doc-src/TutorialI/Types/numerics.tex
author paulson
Thu May 08 12:52:15 2003 +0200 (2003-05-08)
changeset 13979 4c3a638828b9
parent 13750 b5cd10cb106b
child 13983 afc0dadddaa4
permissions -rw-r--r--
HOL-Complex
paulson@10794
     1
% $Id$
paulson@11389
     2
paulson@11389
     3
\section{Numbers}
paulson@11389
     4
\label{sec:numbers}
paulson@11389
     5
paulson@11494
     6
\index{numbers|(}%
paulson@11174
     7
Until now, our numerical examples have used the type of \textbf{natural
paulson@11174
     8
numbers},
paulson@10594
     9
\isa{nat}.  This is a recursive datatype generated by the constructors
paulson@10594
    10
zero  and successor, so it works well with inductive proofs and primitive
paulson@11174
    11
recursive function definitions.  HOL also provides the type
paulson@10794
    12
\isa{int} of \textbf{integers}, which lack induction but support true
paulson@11174
    13
subtraction.  The integers are preferable to the natural numbers for reasoning about
paulson@11174
    14
complicated arithmetic expressions, even for some expressions whose
paulson@13979
    15
value is non-negative.  The logic HOL-Complex also has the types
paulson@13979
    16
\isa{real} and \isa{complex}: the real and complex numbers.  Isabelle has no 
paulson@13979
    17
subtyping,  so the numeric
paulson@13979
    18
types are distinct and there are functions to convert between them.
paulson@11174
    19
Fortunately most numeric operations are overloaded: the same symbol can be
paulson@11174
    20
used at all numeric types. Table~\ref{tab:overloading} in the appendix
paulson@11174
    21
shows the most important operations, together with the priorities of the
paulson@11174
    22
infix symbols.
paulson@10594
    23
paulson@11416
    24
\index{linear arithmetic}%
paulson@10594
    25
Many theorems involving numeric types can be proved automatically by
paulson@10594
    26
Isabelle's arithmetic decision procedure, the method
paulson@11416
    27
\methdx{arith}.  Linear arithmetic comprises addition, subtraction
paulson@10594
    28
and multiplication by constant factors; subterms involving other operators
paulson@10594
    29
are regarded as variables.  The procedure can be slow, especially if the
paulson@10594
    30
subgoal to be proved involves subtraction over type \isa{nat}, which 
paulson@10594
    31
causes case splits.  
paulson@10594
    32
paulson@10594
    33
The simplifier reduces arithmetic expressions in other
paulson@10594
    34
ways, such as dividing through by common factors.  For problems that lie
paulson@10881
    35
outside the scope of automation, HOL provides hundreds of
paulson@10594
    36
theorems about multiplication, division, etc., that can be brought to
paulson@10881
    37
bear.  You can locate them using Proof General's Find
paulson@10881
    38
button.  A few lemmas are given below to show what
paulson@10794
    39
is available.
paulson@10594
    40
paulson@10594
    41
\subsection{Numeric Literals}
nipkow@10779
    42
\label{sec:numerals}
paulson@10594
    43
paulson@11416
    44
\index{numeric literals|(}%
paulson@12156
    45
The constants \cdx{0} and \cdx{1} are overloaded.  They denote zero and one,
paulson@12156
    46
respectively, for all numeric types.  Other values are expressed by numeric
paulson@12156
    47
literals, which consist of one or more decimal digits optionally preceeded by
paulson@12156
    48
a minus sign (\isa{-}).  Examples are \isa{2}, \isa{-3} and
paulson@12156
    49
\isa{441223334678}.  Literals are available for the types of natural numbers,
paulson@12156
    50
integers and reals; they denote integer values of arbitrary size.
paulson@10594
    51
paulson@10594
    52
Literals look like constants, but they abbreviate 
paulson@12156
    53
terms representing the number in a two's complement binary notation. 
