# Theory Int

theory Int
imports Quotient Fun_Def
```(*  Title:      HOL/Int.thy
Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
Author:     Tobias Nipkow, Florian Haftmann, TU Muenchen
*)

section ‹The Integers as Equivalence Classes over Pairs of Natural Numbers›

theory Int
imports Equiv_Relations Power Quotient Fun_Def
begin

subsection ‹Definition of integers as a quotient type›

definition intrel :: "(nat × nat) ⇒ (nat × nat) ⇒ bool"
where "intrel = (λ(x, y) (u, v). x + v = u + y)"

lemma intrel_iff [simp]: "intrel (x, y) (u, v) ⟷ x + v = u + y"

quotient_type int = "nat × nat" / "intrel"
morphisms Rep_Integ Abs_Integ
proof (rule equivpI)
show "reflp intrel" by (auto simp: reflp_def)
show "symp intrel" by (auto simp: symp_def)
show "transp intrel" by (auto simp: transp_def)
qed

lemma eq_Abs_Integ [case_names Abs_Integ, cases type: int]:
"(⋀x y. z = Abs_Integ (x, y) ⟹ P) ⟹ P"
by (induct z) auto

subsection ‹Integers form a commutative ring›

instantiation int :: comm_ring_1
begin

lift_definition zero_int :: "int" is "(0, 0)" .

lift_definition one_int :: "int" is "(1, 0)" .

lift_definition plus_int :: "int ⇒ int ⇒ int"
is "λ(x, y) (u, v). (x + u, y + v)"
by clarsimp

lift_definition uminus_int :: "int ⇒ int"
is "λ(x, y). (y, x)"
by clarsimp

lift_definition minus_int :: "int ⇒ int ⇒ int"
is "λ(x, y) (u, v). (x + v, y + u)"
by clarsimp

lift_definition times_int :: "int ⇒ int ⇒ int"
is "λ(x, y) (u, v). (x*u + y*v, x*v + y*u)"
proof (clarsimp)
fix s t u v w x y z :: nat
assume "s + v = u + t" and "w + z = y + x"
then have "(s + v) * w + (u + t) * x + u * (w + z) + v * (y + x) =
(u + t) * w + (s + v) * x + u * (y + x) + v * (w + z)"
by simp
then show "(s * w + t * x) + (u * z + v * y) = (u * y + v * z) + (s * x + t * w)"
qed

instance
by standard (transfer; clarsimp simp: algebra_simps)+

end

abbreviation int :: "nat ⇒ int"
where "int ≡ of_nat"

lemma int_def: "int n = Abs_Integ (n, 0)"

lemma int_transfer [transfer_rule]: "(rel_fun (op =) pcr_int) (λn. (n, 0)) int"
by (simp add: rel_fun_def int.pcr_cr_eq cr_int_def int_def)

lemma int_diff_cases: obtains (diff) m n where "z = int m - int n"
by transfer clarsimp

subsection ‹Integers are totally ordered›

instantiation int :: linorder
begin

lift_definition less_eq_int :: "int ⇒ int ⇒ bool"
is "λ(x, y) (u, v). x + v ≤ u + y"
by auto

lift_definition less_int :: "int ⇒ int ⇒ bool"
is "λ(x, y) (u, v). x + v < u + y"
by auto

instance
by standard (transfer, force)+

end

instantiation int :: distrib_lattice
begin

definition "(inf :: int ⇒ int ⇒ int) = min"

definition "(sup :: int ⇒ int ⇒ int) = max"

instance
by standard (auto simp add: inf_int_def sup_int_def max_min_distrib2)

end

subsection ‹Ordering properties of arithmetic operations›

proof
fix i j k :: int
show "i ≤ j ⟹ k + i ≤ k + j"
by transfer clarsimp
qed

text ‹Strict Monotonicity of Multiplication.›

text ‹Strict, in 1st argument; proof is by induction on ‹k > 0›.›
lemma zmult_zless_mono2_lemma: "i < j ⟹ 0 < k ⟹ int k * i < int k * j"
for i j :: int
proof (induct k)
case 0
then show ?case by simp
next
case (Suc k)
then show ?case
qed

lemma zero_le_imp_eq_int: "0 ≤ k ⟹ ∃n. k = int n"
for k :: int
apply transfer
apply clarsimp
apply (rule_tac x="a - b" in exI)
apply simp
done

lemma zero_less_imp_eq_int: "0 < k ⟹ ∃n>0. k = int n"
for k :: int
apply transfer
apply clarsimp
apply (rule_tac x="a - b" in exI)
apply simp
done

lemma zmult_zless_mono2: "i < j ⟹ 0 < k ⟹ k * i < k * j"
for i j k :: int
by (drule zero_less_imp_eq_int) (auto simp add: zmult_zless_mono2_lemma)

text ‹The integers form an ordered integral domain.›

instantiation int :: linordered_idom
begin

definition zabs_def: "¦i::int¦ = (if i < 0 then - i else i)"

definition zsgn_def: "sgn (i::int) = (if i = 0 then 0 else if 0 < i then 1 else - 1)"

instance
proof
fix i j k :: int
show "i < j ⟹ 0 < k ⟹ k * i < k * j"
by (rule zmult_zless_mono2)
show "¦i¦ = (if i < 0 then -i else i)"
by (simp only: zabs_def)
show "sgn (i::int) = (if i=0 then 0 else if 0<i then 1 else - 1)"
by (simp only: zsgn_def)
qed

end

lemma zless_imp_add1_zle: "w < z ⟹ w + 1 ≤ z"
for w z :: int
by transfer clarsimp

lemma zless_iff_Suc_zadd: "w < z ⟷ (∃n. z = w + int (Suc n))"
for w z :: int
apply transfer
apply auto
apply (rename_tac a b c d)
apply (rule_tac x="c+b - Suc(a+d)" in exI)
apply arith
done

lemma zabs_less_one_iff [simp]: "¦z¦ < 1 ⟷ z = 0" (is "?lhs ⟷ ?rhs")
for z :: int
proof
assume ?rhs
then show ?lhs by simp
next
assume ?lhs
with zless_imp_add1_zle [of "¦z¦" 1] have "¦z¦ + 1 ≤ 1" by simp
then have "¦z¦ ≤ 0" by simp
then show ?rhs by simp
qed

lemmas int_distrib =
distrib_right [of z1 z2 w]
distrib_left [of w z1 z2]
left_diff_distrib [of z1 z2 w]
right_diff_distrib [of w z1 z2]
for z1 z2 w :: int

subsection ‹Embedding of the Integers into any ‹ring_1›: ‹of_int››

context ring_1
begin

lift_definition of_int :: "int ⇒ 'a"
is "λ(i, j). of_nat i - of_nat j"

lemma of_int_0 [simp]: "of_int 0 = 0"
by transfer simp

lemma of_int_1 [simp]: "of_int 1 = 1"
by transfer simp

lemma of_int_add [simp]: "of_int (w + z) = of_int w + of_int z"
by transfer (clarsimp simp add: algebra_simps)

lemma of_int_minus [simp]: "of_int (- z) = - (of_int z)"
by (transfer fixing: uminus) clarsimp

lemma of_int_diff [simp]: "of_int (w - z) = of_int w - of_int z"
using of_int_add [of w "- z"] by simp

lemma of_int_mult [simp]: "of_int (w*z) = of_int w * of_int z"
by (transfer fixing: times) (clarsimp simp add: algebra_simps)

lemma mult_of_int_commute: "of_int x * y = y * of_int x"
by (transfer fixing: times) (auto simp: algebra_simps mult_of_nat_commute)

text ‹Collapse nested embeddings.›
lemma of_int_of_nat_eq [simp]: "of_int (int n) = of_nat n"
by (induct n) auto

lemma of_int_numeral [simp, code_post]: "of_int (numeral k) = numeral k"
by (simp add: of_nat_numeral [symmetric] of_int_of_nat_eq [symmetric])

lemma of_int_neg_numeral [code_post]: "of_int (- numeral k) = - numeral k"
by simp

lemma of_int_power [simp]: "of_int (z ^ n) = of_int z ^ n"
by (induct n) simp_all

end

context ring_char_0
begin

lemma of_int_eq_iff [simp]: "of_int w = of_int z ⟷ w = z"

text ‹Special cases where either operand is zero.›
lemma of_int_eq_0_iff [simp]: "of_int z = 0 ⟷ z = 0"
using of_int_eq_iff [of z 0] by simp

lemma of_int_0_eq_iff [simp]: "0 = of_int z ⟷ z = 0"
using of_int_eq_iff [of 0 z] by simp

lemma of_int_eq_1_iff [iff]: "of_int z = 1 ⟷ z = 1"
using of_int_eq_iff [of z 1] by simp

end

context linordered_idom
begin

text ‹Every ‹linordered_idom› has characteristic zero.›
subclass ring_char_0 ..

