5)[OF l(2) l'(2)] by auto
  }
  {
    fix k
    assume "k ∈ ?p2"
    then guess l unfolding mem_Collect_eq by (elim exE conjE) note l=this
    guess u v using p(4)[OF l(2)] by (elim exE) note uv=this
    show "k ⊆ ?I2" "k ≠ {}" "∃a b. k = cbox a b"
      unfolding l
      using p(2-3)[OF l(2)] l(3)
      unfolding uv
      apply -
      prefer 3
      apply (subst interval_split[OF k])
      apply (auto intro: order.trans)
      done
    fix k'
    assume "k' ∈ ?p2"
    then guess l' unfolding mem_Collect_eq by (elim exE conjE) note l'=this
    assume "k ≠ k'"
    then show "interior k ∩ interior k' = {}"
      unfolding l l' using p(5)[OF l(2) l'(2)] by auto
  }
qed

lemma has_integral_split:
  fixes f :: "'a::euclidean_space => 'b::real_normed_vector"
  assumes "(f has_integral i) (cbox a b ∩ {x. x•k ≤ c})"
    and "(f has_integral j) (cbox a b ∩ {x. x•k ≥ c})"
    and k: "k ∈ Basis"
  shows "(f has_integral (i + j)) (cbox a b)"
proof (unfold has_integral, rule, rule)
  case goal1
  then have e: "e/2 > 0"
    by auto
  guess d1 using has_integralD[OF assms(1)[unfolded interval_split[OF k]] e] .
  note d1=this[unfolded interval_split[symmetric,OF k]]
  guess d2 using has_integralD[OF assms(2)[unfolded interval_split[OF k]] e] .
  note d2=this[unfolded interval_split[symmetric,OF k]]
  let ?d = "λx. if x•k = c then (d1 x ∩ d2 x) else ball x (abs(x•k - c)) ∩ d1 x ∩ d2 x"
  show ?case
    apply (rule_tac x="?d" in exI)
    apply rule
    defer
    apply rule
    apply rule
    apply (elim conjE)
  proof -
    show "gauge ?d"
      using d1(1) d2(1) unfolding gauge_def by auto
    fix p
    assume "p tagged_division_of (cbox a b)" "?d fine p"
    note p = this tagged_division_ofD[OF this(1)]
    have lem0:
      "!!x kk. (x, kk) ∈ p ==> kk ∩ {x. x•k ≤ c} ≠ {} ==> x•k ≤ c"
      "!!x kk. (x, kk) ∈ p ==> kk ∩ {x. x•k ≥ c} ≠ {} ==> x•k ≥ c"
    proof -
      fix x kk
      assume as: "(x, kk) ∈ p"
      {
        assume *: "kk ∩ {x. x•k ≤ c} ≠ {}"
        show "x•k ≤ c"
        proof (rule ccontr)
          assume **: "¬ ?thesis"
          from this[unfolded not_le]
          have "kk ⊆ ball x ¦x • k - c¦"
            using p(2)[unfolded fine_def, rule_format,OF as,unfolded split_conv] by auto
          with * have "∃y. y ∈ ball x ¦x • k - c¦ ∩ {x. x • k ≤ c}"
            by blast
          then guess y ..
          then have "¦x • k - y • k¦ < ¦x • k - c¦" "y•k ≤ c"
            apply -
            apply (rule le_less_trans)
            using Basis_le_norm[OF k, of "x - y"]
            apply (auto simp add: dist_norm inner_diff_left)
            done
          then show False
            using **[unfolded not_le] by (auto simp add: field_simps)
        qed
      next
        assume *: "kk ∩ {x. x•k ≥ c} ≠ {}"
        show "x•k ≥ c"
        proof (rule ccontr)
          assume **: "¬ ?thesis"
          from this[unfolded not_le] have "kk ⊆ ball x ¦x • k - c¦"
            using p(2)[unfolded fine_def,rule_format,OF as,unfolded split_conv] by auto
          with * have "∃y. y ∈ ball x ¦x • k - c¦ ∩ {x. x • k ≥ c}"
            by blast
          then guess y ..
          then have "¦x • k - y • k¦ < ¦x • k - c¦" "y•k ≥ c"
            apply -
            apply (rule le_less_trans)
            using Basis_le_norm[OF k, of "x - y"]
            apply (auto simp add: dist_norm inner_diff_left)
            done
          then show False
            using **[unfolded not_le] by (auto simp add: field_simps)
        qed
      }
    qed

    have lem1: "!!f P Q. (∀x k. (x, k) ∈ {(x, f k) | x k. P x k} --> Q x k) <->
      (∀x k. P x k --> Q x (f k))" by auto
    have lem2: "!!f s P f. finite s ==> finite {(x,f k) | x k. (x,k) ∈ s ∧ P x k}"
    proof -
      case goal1
      then show ?case
        apply -
        apply (rule finite_subset[of _ "(λ(x,k). (x,f k)) ` s"])
        apply auto
        done
    qed
    have lem3: "!!g :: 'a set => 'a set. finite p ==>
      setsum (λ(x, k). content k *R f x) {(x,g k) |x k. (x,k) ∈ p ∧ g k ≠ {}} =
      setsum (λ(x, k). content k *R f x) ((λ(x, k). (x, g k)) ` p)"
      apply (rule setsum.mono_neutral_left)
      prefer 3
    proof
      fix g :: "'a set => 'a set"
      fix i :: "'a × 'a set"
      assume "i ∈ (λ(x, k). (x, g k)) ` p - {(x, g k) |x k. (x, k) ∈ p ∧ g k ≠ {}}"
      then obtain x k where xk:
        "i = (x, g k)"
        "(x, k) ∈ p"
        "(x, g k) ∉ {(x, g k) |x k. (x, k) ∈ p ∧ g k ≠ {}}"
        by auto
      have "content (g k) = 0"
        using xk using content_empty by auto
      then show "(λ(x, k). content k *R f x) i = 0"
        unfolding xk split_conv by auto
    qed auto
    have lem4: "!!g. (λ(x,l). content (g l) *R f x) = (λ(x,l). content l *R f x) o (λ(x,l). (x,g l))"
      by auto

    let ?M1 = "{(x, kk ∩ {x. x•k ≤ c}) |x kk. (x, kk) ∈ p ∧ kk ∩ {x. x•k ≤ c} ≠ {}}"
    have "norm ((∑(x, k)∈?M1. content k *R f x) - i) < e/2"
      apply (rule d1(2),rule tagged_division_ofI)
      apply (rule lem2 p(3))+
      prefer 6
      apply (rule fineI)
    proof -
      show "\<Union>{k. ∃x. (x, k) ∈ ?M1} = cbox a b ∩ {x. x•k ≤ c}"
        unfolding p(8)[symmetric] by auto
      fix x l
      assume xl: "(x, l) ∈ ?M1"
      then guess x' l' unfolding mem_Collect_eq unfolding Pair_eq by (elim exE conjE) note xl'=this
      have "l' ⊆ d1 x'"
        apply (rule order_trans[OF fineD[OF p(2) xl'(3)]])
        apply auto
        done
      then show "l ⊆ d1 x"
        unfolding xl' by auto
      show "x ∈ l" "l ⊆ cbox a b ∩ {x. x • k ≤ c}"
        unfolding xl'
        using p(4-6)[OF xl'(3)] using xl'(4)
        using lem0(1)[OF xl'(3-4)] by auto
      show "∃a b. l = cbox a b"
        unfolding xl'
        using p(6)[OF xl'(3)]
        by (fastforce simp add: interval_split[OF k,where c=c])
      fix y r
      let ?goal = "interior l ∩ interior r = {}"
      assume yr: "(y, r) ∈ ?M1"
      then guess y' r' unfolding mem_Collect_eq unfolding Pair_eq by (elim exE conjE) note yr'=this
      assume as: "(x, l) ≠ (y, r)"
      show "interior l ∩ interior r = {}"
      proof (cases "l' = r' --> x' = y'")
        case False
        then show ?thesis
          using p(7)[OF xl'(3) yr'(3)] using as unfolding xl' yr' by auto
      next
        case True
        then have "l' ≠ r'"
          using as unfolding xl' yr' by auto
        then show ?thesis
          using p(7)[OF xl'(3) yr'(3)] using as unfolding xl' yr' by auto
      qed
    qed
    moreover
    let ?M2 = "{(x,kk ∩ {x. x•k ≥ c}) |x kk. (x,kk) ∈ p ∧ kk ∩ {x. x•k ≥ c} ≠ {}}"
    have "norm ((∑(x, k)∈?M2. content k *R f x) - j) < e/2"
      apply (rule d2(2),rule tagged_division_ofI)
      apply (rule lem2 p(3))+
      prefer 6
      apply (rule fineI)
    proof -
      show "\<Union>{k. ∃x. (x, k) ∈ ?M2} = cbox a b ∩ {x. x•k ≥ c}"
        unfolding p(8)[symmetric] by auto
      fix x l
      assume xl: "(x, l) ∈ ?M2"
      then guess x' l' unfolding mem_Collect_eq unfolding Pair_eq by (elim exE conjE) note xl'=this
      have "l' ⊆ d2 x'"
        apply (rule order_trans[OF fineD[OF p(2) xl'(3)]])
        apply auto
        done
      then show "l ⊆ d2 x"
        unfolding xl' by auto
      show "x ∈ l" "l ⊆ cbox a b ∩ {x. x • k ≥ c}"
        unfolding xl'
        using p(4-6)[OF xl'(3)]
        using xl'(4)
        using lem0(2)[OF xl'(3-4)]
        by auto
      show "∃a b. l = cbox a b"
        unfolding xl'
        using p(6)[OF xl'(3)]
        by (fastforce simp add: interval_split[OF k, where c=c])
      fix y r
      let ?goal = "interior l ∩ interior r = {}"
      assume yr: "(y, r) ∈ ?M2"
      then guess y' r' unfolding mem_Collect_eq unfolding Pair_eq by (elim exE conjE) note yr'=this
      assume as: "(x, l) ≠ (y, r)"
      show "interior l ∩ interior r = {}"
      proof (cases "l' = r' --> x' = y'")
        case False
        then show ?thesis
          using p(7)[OF xl'(3) yr'(3)] using as unfolding xl' yr' by auto
      next
        case True
        then have "l' ≠ r'"
          using as unfolding xl' yr' by auto
        then show ?thesis
          using p(7)[OF xl'(3) yr'(3)] using as unfolding xl' yr' by auto
      qed
    qed
    ultimately
    have "norm (((∑(x, k)∈?M1. content k *R f x) - i) + ((∑(x, k)∈?M2. content k *R f x) - j)) < e/2 + e/2"
      apply -
      apply (rule norm_triangle_lt)
      apply auto
      done
    also {
      have *: "!!x y. x = (0::real) ==> x *R (y::'b) = 0"
        using scaleR_zero_left by auto
      have "((∑(x, k)∈?M1. content k *R f x) - i) + ((∑(x, k)∈?M2. content k *R f x) - j) =
        (∑(x, k)∈?M1. content k *R f x) + (∑(x, k)∈?M2. content k *R f x) - (i + j)"
        by auto
      also have "… = (∑(x, ka)∈p. content (ka ∩ {x. x • k ≤ c}) *R f x) +
        (∑(x, ka)∈p. content (ka ∩ {x. c ≤ x • k}) *R f x) - (i + j)"
        unfolding lem3[OF p(3)]
        apply (subst setsum.reindex_nontrivial[OF p(3)])
        defer
        apply (subst setsum.reindex_nontrivial[OF p(3)])
        defer
        unfolding lem4[symmetric]
        apply (rule refl)
        unfolding split_paired_all split_conv
        apply (rule_tac[!] *)
      proof -
        case goal1
        then show ?case
          apply -
          apply (rule tagged_division_split_left_inj [OF p(1), of a b aa ba])
          using k
          apply auto
          done
      next
        case goal2
        then show ?case
          apply -
          apply (rule tagged_division_split_right_inj[OF p(1), of a b aa ba])
          using k
          apply auto
          done
      qed
      also note setsum.distrib[symmetric]
      also have *: "!!x. x ∈ p ==>
        (λ(x,ka). content (ka ∩ {x. x • k ≤ c}) *R f x) x +
          (λ(x,ka). content (ka ∩ {x. c ≤ x • k}) *R f x) x =
        (λ(x,ka). content ka *R f x) x"
        unfolding split_paired_all split_conv
      proof -
        fix a b
        assume "(a, b) ∈ p"
        from p(6)[OF this] guess u v by (elim exE) note uv=this
        then show "content (b ∩ {x. x • k ≤ c}) *R f a + content (b ∩ {x. c ≤ x • k}) *R f a =
          content b *R f a"
          unfolding scaleR_left_distrib[symmetric]
          unfolding uv content_split[OF k,of u v c]
          by auto
      qed
      note setsum.cong [OF _ this]
      finally have "(∑(x, k)∈{(x, kk ∩ {x. x • k ≤ c}) |x kk. (x, kk) ∈ p ∧ kk ∩ {x. x • k ≤ c} ≠ {}}. content k *R f x) - i +
        ((∑(x, k)∈{(x, kk ∩ {x. c ≤ x • k}) |x kk. (x, kk) ∈ p ∧ kk ∩ {x. c ≤ x • k} ≠ {}}. content k *R f x) - j) =
        (∑(x, ka)∈p. content ka *R f x) - (i + j)"
        by auto
    }
    finally show "norm ((∑(x, k)∈p. content k *R f x) - (i + j)) < e"
      by auto
  qed
qed


subsection {* A sort of converse, integrability on subintervals. *}

lemma tagged_division_union_interval:
  fixes a :: "'a::euclidean_space"
  assumes "p1 tagged_division_of (cbox a b ∩ {x. x•k ≤ (c::real)})"
    and "p2 tagged_division_of (cbox a b ∩ {x. x•k ≥ c})"
    and k: "k ∈ Basis"
  shows "(p1 ∪ p2) tagged_division_of (cbox a b)"
proof -
  have *: "cbox a b = (cbox a b ∩ {x. x•k ≤ c}) ∪ (cbox a b ∩ {x. x•k ≥ c})"
    by auto
  show ?thesis
    apply (subst *)
    apply (rule tagged_division_union[OF assms(1-2)])
    unfolding interval_split[OF k] interior_cbox
    using k
    apply (auto simp add: box_def elim!: ballE[where x=k])
    done
qed

lemma tagged_division_union_interval_real:
  fixes a :: real
  assumes "p1 tagged_division_of ({a .. b} ∩ {x. x•k ≤ (c::real)})"
    and "p2 tagged_division_of ({a .. b} ∩ {x. x•k ≥ c})"
    and k: "k ∈ Basis"
  shows "(p1 ∪ p2) tagged_division_of {a .. b}"
  using assms
  unfolding box_real[symmetric]
  by (rule tagged_division_union_interval)

lemma has_integral_separate_sides:
  fixes f :: "'a::euclidean_space => 'b::real_normed_vector"
  assumes "(f has_integral i) (cbox a b)"
    and "e > 0"
    and k: "k ∈ Basis"
  obtains d where "gauge d"
    "∀p1 p2. p1 tagged_division_of (cbox a b ∩ {x. x•k ≤ c}) ∧ d fine p1 ∧
        p2 tagged_division_of (cbox a b ∩ {x. x•k ≥ c}) ∧ d fine p2 -->
        norm ((setsum (λ(x,k). content k *R f x) p1 + setsum (λ(x,k). content k *R f x) p2) - i) < e"
proof -
  guess d using has_integralD[OF assms(1-2)] . note d=this
  show ?thesis
    apply (rule that[of d])
    apply (rule d)
    apply rule
    apply rule
    apply rule
    apply (elim conjE)
  proof -
    fix p1 p2
    assume "p1 tagged_division_of (cbox a b) ∩ {x. x • k ≤ c}" "d fine p1"
    note p1=tagged_division_ofD[OF this(1)] this
    assume "p2 tagged_division_of (cbox a b) ∩ {x. c ≤ x • k}" "d fine p2"
    note p2=tagged_division_ofD[OF this(1)] this
    note tagged_division_union_interval[OF p1(7) p2(7)] note p12 = tagged_division_ofD[OF this] this
    have "norm ((∑(x, k)∈p1. content k *R f x) + (∑(x, k)∈p2. content k *R f x) - i) =
      norm ((∑(x, k)∈p1 ∪ p2. content k *R f x) - i)"
      apply (subst setsum.union_inter_neutral)
      apply (rule p1 p2)+
      apply rule
      unfolding split_paired_all split_conv
    proof -
      fix a b
      assume ab: "(a, b) ∈ p1 ∩ p2"
      have "(a, b) ∈ p1"
        using ab by auto
      from p1(4)[OF this] guess u v by (elim exE) note uv = this
      have "b ⊆ {x. x•k = c}"
        using ab p1(3)[of a b] p2(3)[of a b] by fastforce
      moreover
      have "interior {x::'a. x • k = c} = {}"
      proof (rule ccontr)
        assume "¬ ?thesis"
        then obtain x where x: "x ∈ interior {x::'a. x•k = c}"
          by auto
        then guess e unfolding mem_interior .. note e=this
        have x: "x•k = c"
          using x interior_subset by fastforce
        have *: "!!i. i ∈ Basis ==> ¦(x - (x + (e / 2) *R k)) • i¦ = (if i = k then e/2 else 0)"
          using e k by (auto simp: inner_simps inner_not_same_Basis)
        have "(∑i∈Basis. ¦(x - (x + (e / 2 ) *R k)) • i¦) =
          (∑i∈Basis. (if i = k then e / 2 else 0))"
          apply (rule setsum.cong)
          apply (rule refl)
          apply (subst *)
          apply auto
          done
        also have "… < e"
          apply (subst setsum.delta)
          using e
          apply auto
          done
        finally have "x + (e/2) *R k ∈ ball x e"
          unfolding mem_ball dist_norm by(rule le_less_trans[OF norm_le_l1])
        then have "x + (e/2) *R k ∈ {x. x•k = c}"
          using e by auto
        then show False
          unfolding mem_Collect_eq using e x k by (auto simp: inner_simps)
      qed
      ultimately have "content b = 0"
        unfolding uv content_eq_0_interior
        apply -
        apply (drule interior_mono)
        apply auto
        done
      then show "content b *R f a = 0"
        by auto
    qed auto
    also have "… < e"
      by (rule k d(2) p12 fine_union p1 p2)+
    finally show "norm ((∑(x, k)∈p1. content k *R f x) + (∑(x, k)∈p2. content k *R f x) - i) < e" .
  qed
qed

lemma integrable_split[intro]:
  fixes f :: "'a::euclidean_space => 'b::{real_normed_vector,complete_space}"
  assumes "f integrable_on cbox a b"
    and k: "k ∈ Basis"
  shows "f integrable_on (cbox a b ∩ {x. x•k ≤ c})" (is ?t1)
    and "f integrable_on (cbox a b ∩ {x. x•k ≥ c})" (is ?t2)
proof -
  guess y using assms(1) unfolding integrable_on_def .. note y=this
  def b'  "∑i∈Basis. (if i = k then min (b•k) c else b•i)*R i::'a"
  def a'  "∑i∈Basis. (if i = k then max (a•k) c else a•i)*R i::'a"
  show ?t1 ?t2
    unfolding interval_split[OF k] integrable_cauchy
    unfolding interval_split[symmetric,OF k]
  proof (rule_tac[!] allI impI)+
    fix e :: real
    assume "e > 0"
    then have "e/2>0"
      by auto
    from has_integral_separate_sides[OF y this k,of c] guess d . note d=this[rule_format]
    let ?P = "λA. ∃d. gauge d ∧ (∀p1 p2. p1 tagged_division_of (cbox a b) ∩ A ∧ d fine p1 ∧
      p2 tagged_division_of (cbox a b) ∩ A ∧ d fine p2 -->
      norm ((∑(x, k)∈p1. content k *R f x) - (∑(x, k)∈p2. content k *R f x)) < e)"
    show "?P {x. x • k ≤ c}"
      apply (rule_tac x=d in exI)
      apply rule
      apply (rule d)
      apply rule
      apply rule
      apply rule
    proof -
      fix p1 p2
      assume as: "p1 tagged_division_of (cbox a b) ∩ {x. x • k ≤ c} ∧ d fine p1 ∧
        p2 tagged_division_of (cbox a b) ∩ {x. x • k ≤ c} ∧ d fine p2"
      show "norm ((∑(x, k)∈p1. content k *R f x) - (∑(x, k)∈p2. content k *R f x)) < e"
      proof -
        guess p using fine_division_exists[OF d(1), of a' b] . note p=this
        show ?thesis
          using norm_triangle_half_l[OF d(2)[of p1 p] d(2)[of p2 p]]
          using as unfolding interval_split[OF k] b'_def[symmetric] a'_def[symmetric]
          using p using assms
          by (auto simp add: algebra_simps)
      qed
    qed
    show "?P {x. x • k ≥ c}"
      apply (rule_tac x=d in exI)
      apply rule
      apply (rule d)
      apply rule
      apply rule
      apply rule
    proof -
      fix p1 p2
      assume as: "p1 tagged_division_of (cbox a b) ∩ {x. x • k ≥ c} ∧ d fine p1 ∧
        p2 tagged_division_of (cbox a b) ∩ {x. x • k ≥ c} ∧ d fine p2"
      show "norm ((∑(x, k)∈p1. content k *R f x) - (∑(x, k)∈p2. content k *R f x)) < e"
      proof -
        guess p using fine_division_exists[OF d(1), of a b'] . note p=this
        show ?thesis
          using norm_triangle_half_l[OF d(2)[of p p1] d(2)[of p p2]]
          using as
          unfolding interval_split[OF k] b'_def[symmetric] a'_def[symmetric]
          using p
          using assms
          by (auto simp add: algebra_simps)
      qed
    qed
  qed
qed


subsection {* Generalized notion of additivity. *}

definition "neutral opp = (SOME x. ∀y. opp x y = y ∧ opp y x = y)"

definition operative :: "('a => 'a => 'a) => (('b::euclidean_space) set => 'a) => bool"
  where "operative opp f <->
    (∀a b. content (cbox a b) = 0 --> f (cbox a b) = neutral opp) ∧
    (∀a b c. ∀k∈Basis. f (cbox a b) = opp (f(cbox a b ∩ {x. x•k ≤ c})) (f (cbox a b ∩ {x. x•k ≥ c})))"

lemma operativeD[dest]:
  fixes type :: "'a::euclidean_space"
  assumes "operative opp f"
  shows "!!a b::'a. content (cbox a b) = 0 ==> f (cbox a b) = neutral opp"
    and "!!a b c k. k ∈ Basis ==> f (cbox a b) =
      opp (f (cbox a b ∩ {x. x•k ≤ c})) (f (cbox a b ∩ {x. x•k ≥ c}))"
  using assms unfolding operative_def by auto

lemma operative_trivial: "operative opp f ==> content (cbox a b) = 0 ==> f (cbox a b) = neutral opp"
  unfolding operative_def by auto

lemma property_empty_interval: "∀a b. content (cbox a b) = 0 --> P (cbox a b) ==> P {}"
  using content_empty unfolding empty_as_interval by auto

lemma operative_empty: "operative opp f ==> f {} = neutral opp"
  unfolding operative_def by (rule property_empty_interval) auto


subsection {* Using additivity of lifted function to encode definedness. *}

lemma forall_option: "(∀x. P x) <-> P None ∧ (∀x. P (Some x))"
  by (metis option.nchotomy)

lemma exists_option: "(∃x. P x) <-> P None ∨ (∃x. P (Some x))"
  by (metis option.nchotomy)

fun lifted where
  "lifted (opp :: 'a => 'a => 'b) (Some x) (Some y) = Some (opp x y)"
| "lifted opp None _ = (None::'b option)"
| "lifted opp _ None = None"

lemma lifted_simp_1[simp]: "lifted opp v None = None"
  by (induct v) auto

definition "monoidal opp <->
  (∀x y. opp x y = opp y x) ∧
  (∀x y z. opp x (opp y z) = opp (opp x y) z) ∧
  (∀x. opp (neutral opp) x = x)"

lemma monoidalI:
  assumes "!!x y. opp x y = opp y x"
    and "!!x y z. opp x (opp y z) = opp (opp x y) z"
    and "!!x. opp (neutral opp) x = x"
  shows "monoidal opp"
  unfolding monoidal_def using assms by fastforce

lemma monoidal_ac:
  assumes "monoidal opp"
  shows "opp (neutral opp) a = a"
    and "opp a (neutral opp) = a"
    and "opp a b = opp b a"
    and "opp (opp a b) c = opp a (opp b c)"
    and "opp a (opp b c) = opp b (opp a c)"
  using assms unfolding monoidal_def by metis+

lemma monoidal_simps[simp]:
  assumes "monoidal opp"
  shows "opp (neutral opp) a = a"
    and "opp a (neutral opp) = a"
  using monoidal_ac[OF assms] by auto

lemma neutral_lifted[cong]:
  assumes "monoidal opp"
  shows "neutral (lifted opp) = Some (neutral opp)"
  apply (subst neutral_def)
  apply (rule some_equality)
  apply rule
  apply (induct_tac y)
  prefer 3
proof -
  fix x
  assume "∀y. lifted opp x y = y ∧ lifted opp y x = y"
  then show "x = Some (neutral opp)"
    apply (induct x)
    defer
    apply rule
    apply (subst neutral_def)
    apply (subst eq_commute)
    apply(rule some_equality)
    apply rule
    apply (erule_tac x="Some y" in allE)
    defer
    apply (rename_tac x)
    apply (erule_tac x="Some x" in allE)
    apply auto
    done
qed (auto simp add:monoidal_ac[OF assms])

lemma monoidal_lifted[intro]:
  assumes "monoidal opp"
  shows "monoidal (lifted opp)"
  unfolding monoidal_def forall_option neutral_lifted[OF assms]
  using monoidal_ac[OF assms]
  by auto

definition "support opp f s = {x. x∈s ∧ f x ≠ neutral opp}"
definition "fold' opp e s = (if finite s then Finite_Set.fold opp e s else e)"
definition "iterate opp s f = fold' (λx a. opp (f x) a) (neutral opp) (support opp f s)"

lemma support_subset[intro]: "support opp f s ⊆ s"
  unfolding support_def by auto

lemma support_empty[simp]: "support opp f {} = {}"
  using support_subset[of opp f "{}"] by auto

lemma comp_fun_commute_monoidal[intro]:
  assumes "monoidal opp"
  shows "comp_fun_commute opp"
  unfolding comp_fun_commute_def
  using monoidal_ac[OF assms]
  by auto