paulson@10794
    54
Isabelle performs arithmetic on literals by rewriting rather 
paulson@10594
    55
than using the hardware arithmetic. In most cases arithmetic 
paulson@10594
    56
is fast enough, even for large numbers. The arithmetic operations 
paulson@10794
    57
provided for literals include addition, subtraction, multiplication, 
paulson@10794
    58
integer division and remainder.  Fractions of literals (expressed using
paulson@10794
    59
division) are reduced to lowest terms.
paulson@10594
    60
paulson@11416
    61
\begin{warn}\index{overloading!and arithmetic}
paulson@10794
    62
The arithmetic operators are 
paulson@10594
    63
overloaded, so you must be careful to ensure that each numeric 
paulson@10594
    64
expression refers to a specific type, if necessary by inserting 
paulson@10594
    65
type constraints.  Here is an example of what can go wrong:
paulson@10794
    66
\par
paulson@10594
    67
\begin{isabelle}
paulson@12156
    68
\isacommand{lemma}\ "2\ *\ m\ =\ m\ +\ m"
paulson@10594
    69
\end{isabelle}
paulson@10594
    70
%
paulson@10594
    71
Carefully observe how Isabelle displays the subgoal:
paulson@10594
    72
\begin{isabelle}
paulson@12156
    73
\ 1.\ (2::'a)\ *\ m\ =\ m\ +\ m
paulson@10594
    74
\end{isabelle}
paulson@12156
    75
The type \isa{'a} given for the literal \isa{2} warns us that no numeric
paulson@10594
    76
type has been specified.  The problem is underspecified.  Given a type
paulson@10594
    77
constraint such as \isa{nat}, \isa{int} or \isa{real}, it becomes trivial.
paulson@10794
    78
\end{warn}
paulson@10794
    79
paulson@10881
    80
\begin{warn}
paulson@11428
    81
\index{recdef@\isacommand {recdef} (command)!and numeric literals}  
paulson@11416
    82
Numeric literals are not constructors and therefore
paulson@11416
    83
must not be used in patterns.  For example, this declaration is
paulson@11416
    84
rejected:
paulson@10881
    85
\begin{isabelle}
paulson@10881
    86
\isacommand{recdef}\ h\ "\isacharbraceleft \isacharbraceright "\isanewline
paulson@12156
    87
"h\ 3\ =\ 2"\isanewline
nipkow@11148
    88
"h\ i\ \ =\ i"
paulson@10881
    89
\end{isabelle}
paulson@10881
    90
paulson@10881
    91
You should use a conditional expression instead:
paulson@10881
    92
\begin{isabelle}
paulson@12156
    93
"h\ i\ =\ (if\ i\ =\ 3\ then\ 2\ else\ i)"
paulson@10881
    94
\end{isabelle}
paulson@11416
    95
\index{numeric literals|)}
paulson@10881
    96
\end{warn}
paulson@10881
    97
paulson@10594
    98
paulson@10594
    99
nipkow@11216
   100
\subsection{The Type of Natural Numbers, {\tt\slshape nat}}
paulson@10594
   101
paulson@11416
   102
\index{natural numbers|(}\index{*nat (type)|(}%
paulson@10594
   103
This type requires no introduction: we have been using it from the
paulson@10794
   104
beginning.  Hundreds of theorems about the natural numbers are
paulson@10594
   105
proved in the theories \isa{Nat}, \isa{NatArith} and \isa{Divides}.  Only
paulson@10594
   106
in exceptional circumstances should you resort to induction.