lemma of_int_le_iff [simp]: "of_int w ≤ of_int z ⟷ w ≤ z"
by (transfer fixing: less_eq)

lemma of_int_less_iff [simp]: "of_int w < of_int z ⟷ w < z"

lemma of_int_0_le_iff [simp]: "0 ≤ of_int z ⟷ 0 ≤ z"
using of_int_le_iff [of 0 z] by simp

lemma of_int_le_0_iff [simp]: "of_int z ≤ 0 ⟷ z ≤ 0"
using of_int_le_iff [of z 0] by simp

lemma of_int_0_less_iff [simp]: "0 < of_int z ⟷ 0 < z"
using of_int_less_iff [of 0 z] by simp

lemma of_int_less_0_iff [simp]: "of_int z < 0 ⟷ z < 0"
using of_int_less_iff [of z 0] by simp

lemma of_int_1_le_iff [simp]: "1 ≤ of_int z ⟷ 1 ≤ z"
using of_int_le_iff [of 1 z] by simp

lemma of_int_le_1_iff [simp]: "of_int z ≤ 1 ⟷ z ≤ 1"
using of_int_le_iff [of z 1] by simp

lemma of_int_1_less_iff [simp]: "1 < of_int z ⟷ 1 < z"
using of_int_less_iff [of 1 z] by simp

lemma of_int_less_1_iff [simp]: "of_int z < 1 ⟷ z < 1"
using of_int_less_iff [of z 1] by simp

lemma of_int_pos: "z > 0 ⟹ of_int z > 0"
by simp

lemma of_int_nonneg: "z ≥ 0 ⟹ of_int z ≥ 0"
by simp

lemma of_int_abs [simp]: "of_int ¦x¦ = ¦of_int x¦"

lemma of_int_lessD:
assumes "¦of_int n¦ < x"
shows "n = 0 ∨ x > 1"
proof (cases "n = 0")
case True
then show ?thesis by simp
next
case False
then have "¦n¦ ≠ 0" by simp
then have "¦n¦ > 0" by simp
then have "¦n¦ ≥ 1"
using zless_imp_add1_zle [of 0 "¦n¦"] by simp
then have "¦of_int n¦ ≥ 1"
unfolding of_int_1_le_iff [of "¦n¦", symmetric] by simp
then have "1 < x" using assms by (rule le_less_trans)
then show ?thesis ..
qed

lemma of_int_leD:
assumes "¦of_int n¦ ≤ x"
shows "n = 0 ∨ 1 ≤ x"
proof (cases "n = 0")
case True
then show ?thesis by simp
next
case False
then have "¦n¦ ≠ 0" by simp
then have "¦n¦ > 0" by simp
then have "¦n¦ ≥ 1"
using zless_imp_add1_zle [of 0 "¦n¦"] by simp
then have "¦of_int n¦ ≥ 1"
unfolding of_int_1_le_iff [of "¦n¦", symmetric] by simp
then have "1 ≤ x" using assms by (rule order_trans)
then show ?thesis ..
qed

end

text ‹Comparisons involving @{term of_int}.›

lemma of_int_eq_numeral_iff [iff]: "of_int z = (numeral n :: 'a::ring_char_0) ⟷ z = numeral n"
using of_int_eq_iff by fastforce

lemma of_int_le_numeral_iff [simp]:
"of_int z ≤ (numeral n :: 'a::linordered_idom) ⟷ z ≤ numeral n"
using of_int_le_iff [of z "numeral n"] by simp

lemma of_int_numeral_le_iff [simp]:
"(numeral n :: 'a::linordered_idom) ≤ of_int z ⟷ numeral n ≤ z"
using of_int_le_iff [of "numeral n"] by simp

lemma of_int_less_numeral_iff [simp]:
"of_int z < (numeral n :: 'a::linordered_idom) ⟷ z < numeral n"
using of_int_less_iff [of z "numeral n"] by simp

lemma of_int_numeral_less_iff [simp]:
"(numeral n :: 'a::linordered_idom) < of_int z ⟷ numeral n < z"
using of_int_less_iff [of "numeral n" z] by simp

lemma of_nat_less_of_int_iff: "(of_nat n::'a::linordered_idom) < of_int x ⟷ int n < x"
by (metis of_int_of_nat_eq of_int_less_iff)

lemma of_int_eq_id [simp]: "of_int = id"
proof
show "of_int z = id z" for z
by (cases z rule: int_diff_cases) simp
qed

instance int :: no_top
apply standard
apply (rule_tac x="x + 1" in exI)
apply simp
done

instance int :: no_bot
apply standard
apply (rule_tac x="x - 1" in exI)
apply simp
done

subsection ‹Magnitude of an Integer, as a Natural Number: ‹nat››

lift_definition nat :: "int ⇒ nat" is "λ(x, y). x - y"
by auto

lemma nat_int [simp]: "nat (int n) = n"
by transfer simp

lemma int_nat_eq [simp]: "int (nat z) = (if 0 ≤ z then z else 0)"
by transfer clarsimp

lemma nat_0_le: "0 ≤ z ⟹ int (nat z) = z"
by simp

lemma nat_le_0 [simp]: "z ≤ 0 ⟹ nat z = 0"
by transfer clarsimp

lemma nat_le_eq_zle: "0 < w ∨ 0 ≤ z ⟹ nat w ≤ nat z ⟷ w ≤ z"
by transfer (clarsimp, arith)

text ‹An alternative condition is @{term "0 ≤ w"}.›
lemma nat_mono_iff: "0 < z ⟹ nat w < nat z ⟷ w < z"
by (simp add: nat_le_eq_zle linorder_not_le [symmetric])

lemma nat_less_eq_zless: "0 ≤ w ⟹ nat w < nat z ⟷ w < z"
by (simp add: nat_le_eq_zle linorder_not_le [symmetric])

lemma zless_nat_conj [simp]: "nat w < nat z ⟷ 0 < z ∧ w < z"
by transfer (clarsimp, arith)

lemma nonneg_int_cases:
assumes "0 ≤ k"
obtains n where "k = int n"
proof -
from assms have "k = int (nat k)"
by simp
then show thesis
by (rule that)
qed

lemma pos_int_cases:
assumes "0 < k"
obtains n where "k = int n" and "n > 0"
proof -
from assms have "0 ≤ k"
by simp
then obtain n where "k = int n"
by (rule nonneg_int_cases)
moreover have "n > 0"
using ‹k = int n› assms by simp
ultimately show thesis
by (rule that)
qed

lemma nonpos_int_cases:
assumes "k ≤ 0"
obtains n where "k = - int n"
proof -
from assms have "- k ≥ 0"
by simp
then obtain n where "- k = int n"
by (rule nonneg_int_cases)
then have "k = - int n"
by simp
then show thesis
by (rule that)
qed

lemma neg_int_cases:
assumes "k < 0"
obtains n where "k = - int n" and "n > 0"
proof -
from assms have "- k > 0"
by simp
then obtain n where "- k = int n" and "- k > 0"
by (blast elim: pos_int_cases)
then have "k = - int n" and "n > 0"
by simp_all
then show thesis
by (rule that)
qed

lemma nat_eq_iff: "nat w = m ⟷ (if 0 ≤ w then w = int m else m = 0)"

lemma nat_eq_iff2: "m = nat w ⟷ (if 0 ≤ w then w = int m else m = 0)"
using nat_eq_iff [of w m] by auto

lemma nat_0 [simp]: "nat 0 = 0"

lemma nat_1 [simp]: "nat 1 = Suc 0"

lemma nat_numeral [simp]: "nat (numeral k) = numeral k"

lemma nat_neg_numeral [simp]: "nat (- numeral k) = 0"
by simp

lemma nat_2: "nat 2 = Suc (Suc 0)"
by simp

lemma nat_less_iff: "0 ≤ w ⟹ nat w < m ⟷ w < of_nat m"
by transfer (clarsimp, arith)