lemma support_clauses:
  "!!f g s. support opp f {} = {}"
  "!!f g s. support opp f (insert x s) =
    (if f(x) = neutral opp then support opp f s else insert x (support opp f s))"
  "!!f g s. support opp f (s - {x}) = (support opp f s) - {x}"
  "!!f g s. support opp f (s ∪ t) = (support opp f s) ∪ (support opp f t)"
  "!!f g s. support opp f (s ∩ t) = (support opp f s) ∩ (support opp f t)"
  "!!f g s. support opp f (s - t) = (support opp f s) - (support opp f t)"
  "!!f g s. support opp g (f ` s) = f ` (support opp (g o f) s)"
  unfolding support_def by auto

lemma finite_support[intro]: "finite s ==> finite (support opp f s)"
  unfolding support_def by auto

lemma iterate_empty[simp]: "iterate opp {} f = neutral opp"
  unfolding iterate_def fold'_def by auto

lemma iterate_insert[simp]:
  assumes "monoidal opp"
    and "finite s"
  shows "iterate opp (insert x s) f =
    (if x ∈ s then iterate opp s f else opp (f x) (iterate opp s f))"
proof (cases "x ∈ s")
  case True
  then have *: "insert x s = s"
    by auto
  show ?thesis unfolding iterate_def if_P[OF True] * by auto
next
  case False
  note x = this
  note * = comp_fun_commute.comp_comp_fun_commute [OF comp_fun_commute_monoidal[OF assms(1)]]
  show ?thesis
  proof (cases "f x = neutral opp")
    case True
    show ?thesis
      unfolding iterate_def if_not_P[OF x] support_clauses if_P[OF True]
      unfolding True monoidal_simps[OF assms(1)]
      by auto
  next
    case False
    show ?thesis
      unfolding iterate_def fold'_def  if_not_P[OF x] support_clauses if_not_P[OF False]
      apply (subst comp_fun_commute.fold_insert[OF * finite_support, simplified comp_def])
      using `finite s`
      unfolding support_def
      using False x
      apply auto
      done
  qed
qed

lemma iterate_some:
  assumes "monoidal opp"
    and "finite s"
  shows "iterate (lifted opp) s (λx. Some(f x)) = Some (iterate opp s f)"
  using assms(2)
proof (induct s)
  case empty
  then show ?case
    using assms by auto
next
  case (insert x F)
  show ?case
    apply (subst iterate_insert)
    prefer 3
    apply (subst if_not_P)
    defer
    unfolding insert(3) lifted.simps
    apply rule
    using assms insert
    apply auto
    done
qed


subsection {* Two key instances of additivity. *}

lemma neutral_add[simp]: "neutral op + = (0::'a::comm_monoid_add)"
  unfolding neutral_def
  apply (rule some_equality)
  defer
  apply (erule_tac x=0 in allE)
  apply auto
  done

lemma operative_content[intro]: "operative (op +) content"
  unfolding operative_def neutral_add
  apply safe
  unfolding content_split[symmetric]
  apply rule
  done

lemma monoidal_monoid[intro]: "monoidal ((op +)::('a::comm_monoid_add) => 'a => 'a)"
  unfolding monoidal_def neutral_add
  by (auto simp add: algebra_simps)

lemma operative_integral:
  fixes f :: "'a::euclidean_space => 'b::banach"
  shows "operative (lifted(op +)) (λi. if f integrable_on i then Some(integral i f) else None)"
  unfolding operative_def
  unfolding neutral_lifted[OF monoidal_monoid] neutral_add
  apply rule
  apply rule
  apply rule
  apply rule
  defer
  apply (rule allI ballI)+
proof -
  fix a b c
  fix k :: 'a
  assume k: "k ∈ Basis"
  show "(if f integrable_on cbox a b then Some (integral (cbox a b) f) else None) =
    lifted op + (if f integrable_on cbox a b ∩ {x. x • k ≤ c} then Some (integral (cbox a b ∩ {x. x • k ≤ c}) f) else None)
    (if f integrable_on cbox a b ∩ {x. c ≤ x • k} then Some (integral (cbox a b ∩ {x. c ≤ x • k}) f) else None)"
  proof (cases "f integrable_on cbox a b")
    case True
    show ?thesis
      unfolding if_P[OF True]
      using k
      apply -
      unfolding if_P[OF integrable_split(1)[OF True]]
      unfolding if_P[OF integrable_split(2)[OF True]]
      unfolding lifted.simps option.inject
      apply (rule integral_unique)
      apply (rule has_integral_split[OF _ _ k])
      apply (rule_tac[!] integrable_integral integrable_split)+
      using True k
      apply auto
      done
  next
    case False
    have "¬ (f integrable_on cbox a b ∩ {x. x • k ≤ c}) ∨ ¬ ( f integrable_on cbox a b ∩ {x. c ≤ x • k})"
    proof (rule ccontr)
      assume "¬ ?thesis"
      then have "f integrable_on cbox a b"
        apply -
        unfolding integrable_on_def
        apply (rule_tac x="integral (cbox a b ∩ {x. x • k ≤ c}) f + integral (cbox a b ∩ {x. x • k ≥ c}) f" in exI)
        apply (rule has_integral_split[OF _ _ k])
        apply (rule_tac[!] integrable_integral)
        apply auto
        done
      then show False
        using False by auto
    qed
    then show ?thesis
      using False by auto
  qed
next
  fix a b :: 'a
  assume as: "content (cbox a b) = 0"
  then show "(if f integrable_on cbox a b then Some (integral (cbox a b) f) else None) = Some 0"
    unfolding if_P[OF integrable_on_null[OF as]]
    using has_integral_null_eq[OF as]
    by auto
qed


subsection {* Points of division of a partition. *}

definition "division_points (k::('a::euclidean_space) set) d =
   {(j,x). j ∈ Basis ∧ (interval_lowerbound k)•j < x ∧ x < (interval_upperbound k)•j ∧
     (∃i∈d. (interval_lowerbound i)•j = x ∨ (interval_upperbound i)•j = x)}"

lemma division_points_finite:
  fixes i :: "'a::euclidean_space set"
  assumes "d division_of i"
  shows "finite (division_points i d)"
proof -
  note assm = division_ofD[OF assms]
  let ?M = "λj. {(j,x)|x. (interval_lowerbound i)•j < x ∧ x < (interval_upperbound i)•j ∧
    (∃i∈d. (interval_lowerbound i)•j = x ∨ (interval_upperbound i)•j = x)}"
  have *: "division_points i d = \<Union>(?M ` Basis)"
    unfolding division_points_def by auto
  show ?thesis
    unfolding * using assm by auto
qed

lemma division_points_subset:
  fixes a :: "'a::euclidean_space"
  assumes "d division_of (cbox a b)"
    and "∀i∈Basis. a•i < b•i"  "a•k < c" "c < b•k"
    and k: "k ∈ Basis"
  shows "division_points (cbox a b ∩ {x. x•k ≤ c}) {l ∩ {x. x•k ≤ c} | l . l ∈ d ∧ l ∩ {x. x•k ≤ c} ≠ {}} ⊆
      division_points (cbox a b) d" (is ?t1)
    and "division_points (cbox a b ∩ {x. x•k ≥ c}) {l ∩ {x. x•k ≥ c} | l . l ∈ d ∧ ~(l ∩ {x. x•k ≥ c} = {})} ⊆
      division_points (cbox a b) d" (is ?t2)
proof -
  note assm = division_ofD[OF assms(1)]
  have *: "∀i∈Basis. a•i ≤ b•i"
    "∀i∈Basis. a•i ≤ (∑i∈Basis. (if i = k then min (b • k) c else  b • i) *R i) • i"
    "∀i∈Basis. (∑i∈Basis. (if i = k then max (a • k) c else a • i) *R i) • i ≤ b•i"
    "min (b • k) c = c" "max (a • k) c = c"
    using assms using less_imp_le by auto
  show ?t1
    unfolding division_points_def interval_split[OF k, of a b]
    unfolding interval_bounds[OF *(1)] interval_bounds[OF *(2)] interval_bounds[OF *(3)]
    unfolding *
    unfolding subset_eq
    apply rule
    unfolding mem_Collect_eq split_beta
    apply (erule bexE conjE)+
    apply (simp only: mem_Collect_eq inner_setsum_left_Basis simp_thms)
    apply (erule exE conjE)+
  proof
    fix i l x
    assume as:
      "a • fst x < snd x" "snd x < (if fst x = k then c else b • fst x)"
      "interval_lowerbound i • fst x = snd x ∨ interval_upperbound i • fst x = snd x"
      "i = l ∩ {x. x • k ≤ c}" "l ∈ d" "l ∩ {x. x • k ≤ c} ≠ {}"
      and fstx: "fst x ∈ Basis"
    from assm(4)[OF this(5)] guess u v apply-by(erule exE)+ note l=this
    have *: "∀i∈Basis. u • i ≤ (∑i∈Basis. (if i = k then min (v • k) c else v • i) *R i) • i"
      using as(6) unfolding l interval_split[OF k] box_ne_empty as .
    have **: "∀i∈Basis. u•i ≤ v•i"
      using l using as(6) unfolding box_ne_empty[symmetric] by auto
    show "∃i∈d. interval_lowerbound i • fst x = snd x ∨ interval_upperbound i • fst x = snd x"
      apply (rule bexI[OF _ `l ∈ d`])
      using as(1-3,5) fstx
      unfolding l interval_bounds[OF **] interval_bounds[OF *] interval_split[OF k] as
      apply (auto split: split_if_asm)
      done
    show "snd x < b • fst x"
      using as(2) `c < b•k` by (auto split: split_if_asm)
  qed
  show ?t2
    unfolding division_points_def interval_split[OF k, of a b]
    unfolding interval_bounds[OF *(1)] interval_bounds[OF *(2)] interval_bounds[OF *(3)]
    unfolding *
    unfolding subset_eq
    apply rule
    unfolding mem_Collect_eq split_beta
    apply (erule bexE conjE)+
    apply (simp only: mem_Collect_eq inner_setsum_left_Basis simp_thms)
    apply (erule exE conjE)+
  proof
    fix i l x
    assume as:
      "(if fst x = k then c else a • fst x) < snd x" "snd x < b • fst x"
      "interval_lowerbound i • fst x = snd x ∨ interval_upperbound i • fst x = snd x"
      "i = l ∩ {x. c ≤ x • k}" "l ∈ d" "l ∩ {x. c ≤ x • k} ≠ {}"
      and fstx: "fst x ∈ Basis"
    from assm(4)[OF this(5)] guess u v by (elim exE) note l=this
    have *: "∀i∈Basis. (∑i∈Basis. (if i = k then max (u • k) c else u • i) *R i) • i ≤ v • i"
      using as(6) unfolding l interval_split[OF k] box_ne_empty as .
    have **: "∀i∈Basis. u•i ≤ v•i"
      using l using as(6) unfolding box_ne_empty[symmetric] by auto
    show "∃i∈d. interval_lowerbound i • fst x = snd x ∨ interval_upperbound i • fst x = snd x"
      apply (rule bexI[OF _ `l ∈ d`])
      using as(1-3,5) fstx
      unfolding l interval_bounds[OF **] interval_bounds[OF *] interval_split[OF k] as
      apply (auto split: split_if_asm)
      done
    show "a • fst x < snd x"
      using as(1) `a•k < c` by (auto split: split_if_asm)
   qed
qed

lemma division_points_psubset:
  fixes a :: "'a::euclidean_space"
  assumes "d division_of (cbox a b)"
    and "∀i∈Basis. a•i < b•i"  "a•k < c" "c < b•k"
    and "l ∈ d"
     and "interval_lowerbound l•k = c ∨ interval_upperbound l•k = c"
    and k: "k ∈ Basis"
  shows "division_points (cbox a b ∩ {x. x•k ≤ c}) {l ∩ {x. x•k ≤ c} | l. l∈d ∧ l ∩ {x. x•k ≤ c} ≠ {}} ⊂
      division_points (cbox a b) d" (is "?D1 ⊂ ?D")
    and "division_points (cbox a b ∩ {x. x•k ≥ c}) {l ∩ {x. x•k ≥ c} | l. l∈d ∧ l ∩ {x. x•k ≥ c} ≠ {}} ⊂
      division_points (cbox a b) d" (is "?D2 ⊂ ?D")
proof -
  have ab: "∀i∈Basis. a•i ≤ b•i"
    using assms(2) by (auto intro!:less_imp_le)
  guess u v using division_ofD(4)[OF assms(1,5)] by (elim exE) note l=this
  have uv: "∀i∈Basis. u•i ≤ v•i" "∀i∈Basis. a•i ≤ u•i ∧ v•i ≤ b•i"
    using division_ofD(2,2,3)[OF assms(1,5)] unfolding l box_ne_empty
    unfolding subset_eq
    apply -
    defer
    apply (erule_tac x=u in ballE)
    apply (erule_tac x=v in ballE)
    unfolding mem_box
    apply auto
    done
  have *: "interval_upperbound (cbox a b ∩ {x. x • k ≤ interval_upperbound l • k}) • k = interval_upperbound l • k"
    "interval_upperbound (cbox a b ∩ {x. x • k ≤ interval_lowerbound l • k}) • k = interval_lowerbound l • k"
    unfolding interval_split[OF k]
    apply (subst interval_bounds)
    prefer 3
    apply (subst interval_bounds)
    unfolding l interval_bounds[OF uv(1)]
    using uv[rule_format,of k] ab k
    apply auto
    done
  have "∃x. x ∈ ?D - ?D1"
    using assms(2-)
    apply -
    apply (erule disjE)
    apply (rule_tac x="(k,(interval_lowerbound l)•k)" in exI)
    defer
    apply (rule_tac x="(k,(interval_upperbound l)•k)" in exI)
    unfolding division_points_def
    unfolding interval_bounds[OF ab]
    apply (auto simp add:*)
    done
  then show "?D1 ⊂ ?D"
    apply -
    apply rule
    apply (rule division_points_subset[OF assms(1-4)])
    using k
    apply auto
    done

  have *: "interval_lowerbound (cbox a b ∩ {x. x • k ≥ interval_lowerbound l • k}) • k = interval_lowerbound l • k"
    "interval_lowerbound (cbox a b ∩ {x. x • k ≥ interval_upperbound l • k}) • k = interval_upperbound l • k"
    unfolding interval_split[OF k]
    apply (subst interval_bounds)
    prefer 3
    apply (subst interval_bounds)
    unfolding l interval_bounds[OF uv(1)]
    using uv[rule_format,of k] ab k
    apply auto
    done
  have "∃x. x ∈ ?D - ?D2"
    using assms(2-)
    apply -
    apply (erule disjE)
    apply (rule_tac x="(k,(interval_lowerbound l)•k)" in exI)
    defer
    apply (rule_tac x="(k,(interval_upperbound l)•k)" in exI)
    unfolding division_points_def
    unfolding interval_bounds[OF ab]
    apply (auto simp add:*)
    done
  then show "?D2 ⊂ ?D"
    apply -
    apply rule
    apply (rule division_points_subset[OF assms(1-4) k])
    apply auto
    done
qed


subsection {* Preservation by divisions and tagged divisions. *}

lemma support_support[simp]:"support opp f (support opp f s) = support opp f s"
  unfolding support_def by auto

lemma iterate_support[simp]: "iterate opp (support opp f s) f = iterate opp s f"
  unfolding iterate_def support_support by auto

lemma iterate_expand_cases:
  "iterate opp s f = (if finite(support opp f s) then iterate opp (support opp f s) f else neutral opp)"
  apply cases
  apply (subst if_P, assumption)
  unfolding iterate_def support_support fold'_def
  apply auto
  done

lemma iterate_image:
  assumes "monoidal opp"
    and "inj_on f s"
  shows "iterate opp (f ` s) g = iterate opp s (g o f)"
proof -
  have *: "!!s. finite s ==>  ∀x∈s. ∀y∈s. f x = f y --> x = y ==>
    iterate opp (f ` s) g = iterate opp s (g o f)"
  proof -
    case goal1
    then show ?case
    proof (induct s)
      case empty
      then show ?case
        using assms(1) by auto
    next
      case (insert x s)
      show ?case
        unfolding iterate_insert[OF assms(1) insert(1)]
        unfolding if_not_P[OF insert(2)]
        apply (subst insert(3)[symmetric])
        unfolding image_insert
        defer
        apply (subst iterate_insert[OF assms(1)])
        apply (rule finite_imageI insert)+
        apply (subst if_not_P)
        unfolding image_iff o_def
        using insert(2,4)
        apply auto
        done
    qed
  qed
  show ?thesis
    apply (cases "finite (support opp g (f ` s))")
    apply (subst (1) iterate_support[symmetric],subst (2) iterate_support[symmetric])
    unfolding support_clauses
    apply (rule *)
    apply (rule finite_imageD,assumption)
    unfolding inj_on_def[symmetric]
    apply (rule subset_inj_on[OF assms(2) support_subset])+
    apply (subst iterate_expand_cases)
    unfolding support_clauses
    apply (simp only: if_False)
    apply (subst iterate_expand_cases)
    apply (subst if_not_P)
    apply auto
    done
qed


(* This lemma about iterations comes up in a few places. *)
lemma iterate_nonzero_image_lemma:
  assumes "monoidal opp"
    and "finite s" "g(a) = neutral opp"
    and "∀x∈s. ∀y∈s. f x = f y ∧ x ≠ y --> g(f x) = neutral opp"
  shows "iterate opp {f x | x. x ∈ s ∧ f x ≠ a} g = iterate opp s (g o f)"
proof -
  have *: "{f x |x. x ∈ s ∧ f x ≠ a} = f ` {x. x ∈ s ∧ f x ≠ a}"
    by auto
  have **: "support opp (g o f) {x ∈ s. f x ≠ a} = support opp (g o f) s"
    unfolding support_def using assms(3) by auto
  show ?thesis
    unfolding *
    apply (subst iterate_support[symmetric])
    unfolding support_clauses
    apply (subst iterate_image[OF assms(1)])
    defer
    apply (subst(2) iterate_support[symmetric])
    apply (subst **)
    unfolding inj_on_def
    using assms(3,4)
    unfolding support_def
    apply auto
    done
qed

lemma iterate_eq_neutral:
  assumes "monoidal opp"
    and "∀x ∈ s. f x = neutral opp"
  shows "iterate opp s f = neutral opp"
proof -
  have *: "support opp f s = {}"
    unfolding support_def using assms(2) by auto
  show ?thesis
    apply (subst iterate_support[symmetric])
    unfolding *
    using assms(1)
    apply auto
    done
qed

lemma iterate_op:
  assumes "monoidal opp"
    and "finite s"
  shows "iterate opp s (λx. opp (f x) (g x)) = opp (iterate opp s f) (iterate opp s g)"
  using assms(2)
proof (induct s)
  case empty
  then show ?case
    unfolding iterate_insert[OF assms(1)] using assms(1) by auto
next
  case (insert x F)
  show ?case
    unfolding iterate_insert[OF assms(1) insert(1)] if_not_P[OF insert(2)] insert(3)
    by (simp add: monoidal_ac[OF assms(1)])
qed

lemma iterate_eq:
  assumes "monoidal opp"
    and "!!x. x ∈ s ==> f x = g x"
  shows "iterate opp s f = iterate opp s g"
proof -
  have *: "support opp g s = support opp f s"
    unfolding support_def using assms(2) by auto
  show ?thesis
  proof (cases "finite (support opp f s)")
    case False
    then show ?thesis
      apply (subst iterate_expand_cases)
      apply (subst(2) iterate_expand_cases)
      unfolding *
      apply auto
      done
  next
    def su  "support opp f s"
    case True note support_subset[of opp f s]
    then show ?thesis
      apply -
      apply (subst iterate_support[symmetric])
      apply (subst(2) iterate_support[symmetric])
      unfolding *
      using True
      unfolding su_def[symmetric]
    proof (induct su)
      case empty
      show ?case by auto
    next
      case (insert x s)
      show ?case
        unfolding iterate_insert[OF assms(1) insert(1)]
        unfolding if_not_P[OF insert(2)]
        apply (subst insert(3))
        defer
        apply (subst assms(2)[of x])
        using insert
        apply auto
        done
    qed
  qed
qed

lemma nonempty_witness:
  assumes "s ≠ {}"
  obtains x where "x ∈ s"
  using assms by auto

lemma operative_division:
  fixes f :: "'a::euclidean_space set => 'b"
  assumes "monoidal opp"
    and "operative opp f"
    and "d division_of (cbox a b)"
  shows "iterate opp d f = f (cbox a b)"
proof -
  def C  "card (division_points (cbox a b) d)"
  then show ?thesis
    using assms
  proof (induct C arbitrary: a b d rule: full_nat_induct)
    case goal1
    { presume *: "content (cbox a b) ≠ 0 ==> ?case"
      then show ?case
        apply -
        apply cases
        defer
        apply assumption
      proof -
        assume as: "content (cbox a b) = 0"
        show ?case
          unfolding operativeD(1)[OF assms(2) as]
          apply(rule iterate_eq_neutral[OF goal1(2)])
        proof
          fix x
          assume x: "x ∈ d"
          then guess u v
            apply (drule_tac division_ofD(4)[OF goal1(4)])
            apply (elim exE)
            done
          then show "f x = neutral opp"
            using division_of_content_0[OF as goal1(4)]
            using operativeD(1)[OF assms(2)] x
            by auto
        qed
      qed
    }
    assume "content (cbox a b) ≠ 0" note ab = this[unfolded content_lt_nz[symmetric] content_pos_lt_eq]
    then have ab': "∀i∈Basis. a•i ≤ b•i"
      by (auto intro!: less_imp_le)
    show ?case
    proof (cases "division_points (cbox a b) d = {}")
      case True
      have d': "∀i∈d. ∃u v. i = cbox u v ∧
        (∀j∈Basis. u•j = a•j ∧ v•j = a•j ∨ u•j = b•j ∧ v•j = b•j ∨ u•j = a•j ∧ v•j = b•j)"
        unfolding forall_in_division[OF goal1(4)]
        apply rule
        apply rule
        apply rule
        apply (rule_tac x=a in exI)
        apply (rule_tac x=b in exI)
        apply rule
        apply (rule refl)
      proof
        fix u v
        fix j :: 'a
        assume j: "j ∈ Basis"
        assume as: "cbox u v ∈ d"
        note division_ofD(3)[OF goal1(4) this]
        then have uv: "∀i∈Basis. u•i ≤ v•i" "u•j ≤ v•j"
          using j unfolding box_ne_empty by auto
        have *: "!!p r Q. ¬ j∈Basis ∨ p ∨ r ∨ (∀x∈d. Q x) ==> p ∨ r ∨ Q (cbox u v)"
          using as j by auto
        have "(j, u•j) ∉ division_points (cbox a b) d"
          "(j, v•j) ∉ division_points (cbox a b) d" using True by auto
        note this[unfolded de_Morgan_conj division_points_def mem_Collect_eq split_conv interval_bounds[OF ab'] bex_simps]
        note *[OF this(1)] *[OF this(2)] note this[unfolded interval_bounds[OF uv(1)]]
        moreover
        have "a•j ≤ u•j" "v•j ≤ b•j"
          using division_ofD(2,2,3)[OF goal1(4) as]
          unfolding subset_eq
          apply -
          apply (erule_tac x=u in ballE,erule_tac[3] x=v in ballE)
          unfolding box_ne_empty mem_box
          using j
          apply auto
          done
        ultimately show "u•j = a•j ∧ v•j = a•j ∨ u•j = b•j ∧ v•j = b•j ∨ u•j = a•j ∧ v•j = b•j"
          unfolding not_less de_Morgan_disj using ab[rule_format,of j] uv(2) j by auto
      qed
      have "(1/2) *R (a+b) ∈ cbox a b"
        unfolding mem_box using ab by(auto intro!: less_imp_le simp: inner_simps)
      note this[unfolded division_ofD(6)[OF goal1(4),symmetric] Union_iff]
      then guess i .. note i=this
      guess u v using d'[rule_format,OF i(1)] by (elim exE conjE) note uv=this
      have "cbox a b ∈ d"
      proof -
        { presume "i = cbox a b" then show ?thesis using i by auto }
        { presume "u = a" "v = b" then show "i = cbox a b" using uv by auto }
        show "u = a" "v = b"
          unfolding euclidean_eq_iff[where 'a='a]
        proof safe
          fix j :: 'a
          assume j: "j ∈ Basis"
          note i(2)[unfolded uv mem_box,rule_format,of j]
          then show "u • j = a • j" and "v • j = b • j"
            using uv(2)[rule_format,of j] j by (auto simp: inner_simps)
        qed
      qed
      then have *: "d = insert (cbox a b) (d - {cbox a b})"
        by auto
      have "iterate opp (d - {cbox a b}) f = neutral opp"
        apply (rule iterate_eq_neutral[OF goal1(2)])
      proof
        fix x
        assume x: "x ∈ d - {cbox a b}"
        then have "x∈d"
          by auto note d'[rule_format,OF this]
        then guess u v by (elim exE conjE) note uv=this
        have "u ≠ a ∨ v ≠ b"
          using x[unfolded uv] by auto
        then obtain j where "u•j ≠ a•j ∨ v•j ≠ b•j" and j: "j ∈ Basis"
          unfolding euclidean_eq_iff[where 'a='a] by auto
        then have "u•j = v•j"
          using uv(2)[rule_format,OF j] by auto
        then have "content (cbox u v) = 0"
          unfolding content_eq_0
          apply (rule_tac x=j in bexI)
          using j
          apply auto
          done
        then show "f x = neutral opp"
          unfolding uv(1) by (rule operativeD(1)[OF goal1(3)])
      qed
      then show "iterate opp d f = f (cbox a b)"
        apply -
        apply (subst *)
        apply (subst iterate_insert[OF goal1(2)])
        using goal1(2,4)
        apply auto
        done
    next
      case False
      then have "∃x. x ∈ division_points (cbox a b) d"
        by auto
      then guess k c
        unfolding split_paired_Ex
        unfolding division_points_def mem_Collect_eq split_conv
        apply (elim exE conjE)
        done
      note this(2-4,1) note kc=this[unfolded interval_bounds[OF ab']]
      from this(3) guess j .. note j=this
      def d1  "{l ∩ {x. x•k ≤ c} | l. l ∈ d ∧ l ∩ {x. x•k ≤ c} ≠ {}}"
      def d2  "{l ∩ {x. x•k ≥ c} | l. l ∈ d ∧ l ∩ {x. x•k ≥ c} ≠ {}}"
      def cb  "(∑i∈Basis. (if i = k then c else b•i) *R i)::'a"
      def ca  "(∑i∈Basis. (if i = k then c else a•i) *R i)::'a"
      note division_points_psubset[OF goal1(4) ab kc(1-2) j]
      note psubset_card_mono[OF _ this(1)] psubset_card_mono[OF _ this(2)]
      then have *: "(iterate opp d1 f) = f (cbox a b ∩ {x. x•k ≤ c})"
        "(iterate opp d2 f) = f (cbox a b ∩ {x. x•k ≥ c})"
        unfolding interval_split[OF kc(4)]
        apply (rule_tac[!] goal1(1)[rule_format])
        using division_split[OF goal1(4), where k=k and c=c]
        unfolding interval_split[OF kc(4)] d1_def[symmetric] d2_def[symmetric]
        unfolding goal1(2) Suc_le_mono
        using goal1(2-3)
        using division_points_finite[OF goal1(4)]
        using kc(4)
        apply auto
        done
      have "f (cbox a b) = opp (iterate opp d1 f) (iterate opp d2 f)" (is "_ = ?prev")
        unfolding *
        apply (rule operativeD(2))
        using goal1(3)
        using kc(4)
        apply auto
        done
      also have "iterate opp d1 f = iterate opp d (λl. f(l ∩ {x. x•k ≤ c}))"
        unfolding d1_def
        apply (rule iterate_nonzero_image_lemma[unfolded o_def])
        unfolding empty_as_interval
        apply (rule goal1 division_of_finite operativeD[OF goal1(3)])+
        unfolding empty_as_interval[symmetric]
        apply (rule content_empty)
      proof (rule, rule, rule, erule conjE)
        fix l y
        assume as: "l ∈ d" "y ∈ d" "l ∩ {x. x • k ≤ c} = y ∩ {x. x • k ≤ c}" "l ≠ y"
        from division_ofD(4)[OF goal1(4) this(1)] guess u v by (elim exE) note l=this
        show "f (l ∩ {x. x • k ≤ c}) = neutral opp"
          unfolding l interval_split[OF kc(4)]
          apply (rule operativeD(1) goal1)+
          unfolding interval_split[symmetric,OF kc(4)]
          apply (rule division_split_left_inj)
          apply (rule goal1)
          unfolding l[symmetric]
          apply (rule as(1), rule as(2))
          apply (rule kc(4) as)+
          done
      qed
      also have "iterate opp d2 f = iterate opp d (λl. f(l ∩ {x. x•k ≥ c}))"
        unfolding d2_def
        apply (rule iterate_nonzero_image_lemma[unfolded o_def])
        unfolding empty_as_interval
        apply (rule goal1 division_of_finite operativeD[OF goal1(3)])+
        unfolding empty_as_interval[symmetric]
        apply (rule content_empty)
      proof (rule, rule, rule, erule conjE)
        fix l y
        assume as: "l ∈ d" "y ∈ d" "l ∩ {x. c ≤ x • k} = y ∩ {x. c ≤ x • k}" "l ≠ y"
        from division_ofD(4)[OF goal1(4) this(1)] guess u v by (elim exE) note l=this
        show "f (l ∩ {x. x • k ≥ c}) = neutral opp"
        unfolding l interval_split[OF kc(4)]
          apply (rule operativeD(1) goal1)+
          unfolding interval_split[symmetric,OF kc(4)]
          apply (rule division_split_right_inj)
          apply (rule goal1)
          unfolding l[symmetric]
          apply (rule as(1))
          apply (rule as(2))
          apply (rule as kc(4))+
          done
      qed also have *: "∀x∈d. f x = opp (f (x ∩ {x. x • k ≤ c})) (f (x ∩ {x. c ≤ x • k}))"
        unfolding forall_in_division[OF goal1(4)]
        apply (rule, rule, rule, rule operativeD(2))
        using goal1(3) kc
        by auto
      have "opp (iterate opp d (λl. f (l ∩ {x. x • k ≤ c}))) (iterate opp d (λl. f (l ∩ {x. c ≤ x • k}))) =
        iterate opp d f"
        apply (subst(3) iterate_eq[OF _ *[rule_format]])
        prefer 3
        apply (rule iterate_op[symmetric])
        using goal1
        apply auto
        done
      finally show ?thesis by auto
    qed
  qed
qed