paulson@10594
   107
paulson@10594
   108
\subsubsection{Literals}
paulson@11416
   109
\index{numeric literals!for type \protect\isa{nat}}%
paulson@12156
   110
The notational options for the natural  numbers are confusing.  Recall that an
paulson@12156
   111
overloaded constant can be defined independently for each type; the definition
paulson@12156
   112
of \cdx{1} for type \isa{nat} is
paulson@12156
   113
\begin{isabelle}
paulson@12156
   114
1\ \isasymequiv\ Suc\ 0
paulson@12156
   115
\rulename{One_nat_def}
paulson@12156
   116
\end{isabelle}
paulson@12156
   117
This is installed as a simplification rule, so the simplifier will replace
paulson@12156
   118
every occurrence of \isa{1::nat} by \isa{Suc\ 0}.  Literals are obviously
paulson@12156
   119
better than nested \isa{Suc}s at expressing large values.  But many theorems,
paulson@12156
   120
including the rewrite rules for primitive recursive functions, can only be
paulson@12156
   121
applied to terms of the form \isa{Suc\ $n$}.
paulson@12156
   122
paulson@12156
   123
The following default  simplification rules replace
paulson@10794
   124
small literals by zero and successor: 
paulson@10594
   125
\begin{isabelle}
paulson@12156
   126
2\ +\ n\ =\ Suc\ (Suc\ n)
paulson@10594
   127
\rulename{add_2_eq_Suc}\isanewline
paulson@12156
   128
n\ +\ 2\ =\ Suc\ (Suc\ n)
paulson@10594
   129
\rulename{add_2_eq_Suc'}
paulson@10594
   130
\end{isabelle}
paulson@12156
   131
It is less easy to transform \isa{100} into \isa{Suc\ 99} (for example), and
paulson@12156
   132
the simplifier will normally reverse this transformation.  Novices should
paulson@12156
   133
express natural numbers using \isa{0} and \isa{Suc} only.
paulson@10594
   134
paulson@10594
   135
\subsubsection{Typical lemmas}
paulson@10594
   136
Inequalities involving addition and subtraction alone can be proved
paulson@10594
   137
automatically.  Lemmas such as these can be used to prove inequalities
paulson@10594
   138
involving multiplication and division:
paulson@10594
   139
\begin{isabelle}
paulson@10594
   140
\isasymlbrakk i\ \isasymle \ j;\ k\ \isasymle \ l\isasymrbrakk \ \isasymLongrightarrow \ i\ *\ k\ \isasymle \ j\ *\ l%
paulson@10594
   141
\rulename{mult_le_mono}\isanewline
paulson@10594
   142
\isasymlbrakk i\ <\ j;\ 0\ <\ k\isasymrbrakk \ \isasymLongrightarrow \ i\
paulson@10594
   143
*\ k\ <\ j\ *\ k%
paulson@10594
   144
\rulename{mult_less_mono1}\isanewline
paulson@10594
   145
m\ \isasymle \ n\ \isasymLongrightarrow \ m\ div\ k\ \isasymle \ n\ div\ k%
paulson@10594
   146
\rulename{div_le_mono}
paulson@10594
   147
\end{isabelle}
paulson@10594
   148
%
paulson@10594
   149
Various distributive laws concerning multiplication are available:
paulson@10594
   150
\begin{isabelle}
paulson@10594
   151
(m\ +\ n)\ *\ k\ =\ m\ *\ k\ +\ n\ *\ k%
paulson@11416
   152
\rulenamedx{add_mult_distrib}\isanewline
paulson@10594
   153
(m\ -\ n)\ *\ k\ =\ m\ *\ k\ -\ n\ *\ k%
paulson@11416
   154
\rulenamedx{diff_mult_distrib}\isanewline
paulson@10594
   155
(m\ mod\ n)\ *\ k\ =\ (m\ *\ k)\ mod\ (n\ *\ k)
paulson@11416
   156
\rulenamedx{mod_mult_distrib}
paulson@10594
   157
\end{isabelle}
paulson@10594
   158
paulson@10594
   159
\subsubsection{Division}
paulson@11416
   160
\index{division!for type \protect\isa{nat}}%
paulson@10881
   161
The infix operators \isa{div} and \isa{mod} are overloaded.