lemma nat_le_iff: "nat x ≤ n ⟷ x ≤ int n"
by transfer (clarsimp simp add: le_diff_conv)

lemma nat_mono: "x ≤ y ⟹ nat x ≤ nat y"
by transfer auto

lemma nat_0_iff[simp]: "nat i = 0 ⟷ i ≤ 0"
for i :: int
by transfer clarsimp

lemma int_eq_iff: "of_nat m = z ⟷ m = nat z ∧ 0 ≤ z"

lemma zero_less_nat_eq [simp]: "0 < nat z ⟷ 0 < z"
using zless_nat_conj [of 0] by auto

lemma nat_add_distrib: "0 ≤ z ⟹ 0 ≤ z' ⟹ nat (z + z') = nat z + nat z'"
by transfer clarsimp

lemma nat_diff_distrib': "0 ≤ x ⟹ 0 ≤ y ⟹ nat (x - y) = nat x - nat y"
by transfer clarsimp

lemma nat_diff_distrib: "0 ≤ z' ⟹ z' ≤ z ⟹ nat (z - z') = nat z - nat z'"
by (rule nat_diff_distrib') auto

lemma nat_zminus_int [simp]: "nat (- int n) = 0"
by transfer simp

lemma le_nat_iff: "k ≥ 0 ⟹ n ≤ nat k ⟷ int n ≤ k"
by transfer auto

lemma zless_nat_eq_int_zless: "m < nat z ⟷ int m < z"
by transfer (clarsimp simp add: less_diff_conv)

lemma (in ring_1) of_nat_nat [simp]: "0 ≤ z ⟹ of_nat (nat z) = of_int z"
by transfer (clarsimp simp add: of_nat_diff)

lemma diff_nat_numeral [simp]: "(numeral v :: nat) - numeral v' = nat (numeral v - numeral v')"
by (simp only: nat_diff_distrib' zero_le_numeral nat_numeral)

text ‹For termination proofs:›
lemma measure_function_int[measure_function]: "is_measure (nat ∘ abs)" ..

subsection ‹Lemmas about the Function @{term of_nat} and Orderings›

lemma negative_zless_0: "- (int (Suc n)) < (0 :: int)"
by (simp add: order_less_le del: of_nat_Suc)

lemma negative_zless [iff]: "- (int (Suc n)) < int m"
by (rule negative_zless_0 [THEN order_less_le_trans], simp)

lemma negative_zle_0: "- int n ≤ 0"

lemma negative_zle [iff]: "- int n ≤ int m"
by (rule order_trans [OF negative_zle_0 of_nat_0_le_iff])

lemma not_zle_0_negative [simp]: "¬ 0 ≤ - int (Suc n)"
by (subst le_minus_iff) (simp del: of_nat_Suc)

lemma int_zle_neg: "int n ≤ - int m ⟷ n = 0 ∧ m = 0"
by transfer simp

lemma not_int_zless_negative [simp]: "¬ int n < - int m"

lemma negative_eq_positive [simp]: "- int n = of_nat m ⟷ n = 0 ∧ m = 0"
by (force simp add: order_eq_iff [of "- of_nat n"] int_zle_neg)

lemma zle_iff_zadd: "w ≤ z ⟷ (∃n. z = w + int n)"
(is "?lhs ⟷ ?rhs")
proof
assume ?rhs
then show ?lhs by auto
next
assume ?lhs
then have "0 ≤ z - w" by simp
then obtain n where "z - w = int n"
using zero_le_imp_eq_int [of "z - w"] by blast
then have "z = w + int n" by simp
then show ?rhs ..
qed

lemma zadd_int_left: "int m + (int n + z) = int (m + n) + z"
by simp

text ‹
This version is proved for all ordered rings, not just integers!
It is proved here because attribute ‹arith_split› is not available
in theory ‹Rings›.
But is it really better than just rewriting with ‹abs_if›?
›
lemma abs_split [arith_split, no_atp]: "P ¦a¦ ⟷ (0 ≤ a ⟶ P a) ∧ (a < 0 ⟶ P (- a))"
for a :: "'a::linordered_idom"
by (force dest: order_less_le_trans simp add: abs_if linorder_not_less)

lemma negD: "x < 0 ⟹ ∃n. x = - (int (Suc n))"
apply transfer
apply clarsimp
apply (rule_tac x="b - Suc a" in exI)
apply arith
done

subsection ‹Cases and induction›

text ‹
Now we replace the case analysis rule by a more conventional one:
whether an integer is negative or not.
›

text ‹This version is symmetric in the two subgoals.›
lemma int_cases2 [case_names nonneg nonpos, cases type: int]:
"(⋀n. z = int n ⟹ P) ⟹ (⋀n. z = - (int n) ⟹ P) ⟹ P"
by (cases "z < 0") (auto simp add: linorder_not_less dest!: negD nat_0_le [THEN sym])

text ‹This is the default, with a negative case.›
lemma int_cases [case_names nonneg neg, cases type: int]:
"(⋀n. z = int n ⟹ P) ⟹ (⋀n. z = - (int (Suc n)) ⟹ P) ⟹ P"
apply (cases "z < 0")
apply (blast dest!: negD)
apply (simp add: linorder_not_less del: of_nat_Suc)
apply auto
apply (blast dest: nat_0_le [THEN sym])
done

lemma int_cases3 [case_names zero pos neg]:
fixes k :: int
assumes "k = 0 ⟹ P" and "⋀n. k = int n ⟹ n > 0 ⟹ P"
and "⋀n. k = - int n ⟹ n > 0 ⟹ P"
shows "P"
proof (cases k "0::int" rule: linorder_cases)
case equal
with assms(1) show P by simp
next
case greater
then have *: "nat k > 0" by simp
moreover from * have "k = int (nat k)" by auto
ultimately show P using assms(2) by blast
next
case less
then have *: "nat (- k) > 0" by simp
moreover from * have "k = - int (nat (- k))" by auto
ultimately show P using assms(3) by blast
qed

lemma int_of_nat_induct [case_names nonneg neg, induct type: int]:
"(⋀n. P (int n)) ⟹ (⋀n. P (- (int (Suc n)))) ⟹ P z"
by (cases z) auto

lemma Let_numeral [simp]: "Let (numeral v) f = f (numeral v)"
― ‹Unfold all ‹let›s involving constants›
by (fact Let_numeral) ― ‹FIXME drop›

lemma Let_neg_numeral [simp]: "Let (- numeral v) f = f (- numeral v)"
― ‹Unfold all ‹let›s involving constants›
by (fact Let_neg_numeral) ― ‹FIXME drop›

text ‹Unfold ‹min› and ‹max› on numerals.›

lemmas max_number_of [simp] =
max_def [of "numeral u" "numeral v"]
max_def [of "numeral u" "- numeral v"]
max_def [of "- numeral u" "numeral v"]
max_def [of "- numeral u" "- numeral v"] for u v

lemmas min_number_of [simp] =
min_def [of "numeral u" "numeral v"]
min_def [of "numeral u" "- numeral v"]
min_def [of "- numeral u" "numeral v"]
min_def [of "- numeral u" "- numeral v"] for u v

subsubsection ‹Binary comparisons›

text ‹Preliminaries›

lemma le_imp_0_less:
fixes z :: int
assumes le: "0 ≤ z"
shows "0 < 1 + z"
proof -
have "0 ≤ z" by fact
also have "… < z + 1" by (rule less_add_one)
also have "… = 1 + z" by (simp add: ac_simps)
finally show "0 < 1 + z" .