lemma iterate_image_nonzero:
  assumes "monoidal opp"
    and "finite s"
    and "∀x∈s. ∀y∈s. x ≠ y ∧ f x = f y --> g (f x) = neutral opp"
  shows "iterate opp (f ` s) g = iterate opp s (g o f)"
  using assms
proof (induct rule: finite_subset_induct[OF assms(2) subset_refl])
  case goal1
  show ?case
    using assms(1) by auto
next
  case goal2
  have *: "!!x y. y = neutral opp ==> x = opp y x"
    using assms(1) by auto
  show ?case
    unfolding image_insert
    apply (subst iterate_insert[OF assms(1)])
    apply (rule finite_imageI goal2)+
    apply (cases "f a ∈ f ` F")
    unfolding if_P if_not_P
    apply (subst goal2(4)[OF assms(1) goal2(1)])
    defer
    apply (subst iterate_insert[OF assms(1) goal2(1)])
    defer
    apply (subst iterate_insert[OF assms(1) goal2(1)])
    unfolding if_not_P[OF goal2(3)]
    defer unfolding image_iff
    defer
    apply (erule bexE)
    apply (rule *)
    unfolding o_def
    apply (rule_tac y=x in goal2(7)[rule_format])
    using goal2
    unfolding o_def
    apply auto
    done
qed

lemma operative_tagged_division:
  assumes "monoidal opp"
    and "operative opp f"
    and "d tagged_division_of (cbox a b)"
  shows "iterate opp d (λ(x,l). f l) = f (cbox a b)"
proof -
  have *: "(λ(x,l). f l) = f o snd"
    unfolding o_def by rule auto note assm = tagged_division_ofD[OF assms(3)]
  have "iterate opp d (λ(x,l). f l) = iterate opp (snd ` d) f"
    unfolding *
    apply (rule iterate_image_nonzero[symmetric,OF assms(1)])
    apply (rule tagged_division_of_finite assms)+
    unfolding Ball_def split_paired_All snd_conv
    apply (rule, rule, rule, rule, rule, rule, rule, erule conjE)
  proof -
    fix a b aa ba
    assume as: "(a, b) ∈ d" "(aa, ba) ∈ d" "(a, b) ≠ (aa, ba)" "b = ba"
    guess u v using assm(4)[OF as(1)] by (elim exE) note uv=this
    show "f b = neutral opp"
      unfolding uv
      apply (rule operativeD(1)[OF assms(2)])
      unfolding content_eq_0_interior
      using tagged_division_ofD(5)[OF assms(3) as(1-3)]
      unfolding as(4)[symmetric] uv
      apply auto
      done
  qed
  also have "… = f (cbox a b)"
    using operative_division[OF assms(1-2) division_of_tagged_division[OF assms(3)]] .
  finally show ?thesis .
qed


subsection {* Additivity of content. *}

lemma setsum_iterate:
  assumes "finite s"
  shows "setsum f s = iterate op + s f"
proof -
  have *: "setsum f s = setsum f (support op + f s)"
    apply (rule setsum.mono_neutral_right)
    unfolding support_def neutral_add
    using assms
    apply auto
    done
  then show ?thesis unfolding * iterate_def fold'_def setsum.eq_fold
    unfolding neutral_add by (simp add: comp_def)
qed

lemma additive_content_division:
  assumes "d division_of (cbox a b)"
  shows "setsum content d = content (cbox a b)"
  unfolding operative_division[OF monoidal_monoid operative_content assms,symmetric]
  apply (subst setsum_iterate)
  using assms
  apply auto
  done

lemma additive_content_tagged_division:
  assumes "d tagged_division_of (cbox a b)"
  shows "setsum (λ(x,l). content l) d = content (cbox a b)"
  unfolding operative_tagged_division[OF monoidal_monoid operative_content assms,symmetric]
  apply (subst setsum_iterate)
  using assms
  apply auto
  done


subsection {* Finally, the integral of a constant *}

lemma has_integral_const[intro]:
  fixes a b :: "'a::euclidean_space"
  shows "((λx. c) has_integral (content (cbox a b) *R c)) (cbox a b)"
  unfolding has_integral
  apply rule
  apply rule
  apply (rule_tac x="λx. ball x 1" in exI)
  apply rule
  apply (rule gauge_trivial)
  apply rule
  apply rule
  apply (erule conjE)
  unfolding split_def
  apply (subst scaleR_left.setsum[symmetric, unfolded o_def])
  defer
  apply (subst additive_content_tagged_division[unfolded split_def])
  apply assumption
  apply auto
  done

lemma has_integral_const_real[intro]:
  fixes a b :: real
  shows "((λx. c) has_integral (content {a .. b} *R c)) {a .. b}"
  by (metis box_real(2) has_integral_const)

lemma integral_const[simp]:
  fixes a b :: "'a::euclidean_space"
  shows "integral (cbox a b) (λx. c) = content (cbox a b) *R c"
  by (rule integral_unique) (rule has_integral_const)

lemma integral_const_real[simp]:
  fixes a b :: real
  shows "integral {a .. b} (λx. c) = content {a .. b} *R c"
  by (metis box_real(2) integral_const)


subsection {* Bounds on the norm of Riemann sums and the integral itself. *}

lemma dsum_bound:
  assumes "p division_of (cbox a b)"
    and "norm c ≤ e"
  shows "norm (setsum (λl. content l *R c) p) ≤ e * content(cbox a b)"
  apply (rule order_trans)
  apply (rule norm_setsum)
  unfolding norm_scaleR setsum_left_distrib[symmetric]
  apply (rule order_trans[OF mult_left_mono])
  apply (rule assms)
  apply (rule setsum_abs_ge_zero)
  apply (subst mult.commute)
  apply (rule mult_left_mono)
  apply (rule order_trans[of _ "setsum content p"])
  apply (rule eq_refl)
  apply (rule setsum.cong)
  apply (rule refl)
  apply (subst abs_of_nonneg)
  unfolding additive_content_division[OF assms(1)]
proof -
  from order_trans[OF norm_ge_zero[of c] assms(2)]
  show "0 ≤ e" .
  fix x assume "x ∈ p"
  from division_ofD(4)[OF assms(1) this] guess u v by (elim exE)
  then show "0 ≤ content x"
    using content_pos_le by auto
qed (insert assms, auto)

lemma rsum_bound:
  assumes "p tagged_division_of (cbox a b)"
    and "∀x∈cbox a b. norm (f x) ≤ e"
  shows "norm (setsum (λ(x,k). content k *R f x) p) ≤ e * content (cbox a b)"
proof (cases "cbox a b = {}")
  case True
  show ?thesis
    using assms(1) unfolding True tagged_division_of_trivial by auto
next
  case False
  show ?thesis
    apply (rule order_trans)
    apply (rule norm_setsum)
    unfolding split_def norm_scaleR
    apply (rule order_trans[OF setsum_mono])
    apply (rule mult_left_mono[OF _ abs_ge_zero, of _ e])
    defer
    unfolding setsum_left_distrib[symmetric]
    apply (subst mult.commute)
    apply (rule mult_left_mono)
    apply (rule order_trans[of _ "setsum (content o snd) p"])
    apply (rule eq_refl)
    apply (rule setsum.cong)
    apply (rule refl)
    apply (subst o_def)
    apply (rule abs_of_nonneg)
  proof -
    show "setsum (content o snd) p ≤ content (cbox a b)"
      apply (rule eq_refl)
      unfolding additive_content_tagged_division[OF assms(1),symmetric] split_def
      apply auto
      done
    guess w using nonempty_witness[OF False] .
    then show "e ≥ 0"
      apply -
      apply (rule order_trans)
      defer
      apply (rule assms(2)[rule_format])
      apply assumption
      apply auto
      done
    fix xk
    assume *: "xk ∈ p"
    guess x k using surj_pair[of xk] by (elim exE) note xk = this *[unfolded this]
    from tagged_division_ofD(4)[OF assms(1) xk(2)] guess u v by (elim exE) note uv=this
    show "0 ≤ content (snd xk)"
      unfolding xk snd_conv uv by(rule content_pos_le)
    show "norm (f (fst xk)) ≤ e"
      unfolding xk fst_conv using tagged_division_ofD(2,3)[OF assms(1) xk(2)] assms(2) by auto
  qed
qed

lemma rsum_diff_bound:
  assumes "p tagged_division_of (cbox a b)"
    and "∀x∈cbox a b. norm (f x - g x) ≤ e"
  shows "norm (setsum (λ(x,k). content k *R f x) p - setsum (λ(x,k). content k *R g x) p) ≤
    e * content (cbox a b)"
  apply (rule order_trans[OF _ rsum_bound[OF assms]])
  apply (rule eq_refl)
  apply (rule arg_cong[where f=norm])
  unfolding setsum_subtractf[symmetric]
  apply (rule setsum.cong)
  unfolding scaleR_diff_right
  apply auto
  done

lemma has_integral_bound:
  fixes f :: "'a::euclidean_space => 'b::real_normed_vector"
  assumes "0 ≤ B"
    and "(f has_integral i) (cbox a b)"
    and "∀x∈cbox a b. norm (f x) ≤ B"
  shows "norm i ≤ B * content (cbox a b)"
proof -
  let ?P = "content (cbox a b) > 0"
  {
    presume "?P ==> ?thesis"
    then show ?thesis
    proof (cases ?P)
      case False
      then have *: "content (cbox a b) = 0"
        using content_lt_nz by auto
      then have **: "i = 0"
        using assms(2)
        apply (subst has_integral_null_eq[symmetric])
        apply auto
        done
      show ?thesis
        unfolding * ** using assms(1) by auto
    qed auto
  }
  assume ab: ?P
  { presume "¬ ?thesis ==> False" then show ?thesis by auto }
  assume "¬ ?thesis"
  then have *: "norm i - B * content (cbox a b) > 0"
    by auto
  from assms(2)[unfolded has_integral,rule_format,OF *]
  guess d by (elim exE conjE) note d=this[rule_format]
  from fine_division_exists[OF this(1), of a b] guess p . note p=this
  have *: "!!s B. norm s ≤ B ==> ¬ norm (s - i) < norm i - B"
  proof -
    case goal1
    then show ?case
      unfolding not_less
      using norm_triangle_sub[of i s]
      unfolding norm_minus_commute
      by auto
  qed
  show False
    using d(2)[OF conjI[OF p]] *[OF rsum_bound[OF p(1) assms(3)]] by auto
qed

lemma has_integral_bound_real:
  fixes f :: "real => 'b::real_normed_vector"
  assumes "0 ≤ B"
    and "(f has_integral i) {a .. b}"
    and "∀x∈{a .. b}. norm (f x) ≤ B"
  shows "norm i ≤ B * content {a .. b}"
  by (metis assms(1) assms(2) assms(3) box_real(2) has_integral_bound)


subsection {* Similar theorems about relationship among components. *}

lemma rsum_component_le:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "p tagged_division_of (cbox a b)"
    and "∀x∈cbox a b. (f x)•i ≤ (g x)•i"
  shows "(setsum (λ(x,k). content k *R f x) p)•i ≤ (setsum (λ(x,k). content k *R g x) p)•i"
  unfolding inner_setsum_left
  apply (rule setsum_mono)
  apply safe
proof -
  fix a b
  assume ab: "(a, b) ∈ p"
  note assm = tagged_division_ofD(2-4)[OF assms(1) ab]
  from this(3) guess u v by (elim exE) note b=this
  show "(content b *R f a) • i ≤ (content b *R g a) • i"
    unfolding b
    unfolding inner_simps real_scaleR_def
    apply (rule mult_left_mono)
    defer
    apply (rule content_pos_le,rule assms(2)[rule_format])
    using assm
    apply auto
    done
qed

lemma has_integral_component_le:
  fixes f g :: "'a::euclidean_space => 'b::euclidean_space"
  assumes k: "k ∈ Basis"
  assumes "(f has_integral i) s" "(g has_integral j) s"
    and "∀x∈s. (f x)•k ≤ (g x)•k"
  shows "i•k ≤ j•k"
proof -
  have lem: "!!a b i j::'b. !!g f::'a => 'b. (f has_integral i) (cbox a b) ==>
    (g has_integral j) (cbox a b) ==> ∀x∈cbox a b. (f x)•k ≤ (g x)•k ==> i•k ≤ j•k"
  proof (rule ccontr)
    case goal1
    then have *: "0 < (i•k - j•k) / 3"
      by auto
    guess d1 using goal1(1)[unfolded has_integral,rule_format,OF *] by (elim exE conjE) note d1=this[rule_format]
    guess d2 using goal1(2)[unfolded has_integral,rule_format,OF *] by (elim exE conjE) note d2=this[rule_format]
    guess p using fine_division_exists[OF gauge_inter[OF d1(1) d2(1)], of a b] unfolding fine_inter .
    note p = this(1) conjunctD2[OF this(2)]
    note le_less_trans[OF Basis_le_norm[OF k]]
    note this[OF d1(2)[OF conjI[OF p(1,2)]]] this[OF d2(2)[OF conjI[OF p(1,3)]]]
    then show False
      unfolding inner_simps
      using rsum_component_le[OF p(1) goal1(3)]
      by (simp add: abs_real_def split: split_if_asm)
  qed
  let ?P = "∃a b. s = cbox a b"
  {
    presume "¬ ?P ==> ?thesis"
    then show ?thesis
    proof (cases ?P)
      case True
      then guess a b by (elim exE) note s=this
      show ?thesis
        apply (rule lem)
        using assms[unfolded s]
        apply auto
        done
    qed auto
  }
  assume as: "¬ ?P"
  { presume "¬ ?thesis ==> False" then show ?thesis by auto }
  assume "¬ i•k ≤ j•k"
  then have ij: "(i•k - j•k) / 3 > 0"
    by auto
  note has_integral_altD[OF _ as this]
  from this[OF assms(2)] this[OF assms(3)] guess B1 B2 . note B=this[rule_format]
  have "bounded (ball 0 B1 ∪ ball (0::'a) B2)"
    unfolding bounded_Un by(rule conjI bounded_ball)+
  from bounded_subset_cbox[OF this] guess a b by (elim exE)
  note ab = conjunctD2[OF this[unfolded Un_subset_iff]]
  guess w1 using B(2)[OF ab(1)] .. note w1=conjunctD2[OF this]
  guess w2 using B(4)[OF ab(2)] .. note w2=conjunctD2[OF this]
  have *: "!!w1 w2 j i::real .¦w1 - i¦ < (i - j) / 3 ==> ¦w2 - j¦ < (i - j) / 3 ==> w1 ≤ w2 ==> False"
    by (simp add: abs_real_def split: split_if_asm)
  note le_less_trans[OF Basis_le_norm[OF k]]
  note this[OF w1(2)] this[OF w2(2)]
  moreover
  have "w1•k ≤ w2•k"
    apply (rule lem[OF w1(1) w2(1)])
    using assms
    apply auto
    done
  ultimately show False
    unfolding inner_simps by(rule *)
qed

lemma integral_component_le:
  fixes g f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "k ∈ Basis"
    and "f integrable_on s" "g integrable_on s"
    and "∀x∈s. (f x)•k ≤ (g x)•k"
  shows "(integral s f)•k ≤ (integral s g)•k"
  apply (rule has_integral_component_le)
  using integrable_integral assms
  apply auto
  done

lemma has_integral_component_nonneg:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "k ∈ Basis"
    and "(f has_integral i) s"
    and "∀x∈s. 0 ≤ (f x)•k"
  shows "0 ≤ i•k"
  using has_integral_component_le[OF assms(1) has_integral_0 assms(2)]
  using assms(3-)
  by auto

lemma integral_component_nonneg:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "k ∈ Basis"
    and "f integrable_on s" "∀x∈s. 0 ≤ (f x)•k"
  shows "0 ≤ (integral s f)•k"
  apply (rule has_integral_component_nonneg)
  using assms
  apply auto
  done

lemma has_integral_component_neg:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "k ∈ Basis"
    and "(f has_integral i) s"
    and "∀x∈s. (f x)•k ≤ 0"
  shows "i•k ≤ 0"
  using has_integral_component_le[OF assms(1,2) has_integral_0] assms(2-)
  by auto

lemma has_integral_component_lbound:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "(f has_integral i) (cbox a b)"
    and "∀x∈cbox a b. B ≤ f(x)•k"
    and "k ∈ Basis"
  shows "B * content (cbox a b) ≤ i•k"
  using has_integral_component_le[OF assms(3) has_integral_const assms(1),of "(∑i∈Basis. B *R i)::'b"] assms(2-)
  by (auto simp add: field_simps)

lemma has_integral_component_ubound:
  fixes f::"'a::euclidean_space => 'b::euclidean_space"
  assumes "(f has_integral i) (cbox a b)"
    and "∀x∈cbox a b. f x•k ≤ B"
    and "k ∈ Basis"
  shows "i•k ≤ B * content (cbox a b)"
  using has_integral_component_le[OF assms(3,1) has_integral_const, of "∑i∈Basis. B *R i"] assms(2-)
  by (auto simp add: field_simps)

lemma integral_component_lbound:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "f integrable_on cbox a b"
    and "∀x∈cbox a b. B ≤ f(x)•k"
    and "k ∈ Basis"
  shows "B * content (cbox a b) ≤ (integral(cbox a b) f)•k"
  apply (rule has_integral_component_lbound)
  using assms
  unfolding has_integral_integral
  apply auto
  done

lemma integral_component_lbound_real:
  assumes "f integrable_on {a ::real .. b}"
    and "∀x∈{a .. b}. B ≤ f(x)•k"
    and "k ∈ Basis"
  shows "B * content {a .. b} ≤ (integral {a .. b} f)•k"
  using assms
  by (metis box_real(2) integral_component_lbound)

lemma integral_component_ubound:
  fixes f :: "'a::euclidean_space => 'b::euclidean_space"
  assumes "f integrable_on cbox a b"
    and "∀x∈cbox a b. f x•k ≤ B"
    and "k ∈ Basis"
  shows "(integral (cbox a b) f)•k ≤ B * content (cbox a b)"
  apply (rule has_integral_component_ubound)
  using assms
  unfolding has_integral_integral
  apply auto
  done

lemma integral_component_ubound_real:
  fixes f :: "real => 'a::euclidean_space"
  assumes "f integrable_on {a .. b}"
    and "∀x∈{a .. b}. f x•k ≤ B"
    and "k ∈ Basis"
  shows "(integral {a .. b} f)•k ≤ B * content {a .. b}"
  using assms
  by (metis box_real(2) integral_component_ubound)

subsection {* Uniform limit of integrable functions is integrable. *}

lemma integrable_uniform_limit:
  fixes f :: "'a::euclidean_space => 'b::banach"
  assumes "∀e>0. ∃g. (∀x∈cbox a b. norm (f x - g x) ≤ e) ∧ g integrable_on cbox a b"
  shows "f integrable_on cbox a b"
proof -
  {
    presume *: "content (cbox a b) > 0 ==> ?thesis"
    show ?thesis
      apply cases
      apply (rule *)
      apply assumption
      unfolding content_lt_nz integrable_on_def
      using has_integral_null
      apply auto
      done
  }
  assume as: "content (cbox a b) > 0"
  have *: "!!P. ∀e>(0::real). P e ==> ∀n::nat. P (inverse (real n + 1))"
    by auto
  from choice[OF *[OF assms]] guess g .. note g=conjunctD2[OF this[rule_format],rule_format]
  from choice[OF allI[OF g(2)[unfolded integrable_on_def], of "λx. x"]] guess i .. note i=this[rule_format]

  have "Cauchy i"
    unfolding Cauchy_def
  proof (rule, rule)
    fix e :: real
    assume "e>0"
    then have "e / 4 / content (cbox a b) > 0"
      using as by (auto simp add: field_simps)
    then guess M
      apply -
      apply (subst(asm) real_arch_inv)
      apply (elim exE conjE)
      done
    note M=this
    show "∃M. ∀m≥M. ∀n≥M. dist (i m) (i n) < e"
      apply (rule_tac x=M in exI,rule,rule,rule,rule)
    proof -
      case goal1
      have "e/4>0" using `e>0` by auto
      note * = i[unfolded has_integral,rule_format,OF this]
      from *[of m] guess gm by (elim conjE exE) note gm=this[rule_format]
      from *[of n] guess gn by (elim conjE exE) note gn=this[rule_format]
      from fine_division_exists[OF gauge_inter[OF gm(1) gn(1)], of a b] guess p . note p=this
      have lem2: "!!s1 s2 i1 i2. norm(s2 - s1) ≤ e/2 ==> norm (s1 - i1) < e / 4 ==>
        norm (s2 - i2) < e / 4 ==> norm (i1 - i2) < e"
      proof -
        case goal1
        have "norm (i1 - i2) ≤ norm (i1 - s1) + norm (s1 - s2) + norm (s2 - i2)"
          using norm_triangle_ineq[of "i1 - s1" "s1 - i2"]
          using norm_triangle_ineq[of "s1 - s2" "s2 - i2"]
          by (auto simp add: algebra_simps)
        also have "… < e"
          using goal1
          unfolding norm_minus_commute
          by (auto simp add: algebra_simps)
        finally show ?case .
      qed
      show ?case
        unfolding dist_norm
        apply (rule lem2)
        defer
        apply (rule gm(2)[OF conjI[OF p(1)]],rule_tac[2] gn(2)[OF conjI[OF p(1)]])
        using conjunctD2[OF p(2)[unfolded fine_inter]]
        apply -
        apply assumption+
        apply (rule order_trans)
        apply (rule rsum_diff_bound[OF p(1), where e="2 / real M"])
      proof
        show "2 / real M * content (cbox a b) ≤ e / 2"
          unfolding divide_inverse
          using M as
          by (auto simp add: field_simps)
        fix x
        assume x: "x ∈ cbox a b"
        have "norm (f x - g n x) + norm (f x - g m x) ≤ inverse (real n + 1) + inverse (real m + 1)"
          using g(1)[OF x, of n] g(1)[OF x, of m] by auto
        also have "… ≤ inverse (real M) + inverse (real M)"
          apply (rule add_mono)
          apply (rule_tac[!] le_imp_inverse_le)
          using goal1 M
          apply auto
          done
        also have "… = 2 / real M"
          unfolding divide_inverse by auto
        finally show "norm (g n x - g m x) ≤ 2 / real M"
          using norm_triangle_le[of "g n x - f x" "f x - g m x" "2 / real M"]
          by (auto simp add: algebra_simps simp add: norm_minus_commute)
      qed
    qed
  qed
  from this[unfolded convergent_eq_cauchy[symmetric]] guess s .. note s=this