qed

lemma odd_less_0_iff: "1 + z + z < 0 ⟷ z < 0"
for z :: int
proof (cases z)
case (nonneg n)
then show ?thesis
next
case (neg n)
then show ?thesis
by (simp del: of_nat_Suc of_nat_add of_nat_1
qed

subsubsection ‹Comparisons, for Ordered Rings›

lemmas double_eq_0_iff = double_zero

lemma odd_nonzero: "1 + z + z ≠ 0"
for z :: int
proof (cases z)
case (nonneg n)
have le: "0 ≤ z + z"
then show ?thesis
using  le_imp_0_less [OF le] by (auto simp: add.assoc)
next
case (neg n)
show ?thesis
proof
assume eq: "1 + z + z = 0"
have "0 < 1 + (int n + int n)"
also have "… = - (1 + z + z)"
also have "… = 0" by (simp add: eq)
finally have "0<0" ..
then show False by blast
qed
qed

subsection ‹The Set of Integers›

context ring_1
begin

definition Ints :: "'a set"  ("ℤ")
where "ℤ = range of_int"

lemma Ints_of_int [simp]: "of_int z ∈ ℤ"

lemma Ints_of_nat [simp]: "of_nat n ∈ ℤ"
using Ints_of_int [of "of_nat n"] by simp

lemma Ints_0 [simp]: "0 ∈ ℤ"
using Ints_of_int [of "0"] by simp

lemma Ints_1 [simp]: "1 ∈ ℤ"
using Ints_of_int [of "1"] by simp

lemma Ints_numeral [simp]: "numeral n ∈ ℤ"
by (subst of_nat_numeral [symmetric], rule Ints_of_nat)

lemma Ints_add [simp]: "a ∈ ℤ ⟹ b ∈ ℤ ⟹ a + b ∈ ℤ"
apply (rule range_eqI)
done

lemma Ints_minus [simp]: "a ∈ ℤ ⟹ -a ∈ ℤ"
apply (rule range_eqI)
apply (rule of_int_minus [symmetric])
done

lemma Ints_diff [simp]: "a ∈ ℤ ⟹ b ∈ ℤ ⟹ a - b ∈ ℤ"
apply (rule range_eqI)
apply (rule of_int_diff [symmetric])
done

lemma Ints_mult [simp]: "a ∈ ℤ ⟹ b ∈ ℤ ⟹ a * b ∈ ℤ"
apply (rule range_eqI)
apply (rule of_int_mult [symmetric])
done

lemma Ints_power [simp]: "a ∈ ℤ ⟹ a ^ n ∈ ℤ"
by (induct n) simp_all

lemma Ints_cases [cases set: Ints]:
assumes "q ∈ ℤ"
obtains (of_int) z where "q = of_int z"
unfolding Ints_def
proof -
from ‹q ∈ ℤ› have "q ∈ range of_int" unfolding Ints_def .
then obtain z where "q = of_int z" ..
then show thesis ..
qed

lemma Ints_induct [case_names of_int, induct set: Ints]:
"q ∈ ℤ ⟹ (⋀z. P (of_int z)) ⟹ P q"
by (rule Ints_cases) auto

lemma Nats_subset_Ints: "ℕ ⊆ ℤ"
unfolding Nats_def Ints_def
by (rule subsetI, elim imageE, hypsubst, subst of_int_of_nat_eq[symmetric], rule imageI) simp_all

lemma Nats_altdef1: "ℕ = {of_int n |n. n ≥ 0}"
proof (intro subsetI equalityI)
fix x :: 'a
assume "x ∈ {of_int n |n. n ≥ 0}"
then obtain n where "x = of_int n" "n ≥ 0"
by (auto elim!: Ints_cases)
then have "x = of_nat (nat n)"
by (subst of_nat_nat) simp_all
then show "x ∈ ℕ"
by simp
next
fix x :: 'a
assume "x ∈ ℕ"
then obtain n where "x = of_nat n"
by (auto elim!: Nats_cases)
then have "x = of_int (int n)" by simp
also have "int n ≥ 0" by simp
then have "of_int (int n) ∈ {of_int n |n. n ≥ 0}" by blast
finally show "x ∈ {of_int n |n. n ≥ 0}" .
qed

end

lemma (in linordered_idom) Ints_abs [simp]:
shows "a ∈ ℤ ⟹ abs a ∈ ℤ"
by (auto simp: abs_if)

lemma (in linordered_idom) Nats_altdef2: "ℕ = {n ∈ ℤ. n ≥ 0}"
proof (intro subsetI equalityI)
fix x :: 'a
assume "x ∈ {n ∈ ℤ. n ≥ 0}"
then obtain n where "x = of_int n" "n ≥ 0"
by (auto elim!: Ints_cases)
then have "x = of_nat (nat n)"
by (subst of_nat_nat) simp_all
then show "x ∈ ℕ"
by simp
qed (auto elim!: Nats_cases)

lemma (in idom_divide) of_int_divide_in_Ints:
"of_int a div of_int b ∈ ℤ" if "b dvd a"
proof -
from that obtain c where "a = b * c" ..
then show ?thesis
by (cases "of_int b = 0") simp_all
qed

text ‹The premise involving @{term Ints} prevents @{term "a = 1/2"}.›

lemma Ints_double_eq_0_iff:
fixes a :: "'a::ring_char_0"
assumes in_Ints: "a ∈ ℤ"
shows "a + a = 0 ⟷ a = 0"
(is "?lhs ⟷ ?rhs")
proof -
from in_Ints have "a ∈ range of_int"
unfolding Ints_def [symmetric] .
then obtain z where a: "a = of_int z" ..
show ?thesis
proof
assume ?rhs
then show ?lhs by simp
next
assume ?lhs
with a have "of_int (z + z) = (of_int 0 :: 'a)" by simp
then have "z + z = 0" by (simp only: of_int_eq_iff)
then have "z = 0" by (simp only: double_eq_0_iff)
with a show ?rhs by simp
qed
qed

lemma Ints_odd_nonzero:
fixes a :: "'a::ring_char_0"
assumes in_Ints: "a ∈ ℤ"
shows "1 + a + a ≠ 0"
proof -
from in_Ints have "a ∈ range of_int"
unfolding Ints_def [symmetric] .
then obtain z where a: "a = of_int z" ..
show ?thesis
proof
assume "1 + a + a = 0"
with a have "of_int (1 + z + z) = (of_int 0 :: 'a)" by simp
then have "1 + z + z = 0" by (simp only: of_int_eq_iff)
with odd_nonzero show False by blast
qed
qed

lemma Nats_numeral [simp]: "numeral w ∈ ℕ"
using of_nat_in_Nats [of "numeral w"] by simp

lemma Ints_odd_less_0:
fixes a :: "'a::linordered_idom"
assumes in_Ints: "a ∈ ℤ"
shows "1 + a + a < 0 ⟷ a < 0"
proof -
from in_Ints have "a ∈ range of_int"
unfolding Ints_def [symmetric] .
then obtain z where a: "a = of_int z" ..
with a have "1 + a + a < 0 ⟷ of_int (1 + z + z) < (of_int 0 :: 'a)"
by simp
also have "… ⟷ z < 0"
by (simp only: of_int_less_iff odd_less_0_iff)
also have "… ⟷ a < 0"
finally show ?thesis .
qed

subsection ‹@{term sum} and @{term prod}›

lemma of_nat_sum [simp]: "of_nat (sum f A) = (∑x∈A. of_nat(f x))"
by (induct A rule: infinite_finite_induct) auto

lemma of_int_sum [simp]: "of_int (sum f A) = (∑x∈A. of_int(f x))"
by (induct A rule: infinite_finite_induct) auto

lemma of_nat_prod [simp]: "of_nat (prod f A) = (∏x∈A. of_nat(f x))"
by (induct A rule: infinite_finite_induct) auto

lemma of_int_prod [simp]: "of_int (prod f A) = (∏x∈A. of_int(f x))"
by (induct A rule: infinite_finite_induct) auto

text ‹Legacy theorems›

lemmas int_sum = of_nat_sum [where 'a=int]
lemmas int_prod = of_nat_prod [where 'a=int]
lemmas zle_int = of_nat_le_iff [where 'a=int]
lemmas int_int_eq = of_nat_eq_iff [where 'a=int]
lemmas nonneg_eq_int = nonneg_int_cases

subsection ‹Setting up simplification procedures›

lemmas of_int_simps =

ML_file "Tools/int_arith.ML"
declaration ‹K Int_Arith.setup›

simproc_setup fast_arith
("(m::'a::linordered_idom) < n" |
"(m::'a::linordered_idom) ≤ n" |
"(m::'a::linordered_idom) = n") =
‹K Lin_Arith.simproc›

subsection‹More Inequality Reasoning›

lemma zless_add1_eq: "w < z + 1 ⟷ w < z ∨ w = z"
for w z :: int
by arith

lemma add1_zle_eq: "w + 1 ≤ z ⟷ w < z"
for w z :: int
by arith

lemma zle_diff1_eq [simp]: "w ≤ z - 1 ⟷ w < z"
for w z :: int
by arith

lemma zle_add1_eq_le [simp]: "w < z + 1 ⟷ w ≤ z"
for w z :: int
by arith

lemma int_one_le_iff_zero_less: "1 ≤ z ⟷ 0 < z"
for z :: int
by arith

lemma Ints_nonzero_abs_ge1:
fixes x:: "'a :: linordered_idom"
assumes "x ∈ Ints" "x ≠ 0"
shows "1 ≤ abs x"
proof (rule Ints_cases [OF ‹x ∈ Ints›])
fix z::int
assume "x = of_int z"
with ‹x ≠ 0›
show "1 ≤ ¦x¦"
by (metis diff_0 of_int_1 of_int_le_iff of_int_minus zle_diff1_eq)
qed

lemma Ints_nonzero_abs_less1:
fixes x:: "'a :: linordered_idom"
shows "⟦x ∈ Ints; abs x < 1⟧ ⟹ x = 0"
using Ints_nonzero_abs_ge1 [of x] by auto

subsection ‹The functions @{term nat} and @{term int}›

text ‹Simplify the term @{term "w + - z"}.›

lemma one_less_nat_eq [simp]: "Suc 0 < nat z ⟷ 1 < z"
using zless_nat_conj [of 1 z] by auto

text ‹
This simplifies expressions of the form @{term "int n = z"} where
‹z› is an integer literal.
›
lemmas int_eq_iff_numeral [simp] = int_eq_iff [of _ "numeral v"] for v

lemma split_nat [arith_split]: "P (nat i) = ((∀n. i = int n ⟶ P n) ∧ (i < 0 ⟶ P 0))"
(is "?P = (?L ∧ ?R)")
for i :: int
proof (cases "i < 0")
case True
then show ?thesis by auto
next
case False
have "?P = ?L"
proof
assume ?P
then show ?L using False by auto
next
assume ?L
then show ?P using False by simp
qed
with False show ?thesis by simp
qed

lemma nat_abs_int_diff: "nat ¦int a - int b¦ = (if a ≤ b then b - a else a - b)"
by auto

lemma nat_int_add: "nat (int a + int b) = a + b"
by auto

context ring_1
begin

lemma of_int_of_nat [nitpick_simp]:
"of_int k = (if k < 0 then - of_nat (nat (- k)) else of_nat (nat k))"
proof (cases "k < 0")
case True
then have "0 ≤ - k" by simp
then have "of_nat (nat (- k)) = of_int (- k)" by (rule of_nat_nat)
with True show ?thesis by simp
next
case False
then show ?thesis by (simp add: not_less)
qed

end

lemma transfer_rule_of_int:
fixes R :: "'a::ring_1 ⇒ 'b::ring_1 ⇒ bool"
assumes [transfer_rule]: "R 0 0" "R 1 1"
"rel_fun R (rel_fun R R) plus plus"
"rel_fun R R uminus uminus"
shows "rel_fun HOL.eq R of_int of_int"
proof -
note transfer_rule_of_nat [transfer_rule]
have [transfer_rule]: "rel_fun HOL.eq R of_nat of_nat"
by transfer_prover
show ?thesis
by (unfold of_int_of_nat [abs_def]) transfer_prover
qed

lemma nat_mult_distrib:
fixes z z' :: int
assumes "0 ≤ z"
shows "nat (z * z') = nat z * nat z'"
proof (cases "0 ≤ z'")
case False
with assms have "z * z' ≤ 0"
then have "nat (z * z') = 0" by simp
moreover from False have "nat z' = 0" by simp
ultimately show ?thesis by simp
next
case True
with assms have ge_0: "z * z' ≥ 0" by (simp add: zero_le_mult_iff)
show ?thesis
by (rule injD [of "of_nat :: nat ⇒ int", OF inj_of_nat])
(simp only: of_nat_mult of_nat_nat [OF True]
of_nat_nat [OF assms] of_nat_nat [OF ge_0], simp)
qed

lemma nat_mult_distrib_neg: "z ≤ 0 ⟹ nat (z * z') = nat (- z) * nat (- z')"
for z z' :: int
apply (rule trans)
apply (rule_tac [2] nat_mult_distrib)
apply auto
done

lemma nat_abs_mult_distrib: "nat ¦w * z¦ = nat ¦w¦ * nat ¦z¦"
by (cases "z = 0 ∨ w = 0")
(auto simp add: abs_if nat_mult_distrib [symmetric]
nat_mult_distrib_neg [symmetric] mult_less_0_iff)

lemma int_in_range_abs [simp]: "int n ∈ range abs"
proof (rule range_eqI)
show "int n = ¦int n¦" by simp
qed

lemma range_abs_Nats [simp]: "range abs = (ℕ :: int set)"
proof -
have "¦k¦ ∈ ℕ" for k :: int
by (cases k) simp_all
moreover have "k ∈ range abs" if "k ∈ ℕ" for k :: int
using that by induct simp
ultimately show ?thesis by blast
qed

lemma Suc_nat_eq_nat_zadd1: "0 ≤ z ⟹ Suc (nat z) = nat (1 + z)"
for z :: int
by (rule sym) (simp add: nat_eq_iff)

lemma diff_nat_eq_if:
"nat z - nat z' =
(if z' < 0 then nat z
else
let d = z - z'
in if d < 0 then 0 else nat d)"
by (simp add: Let_def nat_diff_distrib [symmetric])

lemma nat_numeral_diff_1 [simp]: "numeral v - (1::nat) = nat (numeral v - 1)"
using diff_nat_numeral [of v Num.One] by simp

subsection ‹Induction principles for int›

text ‹Well-founded segments of the integers.›

definition int_ge_less_than :: "int ⇒ (int × int) set"
where "int_ge_less_than d = {(z', z). d ≤ z' ∧ z' < z}"

lemma wf_int_ge_less_than: "wf (int_ge_less_than d)"
proof -
have "int_ge_less_than d ⊆ measure (λz. nat (z - d))"
then show ?thesis
by (rule wf_subset [OF wf_measure])
qed

text ‹
This variant looks odd, but is typical of the relations suggested
by RankFinder.›

definition int_ge_less_than2 :: "int ⇒ (int × int) set"
where "int_ge_less_than2 d = {(z',z). d ≤ z ∧ z' < z}"

lemma wf_int_ge_less_than2: "wf (int_ge_less_than2 d)"
proof -