  show ?thesis
    unfolding integrable_on_def
    apply (rule_tac x=s in exI)
    unfolding has_integral
  proof (rule, rule)
    case goal1
    then have *: "e/3 > 0" by auto
    from LIMSEQ_D [OF s this] guess N1 .. note N1=this
    from goal1 as have "e / 3 / content (cbox a b) > 0"
      by (auto simp add: field_simps)
    from real_arch_invD[OF this] guess N2 by (elim exE conjE) note N2=this
    from i[of "N1 + N2",unfolded has_integral,rule_format,OF *] guess g' .. note g'=conjunctD2[OF this,rule_format]
    have lem: "!!sf sg i. norm (sf - sg) ≤ e / 3 ==>
      norm(i - s) < e / 3 ==> norm (sg - i) < e / 3 ==> norm (sf - s) < e"
    proof -
      case goal1
      have "norm (sf - s) ≤ norm (sf - sg) + norm (sg - i) + norm (i - s)"
        using norm_triangle_ineq[of "sf - sg" "sg - s"]
        using norm_triangle_ineq[of "sg -  i" " i - s"]
        by (auto simp add: algebra_simps)
      also have "… < e"
        using goal1
        unfolding norm_minus_commute
        by (auto simp add: algebra_simps)
      finally show ?case .
    qed
    show ?case
      apply (rule_tac x=g' in exI)
      apply rule
      apply (rule g')
    proof (rule, rule)
      fix p
      assume p: "p tagged_division_of (cbox a b) ∧ g' fine p"
      note * = g'(2)[OF this]
      show "norm ((∑(x, k)∈p. content k *R f x) - s) < e"
        apply -
        apply (rule lem[OF _ _ *])
        apply (rule order_trans)
        apply (rule rsum_diff_bound[OF p[THEN conjunct1]])
        apply rule
        apply (rule g)
        apply assumption
      proof -
        have "content (cbox a b) < e / 3 * (real N2)"
          using N2 unfolding inverse_eq_divide using as by (auto simp add: field_simps)
        then have "content (cbox a b) < e / 3 * (real (N1 + N2) + 1)"
          apply -
          apply (rule less_le_trans,assumption)
          using `e>0`
          apply auto
          done
        then show "inverse (real (N1 + N2) + 1) * content (cbox a b) ≤ e / 3"
          unfolding inverse_eq_divide
          by (auto simp add: field_simps)
        show "norm (i (N1 + N2) - s) < e / 3"
          by (rule N1[rule_format]) auto
      qed
    qed
  qed
qed


subsection {* Negligible sets. *}

definition "negligible (s:: 'a::euclidean_space set) <->
  (∀a b. ((indicator s :: 'a=>real) has_integral 0) (cbox a b))"


subsection {* Negligibility of hyperplane. *}

lemma vsum_nonzero_image_lemma:
  assumes "finite s"
    and "g a = 0"
    and "∀x∈s. ∀y∈s. f x = f y ∧ x ≠ y --> g (f x) = 0"
  shows "setsum g {f x |x. x ∈ s ∧ f x ≠ a} = setsum (g o f) s"
  unfolding setsum_iterate[OF assms(1)]
  apply (subst setsum_iterate)
  defer
  apply (rule iterate_nonzero_image_lemma)
  apply (rule assms monoidal_monoid)+
  unfolding assms
  unfolding neutral_add
  using assms
  apply auto
  done

lemma interval_doublesplit:
  fixes a :: "'a::euclidean_space"
  assumes "k ∈ Basis"
  shows "cbox a b ∩ {x . abs(x•k - c) ≤ (e::real)} =
    cbox (∑i∈Basis. (if i = k then max (a•k) (c - e) else a•i) *R i)
     (∑i∈Basis. (if i = k then min (b•k) (c + e) else b•i) *R i)"
proof -
  have *: "!!x c e::real. abs(x - c) ≤ e <-> x ≥ c - e ∧ x ≤ c + e"
    by auto
  have **: "!!s P Q. s ∩ {x. P x ∧ Q x} = (s ∩ {x. Q x}) ∩ {x. P x}"
    by blast
  show ?thesis
    unfolding * ** interval_split[OF assms] by (rule refl)
qed

lemma division_doublesplit:
  fixes a :: "'a::euclidean_space"
  assumes "p division_of (cbox a b)"
    and k: "k ∈ Basis"
  shows "{l ∩ {x. abs(x•k - c) ≤ e} |l. l ∈ p ∧ l ∩ {x. abs(x•k - c) ≤ e} ≠ {}} division_of (cbox a b ∩ {x. abs(x•k - c) ≤ e})"
proof -
  have *: "!!x c. abs (x - c) ≤ e <-> x ≥ c - e ∧ x ≤ c + e"
    by auto
  have **: "!!p q p' q'. p division_of q ==> p = p' ==> q = q' ==> p' division_of q'"
    by auto
  note division_split(1)[OF assms, where c="c+e",unfolded interval_split[OF k]]
  note division_split(2)[OF this, where c="c-e" and k=k,OF k]
  then show ?thesis
    apply (rule **)
    using k
    apply -
    unfolding interval_doublesplit
    unfolding *
    unfolding interval_split interval_doublesplit
    apply (rule set_eqI)
    unfolding mem_Collect_eq
    apply rule
    apply (erule conjE exE)+
    apply (rule_tac x=la in exI)
    defer
    apply (erule conjE exE)+
    apply (rule_tac x="l ∩ {x. c + e ≥ x • k}" in exI)
    apply rule
    defer
    apply rule
    apply (rule_tac x=l in exI)
    apply blast+
    done
qed

lemma content_doublesplit:
  fixes a :: "'a::euclidean_space"
  assumes "0 < e"
    and k: "k ∈ Basis"
  obtains d where "0 < d" and "content (cbox a b ∩ {x. abs(x•k - c) ≤ d}) < e"
proof (cases "content (cbox a b) = 0")
  case True
  show ?thesis
    apply (rule that[of 1])
    defer
    unfolding interval_doublesplit[OF k]
    apply (rule le_less_trans[OF content_subset])
    defer
    apply (subst True)
    unfolding interval_doublesplit[symmetric,OF k]
    using assms
    apply auto
    done
next
  case False
  def d  "e / 3 / setprod (λi. b•i - a•i) (Basis - {k})"
  note False[unfolded content_eq_0 not_ex not_le, rule_format]
  then have "!!x. x ∈ Basis ==> b•x > a•x"
    by (auto simp add:not_le)
  then have prod0: "0 < setprod (λi. b•i - a•i) (Basis - {k})"
    apply -
    apply (rule setprod_pos)
    apply (auto simp add: field_simps)
    done
  then have "d > 0"
    unfolding d_def
    using assms
    by (auto simp add:field_simps)
  then show ?thesis
  proof (rule that[of d])
    have *: "Basis = insert k (Basis - {k})"
      using k by auto
    have **: "cbox a b ∩ {x. ¦x • k - c¦ ≤ d} ≠ {} ==>
      (∏i∈Basis - {k}. interval_upperbound (cbox a b ∩ {x. ¦x • k - c¦ ≤ d}) • i -
        interval_lowerbound (cbox a b ∩ {x. ¦x • k - c¦ ≤ d}) • i) =
      (∏i∈Basis - {k}. b•i - a•i)"
      apply (rule setprod.cong)
      apply (rule refl)
      unfolding interval_doublesplit[OF k]
      apply (subst interval_bounds)
      defer
      apply (subst interval_bounds)
      unfolding box_eq_empty not_ex not_less
      apply auto
      done
    show "content (cbox a b ∩ {x. ¦x • k - c¦ ≤ d}) < e"
      apply cases
      unfolding content_def
      apply (subst if_P)
      apply assumption
      apply (rule assms)
      unfolding if_not_P
      apply (subst *)
      apply (subst setprod.insert)
      unfolding **
      unfolding interval_doublesplit[OF k] box_eq_empty not_ex not_less
      prefer 3
      apply (subst interval_bounds)
      defer
      apply (subst interval_bounds)
      apply (simp_all only: k inner_setsum_left_Basis simp_thms if_P cong: bex_cong ball_cong)
    proof -
      have "(min (b • k) (c + d) - max (a • k) (c - d)) ≤ 2 * d"
        by auto
      also have "… < e / (∏i∈Basis - {k}. b • i - a • i)"
        unfolding d_def
        using assms prod0
        by (auto simp add: field_simps)
      finally show "(min (b • k) (c + d) - max (a • k) (c - d)) * (∏i∈Basis - {k}. b • i - a • i) < e"
        unfolding pos_less_divide_eq[OF prod0] .
    qed auto
  qed
qed

lemma negligible_standard_hyperplane[intro]:
  fixes k :: "'a::euclidean_space"
  assumes k: "k ∈ Basis"
  shows "negligible {x. x•k = c}"
  unfolding negligible_def has_integral
  apply (rule, rule, rule, rule)
proof -
  case goal1
  from content_doublesplit[OF this k,of a b c] guess d . note d=this
  let ?i = "indicator {x::'a. x•k = c} :: 'a=>real"
  show ?case
    apply (rule_tac x="λx. ball x d" in exI)
    apply rule
    apply (rule gauge_ball)
    apply (rule d)
  proof (rule, rule)
    fix p
    assume p: "p tagged_division_of (cbox a b) ∧ (λx. ball x d) fine p"
    have *: "(∑(x, ka)∈p. content ka *R ?i x) =
      (∑(x, ka)∈p. content (ka ∩ {x. abs(x•k - c) ≤ d}) *R ?i x)"
      apply (rule setsum.cong)
      apply (rule refl)
      unfolding split_paired_all real_scaleR_def mult_cancel_right split_conv
      apply cases
      apply (rule disjI1)
      apply assumption
      apply (rule disjI2)
    proof -
      fix x l
      assume as: "(x, l) ∈ p" "?i x ≠ 0"
      then have xk: "x•k = c"
        unfolding indicator_def
        apply -
        apply (rule ccontr)
        apply auto
        done
      show "content l = content (l ∩ {x. ¦x • k - c¦ ≤ d})"
        apply (rule arg_cong[where f=content])
        apply (rule set_eqI)
        apply rule
        apply rule
        unfolding mem_Collect_eq
      proof -
        fix y
        assume y: "y ∈ l"
        note p[THEN conjunct2,unfolded fine_def,rule_format,OF as(1),unfolded split_conv]
        note this[unfolded subset_eq mem_ball dist_norm,rule_format,OF y]
        note le_less_trans[OF Basis_le_norm[OF k] this]
        then show "¦y • k - c¦ ≤ d"
          unfolding inner_simps xk by auto
      qed auto
    qed
    note p'= tagged_division_ofD[OF p[THEN conjunct1]] and p''=division_of_tagged_division[OF p[THEN conjunct1]]
    show "norm ((∑(x, ka)∈p. content ka *R ?i x) - 0) < e"
      unfolding diff_0_right *
      unfolding real_scaleR_def real_norm_def
      apply (subst abs_of_nonneg)
      apply (rule setsum_nonneg)
      apply rule
      unfolding split_paired_all split_conv
      apply (rule mult_nonneg_nonneg)
      apply (drule p'(4))
      apply (erule exE)+
      apply(rule_tac b=b in back_subst)
      prefer 2
      apply (subst(asm) eq_commute)
      apply assumption
      apply (subst interval_doublesplit[OF k])
      apply (rule content_pos_le)
      apply (rule indicator_pos_le)
    proof -
      have "(∑(x, ka)∈p. content (ka ∩ {x. ¦x • k - c¦ ≤ d}) * ?i x) ≤
        (∑(x, ka)∈p. content (ka ∩ {x. ¦x • k - c¦ ≤ d}))"
        apply (rule setsum_mono)
        unfolding split_paired_all split_conv
        apply (rule mult_right_le_one_le)
        apply (drule p'(4))
        apply (auto simp add:interval_doublesplit[OF k])
        done
      also have "… < e"
        apply (subst setsum_over_tagged_division_lemma[OF p[THEN conjunct1]])
      proof -
        case goal1
        have "content (cbox u v ∩ {x. ¦x • k - c¦ ≤ d}) ≤ content (cbox u v)"
          unfolding interval_doublesplit[OF k]
          apply (rule content_subset)
          unfolding interval_doublesplit[symmetric,OF k]
          apply auto
          done
        then show ?case
          unfolding goal1
          unfolding interval_doublesplit[OF k]
          by (blast intro: antisym)
      next
        have *: "setsum content {l ∩ {x. ¦x • k - c¦ ≤ d} |l. l ∈ snd ` p ∧ l ∩ {x. ¦x • k - c¦ ≤ d} ≠ {}} ≥ 0"
          apply (rule setsum_nonneg)
          apply rule
          unfolding mem_Collect_eq image_iff
          apply (erule exE bexE conjE)+
          unfolding split_paired_all
        proof -
          fix x l a b
          assume as: "x = l ∩ {x. ¦x • k - c¦ ≤ d}" "(a, b) ∈ p" "l = snd (a, b)"
          guess u v using p'(4)[OF as(2)] by (elim exE) note * = this
          show "content x ≥ 0"
            unfolding as snd_conv * interval_doublesplit[OF k]
            by (rule content_pos_le)
        qed
        have **: "norm (1::real) ≤ 1"
          by auto
        note division_doublesplit[OF p'' k,unfolded interval_doublesplit[OF k]]
        note dsum_bound[OF this **,unfolded interval_doublesplit[symmetric,OF k]]
        note this[unfolded real_scaleR_def real_norm_def mult_1_right mult_1, of c d]
        note le_less_trans[OF this d(2)]
        from this[unfolded abs_of_nonneg[OF *]]
        show "(∑ka∈snd ` p. content (ka ∩ {x. ¦x • k - c¦ ≤ d})) < e"
          apply (subst vsum_nonzero_image_lemma[of "snd ` p" content "{}", unfolded o_def,symmetric])
          apply (rule finite_imageI p' content_empty)+
          unfolding forall_in_division[OF p'']
        proof (rule,rule,rule,rule,rule,rule,rule,erule conjE)
          fix m n u v
          assume as:
            "cbox m n ∈ snd ` p" "cbox u v ∈ snd ` p"
            "cbox m n ≠ cbox u v"
            "cbox m n ∩ {x. ¦x • k - c¦ ≤ d} = cbox u v ∩ {x. ¦x • k - c¦ ≤ d}"
          have "(cbox m n ∩ {x. ¦x • k - c¦ ≤ d}) ∩ (cbox u v ∩ {x. ¦x • k - c¦ ≤ d}) ⊆ cbox m n ∩ cbox u v"
            by blast
          note interior_mono[OF this, unfolded division_ofD(5)[OF p'' as(1-3)] interior_inter[of "cbox m n"]]
          then have "interior (cbox m n ∩ {x. ¦x • k - c¦ ≤ d}) = {}"
            unfolding as Int_absorb by auto
          then show "content (cbox m n ∩ {x. ¦x • k - c¦ ≤ d}) = 0"
            unfolding interval_doublesplit[OF k] content_eq_0_interior[symmetric] .
        qed
      qed
      finally show "(∑(x, ka)∈p. content (ka ∩ {x. ¦x • k - c¦ ≤ d}) * ?i x) < e" .
    qed
  qed
qed


subsection {* A technical lemma about "refinement" of division. *}

lemma tagged_division_finer:
  fixes p :: "('a::euclidean_space × ('a::euclidean_space set)) set"
  assumes "p tagged_division_of (cbox a b)"
    and "gauge d"
  obtains q where "q tagged_division_of (cbox a b)"
    and "d fine q"
    and "∀(x,k) ∈ p. k ⊆ d(x) --> (x,k) ∈ q"
proof -
  let ?P = "λp. p tagged_partial_division_of (cbox a b) --> gauge d -->
    (∃q. q tagged_division_of (\<Union>{k. ∃x. (x,k) ∈ p}) ∧ d fine q ∧
      (∀(x,k) ∈ p. k ⊆ d(x) --> (x,k) ∈ q))"
  {
    have *: "finite p" "p tagged_partial_division_of (cbox a b)"
      using assms(1)
      unfolding tagged_division_of_def
      by auto
    presume "!!p. finite p ==> ?P p"
    from this[rule_format,OF * assms(2)] guess q .. note q=this
    then show ?thesis
      apply -
      apply (rule that[of q])
      unfolding tagged_division_ofD[OF assms(1)]
      apply auto
      done
  }
  fix p :: "('a::euclidean_space × ('a::euclidean_space set)) set"
  assume as: "finite p"
  show "?P p"
    apply rule
    apply rule
    using as
  proof (induct p)
    case empty
    show ?case
      apply (rule_tac x="{}" in exI)
      unfolding fine_def
      apply auto
      done
  next
    case (insert xk p)
    guess x k using surj_pair[of xk] by (elim exE) note xk=this
    note tagged_partial_division_subset[OF insert(4) subset_insertI]
    from insert(3)[OF this insert(5)] guess q1 .. note q1 = conjunctD3[OF this]
    have *: "\<Union>{l. ∃y. (y,l) ∈ insert xk p} = k ∪ \<Union>{l. ∃y. (y,l) ∈ p}"
      unfolding xk by auto
    note p = tagged_partial_division_ofD[OF insert(4)]
    from p(4)[unfolded xk, OF insertI1] guess u v by (elim exE) note uv=this

    have "finite {k. ∃x. (x, k) ∈ p}"
      apply (rule finite_subset[of _ "snd ` p"],rule)
      unfolding subset_eq image_iff mem_Collect_eq
      apply (erule exE)
      apply (rule_tac x="(xa,x)" in bexI)
      using p
      apply auto
      done
    then have int: "interior (cbox u v) ∩ interior (\<Union>{k. ∃x. (x, k) ∈ p}) = {}"
      apply (rule inter_interior_unions_intervals)
      apply (rule open_interior)
      apply (rule_tac[!] ballI)
      unfolding mem_Collect_eq
      apply (erule_tac[!] exE)
      apply (drule p(4)[OF insertI2])
      apply assumption
      apply (rule p(5))
      unfolding uv xk
      apply (rule insertI1)
      apply (rule insertI2)
      apply assumption
      using insert(2)
      unfolding uv xk
      apply auto
      done
    show ?case
    proof (cases "cbox u v ⊆ d x")
      case True
      then show ?thesis
        apply (rule_tac x="{(x,cbox u v)} ∪ q1" in exI)
        apply rule
        unfolding * uv
        apply (rule tagged_division_union)
        apply (rule tagged_division_of_self)
        apply (rule p[unfolded xk uv] insertI1)+
        apply (rule q1)
        apply (rule int)
        apply rule
        apply (rule fine_union)
        apply (subst fine_def)
        defer
        apply (rule q1)
        unfolding Ball_def split_paired_All split_conv
        apply rule
        apply rule
        apply rule
        apply rule
        apply (erule insertE)
        defer
        apply (rule UnI2)
        apply (drule q1(3)[rule_format])
        unfolding xk uv
        apply auto
        done
    next
      case False
      from fine_division_exists[OF assms(2), of u v] guess q2 . note q2=this
      show ?thesis
        apply (rule_tac x="q2 ∪ q1" in exI)
        apply rule
        unfolding * uv
        apply (rule tagged_division_union q2 q1 int fine_union)+
        unfolding Ball_def split_paired_All split_conv
        apply rule
        apply (rule fine_union)
        apply (rule q1 q2)+
        apply rule
        apply rule
        apply rule
        apply rule
        apply (erule insertE)
        apply (rule UnI2)
        defer
        apply (drule q1(3)[rule_format])
        using False
        unfolding xk uv
        apply auto
        done
    qed
  qed
qed


subsection {* Hence the main theorem about negligible sets. *}

lemma finite_product_dependent:
  assumes "finite s"
    and "!!x. x ∈ s ==> finite (t x)"
  shows "finite {(i, j) |i j. i ∈ s ∧ j ∈ t i}"
  using assms
proof induct
  case (insert x s)
  have *: "{(i, j) |i j. i ∈ insert x s ∧ j ∈ t i} =
    (λy. (x,y)) ` (t x) ∪ {(i, j) |i j. i ∈ s ∧ j ∈ t i}" by auto
  show ?case
    unfolding *
    apply (rule finite_UnI)
    using insert
    apply auto
    done
qed auto

lemma sum_sum_product:
  assumes "finite s"
    and "∀i∈s. finite (t i)"
  shows "setsum (λi. setsum (x i) (t i)::real) s =
    setsum (λ(i,j). x i j) {(i,j) | i j. i ∈ s ∧ j ∈ t i}"
  using assms
proof induct
  case (insert a s)
  have *: "{(i, j) |i j. i ∈ insert a s ∧ j ∈ t i} =
    (λy. (a,y)) ` (t a) ∪ {(i, j) |i j. i ∈ s ∧ j ∈ t i}" by auto
  show ?case
    unfolding *
    apply (subst setsum.union_disjoint)
    unfolding setsum.insert[OF insert(1-2)]
    prefer 4
    apply (subst insert(3))
    unfolding add_right_cancel
  proof -
    show "setsum (x a) (t a) = (∑(xa, y)∈ Pair a ` t a. x xa y)"
      apply (subst setsum.reindex)
      unfolding inj_on_def
      apply auto
      done
    show "finite {(i, j) |i j. i ∈ s ∧ j ∈ t i}"
      apply (rule finite_product_dependent)
      using insert
      apply auto
      done
  qed (insert insert, auto)
qed auto

lemma has_integral_negligible:
  fixes f :: "'b::euclidean_space => 'a::real_normed_vector"
  assumes "negligible s"
    and "∀x∈(t - s). f x = 0"
  shows "(f has_integral 0) t"
proof -
  presume P: "!!f::'b::euclidean_space => 'a.
    !!a b. ∀x. x ∉ s --> f x = 0 ==> (f has_integral 0) (cbox a b)"
  let ?f = "(λx. if x ∈ t then f x else 0)"
  show ?thesis
    apply (rule_tac f="?f" in has_integral_eq)
    apply rule
    unfolding if_P
    apply (rule refl)
    apply (subst has_integral_alt)
    apply cases
    apply (subst if_P, assumption)
    unfolding if_not_P
  proof -
    assume "∃a b. t = cbox a b"
    then guess a b apply - by (erule exE)+ note t = this
    show "(?f has_integral 0) t"
      unfolding t
      apply (rule P)
      using assms(2)
      unfolding t
      apply auto
      done
  next
    show "∀e>0. ∃B>0. ∀a b. ball 0 B ⊆ cbox a b -->
      (∃z. ((λx. if x ∈ t then ?f x else 0) has_integral z) (cbox a b) ∧ norm (z - 0) < e)"
      apply safe
      apply (rule_tac x=1 in exI)
      apply rule
      apply (rule zero_less_one)
      apply safe
      apply (rule_tac x=0 in exI)
      apply rule
      apply (rule P)
      using assms(2)
      apply auto
      done
  qed
next
  fix f :: "'b => 'a"
  fix a b :: 'b
  assume assm: "∀x. x ∉ s --> f x = 0"
  show "(f has_integral 0) (cbox a b)"
    unfolding has_integral
  proof safe
    case goal1
    then have "!!n. e / 2 / ((real n+1) * (2 ^ n)) > 0"
      apply -
      apply (rule divide_pos_pos)
      defer
      apply (rule mult_pos_pos)
      apply (auto simp add:field_simps)
      done
    note assms(1)[unfolded negligible_def has_integral,rule_format,OF this,of a b]
    note allI[OF this,of "λx. x"]
    from choice[OF this] guess d .. note d=conjunctD2[OF this[rule_format]]
    show ?case
      apply (rule_tac x="λx. d (nat ⌊norm (f x)⌋) x" in exI)
    proof safe
      show "gauge (λx. d (nat ⌊norm (f x)⌋) x)"
        using d(1) unfolding gauge_def by auto
      fix p
      assume as: "p tagged_division_of (cbox a b)" "(λx. d (nat ⌊norm (f x)⌋) x) fine p"
      let ?goal = "norm ((∑(x, k)∈p. content k *R f x) - 0) < e"
      {
        presume "p ≠ {} ==> ?goal"
        then show ?goal
          apply (cases "p = {}")
          using goal1
          apply auto
          done
      }
      assume as': "p ≠ {}"
      from real_arch_simple[of "Sup((λ(x,k). norm(f x)) ` p)"] guess N ..
      then have N: "∀x∈(λ(x, k). norm (f x)) ` p. x ≤ real N"
        apply (subst(asm) cSup_finite_le_iff)
        using as as'
        apply auto
        done
      have "∀i. ∃q. q tagged_division_of (cbox a b) ∧ (d i) fine q ∧ (∀(x, k)∈p. k ⊆ (d i) x --> (x, k) ∈ q)"
        apply rule
        apply (rule tagged_division_finer[OF as(1) d(1)])
        apply auto
        done
      from choice[OF this] guess q .. note q=conjunctD3[OF this[rule_format]]
      have *: "!!i. (∑(x, k)∈q i. content k *R indicator s x) ≥ (0::real)"
        apply (rule setsum_nonneg)
        apply safe
        unfolding real_scaleR_def
        apply (drule tagged_division_ofD(4)[OF q(1)])
        apply (auto intro: mult_nonneg_nonneg)
        done
      have **: "!!f g s t. finite s ==> finite t ==> (∀(x,y) ∈ t. (0::real) ≤ g(x,y)) ==>
        (∀y∈s. ∃x. (x,y) ∈ t ∧ f(y) ≤ g(x,y)) ==> setsum f s ≤ setsum g t"
      proof -
        case goal1
        then show ?case
          apply -
          apply (rule setsum_le_included[of s t g snd f])
          prefer 4
          apply safe
          apply (erule_tac x=x in ballE)
          apply (erule exE)
          apply (rule_tac x="(xa,x)" in bexI)
          apply auto  
          done
      qed
      have "norm ((∑(x, k)∈p. content k *R f x) - 0) ≤ setsum (λi. (real i + 1) *
        norm (setsum (λ(x,k). content k *R indicator s x :: real) (q i))) {..N+1}"
        unfolding real_norm_def setsum_right_distrib abs_of_nonneg[OF *] diff_0_right
        apply (rule order_trans)
        apply (rule norm_setsum)
        apply (subst sum_sum_product)
        prefer 3
      proof (rule **, safe)
        show "finite {(i, j) |i j. i ∈ {..N + 1} ∧ j ∈ q i}"
          apply (rule finite_product_dependent)
          using q
          apply auto
          done
        fix i a b
        assume as'': "(a, b) ∈ q i"
        show "0 ≤ (real i + 1) * (content b *R indicator s a)"
          unfolding real_scaleR_def
          using tagged_division_ofD(4)[OF q(1) as'']
          by (auto intro!: mult_nonneg_nonneg)
      next
        fix i :: nat
        show "finite (q i)"
          using q by auto
      next
        fix x k
        assume xk: "(x, k) ∈ p"
        def n  "nat ⌊norm (f x)⌋"
        have *: "norm (f x) ∈ (λ(x, k). norm (f x)) ` p"
          using xk by auto
        have nfx: "real n ≤ norm (f x)" "norm (f x) ≤ real n + 1"
          unfolding n_def by auto
        then have "n ∈ {0..N + 1}"
          using N[rule_format,OF *] by auto
        moreover
        note as(2)[unfolded fine_def,rule_format,OF xk,unfolded split_conv]
        note q(3)[rule_format,OF xk,unfolded split_conv,rule_format,OF this]
        note this[unfolded n_def[symmetric]]
        moreover
        have "norm (content k *R f x) ≤ (real n + 1) * (content k * indicator s x)"
        proof (cases "x ∈ s")
          case False
          then show ?thesis
            using assm by auto
        next
          case True
          have *: "content k ≥ 0"
            using tagged_division_ofD(4)[OF as(1) xk] by auto
          moreover
          have "content k * norm (f x) ≤ content k * (real n + 1)"
            apply (rule mult_mono)
            using nfx *
            apply auto
            done
          ultimately
          show ?thesis
            unfolding abs_mult
            using nfx True
            by (auto simp add: field_simps)
        qed
        ultimately show "∃y. (y, x, k) ∈ {(i, j) |i j. i ∈ {..N + 1} ∧ j ∈ q i} ∧ norm (content k *R f x) ≤
          (real y + 1) * (content k *R indicator s x)"
          apply (rule_tac x=n in exI)
          apply safe
          apply (rule_tac x=n in exI)
          apply (rule_tac x="(x,k)" in exI)
          apply safe
          apply auto
          done
      qed (insert as, auto)
      also have "… ≤ setsum (λi. e / 2 / 2 ^ i) {..N+1}"
        apply (rule setsum_mono)
      proof -
        case goal1
        then show ?case
          apply (subst mult.commute, subst pos_le_divide_eq[symmetric])
          using d(2)[rule_format,of "q i" i]
          using q[rule_format]
          apply (auto simp add: field_simps)
          done
      qed
      also have "… < e * inverse 2 * 2"
        unfolding divide_inverse setsum_right_distrib[symmetric]
        apply (rule mult_strict_left_mono)
        unfolding power_inverse lessThan_Suc_atMost[symmetric]
        apply (subst geometric_sum)
        using goal1
        apply auto
        done
      finally show "?goal" by auto
    qed
  qed
qed