have "int_ge_less_than2 d ⊆ measure (λz. nat (1 + z - d))"
then show ?thesis
by (rule wf_subset [OF wf_measure])
qed

(* `set:int': dummy construction *)
theorem int_ge_induct [case_names base step, induct set: int]:
fixes i :: int
assumes ge: "k ≤ i"
and base: "P k"
and step: "⋀i. k ≤ i ⟹ P i ⟹ P (i + 1)"
shows "P i"
proof -
have "⋀i::int. n = nat (i - k) ⟹ k ≤ i ⟹ P i" for n
proof (induct n)
case 0
then have "i = k" by arith
with base show "P i" by simp
next
case (Suc n)
then have "n = nat ((i - 1) - k)" by arith
moreover have k: "k ≤ i - 1" using Suc.prems by arith
ultimately have "P (i - 1)" by (rule Suc.hyps)
from step [OF k this] show ?case by simp
qed
with ge show ?thesis by fast
qed

(* `set:int': dummy construction *)
theorem int_gr_induct [case_names base step, induct set: int]:
fixes i k :: int
assumes gr: "k < i"
and base: "P (k + 1)"
and step: "⋀i. k < i ⟹ P i ⟹ P (i + 1)"
shows "P i"
apply (rule int_ge_induct[of "k + 1"])
using gr apply arith
apply (rule base)
apply (rule step)
apply simp_all
done

theorem int_le_induct [consumes 1, case_names base step]:
fixes i k :: int
assumes le: "i ≤ k"
and base: "P k"
and step: "⋀i. i ≤ k ⟹ P i ⟹ P (i - 1)"
shows "P i"
proof -
have "⋀i::int. n = nat(k-i) ⟹ i ≤ k ⟹ P i" for n
proof (induct n)
case 0
then have "i = k" by arith
with base show "P i" by simp
next
case (Suc n)
then have "n = nat (k - (i + 1))" by arith
moreover have k: "i + 1 ≤ k" using Suc.prems by arith
ultimately have "P (i + 1)" by (rule Suc.hyps)
from step[OF k this] show ?case by simp
qed
with le show ?thesis by fast
qed

theorem int_less_induct [consumes 1, case_names base step]:
fixes i k :: int
assumes less: "i < k"
and base: "P (k - 1)"
and step: "⋀i. i < k ⟹ P i ⟹ P (i - 1)"
shows "P i"
apply (rule int_le_induct[of _ "k - 1"])
using less apply arith
apply (rule base)
apply (rule step)
apply simp_all
done

theorem int_induct [case_names base step1 step2]:
fixes k :: int
assumes base: "P k"
and step1: "⋀i. k ≤ i ⟹ P i ⟹ P (i + 1)"
and step2: "⋀i. k ≥ i ⟹ P i ⟹ P (i - 1)"
shows "P i"
proof -
have "i ≤ k ∨ i ≥ k" by arith
then show ?thesis
proof
assume "i ≥ k"
then show ?thesis
using base by (rule int_ge_induct) (fact step1)
next
assume "i ≤ k"
then show ?thesis
using base by (rule int_le_induct) (fact step2)
qed
qed

subsection ‹Intermediate value theorems›

lemma int_val_lemma: "(∀i<n. ¦f (i + 1) - f i¦ ≤ 1) ⟶ f 0 ≤ k ⟶ k ≤ f n ⟶ (∃i ≤ n. f i = k)"
for n :: nat and k :: int
unfolding One_nat_def
apply (induct n)
apply simp
apply (intro strip)
apply (erule impE)
apply simp
apply (erule_tac x = n in allE)
apply simp
apply (case_tac "k = f (Suc n)")
apply force
apply (erule impE)
apply (simp add: abs_if split: if_split_asm)
apply (blast intro: le_SucI)
done

lemmas nat0_intermed_int_val = int_val_lemma [rule_format (no_asm)]

lemma nat_intermed_int_val:
"∀i. m ≤ i ∧ i < n ⟶ ¦f (i + 1) - f i¦ ≤ 1 ⟹ m < n ⟹
f m ≤ k ⟹ k ≤ f n ⟹ ∃i. m ≤ i ∧ i ≤ n ∧ f i = k"
for f :: "nat ⇒ int" and k :: int
apply (cut_tac n = "n-m" and f = "λi. f (i + m)" and k = k in int_val_lemma)
unfolding One_nat_def
apply simp
apply (erule exE)
apply (rule_tac x = "i+m" in exI)
apply arith
done

subsection ‹Products and 1, by T. M. Rasmussen›

lemma abs_zmult_eq_1:
fixes m n :: int
assumes mn: "¦m * n¦ = 1"
shows "¦m¦ = 1"
proof -
from mn have 0: "m ≠ 0" "n ≠ 0" by auto
have "¬ 2 ≤ ¦m¦"
proof
assume "2 ≤ ¦m¦"
then have "2 * ¦n¦ ≤ ¦m¦ * ¦n¦" by (simp add: mult_mono 0)
also have "… = ¦m * n¦" by (simp add: abs_mult)
also from mn have "… = 1" by simp
finally have "2 * ¦n¦ ≤ 1" .
with 0 show "False" by arith
qed
with 0 show ?thesis by auto
qed

lemma pos_zmult_eq_1_iff_lemma: "m * n = 1 ⟹ m = 1 ∨ m = - 1"
for m n :: int
using abs_zmult_eq_1 [of m n] by arith

lemma pos_zmult_eq_1_iff:
fixes m n :: int
assumes "0 < m"
shows "m * n = 1 ⟷ m = 1 ∧ n = 1"
proof -
from assms have "m * n = 1 ⟹ m = 1"
by (auto dest: pos_zmult_eq_1_iff_lemma)
then show ?thesis
by (auto dest: pos_zmult_eq_1_iff_lemma)
qed

lemma zmult_eq_1_iff: "m * n = 1 ⟷ (m = 1 ∧ n = 1) ∨ (m = - 1 ∧ n = - 1)"
for m n :: int
apply (rule iffI)
apply (frule pos_zmult_eq_1_iff_lemma)
apply (simp add: mult.commute [of m])
apply (frule pos_zmult_eq_1_iff_lemma)
apply auto
done

lemma infinite_UNIV_int: "¬ finite (UNIV::int set)"
proof
assume "finite (UNIV::int set)"
moreover have "inj (λi::int. 2 * i)"
by (rule injI) simp
ultimately have "surj (λi::int. 2 * i)"
by (rule finite_UNIV_inj_surj)
then obtain i :: int where "1 = 2 * i" by (rule surjE)
then show False by (simp add: pos_zmult_eq_1_iff)
qed

subsection ‹Further theorems on numerals›

subsubsection ‹Special Simplification for Constants›

text ‹These distributive laws move literals inside sums and differences.›

lemmas distrib_right_numeral [simp] = distrib_right [of _ _ "numeral v"] for v
lemmas distrib_left_numeral [simp] = distrib_left [of "numeral v"] for v
lemmas left_diff_distrib_numeral [simp] = left_diff_distrib [of _ _ "numeral v"] for v
lemmas right_diff_distrib_numeral [simp] = right_diff_distrib [of "numeral v"] for v

text ‹These are actually for fields, like real: but where else to put them?›

lemmas zero_less_divide_iff_numeral [simp, no_atp] = zero_less_divide_iff [of "numeral w"] for w
lemmas divide_less_0_iff_numeral [simp, no_atp] = divide_less_0_iff [of "numeral w"] for w
lemmas zero_le_divide_iff_numeral [simp, no_atp] = zero_le_divide_iff [of "numeral w"] for w
lemmas divide_le_0_iff_numeral [simp, no_atp] = divide_le_0_iff [of "numeral w"] for w

text ‹Replaces ‹inverse #nn› by ‹1/#nn›.  It looks
strange, but then other simprocs simplify the quotient.›

lemmas inverse_eq_divide_numeral [simp] =
inverse_eq_divide [of "numeral w"] for w

lemmas inverse_eq_divide_neg_numeral [simp] =
inverse_eq_divide [of "- numeral w"] for w

text ‹These laws simplify inequalities, moving unary minus from a term