lemma has_integral_spike:
  fixes f :: "'b::euclidean_space => 'a::real_normed_vector"
  assumes "negligible s"
    and "(∀x∈(t - s). g x = f x)"
    and "(f has_integral y) t"
  shows "(g has_integral y) t"
proof -
  {
    fix a b :: 'b
    fix f g :: "'b => 'a"
    fix y :: 'a
    assume as: "∀x ∈ cbox a b - s. g x = f x" "(f has_integral y) (cbox a b)"
    have "((λx. f x + (g x - f x)) has_integral (y + 0)) (cbox a b)"
      apply (rule has_integral_add[OF as(2)])
      apply (rule has_integral_negligible[OF assms(1)])
      using as
      apply auto
      done
    then have "(g has_integral y) (cbox a b)"
      by auto
  } note * = this
  show ?thesis
    apply (subst has_integral_alt)
    using assms(2-)
    apply -
    apply (rule cond_cases)
    apply safe
    apply (rule *)
    apply assumption+
    apply (subst(asm) has_integral_alt)
    unfolding if_not_P
    apply (erule_tac x=e in allE)
    apply safe
    apply (rule_tac x=B in exI)
    apply safe
    apply (erule_tac x=a in allE)
    apply (erule_tac x=b in allE)
    apply safe
    apply (rule_tac x=z in exI)
    apply safe
    apply (rule *[where fa2="λx. if x∈t then f x else 0"])
    apply auto
    done
qed

lemma has_integral_spike_eq:
  assumes "negligible s"
    and "∀x∈(t - s). g x = f x"
  shows "((f has_integral y) t <-> (g has_integral y) t)"
  apply rule
  apply (rule_tac[!] has_integral_spike[OF assms(1)])
  using assms(2)
  apply auto
  done

lemma integrable_spike:
  assumes "negligible s"
    and "∀x∈(t - s). g x = f x"
    and "f integrable_on t"
  shows "g integrable_on  t"
  using assms
  unfolding integrable_on_def
  apply -
  apply (erule exE)
  apply rule
  apply (rule has_integral_spike)
  apply fastforce+
  done

lemma integral_spike:
  assumes "negligible s"
    and "∀x∈(t - s). g x = f x"
  shows "integral t f = integral t g"
  unfolding integral_def
  using has_integral_spike_eq[OF assms]
  by auto


subsection {* Some other trivialities about negligible sets. *}

lemma negligible_subset[intro]:
  assumes "negligible s"
    and "t ⊆ s"
  shows "negligible t"
  unfolding negligible_def
proof safe
  case goal1
  show ?case
    using assms(1)[unfolded negligible_def,rule_format,of a b]
    apply -
    apply (rule has_integral_spike[OF assms(1)])
    defer
    apply assumption
    using assms(2)
    unfolding indicator_def
    apply auto
    done
qed

lemma negligible_diff[intro?]:
  assumes "negligible s"
  shows "negligible (s - t)"
  using assms by auto

lemma negligible_inter:
  assumes "negligible s ∨ negligible t"
  shows "negligible (s ∩ t)"
  using assms by auto

lemma negligible_union:
  assumes "negligible s"
    and "negligible t"
  shows "negligible (s ∪ t)"
  unfolding negligible_def
proof safe
  case goal1
  note assm = assms[unfolded negligible_def,rule_format,of a b]
  then show ?case
    apply (subst has_integral_spike_eq[OF assms(2)])
    defer
    apply assumption
    unfolding indicator_def
    apply auto
    done
qed

lemma negligible_union_eq[simp]: "negligible (s ∪ t) <-> negligible s ∧ negligible t"
  using negligible_union by auto

lemma negligible_sing[intro]: "negligible {a::'a::euclidean_space}"
  using negligible_standard_hyperplane[OF SOME_Basis, of "a • (SOME i. i ∈ Basis)"] by auto

lemma negligible_insert[simp]: "negligible (insert a s) <-> negligible s"
  apply (subst insert_is_Un)
  unfolding negligible_union_eq
  apply auto
  done

lemma negligible_empty[intro]: "negligible {}"
  by auto

lemma negligible_finite[intro]:
  assumes "finite s"
  shows "negligible s"
  using assms by (induct s) auto

lemma negligible_unions[intro]:
  assumes "finite s"
    and "∀t∈s. negligible t"
  shows "negligible(\<Union>s)"
  using assms by induct auto

lemma negligible:
  "negligible s <-> (∀t::('a::euclidean_space) set. ((indicator s::'a=>real) has_integral 0) t)"
  apply safe
  defer
  apply (subst negligible_def)
proof -
  fix t :: "'a set"
  assume as: "negligible s"
  have *: "(λx. if x ∈ s ∩ t then 1 else 0) = (λx. if x∈t then if x∈s then 1 else 0 else 0)"
    by auto
  show "((indicator s::'a=>real) has_integral 0) t"
    apply (subst has_integral_alt)
    apply cases
    apply (subst if_P,assumption)
    unfolding if_not_P
    apply safe
    apply (rule as[unfolded negligible_def,rule_format])
    apply (rule_tac x=1 in exI)
    apply safe
    apply (rule zero_less_one)
    apply (rule_tac x=0 in exI)
    using negligible_subset[OF as,of "s ∩ t"]
    unfolding negligible_def indicator_def [abs_def]
    unfolding *
    apply auto
    done
qed auto


subsection {* Finite case of the spike theorem is quite commonly needed. *}

lemma has_integral_spike_finite:
  assumes "finite s"
    and "∀x∈t-s. g x = f x"
    and "(f has_integral y) t"
  shows "(g has_integral y) t"
  apply (rule has_integral_spike)
  using assms
  apply auto
  done

lemma has_integral_spike_finite_eq:
  assumes "finite s"
    and "∀x∈t-s. g x = f x"
  shows "((f has_integral y) t <-> (g has_integral y) t)"
  apply rule
  apply (rule_tac[!] has_integral_spike_finite)
  using assms
  apply auto
  done

lemma integrable_spike_finite:
  assumes "finite s"
    and "∀x∈t-s. g x = f x"
    and "f integrable_on t"
  shows "g integrable_on  t"
  using assms
  unfolding integrable_on_def
  apply safe
  apply (rule_tac x=y in exI)
  apply (rule has_integral_spike_finite)
  apply auto
  done


subsection {* In particular, the boundary of an interval is negligible. *}

lemma negligible_frontier_interval: "negligible(cbox (a::'a::euclidean_space) b - box a b)"
proof -
  let ?A = "\<Union>((λk. {x. x•k = a•k} ∪ {x::'a. x•k = b•k}) ` Basis)"
  have "cbox a b - box a b ⊆ ?A"
    apply rule unfolding Diff_iff mem_box
    apply simp
    apply(erule conjE bexE)+
    apply(rule_tac x=i in bexI)
    apply auto
    done
  then show ?thesis
    apply -
    apply (rule negligible_subset[of ?A])
    apply (rule negligible_unions[OF finite_imageI])
    apply auto
    done
qed

lemma has_integral_spike_interior:
  assumes "∀x∈box a b. g x = f x"
    and "(f has_integral y) (cbox a b)"
  shows "(g has_integral y) (cbox a b)"
  apply (rule has_integral_spike[OF negligible_frontier_interval _ assms(2)])
  using assms(1)
  apply auto
  done

lemma has_integral_spike_interior_eq:
  assumes "∀x∈box a b. g x = f x"
  shows "(f has_integral y) (cbox a b) <-> (g has_integral y) (cbox a b)"
  apply rule
  apply (rule_tac[!] has_integral_spike_interior)
  using assms
  apply auto
  done

lemma integrable_spike_interior:
  assumes "∀x∈box a b. g x = f x"
    and "f integrable_on cbox a b"
  shows "g integrable_on cbox a b"
  using assms
  unfolding integrable_on_def
  using has_integral_spike_interior[OF assms(1)]
  by auto


subsection {* Integrability of continuous functions. *}

lemma neutral_and[simp]: "neutral op ∧ = True"
  unfolding neutral_def by (rule some_equality) auto

lemma monoidal_and[intro]: "monoidal op ∧"
  unfolding monoidal_def by auto

lemma iterate_and[simp]:
  assumes "finite s"
  shows "(iterate op ∧) s p <-> (∀x∈s. p x)"
  using assms
  apply induct
  unfolding iterate_insert[OF monoidal_and]
  apply auto
  done

lemma operative_division_and:
  assumes "operative op ∧ P"
    and "d division_of (cbox a b)"
  shows "(∀i∈d. P i) <-> P (cbox a b)"
  using operative_division[OF monoidal_and assms] division_of_finite[OF assms(2)]
  by auto

lemma operative_approximable:
  fixes f::"'b::euclidean_space => 'a::banach"
  assumes "0 ≤ e"
  shows "operative op ∧ (λi. ∃g. (∀x∈i. norm (f x - g (x::'b)) ≤ e) ∧ g integrable_on i)"
  unfolding operative_def neutral_and
proof safe
  fix a b :: 'b
  {
    assume "content (cbox a b) = 0"
    then show "∃g. (∀x∈cbox a b. norm (f x - g x) ≤ e) ∧ g integrable_on cbox a b"
      apply (rule_tac x=f in exI)
      using assms
      apply (auto intro!:integrable_on_null)
      done
  }
  {
    fix c g
    fix k :: 'b
    assume as: "∀x∈cbox a b. norm (f x - g x) ≤ e" "g integrable_on cbox a b"
    assume k: "k ∈ Basis"
    show "∃g. (∀x∈cbox a b ∩ {x. x • k ≤ c}. norm (f x - g x) ≤ e) ∧ g integrable_on cbox a b ∩ {x. x • k ≤ c}"
      "∃g. (∀x∈cbox a b ∩ {x. c ≤ x • k}. norm (f x - g x) ≤ e) ∧ g integrable_on cbox a b ∩ {x. c ≤ x • k}"
      apply (rule_tac[!] x=g in exI)
      using as(1) integrable_split[OF as(2) k]
      apply auto
      done
  }
  fix c k g1 g2
  assume as: "∀x∈cbox a b ∩ {x. x • k ≤ c}. norm (f x - g1 x) ≤ e" "g1 integrable_on cbox a b ∩ {x. x • k ≤ c}"
    "∀x∈cbox a b ∩ {x. c ≤ x • k}. norm (f x - g2 x) ≤ e" "g2 integrable_on cbox a b ∩ {x. c ≤ x • k}"
  assume k: "k ∈ Basis"
  let ?g = "λx. if x•k = c then f x else if x•k ≤ c then g1 x else g2 x"
  show "∃g. (∀x∈cbox a b. norm (f x - g x) ≤ e) ∧ g integrable_on cbox a b"
    apply (rule_tac x="?g" in exI)
  proof safe
    case goal1
    then show ?case
      apply -
      apply (cases "x•k=c")
      apply (case_tac "x•k < c")
      using as assms
      apply auto
      done
  next
    case goal2
    presume "?g integrable_on cbox a b ∩ {x. x • k ≤ c}"
      and "?g integrable_on cbox a b ∩ {x. x • k ≥ c}"
    then guess h1 h2 unfolding integrable_on_def by auto
    from has_integral_split[OF this k] show ?case
      unfolding integrable_on_def by auto
  next
    show "?g integrable_on cbox a b ∩ {x. x • k ≤ c}" "?g integrable_on cbox a b ∩ {x. x • k ≥ c}"
      apply(rule_tac[!] integrable_spike[OF negligible_standard_hyperplane[of k c]])
      using k as(2,4)
      apply auto
      done
  qed
qed

lemma approximable_on_division:
  fixes f :: "'b::euclidean_space => 'a::banach"
  assumes "0 ≤ e"
    and "d division_of (cbox a b)"
    and "∀i∈d. ∃g. (∀x∈i. norm (f x - g x) ≤ e) ∧ g integrable_on i"
  obtains g where "∀x∈cbox a b. norm (f x - g x) ≤ e" "g integrable_on cbox a b"
proof -
  note * = operative_division[OF monoidal_and operative_approximable[OF assms(1)] assms(2)]
  note this[unfolded iterate_and[OF division_of_finite[OF assms(2)]]]
  from assms(3)[unfolded this[of f]] guess g ..
  then show thesis
    apply -
    apply (rule that[of g])
    apply auto
    done
qed

lemma integrable_continuous:
  fixes f :: "'b::euclidean_space => 'a::banach"
  assumes "continuous_on (cbox a b) f"
  shows "f integrable_on cbox a b"
proof (rule integrable_uniform_limit, safe)
  fix e :: real
  assume e: "e > 0"
  from compact_uniformly_continuous[OF assms compact_cbox,unfolded uniformly_continuous_on_def,rule_format,OF e] guess d ..
  note d=conjunctD2[OF this,rule_format]
  from fine_division_exists[OF gauge_ball[OF d(1)], of a b] guess p . note p=this
  note p' = tagged_division_ofD[OF p(1)]
  have *: "∀i∈snd ` p. ∃g. (∀x∈i. norm (f x - g x) ≤ e) ∧ g integrable_on i"
  proof (safe, unfold snd_conv)
    fix x l
    assume as: "(x, l) ∈ p"
    from p'(4)[OF this] guess a b by (elim exE) note l=this
    show "∃g. (∀x∈l. norm (f x - g x) ≤ e) ∧ g integrable_on l"
      apply (rule_tac x="λy. f x" in exI)
    proof safe
      show "(λy. f x) integrable_on l"
        unfolding integrable_on_def l
        apply rule
        apply (rule has_integral_const)
        done
      fix y
      assume y: "y ∈ l"
      note fineD[OF p(2) as,unfolded subset_eq,rule_format,OF this]
      note d(2)[OF _ _ this[unfolded mem_ball]]
      then show "norm (f y - f x) ≤ e"
        using y p'(2-3)[OF as] unfolding dist_norm l norm_minus_commute by fastforce
    qed
  qed
  from e have "e ≥ 0"
    by auto
  from approximable_on_division[OF this division_of_tagged_division[OF p(1)] *] guess g .
  then show "∃g. (∀x∈cbox a b. norm (f x - g x) ≤ e) ∧ g integrable_on cbox a b"
    by auto
qed

lemma integrable_continuous_real:
  fixes f :: "real => 'a::banach"
  assumes "continuous_on {a .. b} f"
  shows "f integrable_on {a .. b}"
  by (metis assms box_real(2) integrable_continuous)


subsection {* Specialization of additivity to one dimension. *}

lemma
  shows real_inner_1_left: "inner 1 x = x"
  and real_inner_1_right: "inner x 1 = x"
  by simp_all

lemma content_real_eq_0: "content {a .. b::real} = 0 <-> a ≥ b"
  by (metis atLeastatMost_empty_iff2 content_empty content_real diff_self eq_iff le_cases le_iff_diff_le_0)

lemma interval_real_split:
  "{a .. b::real} ∩ {x. x ≤ c} = {a .. min b c}"
  "{a .. b} ∩ {x. c ≤ x} = {max a c .. b}"
  apply (metis Int_atLeastAtMostL1 atMost_def)
  apply (metis Int_atLeastAtMostL2 atLeast_def)
  done

lemma operative_1_lt:
  assumes "monoidal opp"
  shows "operative opp f <-> ((∀a b. b ≤ a --> f {a .. b::real} = neutral opp) ∧
    (∀a b c. a < c ∧ c < b --> opp (f {a .. c}) (f {c .. b}) = f {a .. b}))"
  apply (simp add: operative_def content_real_eq_0)
proof safe
  fix a b c :: real
  assume as:
    "∀a b c. f {a..b} = opp (f ({a..b} ∩ {x. x ≤ c})) (f ({a..b} ∩ Collect (op ≤ c)))"
    "a < c"
    "c < b"
    from this(2-) have "cbox a b ∩ {x. x ≤ c} = cbox a c" "cbox a b ∩ {x. x ≥ c} = cbox c b"
      by (auto simp: mem_box)
    then show "opp (f {a..c}) (f {c..b}) = f {a..b}"
      unfolding as(1)[rule_format,of a b "c"] by auto
next
  fix a b c :: real
  assume as: "∀a b. b ≤ a --> f {a..b} = neutral opp"
    "∀a b c. a < c ∧ c < b --> opp (f {a..c}) (f {c..b}) = f {a..b}"
  show " f {a..b} = opp (f ({a..b} ∩ {x. x ≤ c})) (f ({a..b} ∩ Collect (op ≤ c)))"
  proof (cases "c ∈ {a..b}")
    case False
    then have "c < a ∨ c > b" by auto
    then show ?thesis
    proof
      assume "c < a"
      then have *: "{a..b} ∩ {x. x ≤ c} = {1..0}" "{a..b} ∩ {x. c ≤ x} = {a..b}"
        by auto
      show ?thesis
        unfolding *
        apply (subst as(1)[rule_format,of 0 1])
        using assms
        apply auto
        done
    next
      assume "b < c"
      then have *: "{a..b} ∩ {x. x ≤ c} = {a..b}" "{a..b} ∩ {x. c ≤ x} = {1 .. 0}"
        by auto
      show ?thesis
        unfolding *
        apply (subst as(1)[rule_format,of 0 1])
        using assms
        apply auto
        done
    qed
  next
    case True
    then have *: "min (b) c = c" "max a c = c"
      by auto
    have **: "(1::real) ∈ Basis"
      by simp
    have ***: "!!P Q. (∑i∈Basis. (if i = 1 then P i else Q i) *R i) = (P 1::real)"
      by simp
    show ?thesis
      unfolding interval_real_split unfolding *
    proof (cases "c = a ∨ c = b")
      case False
      then show "f {a..b} = opp (f {a..c}) (f {c..b})"
        apply -
        apply (subst as(2)[rule_format])
        using True
        apply auto
        done
    next
      case True
      then show "f {a..b} = opp (f {a..c}) (f {c..b})"
      proof
        assume *: "c = a"
        then have "f {a .. c} = neutral opp"
          apply -
          apply (rule as(1)[rule_format])
          apply auto
          done
        then show ?thesis
          using assms unfolding * by auto
      next
        assume *: "c = b"
        then have "f {c .. b} = neutral opp"
          apply -
          apply (rule as(1)[rule_format])
          apply auto
          done
        then show ?thesis
          using assms unfolding * by auto
      qed
    qed
  qed
qed

lemma operative_1_le:
  assumes "monoidal opp"
  shows "operative opp f <-> ((∀a b. b ≤ a --> f {a .. b::real} = neutral opp) ∧
    (∀a b c. a ≤ c ∧ c ≤ b --> opp (f {a .. c}) (f {c .. b}) = f {a .. b}))"
  unfolding operative_1_lt[OF assms]
proof safe
  fix a b c :: real
  assume as:
    "∀a b c. a ≤ c ∧ c ≤ b --> opp (f {a..c}) (f {c..b}) = f {a..b}"
    "a < c"
    "c < b"
  show "opp (f {a..c}) (f {c..b}) = f {a..b}"
    apply (rule as(1)[rule_format])
    using as(2-)
    apply auto
    done
next
  fix a b c :: real
  assume "∀a b. b ≤ a --> f {a .. b} = neutral opp"
    and "∀a b c. a < c ∧ c < b --> opp (f {a..c}) (f {c..b}) = f {a..b}"
    and "a ≤ c"
    and "c ≤ b"
  note as = this[rule_format]
  show "opp (f {a..c}) (f {c..b}) = f {a..b}"
  proof (cases "c = a ∨ c = b")
    case False
    then show ?thesis
      apply -
      apply (subst as(2))
      using as(3-)
      apply auto
      done
  next
    case True
    then show ?thesis
    proof
      assume *: "c = a"
      then have "f {a .. c} = neutral opp"
        apply -
        apply (rule as(1)[rule_format])
        apply auto
        done
      then show ?thesis
        using assms unfolding * by auto
    next
      assume *: "c = b"
      then have "f {c .. b} = neutral opp"
        apply -
        apply (rule as(1)[rule_format])
        apply auto
        done
      then show ?thesis
        using assms unfolding * by auto
    qed
  qed
qed


subsection {* Special case of additivity we need for the FCT. *}

lemma additive_tagged_division_1:
  fixes f :: "real => 'a::real_normed_vector"
  assumes "a ≤ b"
    and "p tagged_division_of {a..b}"
  shows "setsum (λ(x,k). f(Sup k) - f(Inf k)) p = f b - f a"
proof -
  let ?f = "(λk::(real) set. if k = {} then 0 else f(interval_upperbound k) - f(interval_lowerbound k))"
  have ***: "∀i∈Basis. a • i ≤ b • i"
    using assms by auto
  have *: "operative op + ?f"
    unfolding operative_1_lt[OF monoidal_monoid] box_eq_empty
    by auto
  have **: "cbox a b ≠ {}"
    using assms(1) by auto
  note operative_tagged_division[OF monoidal_monoid * assms(2)[simplified box_real[symmetric]]]
  note * = this[unfolded if_not_P[OF **] interval_bounds[OF ***],symmetric]
  show ?thesis
    unfolding *
    apply (subst setsum_iterate[symmetric])
    defer
    apply (rule setsum.cong)
    unfolding split_paired_all split_conv
    using assms(2)
    apply auto
    done
qed


subsection {* A useful lemma allowing us to factor out the content size. *}

lemma has_integral_factor_content:
  "(f has_integral i) (cbox a b) <->
    (∀e>0. ∃d. gauge d ∧ (∀p. p tagged_division_of (cbox a b) ∧ d fine p -->
      norm (setsum (λ(x,k). content k *R f x) p - i) ≤ e * content (cbox a b)))"
proof (cases "content (cbox a b) = 0")
  case True
  show ?thesis
    unfolding has_integral_null_eq[OF True]
    apply safe
    apply (rule, rule, rule gauge_trivial, safe)
    unfolding setsum_content_null[OF True] True
    defer
    apply (erule_tac x=1 in allE)
    apply safe
    defer
    apply (rule fine_division_exists[of _ a b])
    apply assumption
    apply (erule_tac x=p in allE)
    unfolding setsum_content_null[OF True]
    apply auto
    done
next
  case False
  note F = this[unfolded content_lt_nz[symmetric]]
  let ?P = "λe opp. ∃d. gauge d ∧
    (∀p. p tagged_division_of (cbox a b) ∧ d fine p --> opp (norm ((∑(x, k)∈p. content k *R f x) - i)) e)"
  show ?thesis
    apply (subst has_integral)
  proof safe
    fix e :: real
    assume e: "e > 0"
    {
      assume "∀e>0. ?P e op <"
      then show "?P (e * content (cbox a b)) op ≤"
        apply (erule_tac x="e * content (cbox a b)" in allE)
        apply (erule impE)
        defer
        apply (erule exE,rule_tac x=d in exI)
        using F e
        apply (auto simp add:field_simps)
        done
    }
    {
      assume "∀e>0. ?P (e * content (cbox a b)) op ≤"
      then show "?P e op <"
        apply (erule_tac x="e / 2 / content (cbox a b)" in allE)
        apply (erule impE)
        defer
        apply (erule exE,rule_tac x=d in exI)
        using F e
        apply (auto simp add: field_simps)
        done
    }
  qed
qed

lemma has_integral_factor_content_real:
  "(f has_integral i) {a .. b::real} <->
    (∀e>0. ∃d. gauge d ∧ (∀p. p tagged_division_of {a .. b}  ∧ d fine p -->
      norm (setsum (λ(x,k). content k *R f x) p - i) ≤ e * content {a .. b} ))"
  unfolding box_real[symmetric]
  by (rule has_integral_factor_content)


subsection {* Fundamental theorem of calculus. *}

lemma interval_bounds_real:
  fixes q b :: real
  assumes "a ≤ b"
  shows "Sup {a..b} = b"
    and "Inf {a..b} = a"
  using assms by auto