into the literal.›

lemmas equation_minus_iff_numeral [no_atp] =
equation_minus_iff [of "numeral v"] for v

lemmas minus_equation_iff_numeral [no_atp] =
minus_equation_iff [of _ "numeral v"] for v

lemmas le_minus_iff_numeral [no_atp] =
le_minus_iff [of "numeral v"] for v

lemmas minus_le_iff_numeral [no_atp] =
minus_le_iff [of _ "numeral v"] for v

lemmas less_minus_iff_numeral [no_atp] =
less_minus_iff [of "numeral v"] for v

lemmas minus_less_iff_numeral [no_atp] =
minus_less_iff [of _ "numeral v"] for v

(* FIXME maybe simproc *)

text ‹Cancellation of constant factors in comparisons (‹<› and ‹≤›)›

lemmas mult_less_cancel_left_numeral [simp, no_atp] = mult_less_cancel_left [of "numeral v"] for v
lemmas mult_less_cancel_right_numeral [simp, no_atp] = mult_less_cancel_right [of _ "numeral v"] for v
lemmas mult_le_cancel_left_numeral [simp, no_atp] = mult_le_cancel_left [of "numeral v"] for v
lemmas mult_le_cancel_right_numeral [simp, no_atp] = mult_le_cancel_right [of _ "numeral v"] for v

text ‹Multiplying out constant divisors in comparisons (‹<›, ‹≤› and ‹=›)›

named_theorems divide_const_simps "simplification rules to simplify comparisons involving constant divisors"

lemmas le_divide_eq_numeral1 [simp,divide_const_simps] =
pos_le_divide_eq [of "numeral w", OF zero_less_numeral]
neg_le_divide_eq [of "- numeral w", OF neg_numeral_less_zero] for w

lemmas divide_le_eq_numeral1 [simp,divide_const_simps] =
pos_divide_le_eq [of "numeral w", OF zero_less_numeral]
neg_divide_le_eq [of "- numeral w", OF neg_numeral_less_zero] for w

lemmas less_divide_eq_numeral1 [simp,divide_const_simps] =
pos_less_divide_eq [of "numeral w", OF zero_less_numeral]
neg_less_divide_eq [of "- numeral w", OF neg_numeral_less_zero] for w

lemmas divide_less_eq_numeral1 [simp,divide_const_simps] =
pos_divide_less_eq [of "numeral w", OF zero_less_numeral]
neg_divide_less_eq [of "- numeral w", OF neg_numeral_less_zero] for w

lemmas eq_divide_eq_numeral1 [simp,divide_const_simps] =
eq_divide_eq [of _ _ "numeral w"]
eq_divide_eq [of _ _ "- numeral w"] for w

lemmas divide_eq_eq_numeral1 [simp,divide_const_simps] =
divide_eq_eq [of _ "numeral w"]
divide_eq_eq [of _ "- numeral w"] for w

subsubsection ‹Optional Simplification Rules Involving Constants›

text ‹Simplify quotients that are compared with a literal constant.›

lemmas le_divide_eq_numeral [divide_const_simps] =
le_divide_eq [of "numeral w"]
le_divide_eq [of "- numeral w"] for w

lemmas divide_le_eq_numeral [divide_const_simps] =
divide_le_eq [of _ _ "numeral w"]
divide_le_eq [of _ _ "- numeral w"] for w

lemmas less_divide_eq_numeral [divide_const_simps] =
less_divide_eq [of "numeral w"]
less_divide_eq [of "- numeral w"] for w

lemmas divide_less_eq_numeral [divide_const_simps] =
divide_less_eq [of _ _ "numeral w"]
divide_less_eq [of _ _ "- numeral w"] for w

lemmas eq_divide_eq_numeral [divide_const_simps] =
eq_divide_eq [of "numeral w"]
eq_divide_eq [of "- numeral w"] for w

lemmas divide_eq_eq_numeral [divide_const_simps] =
divide_eq_eq [of _ _ "numeral w"]
divide_eq_eq [of _ _ "- numeral w"] for w

text ‹Not good as automatic simprules because they cause case splits.›
lemmas [divide_const_simps] =
le_divide_eq_1 divide_le_eq_1 less_divide_eq_1 divide_less_eq_1

subsection ‹The divides relation›

lemma zdvd_antisym_nonneg: "0 ≤ m ⟹ 0 ≤ n ⟹ m dvd n ⟹ n dvd m ⟹ m = n"
for m n :: int
by (auto simp add: dvd_def mult.assoc zero_le_mult_iff zmult_eq_1_iff)

lemma zdvd_antisym_abs:
fixes a b :: int
assumes "a dvd b" and "b dvd a"
shows "¦a¦ = ¦b¦"
proof (cases "a = 0")
case True
with assms show ?thesis by simp
next
case False
from ‹a dvd b› obtain k where k: "b = a * k"
unfolding dvd_def by blast
from ‹b dvd a› obtain k' where k': "a = b * k'"
unfolding dvd_def by blast
from k k' have "a = a * k * k'" by simp
with mult_cancel_left1[where c="a" and b="k*k'"] have kk': "k * k' = 1"
using ‹a ≠ 0› by (simp add: mult.assoc)
then have "k = 1 ∧ k' = 1 ∨ k = -1 ∧ k' = -1"
with k k' show ?thesis by auto
qed

lemma zdvd_zdiffD: "k dvd m - n ⟹ k dvd n ⟹ k dvd m"
for k m n :: int
using dvd_add_right_iff [of k "- n" m] by simp

lemma zdvd_reduce: "k dvd n + k * m ⟷ k dvd n"
for k m n :: int

lemma dvd_imp_le_int:
fixes d i :: int
assumes "i ≠ 0" and "d dvd i"
shows "¦d¦ ≤ ¦i¦"
proof -
from ‹d dvd i› obtain k where "i = d * k" ..
with ‹i ≠ 0› have "k ≠ 0" by auto
then have "1 ≤ ¦k¦" and "0 ≤ ¦d¦" by auto
then have "¦d¦ * 1 ≤ ¦d¦ * ¦k¦" by (rule mult_left_mono)
with ‹i = d * k› show ?thesis by (simp add: abs_mult)
qed

lemma zdvd_not_zless:
fixes m n :: int
assumes "0 < m" and "m < n"
shows "¬ n dvd m"
proof
from assms have "0 < n" by auto
assume "n dvd m" then obtain k where k: "m = n * k" ..
with ‹0 < m› have "0 < n * k" by auto
with ‹0 < n› have "0 < k" by (simp add: zero_less_mult_iff)
with k ‹0 < n› ‹m < n› have "n * k < n * 1" by simp
with ‹0 < n› ‹0 < k› show False unfolding mult_less_cancel_left by auto
qed

lemma zdvd_mult_cancel:
fixes k m n :: int
assumes d: "k * m dvd k * n"
and "k ≠ 0"
shows "m dvd n"
proof -
from d obtain h where h: "k * n = k * m * h"
unfolding dvd_def by blast
have "n = m * h"
proof (rule ccontr)
assume "¬ ?thesis"
with ‹k ≠ 0› have "k * n ≠ k * (m * h)" by simp
with h show False
qed
then show ?thesis by simp
qed

theorem zdvd_int: "x dvd y ⟷ int x dvd int y"
proof -
have "x dvd y" if "int y = int x * k" for k
proof (cases k)
case (nonneg n)
with that have "y = x * n"
by (simp del: of_nat_mult add: of_nat_mult [symmetric])
then show ?thesis ..
next
case (neg n)
with that have "int y = int x * (- int (Suc n))"
by simp
also have "… = - (int x * int (Suc n))"
by (simp only: mult_minus_right)
also have "… = - int (x * Suc n)"
by (simp only: of_nat_mult [symmetric])
finally have "- int (x * Suc n) = int y" ..
then show ?thesis
by (simp only: negative_eq_positive) auto
qed
then show ?thesis
by (auto elim!: dvdE simp only: dvd_triv_left of_nat_mult)
qed

lemma zdvd1_eq[simp]: "x dvd 1 ⟷ ¦x¦ = 1"
(is "?lhs ⟷ ?rhs")
for x :: int
proof
assume ?lhs
then have "int (nat ¦x¦) dvd int (nat 1)" by simp
then have "nat ¦x¦ dvd 1" by (simp add: zdvd_int)
then have "nat ¦x¦ = 1" by simp
then show ?rhs by (cases "x < 0") auto
next
assume ?rhs
then have "x = 1 ∨ x = - 1" by auto
then show ?lhs by (auto intro: dvdI)
qed

lemma zdvd_mult_cancel1:
fixes m :: int
assumes mp: "m ≠ 0"
shows "m * n dvd m ⟷ ¦n¦ = 1"
(is "?lhs ⟷ ?rhs")
proof
assume ?rhs
then show ?lhs
by (cases "n > 0") (auto simp add: minus_equation_iff)
next
assume ?lhs
then have "m * n dvd m * 1" by simp
from zdvd_mult_cancel[OF this mp] show ?rhs
by (simp only: zdvd1_eq)
qed

lemma int_dvd_iff: "int m dvd z ⟷ m dvd nat ¦z¦"
by (cases "z ≥ 0") (simp_all add: zdvd_int)

lemma dvd_int_iff: "z dvd int m ⟷ nat ¦z¦ dvd m"
by (cases "z ≥ 0") (simp_all add: zdvd_int)

lemma dvd_int_unfold_dvd_nat: "k dvd l ⟷ nat ¦k¦ dvd nat ¦l¦"

lemma nat_dvd_iff: "nat z dvd m ⟷ (if 0 ≤ z then z dvd int m else m = 0)"

lemma eq_nat_nat_iff: "0 ≤ z ⟹ 0 ≤ z' ⟹ nat z = nat z' ⟷ z = z'"
by (auto elim!: nonneg_eq_int)

lemma nat_power_eq: "0 ≤ z ⟹ nat (z ^ n) = nat z ^ n"
by (induct n) (simp_all add: nat_mult_distrib)

lemma zdvd_imp_le: "z dvd n ⟹ 0 < n ⟹ z ≤ n"
for n z :: int
apply (cases n)
apply (cases z)
done

lemma zdvd_period:
fixes a d :: int
assumes "a dvd d"
shows "a dvd (x + t) ⟷ a dvd ((x + c * d) + t)"
(is "?lhs ⟷ ?rhs")
proof -
from assms obtain k where "d = a * k" by (rule dvdE)
show ?thesis
proof
assume ?lhs
then obtain l where "x + t = a * l" by (rule dvdE)
then have "x = a * l - t" by simp
with ‹d = a * k› show ?rhs by simp
next
assume ?rhs
then obtain l where "x + c * d + t = a * l" by (rule dvdE)
then have "x = a * l - c * d - t" by simp
with ‹d = a * k› show ?lhs by simp
qed
qed

subsection ‹Finiteness of intervals›

lemma finite_interval_int1 [iff]: "finite {i :: int. a ≤ i ∧ i ≤ b}"
proof (cases "a ≤ b")
case True
then show ?thesis
proof (induct b rule: int_ge_induct)
case base
have "{i. a ≤ i ∧ i ≤ a} = {a}" by auto
then show ?case by simp
next
case (step b)
then have "{i. a ≤ i ∧ i ≤ b + 1} = {i. a ≤ i ∧ i ≤ b} ∪ {b + 1}" by auto
with step show ?case by simp
qed
next
case False
then show ?thesis
by (metis (lifting, no_types) Collect_empty_eq finite.emptyI order_trans)
qed

lemma finite_interval_int2 [iff]: "finite {i :: int. a ≤ i ∧ i < b}"
by (rule rev_finite_subset[OF finite_interval_int1[of "a" "b"]]) auto

lemma finite_interval_int3 [iff]: "finite {i :: int. a < i ∧ i ≤ b}"
by (rule rev_finite_subset[OF finite_interval_int1[of "a" "b"]]) auto

lemma finite_interval_int4 [iff]: "finite {i :: int. a < i ∧ i < b}"
by (rule rev_finite_subset[OF finite_interval_int1[of "a" "b"]]) auto

subsection ‹Configuration of the code generator›

text ‹Constructors›

definition Pos :: "num ⇒ int"
where [simp, code_abbrev]: "Pos = numeral"

definition Neg :: "num ⇒ int"
where [simp, code_abbrev]: "Neg n = - (Pos n)"

code_datatype "0::int" Pos Neg

text ‹Auxiliary operations.›

definition dup :: "int ⇒ int"
where [simp]: "dup k = k + k"

lemma dup_code [code]:
"dup 0 = 0"
"dup (Pos n) = Pos (Num.Bit0 n)"
"dup (Neg n) = Neg (Num.Bit0 n)"

definition sub :: "num ⇒ num ⇒ int"
where [simp]: "sub m n = numeral m - numeral n"

lemma sub_code [code]:
"sub Num.One Num.One = 0"
"sub (Num.Bit0 m) Num.One = Pos (Num.BitM m)"
"sub (Num.Bit1 m) Num.One = Pos (Num.Bit0 m)"
"sub Num.One (Num.Bit0 n) = Neg (Num.BitM n)"
"sub Num.One (Num.Bit1 n) = Neg (Num.Bit0 n)"
"sub (Num.Bit0 m) (Num.Bit0 n) = dup (sub m n)"
"sub (Num.Bit1 m) (Num.Bit1 n) = dup (sub m n)"
"sub (Num.Bit1 m) (Num.Bit0 n) = dup (sub m n) + 1"
"sub (Num.Bit0 m) (Num.Bit1 n) = dup (sub m n) - 1"
by (simp_all only: sub_def dup_def numeral.simps Pos_def Neg_def numeral_BitM)

text ‹Implementations.›

lemma one_int_code [code]: "1 = Pos Num.One"
by simp

lemma plus_int_code [code]:
"k + 0 = k"
"0 + l = l"
"Pos m + Pos n = Pos (m + n)"
"Pos m + Neg n = sub m n"
"Neg m + Pos n = sub n m"
"Neg m + Neg n = Neg (m + n)"
for k l :: int
by simp_all

lemma uminus_int_code [code]:
"uminus 0 = (0::int)"
"uminus (Pos m) = Neg m"
"uminus (Neg m) = Pos m"
by simp_all

lemma minus_int_code [code]:
"k - 0 = k"
"0 - l = uminus l"
"Pos m - Pos n = sub m n"
"Pos m - Neg n = Pos (m + n)"
"Neg m - Pos n = Neg (m + n)"
"Neg m - Neg n = sub n m"
for k l :: int
by simp_all

lemma times_int_code [code]:
"k * 0 = 0"
"0 * l = 0"
"Pos m * Pos n = Pos (m * n)"
"Pos m * Neg n = Neg (m * n)"
"Neg m * Pos n = Neg (m * n)"
"Neg m * Neg n = Pos (m * n)"
for k l :: int
by simp_all

instantiation int :: equal
begin

definition "HOL.equal k l ⟷ k = (l::int)"

instance
by standard (rule equal_int_def)

end

lemma equal_int_code [code]:
"HOL.equal 0 (0::int) ⟷ True"
"HOL.equal 0 (Pos l) ⟷ False"
"HOL.equal 0 (Neg l) ⟷ False"
"HOL.equal (Pos k) 0 ⟷ False"
"HOL.equal (Pos k) (Pos l) ⟷ HOL.equal k l"
"HOL.equal (Pos k) (Neg l) ⟷ False"
"HOL.equal (Neg k) 0 ⟷ False"
"HOL.equal (Neg k) (Pos l) ⟷ False"
"HOL.equal (Neg k) (Neg l) ⟷ HOL.equal k l"

lemma equal_int_refl [code nbe]: "HOL.equal k k ⟷ True"
for k :: int
by (fact equal_refl)

lemma less_eq_int_code [code]:
"0 ≤ (0::int) ⟷ True"
"0 ≤ Pos l ⟷ True"
"0 ≤ Neg l ⟷ False"
"Pos k ≤ 0 ⟷ False"
"Pos k ≤ Pos l ⟷ k ≤ l"
"Pos k ≤ Neg l ⟷ False"
"Neg k ≤ 0 ⟷ True"
"Neg k ≤ Pos l ⟷ True"
"Neg k ≤ Neg l ⟷ l ≤ k"
by simp_all

lemma less_int_code [code]:
"0 < (0::int) ⟷ False"
"0 < Pos l ⟷ True"
"0 < Neg l ⟷ False"
"Pos k < 0 ⟷ False"
"Pos k < Pos l ⟷ k < l"
"Pos k < Neg l ⟷ False"
"Neg k < 0 ⟷ True"
"Neg k < Pos l ⟷ True"
"Neg k < Neg l ⟷ l < k"
by simp_all

lemma nat_code [code]:
"nat (Int.Neg k) = 0"
"nat 0 = 0"
"nat (Int.Pos k) = nat_of_num k"

lemma (in ring_1) of_int_code [code]:
"of_int (Int.Neg k) = - numeral k"
"of_int 0 = 0"
"of_int (Int.Pos k) = numeral k"
by simp_all

text ‹Serializer setup.›

code_identifier
code_module Int ⇀ (SML) Arith and (OCaml) Arith and (Haskell) Arith

quickcheck_params [default_type = int]

hide_const (open) Pos Neg sub dup

text ‹De-register ‹int› as a quotient type:›

lifting_update int.lifting
lifting_forget int.lifting

end
```