lemma fundamental_theorem_of_calculus:
  fixes f :: "real => 'a::banach"
  assumes "a ≤ b"
    and "∀x∈{a .. b}. (f has_vector_derivative f' x) (at x within {a .. b})"
  shows "(f' has_integral (f b - f a)) {a .. b}"
  unfolding has_integral_factor_content box_real[symmetric]
proof safe
  fix e :: real
  assume e: "e > 0"
  note assm = assms(2)[unfolded has_vector_derivative_def has_derivative_within_alt]
  have *: "!!P Q. ∀x∈{a .. b}. P x ∧ (∀e>0. ∃d>0. Q x e d) ==> ∀x. ∃(d::real)>0. x∈{a .. b} --> Q x e d"
    using e by blast
  note this[OF assm,unfolded gauge_existence_lemma]
  from choice[OF this,unfolded Ball_def[symmetric]] guess d ..
  note d=conjunctD2[OF this[rule_format],rule_format]
  show "∃d. gauge d ∧ (∀p. p tagged_division_of (cbox a b) ∧ d fine p -->
    norm ((∑(x, k)∈p. content k *R f' x) - (f b - f a)) ≤ e * content (cbox a b))"
    apply (rule_tac x="λx. ball x (d x)" in exI)
    apply safe
    apply (rule gauge_ball_dependent)
    apply rule
    apply (rule d(1))
  proof -
    fix p
    assume as: "p tagged_division_of cbox a b" "(λx. ball x (d x)) fine p"
    show "norm ((∑(x, k)∈p. content k *R f' x) - (f b - f a)) ≤ e * content (cbox a b)"
      unfolding content_real[OF assms(1), simplified box_real[symmetric]] additive_tagged_division_1[OF assms(1) as(1)[simplified box_real],of f,symmetric]
      unfolding additive_tagged_division_1[OF assms(1) as(1)[simplified box_real],of "λx. x",symmetric]
      unfolding setsum_right_distrib
      defer
      unfolding setsum_subtractf[symmetric]
    proof (rule setsum_norm_le,safe)
      fix x k
      assume "(x, k) ∈ p"
      note xk = tagged_division_ofD(2-4)[OF as(1) this]
      from this(3) guess u v by (elim exE) note k=this
      have *: "u ≤ v"
        using xk unfolding k by auto
      have ball: "∀xa∈k. xa ∈ ball x (d x)"
        using as(2)[unfolded fine_def,rule_format,OF `(x,k)∈p`,unfolded split_conv subset_eq] .
      have "norm ((v - u) *R f' x - (f v - f u)) ≤
        norm (f u - f x - (u - x) *R f' x) + norm (f v - f x - (v - x) *R f' x)"
        apply (rule order_trans[OF _ norm_triangle_ineq4])
        apply (rule eq_refl)
        apply (rule arg_cong[where f=norm])
        unfolding scaleR_diff_left
        apply (auto simp add:algebra_simps)
        done
      also have "… ≤ e * norm (u - x) + e * norm (v - x)"
        apply (rule add_mono)
        apply (rule d(2)[of "x" "u",unfolded o_def])
        prefer 4
        apply (rule d(2)[of "x" "v",unfolded o_def])
        using ball[rule_format,of u] ball[rule_format,of v]
        using xk(1-2)
        unfolding k subset_eq
        apply (auto simp add:dist_real_def)
        done
      also have "… ≤ e * (Sup k - Inf k)"
        unfolding k interval_bounds_real[OF *]
        using xk(1)
        unfolding k
        by (auto simp add: dist_real_def field_simps)
      finally show "norm (content k *R f' x - (f (Sup k) - f (Inf k))) ≤
        e * (Sup k - Inf k)"
        unfolding box_real k interval_bounds_real[OF *] content_real[OF *]
          interval_upperbound_real interval_lowerbound_real
          .
    qed
  qed
qed


subsection {* Attempt a systematic general set of "offset" results for components. *}

lemma gauge_modify:
  assumes "(∀s. open s --> open {x. f(x) ∈ s})" "gauge d"
  shows "gauge (λx. {y. f y ∈ d (f x)})"
  using assms
  unfolding gauge_def
  apply safe
  defer
  apply (erule_tac x="f x" in allE)
  apply (erule_tac x="d (f x)" in allE)
  apply auto
  done


subsection {* Only need trivial subintervals if the interval itself is trivial. *}

lemma division_of_nontrivial:
  fixes s :: "'a::euclidean_space set set"
  assumes "s division_of (cbox a b)"
    and "content (cbox a b) ≠ 0"
  shows "{k. k ∈ s ∧ content k ≠ 0} division_of (cbox a b)"
  using assms(1)
  apply -
proof (induct "card s" arbitrary: s rule: nat_less_induct)
  fix s::"'a set set"
  assume assm: "s division_of (cbox a b)"
    "∀m<card s. ∀x. m = card x -->
      x division_of (cbox a b) --> {k ∈ x. content k ≠ 0} division_of (cbox a b)"
  note s = division_ofD[OF assm(1)]
  let ?thesis = "{k ∈ s. content k ≠ 0} division_of (cbox a b)"
  {
    presume *: "{k ∈ s. content k ≠ 0} ≠ s ==> ?thesis"
    show ?thesis
      apply cases
      defer
      apply (rule *)
      apply assumption
      using assm(1)
      apply auto
      done
  }
  assume noteq: "{k ∈ s. content k ≠ 0} ≠ s"
  then obtain k where k: "k ∈ s" "content k = 0"
    by auto
  from s(4)[OF k(1)] guess c d by (elim exE) note k=k this
  from k have "card s > 0"
    unfolding card_gt_0_iff using assm(1) by auto
  then have card: "card (s - {k}) < card s"
    using assm(1) k(1)
    apply (subst card_Diff_singleton_if)
    apply auto
    done
  have *: "closed (\<Union>(s - {k}))"
    apply (rule closed_Union)
    defer
    apply rule
    apply (drule DiffD1,drule s(4))
    using assm(1)
    apply auto
    done
  have "k ⊆ \<Union>(s - {k})"
    apply safe
    apply (rule *[unfolded closed_limpt,rule_format])
    unfolding islimpt_approachable
  proof safe
    fix x
    fix e :: real
    assume as: "x ∈ k" "e > 0"
    from k(2)[unfolded k content_eq_0] guess i ..
    then have i:"c•i = d•i" "i∈Basis"
      using s(3)[OF k(1),unfolded k] unfolding box_ne_empty by auto
    then have xi: "x•i = d•i"
      using as unfolding k mem_box by (metis antisym)
    def y  "∑j∈Basis. (if j = i then if c•i ≤ (a•i + b•i) / 2 then c•i +
      min e (b•i - c•i) / 2 else c•i - min e (c•i - a•i) / 2 else x•j) *R j"
    show "∃x'∈\<Union>(s - {k}). x' ≠ x ∧ dist x' x < e"
      apply (rule_tac x=y in bexI)
    proof
      have "d ∈ cbox c d"
        using s(3)[OF k(1)]
        unfolding k box_eq_empty mem_box
        by (fastforce simp add: not_less)
      then have "d ∈ cbox a b"
        using s(2)[OF k(1)]
        unfolding k
        by auto
      note di = this[unfolded mem_box,THEN bspec[where x=i]]
      then have xyi: "y•i ≠ x•i"
        unfolding y_def i xi
        using as(2) assms(2)[unfolded content_eq_0] i(2)
        by (auto elim!: ballE[of _ _ i])
      then show "y ≠ x"
        unfolding euclidean_eq_iff[where 'a='a] using i by auto
      have *: "Basis = insert i (Basis - {i})"
        using i by auto
      have "norm (y - x) < e + setsum (λi. 0) Basis"
        apply (rule le_less_trans[OF norm_le_l1])
        apply (subst *)
        apply (subst setsum.insert)
        prefer 3
        apply (rule add_less_le_mono)
      proof -
        show "¦(y - x) • i¦ < e"
          using di as(2) y_def i xi by (auto simp: inner_simps)
        show "(∑i∈Basis - {i}. ¦(y - x) • i¦) ≤ (∑i∈Basis. 0)"
          unfolding y_def by (auto simp: inner_simps)
      qed auto
      then show "dist y x < e"
        unfolding dist_norm by auto
      have "y ∉ k"
        unfolding k mem_box
        apply rule
        apply (erule_tac x=i in ballE)
        using xyi k i xi
        apply auto
        done
      moreover
      have "y ∈ \<Union>s"
        using set_rev_mp[OF as(1) s(2)[OF k(1)]] as(2) di i
        unfolding s mem_box y_def
        by (auto simp: field_simps elim!: ballE[of _ _ i])
      ultimately
      show "y ∈ \<Union>(s - {k})" by auto
    qed
  qed
  then have "\<Union>(s - {k}) = cbox a b"
    unfolding s(6)[symmetric] by auto
  then have  "{ka ∈ s - {k}. content ka ≠ 0} division_of (cbox a b)"
    apply -
    apply (rule assm(2)[rule_format,OF card refl])
    apply (rule division_ofI)
    defer
    apply (rule_tac[1-4] s)
    using assm(1)
    apply auto
    done
  moreover
  have "{ka ∈ s - {k}. content ka ≠ 0} = {k ∈ s. content k ≠ 0}"
    using k by auto
  ultimately show ?thesis by auto
qed


subsection {* Integrability on subintervals. *}

lemma operative_integrable:
  fixes f :: "'b::euclidean_space => 'a::banach"
  shows "operative op ∧ (λi. f integrable_on i)"
  unfolding operative_def neutral_and
  apply safe
  apply (subst integrable_on_def)
  unfolding has_integral_null_eq
  apply (rule, rule refl)
  apply (rule, assumption, assumption)+
  unfolding integrable_on_def
  by (auto intro!: has_integral_split)

lemma integrable_subinterval:
  fixes f :: "'b::euclidean_space => 'a::banach"
  assumes "f integrable_on cbox a b"
    and "cbox c d ⊆ cbox a b"
  shows "f integrable_on cbox c d"
  apply (cases "cbox c d = {}")
  defer
  apply (rule partial_division_extend_1[OF assms(2)],assumption)
  using operative_division_and[OF operative_integrable,symmetric,of _ _ _ f] assms(1)
  apply auto
  done

lemma integrable_subinterval_real:
  fixes f :: "real => 'a::banach"
  assumes "f integrable_on {a .. b}"
    and "{c .. d} ⊆ {a .. b}"
  shows "f integrable_on {c .. d}"
  by (metis assms(1) assms(2) box_real(2) integrable_subinterval)


subsection {* Combining adjacent intervals in 1 dimension. *}

lemma has_integral_combine:
  fixes a b c :: real
  assumes "a ≤ c"
    and "c ≤ b"
    and "(f has_integral i) {a .. c}"
    and "(f has_integral (j::'a::banach)) {c .. b}"
  shows "(f has_integral (i + j)) {a .. b}"
proof -
  note operative_integral[of f, unfolded operative_1_le[OF monoidal_lifted[OF monoidal_monoid]]]
  note conjunctD2[OF this,rule_format]
  note * = this(2)[OF conjI[OF assms(1-2)],unfolded if_P[OF assms(3)]]
  then have "f integrable_on cbox a b"
    apply -
    apply (rule ccontr)
    apply (subst(asm) if_P)
    defer
    apply (subst(asm) if_P)
    using assms(3-)
    apply auto
    done
  with *
  show ?thesis
    apply -
    apply (subst(asm) if_P)
    defer
    apply (subst(asm) if_P)
    defer
    apply (subst(asm) if_P)
    unfolding lifted.simps
    using assms(3-)
    apply (auto simp add: integrable_on_def integral_unique)
    done
qed

lemma integral_combine:
  fixes f :: "real => 'a::banach"
  assumes "a ≤ c"
    and "c ≤ b"
    and "f integrable_on {a .. b}"
  shows "integral {a .. c} f + integral {c .. b} f = integral {a .. b} f"
  apply (rule integral_unique[symmetric])
  apply (rule has_integral_combine[OF assms(1-2)])
  apply (metis assms(2) assms(3) atLeastatMost_subset_iff box_real(2) content_pos_le content_real_eq_0 integrable_integral integrable_subinterval le_add_same_cancel2 monoid_add_class.add.left_neutral)
  by (metis assms(1) assms(3) atLeastatMost_subset_iff box_real(2) content_pos_le content_real_eq_0 integrable_integral integrable_subinterval le_add_same_cancel1 monoid_add_class.add.right_neutral)

lemma integrable_combine:
  fixes f :: "real => 'a::banach"
  assumes "a ≤ c"
    and "c ≤ b"
    and "f integrable_on {a .. c}"
    and "f integrable_on {c .. b}"
  shows "f integrable_on {a .. b}"
  using assms
  unfolding integrable_on_def
  by (fastforce intro!:has_integral_combine)


subsection {* Reduce integrability to "local" integrability. *}

lemma integrable_on_little_subintervals:
  fixes f :: "'b::euclidean_space => 'a::banach"
  assumes "∀x∈cbox a b. ∃d>0. ∀u v. x ∈ cbox u v ∧ cbox u v ⊆ ball x d ∧ cbox u v ⊆ cbox a b -->
    f integrable_on cbox u v"
  shows "f integrable_on cbox a b"
proof -
  have "∀x. ∃d. x∈cbox a b --> d>0 ∧ (∀u v. x ∈ cbox u v ∧ cbox u v ⊆ ball x d ∧ cbox u v ⊆ cbox a b -->
    f integrable_on cbox u v)"
    using assms by auto
  note this[unfolded gauge_existence_lemma]
  from choice[OF this] guess d .. note d=this[rule_format]
  guess p
    apply (rule fine_division_exists[OF gauge_ball_dependent,of d a b])
    using d
    by auto
  note p=this(1-2)
  note division_of_tagged_division[OF this(1)]
  note * = operative_division_and[OF operative_integrable,OF this,symmetric,of f]
  show ?thesis
    unfolding *
    apply safe
    unfolding snd_conv
  proof -
    fix x k
    assume "(x, k) ∈ p"
    note tagged_division_ofD(2-4)[OF p(1) this] fineD[OF p(2) this]
    then show "f integrable_on k"
      apply safe
      apply (rule d[THEN conjunct2,rule_format,of x])
      apply (auto intro: order.trans)
      done
  qed
qed


subsection {* Second FCT or existence of antiderivative. *}

lemma integrable_const[intro]: "(λx. c) integrable_on cbox a b"
  unfolding integrable_on_def
  apply rule
  apply (rule has_integral_const)
  done

lemma integral_has_vector_derivative:
  fixes f :: "real => 'a::banach"
  assumes "continuous_on {a .. b} f"
    and "x ∈ {a .. b}"
  shows "((λu. integral {a .. u} f) has_vector_derivative f(x)) (at x within {a .. b})"
  unfolding has_vector_derivative_def has_derivative_within_alt
  apply safe
  apply (rule bounded_linear_scaleR_left)
proof -
  fix e :: real
  assume e: "e > 0"
  note compact_uniformly_continuous[OF assms(1) compact_Icc,unfolded uniformly_continuous_on_def]
  from this[rule_format,OF e] guess d by (elim conjE exE) note d=this[rule_format]
  let ?I = "λa b. integral {a .. b} f"
  show "∃d>0. ∀y∈{a .. b}. norm (y - x) < d -->
    norm (?I a y - ?I a x - (y - x) *R f x) ≤ e * norm (y - x)"
  proof (rule, rule, rule d, safe)
    case goal1
    show ?case
    proof (cases "y < x")
      case False
      have "f integrable_on {a .. y}"
        apply (rule integrable_subinterval_real,rule integrable_continuous_real)
        apply (rule assms)
        unfolding not_less
        using assms(2) goal1
        apply auto
        done
      then have *: "?I a y - ?I a x = ?I x y"
        unfolding algebra_simps
        apply (subst eq_commute)
        apply (rule integral_combine)
        using False
        unfolding not_less
        using assms(2) goal1
        apply auto
        done
      have **: "norm (y - x) = content {x .. y}"
        using False by (auto simp: content_real)
      show ?thesis
        unfolding **
        apply (rule has_integral_bound_real[where f="(λu. f u - f x)"])
        unfolding *
        defer
        apply (rule has_integral_sub)
        apply (rule integrable_integral)
        apply (rule integrable_subinterval_real)
        apply (rule integrable_continuous_real)
        apply (rule assms)+
      proof -
        show "{x .. y} ⊆ {a .. b}"
          using goal1 assms(2) by auto
        have *: "y - x = norm (y - x)"
          using False by auto
        show "((λxa. f x) has_integral (y - x) *R f x) {x .. y}"
          apply (subst *)
          unfolding **
          by auto
        show "∀xa∈{x .. y}. norm (f xa - f x) ≤ e"
          apply safe
          apply (rule less_imp_le)
          apply (rule d(2)[unfolded dist_norm])
          using assms(2)
          using goal1
          apply auto
          done
      qed (insert e, auto)
    next
      case True
      have "f integrable_on cbox a x"
        apply (rule integrable_subinterval,rule integrable_continuous)
        unfolding box_real
        apply (rule assms)+
        unfolding not_less
        using assms(2) goal1
        apply auto
        done
      then have *: "?I a x - ?I a y = ?I y x"
        unfolding algebra_simps
        apply (subst eq_commute)
        apply (rule integral_combine)
        using True using assms(2) goal1
        apply auto
        done
      have **: "norm (y - x) = content {y .. x}"
        apply (subst content_real)
        using True
        unfolding not_less
        apply auto
        done
      have ***: "!!fy fx c::'a. fx - fy - (y - x) *R c = -(fy - fx - (x - y) *R c)"
        unfolding scaleR_left.diff by auto
      show ?thesis
        apply (subst ***)
        unfolding norm_minus_cancel **
        apply (rule has_integral_bound_real[where f="(λu. f u - f x)"])
        unfolding *
        unfolding o_def
        defer
        apply (rule has_integral_sub)
        apply (subst minus_minus[symmetric])
        unfolding minus_minus
        apply (rule integrable_integral)
        apply (rule integrable_subinterval_real,rule integrable_continuous_real)
        apply (rule assms)+
      proof -
        show "{y .. x} ⊆ {a .. b}"
          using goal1 assms(2) by auto
        have *: "x - y = norm (y - x)"
          using True by auto
        show "((λxa. f x) has_integral (x - y) *R f x) {y .. x}"
          apply (subst *)
          unfolding **
          apply auto
          done
        show "∀xa∈{y .. x}. norm (f xa - f x) ≤ e"
          apply safe
          apply (rule less_imp_le)
          apply (rule d(2)[unfolded dist_norm])
          using assms(2)
          using goal1
          apply auto
          done
      qed (insert e, auto)
    qed
  qed
qed

lemma antiderivative_continuous:
  fixes q b :: real
  assumes "continuous_on {a .. b} f"
  obtains g where "∀x∈{a .. b}. (g has_vector_derivative (f x::_::banach)) (at x within {a .. b})"
  apply (rule that)
  apply rule
  using integral_has_vector_derivative[OF assms]
  apply auto
  done


subsection {* Combined fundamental theorem of calculus. *}

lemma antiderivative_integral_continuous:
  fixes f :: "real => 'a::banach"
  assumes "continuous_on {a .. b} f"
  obtains g where "∀u∈{a .. b}. ∀v ∈ {a .. b}. u ≤ v --> (f has_integral (g v - g u)) {u .. v}"
proof -
  from antiderivative_continuous[OF assms] guess g . note g=this
  show ?thesis
    apply (rule that[of g])
  proof safe
    case goal1
    have "∀x∈cbox u v. (g has_vector_derivative f x) (at x within cbox u v)"
      apply rule
      apply (rule has_vector_derivative_within_subset)
      apply (rule g[rule_format])
      using goal1(1-2)
      apply auto
      done
    then show ?case
      using fundamental_theorem_of_calculus[OF goal1(3),of "g" "f"] by auto
  qed
qed


subsection {* General "twiddling" for interval-to-interval function image. *}

lemma has_integral_twiddle:
  assumes "0 < r"
    and "∀x. h(g x) = x"
    and "∀x. g(h x) = x"
    and "∀x. continuous (at x) g"
    and "∀u v. ∃w z. g ` cbox u v = cbox w z"
    and "∀u v. ∃w z. h ` cbox u v = cbox w z"
    and "∀u v. content(g ` cbox u v) = r * content (cbox u v)"
    and "(f has_integral i) (cbox a b)"
  shows "((λx. f(g x)) has_integral (1 / r) *R i) (h ` cbox a b)"
proof -
  {
    presume *: "cbox a b ≠ {} ==> ?thesis"
    show ?thesis
      apply cases
      defer
      apply (rule *)
      apply assumption
    proof -
      case goal1
      then show ?thesis
        unfolding goal1 assms(8)[unfolded goal1 has_integral_empty_eq] by auto qed
  }
  assume "cbox a b ≠ {}"
  from assms(6)[rule_format,of a b] guess w z by (elim exE) note wz=this
  have inj: "inj g" "inj h"
    unfolding inj_on_def
    apply safe
    apply(rule_tac[!] ccontr)
    using assms(2)
    apply(erule_tac x=x in allE)
    using assms(2)
    apply(erule_tac x=y in allE)
    defer
    using assms(3)
    apply (erule_tac x=x in allE)
    using assms(3)
    apply(erule_tac x=y in allE)
    apply auto
    done
  show ?thesis
    unfolding has_integral_def has_integral_compact_interval_def
    apply (subst if_P)
    apply rule
    apply rule
    apply (rule wz)
  proof safe
    fix e :: real
    assume e: "e > 0"
    with assms(1) have "e * r > 0" by simp
    from assms(8)[unfolded has_integral,rule_format,OF this] guess d by (elim exE conjE) note d=this[rule_format]
    def d'  "λx. {y. g y ∈ d (g x)}"
    have d': "!!x. d' x = {y. g y ∈ (d (g x))}"
      unfolding d'_def ..
    show "∃d. gauge d ∧ (∀p. p tagged_division_of h ` cbox a b ∧ d fine p --> norm ((∑(x, k)∈p. content k *R f (g x)) - (1 / r) *R i) < e)"
    proof (rule_tac x=d' in exI, safe)
      show "gauge d'"
        using d(1)
        unfolding gauge_def d'
        using continuous_open_preimage_univ[OF assms(4)]
        by auto
      fix p
      assume as: "p tagged_division_of h ` cbox a b" "d' fine p"
      note p = tagged_division_ofD[OF as(1)]
      have "(λ(x, k). (g x, g ` k)) ` p tagged_division_of (cbox a b) ∧ d fine (λ(x, k). (g x, g ` k)) ` p"
        unfolding tagged_division_of
      proof safe
        show "finite ((λ(x, k). (g x, g ` k)) ` p)"
          using as by auto
        show "d fine (λ(x, k). (g x, g ` k)) ` p"
          using as(2) unfolding fine_def d' by auto
        fix x k
        assume xk[intro]: "(x, k) ∈ p"
        show "g x ∈ g ` k"
          using p(2)[OF xk] by auto
        show "∃u v. g ` k = cbox u v"
          using p(4)[OF xk] using assms(5-6) by auto
        {
          fix y
          assume "y ∈ k"
          then show "g y ∈ cbox a b" "g y ∈ cbox a b"
            using p(3)[OF xk,unfolded subset_eq,rule_format,of "h (g y)"]
            using assms(2)[rule_format,of y]
            unfolding inj_image_mem_iff[OF inj(2)]
            by auto
        }
        fix x' k'
        assume xk': "(x', k') ∈ p"
        fix z
        assume "z ∈ interior (g ` k)" and "z ∈ interior (g ` k')"
        then have *: "interior (g ` k) ∩ interior (g ` k') ≠ {}"
          by auto
        have same: "(x, k) = (x', k')"
          apply -
          apply (rule ccontr)
          apply (drule p(5)[OF xk xk'])
        proof -
          assume as: "interior k ∩ interior k' = {}"
          from nonempty_witness[OF *] guess z .
          then have "z ∈ g ` (interior k ∩ interior k')"
            using interior_image_subset[OF assms(4) inj(1)]
            unfolding image_Int[OF inj(1)]
            by auto
          then show False
            using as by blast
        qed
        then show "g x = g x'"
          by auto
        {
          fix z
          assume "z ∈ k"
          then show "g z ∈ g ` k'"
            using same by auto
        }
        {
          fix z
          assume "z ∈ k'"
          then show "g z ∈ g ` k"
            using same by auto
        }
      next
        fix x
        assume "x ∈ cbox a b"
        then have "h x ∈  \<Union>{k. ∃x. (x, k) ∈ p}"
          using p(6) by auto
        then guess X unfolding Union_iff .. note X=this
        from this(1) guess y unfolding mem_Collect_eq ..
        then show "x ∈ \<Union>{k. ∃x. (x, k) ∈ (λ(x, k). (g x, g ` k)) ` p}"
          apply -
          apply (rule_tac X="g ` X" in UnionI)
          defer
          apply (rule_tac x="h x" in image_eqI)
          using X(2) assms(3)[rule_format,of x]
          apply auto
          done
      qed
        note ** = d(2)[OF this]
        have *: "inj_on (λ(x, k). (g x, g ` k)) p"
          using inj(1) unfolding inj_on_def by fastforce
        have "(∑(x, k)∈(λ(x, k). (g x, g ` k)) ` p. content k *R f x) - i = r *R (∑(x, k)∈p. content k *R f (g x)) - i" (is "?l = _")
          using assms(7)
          unfolding algebra_simps add_left_cancel scaleR_right.setsum
          by (subst setsum.reindex_bij_betw[symmetric, where h="λ(x, k). (g x, g ` k)" and S=p])
             (auto intro!: * setsum.cong simp: bij_betw_def dest!: p(4))
      also have "… = r *R ((∑(x, k)∈p. content k *R f (g x)) - (1 / r) *R i)" (is "_ = ?r")
        unfolding scaleR_diff_right scaleR_scaleR
        using assms(1)
        by auto
      finally have *: "?l = ?r" .
      show "norm ((∑(x, k)∈p. content k *R f (g x)) - (1 / r) *R i) < e"
        using **
        unfolding *
        unfolding norm_scaleR
        using assms(1)
        by (auto simp add:field_simps)
    qed
  qed
qed


subsection {* Special case of a basic affine transformation. *}

lemma interval_image_affinity_interval:
  "∃u v. (λx. m *R (x::'a::euclidean_space) + c) ` cbox a b = cbox u v"
  unfolding image_affinity_cbox
  by auto

lemma content_image_affinity_cbox:
  "content((λx::'a::euclidean_space. m *R x + c) ` cbox a b) =
    abs m ^ DIM('a) * content (cbox a b)" (is "?l = ?r")
proof -
  {
    presume *: "cbox a b ≠ {} ==> ?thesis"
    show ?thesis
      apply cases
      apply (rule *)
      apply assumption
      unfolding not_not
      using content_empty
      apply auto
      done
  }
  assume as: "cbox a b ≠ {}"
  show ?thesis
  proof (cases "m ≥ 0")
    case True
    with as have "cbox (m *R a + c) (m *R b + c) ≠ {}"
      unfolding box_ne_empty
      apply (intro ballI)
      apply (erule_tac x=i in ballE)
      apply (auto simp: inner_simps intro!: mult_left_mono)
      done
    moreover from True have *: "!!i. (m *R b + c) • i - (m *R a + c) • i = m *R (b - a) • i"
      by (simp add: inner_simps field_simps)
    ultimately show ?thesis
      by (simp add: image_affinity_cbox True content_cbox'
        setprod.distrib setprod_constant inner_diff_left)
  next
    case False
    with as have "cbox (m *R b + c) (m *R a + c) ≠ {}"
      unfolding box_ne_empty
      apply (intro ballI)
      apply (erule_tac x=i in ballE)
      apply (auto simp: inner_simps intro!: mult_left_mono)
      done
    moreover from False have *: "!!i. (m *R a + c) • i - (m *R b + c) • i = (-m) *R (b - a) • i"
      by (simp add: inner_simps field_simps)
    ultimately show ?thesis using False
      by (simp add: image_affinity_cbox content_cbox'
        setprod.distrib[symmetric] setprod_constant[symmetric] inner_diff_left)
  qed
qed

lemma has_integral_affinity:
  fixes a :: "'a::euclidean_space"
  assumes "(f has_integral i) (cbox a b)"
    and "m ≠ 0"
  shows "((λx. f(m *R x + c)) has_integral ((1 / (abs(m) ^ DIM('a))) *R i)) ((λx. (1 / m) *R x + -((1 / m) *R c)) ` cbox a b)"
  apply (rule has_integral_twiddle)
  apply safe
  apply (rule zero_less_power)
  unfolding euclidean_eq_iff[where 'a='a]
  unfolding scaleR_right_distrib inner_simps scaleR_scaleR
  defer
  apply (insert assms(2))
  apply (simp add: field_simps)
  apply (insert assms(2))
  apply (simp add: field_simps)
  apply (rule continuous_intros)+
  apply (rule interval_image_affinity_interval)+
  apply (rule content_image_affinity_cbox)
  using assms
  apply auto
  done

lemma integrable_affinity:
  assumes "f integrable_on cbox a b"
    and "m ≠ 0"
  shows "(λx. f(m *R x + c)) integrable_on ((λx. (1 / m) *R x + -((1/m) *R c)) ` cbox a b)"
  using assms
  unfolding integrable_on_def
  apply safe
  apply (drule has_integral_affinity)
  apply auto
  done


subsection {* Special case of stretching coordinate axes separately. *}

lemma image_stretch_interval:
  "(λx. ∑k∈Basis. (m k * (x•k)) *R k) ` cbox a (b::'a::euclidean_space) =
  (if (cbox a b) = {} then {} else
    cbox (∑k∈Basis. (min (m k * (a•k)) (m k * (b•k))) *R k::'a)
     (∑k∈Basis. (max (m k * (a•k)) (m k * (b•k))) *R k))"
proof cases
  assume *: "cbox a b ≠ {}"
  show ?thesis
    unfolding box_ne_empty if_not_P[OF *]
    apply (simp add: cbox_def image_Collect set_eq_iff euclidean_eq_iff[where 'a='a] ball_conj_distrib[symmetric])
    apply (subst choice_Basis_iff[symmetric])
  proof (intro allI ball_cong refl)
    fix x i :: 'a assume "i ∈ Basis"
    with * have a_le_b: "a • i ≤ b • i"
      unfolding box_ne_empty by auto
    show "(∃xa. x • i = m i * xa ∧ a • i ≤ xa ∧ xa ≤ b • i) <->
        min (m i * (a • i)) (m i * (b • i)) ≤ x • i ∧ x • i ≤ max (m i * (a • i)) (m i * (b • i))"
    proof (cases "m i = 0")
      case True
      with a_le_b show ?thesis by auto
    next
      case False
      then have *: "!!a b. a = m i * b <-> b = a / m i"
        by (auto simp add: field_simps)
      from False have
          "min (m i * (a • i)) (m i * (b • i)) = (if 0 < m i then m i * (a • i) else m i * (b • i))"
          "max (m i * (a • i)) (m i * (b • i)) = (if 0 < m i then m i * (b • i) else m i * (a • i))"
        using a_le_b by (auto simp: min_def max_def mult_le_cancel_left)
      with False show ?thesis using a_le_b
        unfolding * by (auto simp add: le_divide_eq divide_le_eq ac_simps)
    qed
  qed
qed simp

lemma interval_image_stretch_interval:
  "∃u v. (λx. ∑k∈Basis. (m k * (x•k))*R k) ` cbox a (b::'a::euclidean_space) = cbox u (v::'a::euclidean_space)"
  unfolding image_stretch_interval by auto

lemma content_image_stretch_interval:
  "content ((λx::'a::euclidean_space. (∑k∈Basis. (m k * (x•k))*R k)::'a) ` cbox a b) =
    abs (setprod m Basis) * content (cbox a b)"
proof (cases "cbox a b = {}")
  case True
  then show ?thesis
    unfolding content_def image_is_empty image_stretch_interval if_P[OF True] by auto
next
  case False
  then have "(λx. (∑k∈Basis. (m k * (x•k))*R k)) ` cbox a b ≠ {}"
    by auto
  then show ?thesis
    using False
    unfolding content_def image_stretch_interval
    apply -
    unfolding interval_bounds' if_not_P
    unfolding abs_setprod setprod.distrib[symmetric]
    apply (rule setprod.cong)
    apply (rule refl)
    unfolding lessThan_iff
    apply (simp only: inner_setsum_left_Basis)
  proof -
    fix i :: 'a
    assume i: "i ∈ Basis"
    have "(m i < 0 ∨ m i > 0) ∨ m i = 0"
      by auto
    then show "max (m i * (a • i)) (m i * (b • i)) - min (m i * (a • i)) (m i * (b • i)) =
      ¦m i¦ * (b • i - a • i)"
      apply -
      apply (erule disjE)+
      unfolding min_def max_def
      using False[unfolded box_ne_empty,rule_format,of i] i
      apply (auto simp add:field_simps not_le mult_le_cancel_left_neg mult_le_cancel_left_pos)
      done
  qed
qed

lemma has_integral_stretch:
  fixes f :: "'a::euclidean_space => 'b::real_normed_vector"
  assumes "(f has_integral i) (cbox a b)"
    and "∀k∈Basis. m k ≠ 0"
  shows "((λx. f (∑k∈Basis. (m k * (x•k))*R k)) has_integral
    ((1/(abs(setprod m Basis))) *R i)) ((λx. (∑k∈Basis. (1 / m k * (x•k))*R k)) ` cbox a b)"
  apply (rule has_integral_twiddle[where f=f])
  unfolding zero_less_abs_iff content_image_stretch_interval
  unfolding image_stretch_interval empty_as_interval euclidean_eq_iff[where 'a='a]
  using assms
proof -
  show "∀y::'a. continuous (at y) (λx. (∑k∈Basis. (m k * (x•k))*R k))"
    apply rule
    apply (rule linear_continuous_at)
    unfolding linear_linear
    unfolding linear_iff inner_simps euclidean_eq_iff[where 'a='a]
    apply (auto simp add: field_simps)
    done
qed auto

lemma integrable_stretch:
  fixes f :: "'a::euclidean_space => 'b::real_normed_vector"
  assumes "f integrable_on cbox a b"
    and "∀k∈Basis. m k ≠ 0"
  shows "(λx::'a. f (∑k∈Basis. (m k * (x•k))*R k)) integrable_on
    ((λx. ∑k∈Basis. (1 / m k * (x•k))*R k) ` cbox a b)"
  using assms
  unfolding integrable_on_def
  apply -
  apply (erule exE)
  apply (drule has_integral_stretch)
  apply assumption
  apply auto
  done


subsection {* even more special cases. *}

lemma uminus_interval_vector[simp]:
  fixes a b :: "'a::euclidean_space"
  shows "uminus ` cbox a b = cbox (-b) (-a)"
  apply (rule set_eqI)
  apply rule
  defer
  unfolding image_iff
  apply (rule_tac x="-x" in bexI)
  apply (auto simp add:minus_le_iff le_minus_iff mem_box)
  done

lemma has_integral_reflect_lemma[intro]:
  assumes "(f has_integral i) (cbox a b)"
  shows "((λx. f(-x)) has_integral i) (cbox (-b) (-a))"
  using has_integral_affinity[OF assms, of "-1" 0]
  by auto

lemma has_integral_reflect_lemma_real[intro]:
  assumes "(f has_integral i) {a .. b::real}"
  shows "((λx. f(-x)) has_integral i) {-b .. -a}"
  using assms
  unfolding box_real[symmetric]
  by (rule has_integral_reflect_lemma)

lemma has_integral_reflect[simp]:
  "((λx. f (-x)) has_integral i) (cbox (-b) (-a)) <-> (f has_integral i) (cbox a b)"
  apply rule
  apply (drule_tac[!] has_integral_reflect_lemma)
  apply auto
  done

lemma integrable_reflect[simp]: "(λx. f(-x)) integrable_on cbox (-b) (-a) <-> f integrable_on cbox a b"
  unfolding integrable_on_def by auto

lemma integrable_reflect_real[simp]: "(λx. f(-x)) integrable_on {-b .. -a} <-> f integrable_on {a .. b::real}"
  unfolding box_real[symmetric]
  by (rule integrable_reflect)

lemma integral_reflect[simp]: "integral (cbox (-b) (-a)) (λx. f (-x)) = integral (cbox a b) f"
  unfolding integral_def by auto

lemma integral_reflect_real[simp]: "integral {-b .. -a} (λx. f (-x)) = integral {a .. b::real} f"
  unfolding box_real[symmetric]
  by (rule integral_reflect)


subsection {* Stronger form of FCT; quite a tedious proof. *}

lemma bgauge_existence_lemma: "(∀x∈s. ∃d::real. 0 < d ∧ q d x) <-> (∀x. ∃d>0. x∈s --> q d x)"
  by (meson zero_less_one)

lemma additive_tagged_division_1':
  fixes f :: "real => 'a::real_normed_vector"
  assumes "a ≤ b"
    and "p tagged_division_of {a..b}"
  shows "setsum (λ(x,k). f (Sup k) - f(Inf k)) p = f b - f a"
  using additive_tagged_division_1[OF _ assms(2), of f]
  using assms(1)
  by auto

lemma split_minus[simp]: "(λ(x, k). f x k) x - (λ(x, k). g x k) x = (λ(x, k). f x k - g x k) x"
  by (simp add: split_def)

lemma norm_triangle_le_sub: "norm x + norm y ≤ e ==> norm (x - y) ≤ e"
  apply (subst(asm)(2) norm_minus_cancel[symmetric])
  apply (drule norm_triangle_le)
  apply (auto simp add: algebra_simps)
  done

lemma fundamental_theorem_of_calculus_interior:
  fixes f :: "real => 'a::real_normed_vector"
  assumes "a ≤ b"
    and "continuous_on {a .. b} f"
    and "∀x∈{a <..< b}. (f has_vector_derivative f'(x)) (at x)"
  shows "(f' has_integral (f b - f a)) {a .. b}"
proof -
  {
    presume *: "a < b ==> ?thesis"
    show ?thesis
    proof (cases "a < b")
      case True
      then show ?thesis by (rule *)
    next
      case False
      then have "a = b"
        using assms(1) by auto
      then have *: "cbox a b = {b}" "f b - f a = 0"
        by (auto simp add:  order_antisym)
      show ?thesis
        unfolding *(2)
        unfolding content_eq_0
        using * `a = b`
        by (auto simp: ex_in_conv)
    qed
  }
  assume ab: "a < b"
  let ?P = "λe. ∃d. gauge d ∧ (∀p. p tagged_division_of {a .. b} ∧ d fine p -->
    norm ((∑(x, k)∈p. content k *R f' x) - (f b - f a)) ≤ e * content {a .. b})"
  { presume "!!e. e > 0 ==> ?P e" then show ?thesis unfolding has_integral_factor_content_real by auto }
  fix e :: real
  assume e: "e > 0"
  note assms(3)[unfolded has_vector_derivative_def has_derivative_at_alt ball_conj_distrib]
  note conjunctD2[OF this]
  note bounded=this(1) and this(2)
  from this(2) have "∀x∈box a b. ∃d>0. ∀y. norm (y - x) < d -->
    norm (f y - f x - (y - x) *R f' x) ≤ e/2 * norm (y - x)"
    apply -
    apply safe
    apply (erule_tac x=x in ballE)
    apply (erule_tac x="e/2" in allE)
    using e
    apply auto
    done
  note this[unfolded bgauge_existence_lemma]
  from choice[OF this] guess d ..
  note conjunctD2[OF this[rule_format]]
  note d = this[rule_format]
  have "bounded (f ` cbox a b)"
    apply (rule compact_imp_bounded compact_continuous_image)+
    using compact_cbox assms
    apply auto
    done
  from this[unfolded bounded_pos] guess B .. note B = this[rule_format]

  have "∃da. 0 < da ∧ (∀c. a ≤ c ∧ {a .. c} ⊆ {a .. b} ∧ {a .. c} ⊆ ball a da -->
    norm (content {a .. c} *R f' a - (f c - f a)) ≤ (e * (b - a)) / 4)"
  proof -
    have "a ∈ {a .. b}"
      using ab by auto
    note assms(2)[unfolded continuous_on_eq_continuous_within,rule_format,OF this]
    note * = this[unfolded continuous_within Lim_within,rule_format]
    have "(e * (b - a)) / 8 > 0"
      using e ab by (auto simp add: field_simps)
    from *[OF this] guess k .. note k = conjunctD2[OF this,rule_format]
    have "∃l. 0 < l ∧ norm(l *R f' a) ≤ (e * (b - a)) / 8"
    proof (cases "f' a = 0")
      case True
      thus ?thesis using ab e by auto
    next
      case False
      then show ?thesis
        apply (rule_tac x="(e * (b - a)) / 8 / norm (f' a)" in exI)
        using ab e
        apply (auto simp add: field_simps)
        done
    qed
    then guess l .. note l = conjunctD2[OF this]
    show ?thesis
      apply (rule_tac x="min k l" in exI)
      apply safe
      unfolding min_less_iff_conj
      apply rule
      apply (rule l k)+
    proof -
      fix c
      assume as: "a ≤ c" "{a .. c} ⊆ {a .. b}" "{a .. c} ⊆ ball a (min k l)"
      note as' = this[unfolded subset_eq Ball_def mem_ball dist_real_def mem_box]
      have "norm ((c - a) *R f' a - (f c - f a)) ≤ norm ((c - a) *R f' a) + norm (f c - f a)"
        by (rule norm_triangle_ineq4)
      also have "… ≤ e * (b - a) / 8 + e * (b - a) / 8"
      proof (rule add_mono)
        case goal1
        have "¦c - a¦ ≤ ¦l¦"
          using as' by auto
        then show ?case
          apply -
          apply (rule order_trans[OF _ l(2)])
          unfolding norm_scaleR
          apply (rule mult_right_mono)
          apply auto
          done
      next
        case goal2
        show ?case
          apply (rule less_imp_le)
          apply (cases "a = c")
          defer
          apply (rule k(2)[unfolded dist_norm])
          using as' e ab
          apply (auto simp add: field_simps)
          done
      qed
      finally show "norm (content {a .. c} *R f' a - (f c - f a)) ≤ e * (b - a) / 4"
        unfolding content_real[OF as(1)] by auto
    qed
  qed
  then guess da .. note da=conjunctD2[OF this,rule_format]

  have "∃db>0. ∀c≤b. {c .. b} ⊆ {a .. b} ∧ {c .. b} ⊆ ball b db -->
    norm (content {c .. b} *R f' b - (f b - f c)) ≤ (e * (b - a)) / 4"
  proof -
    have "b ∈ {a .. b}"
      using ab by auto
    note assms(2)[unfolded continuous_on_eq_continuous_within,rule_format,OF this]
    note * = this[unfolded continuous_within Lim_within,rule_format] have "(e * (b - a)) / 8 > 0"
      using e ab by (auto simp add: field_simps)
    from *[OF this] guess k .. note k = conjunctD2[OF this,rule_format]
    have "∃l. 0 < l ∧ norm (l *R f' b) ≤ (e * (b - a)) / 8"
    proof (cases "f' b = 0")
      case True
      thus ?thesis using ab e by auto
    next
      case False
      then show ?thesis
        apply (rule_tac x="(e * (b - a)) / 8 / norm (f' b)" in exI)
        using ab e
        apply (auto simp add: field_simps)
        done
    qed
    then guess l .. note l = conjunctD2[OF this]
    show ?thesis
      apply (rule_tac x="min k l" in exI)
      apply safe
      unfolding min_less_iff_conj
      apply rule
      apply (rule l k)+
    proof -
      fix c
      assume as: "c ≤ b" "{c..b} ⊆ {a..b}" "{c..b} ⊆ ball b (min k l)"
      note as' = this[unfolded subset_eq Ball_def mem_ball dist_real_def mem_box]
      have "norm ((b - c) *R f' b - (f b - f c)) ≤ norm ((b - c) *R f' b) + norm (f b - f c)"
        by (rule norm_triangle_ineq4)
      also have "… ≤ e * (b - a) / 8 + e * (b - a) / 8"
      proof (rule add_mono)
        case goal1
        have "¦c - b¦ ≤ ¦l¦"
          using as' by auto
        then show ?case
          apply -
          apply (rule order_trans[OF _ l(2)])
          unfolding norm_scaleR
          apply (rule mult_right_mono)
          apply auto
          done
      next
        case goal2
        show ?case
          apply (rule less_imp_le)
          apply (cases "b = c")
          defer
          apply (subst norm_minus_commute)
          apply (rule k(2)[unfolded dist_norm])
          using as' e ab
          apply (auto simp add: field_simps)
          done
      qed
      finally show "norm (content {c .. b} *R f' b - (f b - f c)) ≤ e * (b - a) / 4"
        unfolding content_real[OF as(1)] by auto
    qed
  qed
  then guess db .. note db=conjunctD2[OF this,rule_format]

  let ?d = "(λx. ball x (if x=a then da else if x=b then db else d x))"
  show "?P e"
    apply (rule_tac x="?d" in exI)
  proof safe
    case goal1
    show ?case
      apply (rule gauge_ball_dependent)
      using ab db(1) da(1) d(1)
      apply auto
      done
  next
    case goal2
    note as=this
    let ?A = "{t. fst t ∈ {a, b}}"
    note p = tagged_division_ofD[OF goal2(1)]
    have pA: "p = (p ∩ ?A) ∪ (p - ?A)" "finite (p ∩ ?A)" "finite (p - ?A)" "(p ∩ ?A) ∩ (p - ?A) = {}"
      using goal2 by auto
    note * = additive_tagged_division_1'[OF assms(1) goal2(1), symmetric]
    have **: "!!n1 s1 n2 s2::real. n2 ≤ s2 / 2 ==> n1 - s1 ≤ s2 / 2 ==> n1 + n2 ≤ s1 + s2"
      by arith
    show ?case
      unfolding content_real[OF assms(1)] and *[of "λx. x"] *[of f] setsum_subtractf[symmetric] split_minus
      unfolding setsum_right_distrib
      apply (subst(2) pA)
      apply (subst pA)
      unfolding setsum.union_disjoint[OF pA(2-)]
    proof (rule norm_triangle_le, rule **)
      case goal1
      show ?case
        apply (rule order_trans)
        apply (rule setsum_norm_le)
        defer
        apply (subst setsum_divide_distrib)
        apply (rule order_refl)
        apply safe
        apply (unfold not_le o_def split_conv fst_conv)
      proof (rule ccontr)
        fix x k
        assume as: "(x, k) ∈ p"
          "e * (Sup k -  Inf k) / 2 <
            norm (content k *R f' x - (f (Sup k) - f (Inf k)))"
        from p(4)[OF this(1)] guess u v by (elim exE) note k=this
        then have "u ≤ v" and uv: "{u, v} ⊆ cbox u v"
          using p(2)[OF as(1)] by auto
        note result = as(2)[unfolded k box_real interval_bounds_real[OF this(1)] content_real[OF this(1)]]

        assume as': "x ≠ a" "x ≠ b"
        then have "x ∈ box a b"
          using p(2-3)[OF as(1)] by (auto simp: mem_box)
        note  * = d(2)[OF this]
        have "norm ((v - u) *R f' (x) - (f (v) - f (u))) =
          norm ((f (u) - f (x) - (u - x) *R f' (x)) - (f (v) - f (x) - (v - x) *R f' (x)))"
          apply (rule arg_cong[of _ _ norm])
          unfolding scaleR_left.diff
          apply auto
          done
        also have "… ≤ e / 2 * norm (u - x) + e / 2 * norm (v - x)"
          apply (rule norm_triangle_le_sub)
          apply (rule add_mono)
          apply (rule_tac[!] *)
          using fineD[OF goal2(2) as(1)] as'
          unfolding k subset_eq
          apply -
          apply (erule_tac x=u in ballE)
          apply (erule_tac[3] x=v in ballE)
          using uv
          apply (auto simp:dist_real_def)
          done
        also have "… ≤ e / 2 * norm (v - u)"
          using p(2)[OF as(1)]
          unfolding k
          by (auto simp add: field_simps)
        finally have "e * (v - u) / 2 < e * (v - u) / 2"
          apply -
          apply (rule less_le_trans[OF result])
          using uv
          apply auto
          done
        then show False by auto
      qed
    next
      have *: "!!x s1 s2::real. 0 ≤ s1 ==> x ≤ (s1 + s2) / 2 ==> x - s1 ≤ s2 / 2"
        by auto
      case goal2
      show ?case
        apply (rule *)
        apply (rule setsum_nonneg)
        apply rule
        apply (unfold split_paired_all split_conv)
        defer
        unfolding setsum.union_disjoint[OF pA(2-),symmetric] pA(1)[symmetric]
        unfolding setsum_right_distrib[symmetric]
        thm additive_tagged_division_1
        apply (subst additive_tagged_division_1[OF _ as(1)])
        apply (rule assms)
      proof -
        fix x k
        assume "(x, k) ∈ p ∩ {t. fst t ∈ {a, b}}"
        note xk=IntD1[OF this]
        from p(4)[OF this] guess u v by (elim exE) note uv=this
        with p(2)[OF xk] have "cbox u v ≠ {}"
          by auto
        then show "0 ≤ e * ((Sup k) - (Inf k))"
          unfolding uv using e by (auto simp add: field_simps)
      next
        have *: "!!s f t e. setsum f s = setsum f t ==> norm (setsum f t) ≤ e ==> norm (setsum f s) ≤ e"
          by auto
        show "norm (∑(x, k)∈p ∩ ?A. content k *R f' x -
          (f ((Sup k)) - f ((Inf k)))) ≤ e * (b - a) / 2"
          apply (rule *[where t="p ∩ {t. fst t ∈ {a, b} ∧ content(snd t) ≠ 0}"])
          apply (rule setsum.mono_neutral_right[OF pA(2)])
          defer
          apply rule
          unfolding split_paired_all split_conv o_def
        proof -
          fix x k
          assume "(x, k) ∈ p ∩ {t. fst t ∈ {a, b}} - p ∩ {t. fst t ∈ {a, b} ∧ content (snd t) ≠ 0}"
          then have xk: "(x, k) ∈ p" "content k = 0"
            by auto
          from p(4)[OF xk(1)] guess u v by (elim exE) note uv=this
          have "k ≠ {}"
            using p(2)[OF xk(1)] by auto
          then have *: "u = v"
            using xk
            unfolding uv content_eq_0 box_eq_empty
            by auto
          then show "content k *R (f' (x)) - (f ((Sup k)) - f ((Inf k))) = 0"
            using xk unfolding uv by auto
        next
          have *: "p ∩ {t. fst t ∈ {a, b} ∧ content(snd t) ≠ 0} =
            {t. t∈p ∧ fst t = a ∧ content(snd t) ≠ 0} ∪ {t. t∈p ∧ fst t = b ∧ content(snd t) ≠ 0}"
            by blast
          have **: "!!s f. !!e::real. (∀x y. x ∈ s ∧ y ∈ s --> x = y) ==>
            (∀x. x ∈ s --> norm (f x) ≤ e) ==> e > 0 ==> norm (setsum f s) ≤ e"
          proof (case_tac "s = {}")
            case goal2
            then obtain x where "x ∈ s"
              by auto
            then have *: "s = {x}"
              using goal2(1) by auto
            then show ?case
              using `x ∈ s` goal2(2) by auto
          qed auto
          case goal2
          show ?case
            apply (subst *)
            apply (subst setsum.union_disjoint)
            prefer 4
            apply (rule order_trans[of _ "e * (b - a)/4 + e * (b - a)/4"])
            apply (rule norm_triangle_le,rule add_mono)
            apply (rule_tac[1-2] **)
          proof -
            let ?B = "λx. {t ∈ p. fst t = x ∧ content (snd t) ≠ 0}"
            have pa: "!!k. (a, k) ∈ p ==> ∃v. k = cbox a v ∧ a ≤ v"
            proof -
              case goal1
              guess u v using p(4)[OF goal1] by (elim exE) note uv=this
              have *: "u ≤ v"
                using p(2)[OF goal1] unfolding uv by auto
              have u: "u = a"
              proof (rule ccontr)
                have "u ∈ cbox u v"
                  using p(2-3)[OF goal1(1)] unfolding uv by auto
                have "u ≥ a"
                  using p(2-3)[OF goal1(1)] unfolding uv subset_eq by auto
                moreover assume "¬ ?thesis"
                ultimately have "u > a" by auto
                then show False
                  using p(2)[OF goal1(1)] unfolding uv by (auto simp add:)
              qed
              then show ?case
                apply (rule_tac x=v in exI)
                unfolding uv
                using *
                apply auto
                done
            qed
            have pb: "!!k. (b, k) ∈ p ==> ∃v. k = cbox v b ∧ b ≥ v"
            proof -
              case goal1
              guess u v using p(4)[OF goal1] by (elim exE) note uv=this
              have *: "u ≤ v"
                using p(2)[OF goal1] unfolding uv by auto
              have u: "v =  b"
              proof (rule ccontr)
                have "u ∈ cbox u v"
                  using p(2-3)[OF goal1(1)] unfolding uv by auto
                have "v ≤ b"
                  using p(2-3)[OF goal1(1)] unfolding uv subset_eq by auto
                moreover assume "¬ ?thesis"
                ultimately have "v < b" by auto
                then show False
                  using p(2)[OF goal1(1)] unfolding uv by (auto simp add:)
              qed
              then show ?case
                apply (rule_tac x=u in exI)
                unfolding uv
                using *
                apply auto
                done
            qed
            show "∀x y. x ∈ ?B a ∧ y ∈ ?B a --> x = y"
              apply (rule,rule,rule,unfold split_paired_all)
              unfolding mem_Collect_eq fst_conv snd_conv
              apply safe
            proof -
              fix x k k'
              assume k: "(a, k) ∈ p" "(a, k') ∈ p" "content k ≠ 0" "content k' ≠ 0"
              guess v using pa[OF k(1)] .. note v = conjunctD2[OF this]
              guess v' using pa[OF k(2)] .. note v' = conjunctD2[OF this] let ?v = "min v v'"
              have "box a ?v ⊆ k ∩ k'"
                unfolding v v' by (auto simp add: mem_box)
              note interior_mono[OF this,unfolded interior_inter]
              moreover have "(a + ?v)/2 ∈ box a ?v"
                using k(3-)
                unfolding v v' content_eq_0 not_le
                by (auto simp add: mem_box)
              ultimately have "(a + ?v)/2 ∈ interior k ∩ interior k'"
                unfolding interior_open[OF open_box] by auto
              then have *: "k = k'"
                apply -
                apply (rule ccontr)
                using p(5)[OF k(1-2)]
                apply auto
                done
              { assume "x ∈ k" then show "x ∈ k'" unfolding * . }
              { assume "x ∈ k'" then show "x ∈ k" unfolding * . }
            qed
            show "∀x y. x ∈ ?B b ∧ y ∈ ?B b --> x = y"
              apply rule
              apply rule
              apply rule
              apply (unfold split_paired_all)
              unfolding mem_Collect_eq fst_conv snd_conv
              apply safe
            proof -
              fix x k k'
              assume k: "(b, k) ∈ p" "(b, k') ∈ p" "content k ≠ 0" "content k' ≠ 0"
              guess v using pb[OF k(1)] .. note v = conjunctD2[OF this]
              guess v' using pb[OF k(2)] .. note v' = conjunctD2[OF this]
              let ?v = "max v v'"
              have "box ?v b ⊆ k ∩ k'"
                unfolding v v' by (auto simp: mem_box)
                note interior_mono[OF this,unfolded interior_inter]
              moreover have " ((b + ?v)/2) ∈ box ?v b"
                using k(3-) unfolding v v' content_eq_0 not_le by (auto simp: mem_box)
              ultimately have " ((b + ?v)/2) ∈ interior k ∩ interior k'"
                unfolding interior_open[OF open_box] by auto
              then have *: "k = k'"
                apply -
                apply (rule ccontr)
                using p(5)[OF k(1-2)]
                apply auto
                done
              { assume "x ∈ k" then show "x ∈ k'" unfolding * . }
              { assume "x ∈ k'" then show "x∈k" unfolding * . }
            qed

            let ?a = a and ?b = b (* a is something else while proofing the next theorem. *)
            show "∀x. x ∈ ?B a --> norm ((λ(x, k). content k *R f' x - (f (Sup k) -
              f (Inf k))) x) ≤ e * (b - a) / 4"
              apply rule
              apply rule
              unfolding mem_Collect_eq
              unfolding split_paired_all fst_conv snd_conv
            proof safe
              case goal1
              guess v using pa[OF goal1(1)] .. note v = conjunctD2[OF this]
              have "?a ∈ {?a..v}"
                using v(2) by auto
              then have "v ≤ ?b"
                using p(3)[OF goal1(1)] unfolding subset_eq v by auto
              moreover have "{?a..v} ⊆ ball ?a da"
                using fineD[OF as(2) goal1(1)]
                apply -
                apply (subst(asm) if_P)
                apply (rule refl)
                unfolding subset_eq
                apply safe
                apply (erule_tac x=" x" in ballE)
                apply (auto simp add:subset_eq dist_real_def v)
                done
              ultimately show ?case
                unfolding v interval_bounds_real[OF v(2)] box_real
                apply -
                apply(rule da(2)[of "v"])
                using goal1 fineD[OF as(2) goal1(1)]
                unfolding v content_eq_0
                apply auto
                done
            qed
            show "∀x. x ∈ ?B b --> norm ((λ(x, k). content k *R f' x -
              (f (Sup k) - f (Inf k))) x) ≤ e * (b - a) / 4"
              apply rule
              apply rule
              unfolding mem_Collect_eq
              unfolding split_paired_all fst_conv snd_conv
            proof safe
              case goal1 guess v using pb[OF goal1(1)] .. note v = conjunctD2[OF this]
              have "?b ∈ {v.. ?b}"
                using v(2) by auto
              then have "v ≥ ?a" using p(3)[OF goal1(1)]
                unfolding subset_eq v by auto
              moreover have "{v..?b} ⊆ ball ?b db"
                using fineD[OF as(2) goal1(1)]
                apply -
                apply (subst(asm) if_P, rule refl)
                unfolding subset_eq
                apply safe
                apply (erule_tac x=" x" in ballE)
                using ab
                apply (auto simp add:subset_eq v dist_real_def)
                done
              ultimately show ?case
                unfolding v
                unfolding interval_bounds_real[OF v(2)] box_real
                apply -
                apply(rule db(2)[of "v"])
                using goal1 fineD[OF as(2) goal1(1)]
                unfolding v content_eq_0
                apply auto
                done
            qed
          qed (insert p(1) ab e, auto simp add: field_simps)
        qed auto
      qed
    qed
  qed
qed


subsection {* Stronger form with finite number of exceptional points. *}

lemma fundamental_theorem_of_calculus_interior_strong:
  fixes f :: "real => 'a::banach"
  assumes "finite s"
    and "a ≤ b"
    and "continuous_on {a .. b} f"
    and "∀x∈{a <..< b} - s. (f has_vector_derivative f'(x)) (at x)"
  shows "(f' has_integral (f b - f a)) {a .. b}"
  using assms
proof (induct "card s" arbitrary: s a b)
  case 0
  show ?case
    apply (rule fundamental_theorem_of_calculus_interior)
    using 0
    apply auto
    done
next
  case (Suc n)
  from this(2) guess c s'
    apply -
    apply (subst(asm) eq_commute)
    unfolding card_Suc_eq
    apply (subst(asm)(2) eq_commute)
    apply (elim exE conjE)
    done
  note cs = this[rule_format]
  show ?case
  proof (cases "c ∈ box a b")
    case False
    then show ?thesis
      apply -
      apply (rule Suc(1)[OF cs(3) _ Suc(4,5)])
      apply safe
      defer
      apply (rule Suc(6)[rule_format])
      using Suc(3)
      unfolding cs
      apply auto
      done
  next
    have *: "f b - f a = (f c - f a) + (f b - f c)"
      by auto
    case True
    then have "a ≤ c" "c ≤ b"
      by (auto simp: mem_box)
    then show ?thesis
      apply (subst *)
      apply (rule has_integral_combine)
      apply assumption+
      apply (rule_tac[!] Suc(1)[OF cs(3)])
      using Suc(3)
      unfolding cs
    proof -
      show "continuous_on {a .. c} f" "continuous_on {c .. b} f"
        apply (rule_tac[!] continuous_on_subset[OF Suc(5)])
        using True
        apply (auto simp: mem_box)
        done
      let ?P = "λi j. ∀x∈{i <..< j} - s'. (f has_vector_derivative f' x) (at x)"
      show "?P a c" "?P c b"
        apply safe
        apply (rule_tac[!] Suc(6)[rule_format])
        using True
        unfolding cs
        apply (auto simp: mem_box)
        done
    qed auto
  qed
qed

lemma fundamental_theorem_of_calculus_strong:
  fixes f :: "real => 'a::banach"
  assumes "finite s"
    and "a ≤ b"
    and "continuous_on {a .. b} f"
    and "∀x∈{a .. b} - s. (f has_vector_derivative f'(x)) (at x)"
  shows "(f' has_integral (f b - f a)) {a .. b}"
  apply (rule fundamental_theorem_of_calculus_interior_strong[OF assms(1-3), of f'])
  using assms(4)
  apply (auto simp: mem_box)
  done

lemma indefinite_integral_continuous_left:
  fixes f:: "real => 'a::banach"
  assumes "f integrable_on {a .. b}"
    and "a < c"
    and "c ≤ b"
    and "e > 0"
  obtains d where "d > 0"
    and "∀t. c - d < t ∧ t ≤ c --> norm (integral {a .. c} f - integral {a .. t} f) < e"
proof -
  have "∃w>0. ∀t. c - w < t ∧ t < c --> norm (f c) * norm(c - t) < e / 3"
  proof (cases "f c = 0")
    case False
    hence "0 < e / 3 / norm (f c)" using `e>0` by simp
    then show ?thesis
      apply -
      apply rule
      apply rule
      apply assumption
      apply safe
    proof -
      fix t
      assume as: "t < c" and "c - e / 3 / norm (f c) < t"
      then have "c - t < e / 3 / norm (f c)"
        by auto
      then have "norm (c - t) < e / 3 / norm (f c)"
        using as by auto
      then show "norm (f c) * norm (c - t) < e / 3"
        using False
        apply -
        apply (subst mult.commute)
        apply (subst pos_less_divide_eq[symmetric])
        apply auto
        done
    qed
  next
    case True
    show ?thesis
      apply (rule_tac x=1 in exI)
      unfolding True
      using `e > 0`
      apply auto
      done
  qed
  then guess w .. note w = conjunctD2[OF this,rule_format]

  have *: "e / 3 > 0"
    using assms by auto
  have "f integrable_on {a .. c}"
    apply (rule integrable_subinterval_real[OF assms(1)])
    using assms(2-3)
    apply auto
    done
  from integrable_integral[OF this,unfolded has_integral_real,rule_format,OF *] guess d1 ..
  note d1 = conjunctD2[OF this,rule_format]
  def d  "λx. ball x w ∩ d1 x"
  have "gauge d"
    unfolding d_def using w(1) d1 by auto
  note this[unfolded gauge_def,rule_format,of c]
  note conjunctD2[OF this]
  from this(2)[unfolded open_contains_ball,rule_format,OF this(1)] guess k ..
  note k=conjunctD2[OF this]

  let ?d = "min k (c - a) / 2"
  show ?thesis
    apply (rule that[of ?d])
    apply safe
  proof -
    show "?d > 0"
      using k(1) using assms(2) by auto
    fix t
    assume as: "c - ?d < t" "t ≤ c"
    let ?thesis = "norm (integral ({a .. c}) f - integral ({a .. t}) f) < e"
    {
      presume *: "t < c ==> ?thesis"
      show ?thesis
        apply (cases "t = c")
        defer
        apply (rule *)
        apply (subst less_le)
        using `e > 0` as(2)
        apply auto
        done
    }
    assume "t < c"

    have "f integrable_on {a .. t}"
      apply (rule integrable_subinterval_real[OF assms(1)])
      using assms(2-3) as(2)
      apply auto
      done
    from integrable_integral[OF this,unfolded has_integral_real,rule_format,OF *] guess d2 ..
    note d2 = conjunctD2[OF this,rule_format]
    def d3  "λx. if x ≤ t then d1 x ∩ d2 x else d1 x"
    have "gauge d3"
      using d2(1) d1(1) unfolding d3_def gauge_def by auto
    from fine_division_exists_real[OF this, of a t] guess p . note p=this
    note p'=tagged_division_ofD[OF this(1)]
    have pt: "∀(x,k)∈p. x ≤ t"
    proof safe
      case goal1
      from p'(2,3)[OF this] show ?case
        by auto
    qed
    with p(2) have "d2 fine p"
      unfolding fine_def d3_def
      apply safe
      apply (erule_tac x="(a,b)" in ballE)+
      apply auto
      done
    note d2_fin = d2(2)[OF conjI[OF p(1) this]]

    have *: "{a .. c} ∩ {x. x • 1 ≤ t} = {a .. t}" "{a .. c} ∩ {x. x • 1 ≥ t} = {t .. c}"
      using assms(2-3) as by (auto simp add: field_simps)
    have "p ∪ {(c, {t .. c})} tagged_division_of {a .. c} ∧ d1 fine p ∪ {(c, {t .. c})}"
      apply rule
      apply (rule tagged_division_union_interval_real[of _ _ _ 1 "t"])
      unfolding *
      apply (rule p)
      apply (rule tagged_division_of_self_real)
      unfolding fine_def
      apply safe
    proof -
      fix x k y
      assume "(x,k) ∈ p" and "y ∈ k"
      then show "y ∈ d1 x"
        using p(2) pt
        unfolding fine_def d3_def
        apply -
        apply (erule_tac x="(x,k)" in ballE)+
        apply auto
        done
    next
      fix x assume "x ∈ {t..c}"
      then have "dist c x < k"
        unfolding dist_real_def
        using as(1)
        by (auto simp add: field_simps)
      then show "x ∈ d1 c"
        using k(2)
        unfolding d_def
        by auto
    qed (insert as(2), auto) note d1_fin = d1(2)[OF this]

    have *: "integral {a .. c} f - integral {a .. t} f = -(((c - t) *R f c + (∑(x, k)∈p. content k *R f x)) -
      integral {a .. c} f) + ((∑(x, k)∈p. content k *R f x) - integral {a .. t} f) + (c - t) *R f c"
      "e = (e/3 + e/3) + e/3"
      by auto
    have **: "(∑(x, k)∈p ∪ {(c, {t .. c})}. content k *R f x) =
      (c - t) *R f c + (∑(x, k)∈p. content k *R f x)"
    proof -
      have **: "!!x F. F ∪ {x} = insert x F"
        by auto
      have "(c, cbox t c) ∉ p"
      proof safe
        case goal1
        from p'(2-3)[OF this] have "c ∈ cbox a t"
          by auto
        then show False using `t < c`
          by auto
      qed
      then show ?thesis
        unfolding ** box_real
        apply -
        apply (subst setsum.insert)
        apply (rule p')
        unfolding split_conv
        defer
        apply (subst content_real)
        using as(2)
        apply auto
        done
    qed
    have ***: "c - w < t ∧ t < c"
    proof -
      have "c - k < t"
        using `k>0` as(1) by (auto simp add: field_simps)
      moreover have "k ≤ w"
        apply (rule ccontr)
        using k(2)
        unfolding subset_eq
        apply (erule_tac x="c + ((k + w)/2)" in ballE)
        unfolding d_def
        using `k > 0` `w > 0`
        apply (auto simp add: field_simps not_le not_less dist_real_def)
        done
      ultimately show ?thesis using `t < c`
        by (auto simp add: field_simps)
    qed
    show ?thesis
      unfolding *(1)
      apply (subst *(2))
      apply (rule norm_triangle_lt add_strict_mono)+
      unfolding norm_minus_cancel
      apply (rule d1_fin[unfolded **])
      apply (rule d2_fin)
      using w(2)[OF ***]
      unfolding norm_scaleR
      apply (auto simp add: field_simps)
      done
  qed
qed

lemma indefinite_integral_continuous_right:
  fixes f :: "real => 'a::banach"
  assumes "f integrable_on {a .. b}"
    and "a ≤ c"
    and "c < b"
    and "e > 0"
  obtains d where "0 < d"
    and "∀t. c ≤ t ∧ t < c + d --> norm (integral {a .. c} f - integral {a .. t} f) < e"
proof -
  have *: "(λx. f (- x)) integrable_on {-b .. -a}" "- b < - c" "- c ≤ - a"
    using assms by auto
  from indefinite_integral_continuous_left[OF * `e>0`] guess d . note d = this
  let ?d = "min d (b - c)"
  show ?thesis
    apply (rule that[of "?d"])
    apply safe
  proof -
    show "0 < ?d"
      using d(1) assms(3) by auto
    fix t :: real
    assume as: "c ≤ t" "t < c + ?d"
    have *: "integral {a .. c} f = integral {a .. b} f - integral {c .. b} f"
      "integral {a .. t} f = integral {a .. b} f - integral {t .. b} f"
      unfolding algebra_simps
      apply (rule_tac[!] integral_combine)
      using assms as
      apply auto
      done
    have "(- c) - d < (- t) ∧ - t ≤ - c"
      using as by auto note d(2)[rule_format,OF this]
    then show "norm (integral {a .. c} f - integral {a .. t} f) < e"
      unfolding *
      unfolding integral_reflect
      apply (subst norm_minus_commute)
      apply (auto simp add: algebra_simps)
      done
  qed
qed

lemma indefinite_integral_continuous:
  fixes f :: "real => 'a::banach"
  assumes "f integrable_on {a .. b}"
  shows "continuous_on {a .. b} (λx. integral {a .. x} f)"
proof (unfold continuous_on_iff, safe)
  fix x e :: real
  assume as: "x ∈ {a .. b}" "e > 0"
  let ?thesis = "∃d>0. ∀x'∈{a .. b}. dist x' x < d --> dist (integral {a .. x'} f) (integral {a .. x} f) < e"
  {
    presume *: "a < b ==> ?thesis"
    show ?thesis
      apply cases
      apply (rule *)
      apply assumption
    proof -
      case goal1
      then have "cbox a b = {x}"
        using as(1)
        apply -
        apply (rule set_eqI)
        apply auto
        done
      then show ?case using `e > 0` by auto
    qed
  }
  assume "a < b"
  have "(x = a ∨ x = b) ∨ (a < x ∧ x < b)"
    using as(1) by auto
  then show ?thesis
    apply (elim disjE)
  proof -
    assume "x = a"
    have "a ≤ a" ..
    from indefinite_integral_continuous_right[OF assms(1) this `a<b` `e>0`] guess d . note d=this
    show ?thesis
      apply rule
      apply rule
      apply (rule d)
      apply safe
      apply (subst dist_commute)
      unfolding `x = a` dist_norm
      apply (rule d(2)[rule_format])
      apply auto
      done
  next
    assume "x = b"
    have "b ≤ b" ..
    from indefinite_integral_continuous_left[OF assms(1) `a<b` this `e>0`] guess d . note d=this
    show ?thesis
      apply rule
      apply rule
      apply (rule d)
      apply safe
      apply (subst dist_commute)
      unfolding `x = b` dist_norm
      apply (rule d(2)[rule_format])
      apply auto
      done
  next
    assume "a < x ∧ x < b"
    then have xl: "a < x" "x ≤ b" and xr: "a ≤ x" "x < b"
      by auto
    from indefinite_integral_continuous_left [OF assms(1) xl `e>0`] guess d1 . note d1=this
    from indefinite_integral_continuous_right[OF assms(1) xr `e>0`] guess d2 . note d2=this
    show ?thesis
      apply (rule_tac x="min d1 d2" in exI)
    proof safe
      show "0 < min d1 d2"
        using d1 d2 by auto
      fix y
      assume "y ∈ {a .. b}" and "dist y x < min d1 d2"
      then show "dist (integral {a .. y} f) (integral {a .. x} f) < e"
        apply (subst dist_commute)
        apply (cases "y < x")
        unfolding dist_norm
        apply (rule d1(2)[rule_format])
        defer
        apply (rule d2(2)[rule_format])
        unfolding not_less
        apply (auto simp add: field_simps)
        done
    qed
  qed
qed


subsection {* This doesn't directly involve integration, but that gives an easy proof. *}

lemma has_derivative_zero_unique_strong_interval:
  fixes f :: "real => 'a::banach"
  assumes "finite k"
    and "continuous_on {a .. b} f"
    and "f a = y"
    and "∀x∈({a .. b} - k). (f has_derivative (λh. 0)) (at x within {a .. b})" "x ∈ {a .. b}"
  shows "f x = y"
proof -
  have ab: "a ≤ b"
    using assms by auto
  have *: "a ≤ x"
    using assms(5) by auto
  have "((λx. 0::'a) has_integral f x - f a) {a .. x}"
    apply (rule fundamental_theorem_of_calculus_interior_strong[OF assms(1) *])
    apply (rule continuous_on_subset[OF assms(2)])
    defer
    apply safe
    unfolding has_vector_derivative_def
    apply (subst has_derivative_within_open[symmetric])
    apply assumption
    apply (rule open_greaterThanLessThan)
    apply (rule has_derivative_within_subset[where s="{a .. b}"])
    using assms(4) assms(5)
    apply (auto simp: mem_box)
    done
  note this[unfolded *]
  note has_integral_unique[OF has_integral_0 this]
  then show ?thesis
    unfolding assms by auto
qed


subsection {* Generalize a bit to any convex set. *}

lemma has_derivative_zero_unique_strong_convex:
  fixes f :: "'a::euclidean_space => 'b::banach"
  assumes "convex s"
    and "finite k"
    and "continuous_on s f"
    and "c ∈ s"
    and "f c = y"
    and "∀x∈(s - k). (f has_derivative (λh. 0)) (at x within s)"
    and "x ∈ s"
  shows "f x = y"
proof -
  {
    presume *: "x ≠ c ==> ?thesis"
    show ?thesis
      apply cases
      apply (rule *)
      apply assumption
      unfolding assms(5)[symmetric]
      apply auto
      done
  }
  assume "x ≠ c"
  note conv = assms(1)[unfolded convex_alt,rule_format]
  have as1: "continuous_on {0 ..1} (f o (λt. (1 - t) *R c + t *R x))"
    apply (rule continuous_intros)+
    apply (rule continuous_on_subset[OF assms(3)])
    apply safe
    apply (rule conv)
    using assms(4,7)
    apply auto
    done
  have *: "!!t xa. (1 - t) *R c + t *R x = (1 - xa) *R c + xa *R x ==> t = xa"
  proof -
    case goal1
    then have "(t - xa) *R x = (t - xa) *R c"
      unfolding scaleR_simps by (auto simp add: algebra_simps)
    then show ?case
      using `x ≠ c` by auto
  qed
  have as2: "finite {t. ((1 - t) *R c + t *R x) ∈ k}"
    using assms(2)
    apply (rule finite_surj[where f="λz. SOME t. (1-t) *R c + t *R x = z"])
    apply safe
    unfolding image_iff
    apply rule
    defer
    apply assumption
    apply (rule sym)
    apply (rule some_equality)
    defer
    apply (drule *)
    apply auto
    done
  have "(f o (λt. (1 - t) *R c + t *R x)) 1 = y"
    apply (rule has_derivative_zero_unique_strong_interval[OF as2 as1, of ])
    unfolding o_def
    using assms(5)
    defer
    apply -
    apply rule
  proof -
    fix t
    assume as: "t ∈ {0 .. 1} - {t. (1 - t) *R c + t *R x ∈ k}"
    have *: "c - t *R c + t *R x ∈ s - k"
      apply safe
      apply (rule conv[unfolded scaleR_simps])
      using `x ∈ s` `c ∈ s` as
      by (auto simp add: algebra_simps)
    have "(f o (λt. (1 - t) *R c + t *R x) has_derivative (λx. 0) o (λz. (0 - z *R c) + z *R x))
      (at t within {0 .. 1})"
      apply (intro derivative_eq_intros)
      apply simp_all
      apply (simp add: field_simps)
      unfolding scaleR_simps
      apply (rule has_derivative_within_subset,rule assms(6)[rule_format])
      apply (rule *)
      apply safe
      apply (rule conv[unfolded scaleR_simps])
      using `x ∈ s` `c ∈ s`
      apply auto
      done
    then show "((λxa. f ((1 - xa) *R c + xa *R x)) has_derivative (λh. 0)) (at t within {0 .. 1})"
      unfolding o_def .
  qed auto
  then show ?thesis
    by auto
qed


text {* Also to any open connected set with finite set of exceptions. Could
 generalize to locally convex set with limpt-free set of exceptions. *}

lemma has_derivative_zero_unique_strong_connected:
  fixes f :: "'a::euclidean_space => 'b::banach"
  assumes "connected s"
    and "open s"
    and "finite k"
    and "continuous_on s f"
    and "c ∈ s"
    and "f c = y"
    and "∀x∈(s - k). (f has_derivative (λh. 0)) (at x within s)"
    and "x∈s"
  shows "f x = y"
proof -
  have "{x ∈ s. f x ∈ {y}} = {} ∨ {x ∈ s. f x ∈ {y}} = s"
    apply (rule assms(1)[unfolded connected_clopen,rule_format])
    apply rule
    defer
    apply (rule continuous_closed_in_preimage[OF assms(4) closed_singleton])
    apply (rule open_openin_trans[OF assms(2)])
    unfolding open_contains_ball
  proof safe
    fix x
    assume "x ∈ s"
    from assms(2)[unfolded open_contains_ball,rule_format,OF this] guess e .. note e=conjunctD2[OF this]
    show "∃e>0. ball x e ⊆ {xa ∈ s. f xa ∈ {f x}}"
      apply rule
      apply rule
      apply (rule e)
    proof safe
      fix y
      assume y: "y ∈ ball x e"
      then show "y ∈ s"
        using e by auto
      show "f y = f x"
        apply (rule has_derivative_zero_unique_strong_convex[OF convex_ball])
        apply (rule assms)
        apply (rule continuous_on_subset)
        apply (rule assms)
        apply (rule e)+
        apply (subst centre_in_ball)
        apply (rule e)
        apply rule
        apply safe
        apply (rule has_derivative_within_subset)
        apply (rule assms(7)[rule_format])
        using y e
        apply auto
        done
    qed
  qed
  then show ?thesis
    using `x ∈ s` `f c = y` `c ∈ s` by auto
qed

lemma has_derivative_zero_connected_constant:
  fixes f :: "'a::euclidean_space => 'b::banach"
  assumes "connected s"
      and "open s"
      and "finite k"
      and "continuous_on s f"
      and "∀x∈(s - k). (f has_derivative (λh. 0)) (at x within s)"
    obtains c where "!!x. x ∈ s ==> f(x) = c"
proof (cases "s = {}")
  case True
  then show ?thesis
by (metis empty_iff that)
next
  case False
  then obtain c where "c ∈ s"
    by (metis equals0I)
  then show ?thesis
    by (metis has_derivative_zero_unique_strong_connected assms that)
qed


subsection {* Integrating characteristic function of an interval *}

lemma has_integral_restrict_open_subinterval:
  fixes f :: "'a::euclidean_space => 'b::banach"
  assumes "(f has_integral i) (cbox c d)"
    and "cbox c d ⊆ cbox a b"
  shows "((λx. if x ∈ box c d then f x else 0) has_integral i) (cbox a b)"
proof -
  def g  "λx. if x ∈box c d then f x else 0"
  {
    presume *: "cbox c d ≠ {} ==> ?thesis"
    show ?thesis
      apply cases
      apply (rule *)
      apply assumption
    proof -
      case goal1
      then have *: "box c d = {}"
        by (metis bot.extremum_uniqueI box_subset_cbox)
      show ?thesis
        using assms(1)
        unfolding *
        using goal1
        by auto
    qed
  }
  assume "cbox c d ≠ {}"
  from partial_division_extend_1[OF assms(2) this] guess p . note p=this
  note mon = monoidal_lifted[OF monoidal_monoid]
  note operat = operative_division[OF this operative_integral p(1<