paulson@10881
   162
Isabelle/HOL provides the basic facts about quotient and remainder
paulson@10881
   163
on the natural numbers:
paulson@10594
   164
\begin{isabelle}
paulson@10594
   165
m\ mod\ n\ =\ (if\ m\ <\ n\ then\ m\ else\ (m\ -\ n)\ mod\ n)
paulson@10594
   166
\rulename{mod_if}\isanewline
paulson@10594
   167
m\ div\ n\ *\ n\ +\ m\ mod\ n\ =\ m%
paulson@11416
   168
\rulenamedx{mod_div_equality}
paulson@10594
   169
\end{isabelle}
paulson@10594
   170
paulson@10594
   171
Many less obvious facts about quotient and remainder are also provided. 
paulson@10594
   172
Here is a selection:
paulson@10594
   173
\begin{isabelle}
paulson@10594
   174
a\ *\ b\ div\ c\ =\ a\ *\ (b\ div\ c)\ +\ a\ *\ (b\ mod\ c)\ div\ c%
paulson@10594
   175
\rulename{div_mult1_eq}\isanewline
paulson@10594
   176
a\ *\ b\ mod\ c\ =\ a\ *\ (b\ mod\ c)\ mod\ c%
paulson@10594
   177
\rulename{mod_mult1_eq}\isanewline
paulson@10594
   178
a\ div\ (b*c)\ =\ a\ div\ b\ div\ c%
paulson@10594
   179
\rulename{div_mult2_eq}\isanewline
paulson@10594
   180
a\ mod\ (b*c)\ =\ b * (a\ div\ b\ mod\ c)\ +\ a\ mod\ b%
paulson@10594
   181
\rulename{mod_mult2_eq}\isanewline
paulson@10594
   182
0\ <\ c\ \isasymLongrightarrow \ (c\ *\ a)\ div\ (c\ *\ b)\ =\ a\ div\ b%
paulson@10594
   183
\rulename{div_mult_mult1}
paulson@10594
   184
\end{isabelle}
paulson@10594
   185
paulson@10594
   186
Surprisingly few of these results depend upon the
paulson@11416
   187
divisors' being nonzero.
paulson@11416
   188
\index{division!by zero}%
paulson@11416
   189
That is because division by
paulson@10794
   190
zero yields zero:
paulson@10594
   191
\begin{isabelle}
paulson@10594
   192
a\ div\ 0\ =\ 0
paulson@10594
   193
\rulename{DIVISION_BY_ZERO_DIV}\isanewline
paulson@10594
   194
a\ mod\ 0\ =\ a%
paulson@10594
   195
\rulename{DIVISION_BY_ZERO_MOD}
paulson@10594
   196
\end{isabelle}
paulson@10594
   197
As a concession to convention, these equations are not installed as default
paulson@11174
   198
simplification rules.  In \isa{div_mult_mult1} above, one of
nipkow@11161
   199
the two divisors (namely~\isa{c}) must still be nonzero.
paulson@10594
   200
paulson@11416
   201
The \textbf{divides} relation\index{divides relation}
paulson@11416
   202
has the standard definition, which
paulson@10594
   203
is overloaded over all numeric types: 
paulson@10594
   204
\begin{isabelle}
paulson@10594
   205
m\ dvd\ n\ \isasymequiv\ {\isasymexists}k.\ n\ =\ m\ *\ k
paulson@11416
   206
\rulenamedx{dvd_def}
paulson@10594
   207
\end{isabelle}
paulson@10594
   208
%
paulson@10594
   209
Section~\ref{sec:proving-euclid} discusses proofs involving this
paulson@10594
   210
relation.  Here are some of the facts proved about it:
paulson@10594
   211
\begin{isabelle}
paulson@10594
   212
\isasymlbrakk m\ dvd\ n;\ n\ dvd\ m\isasymrbrakk \ \isasymLongrightarrow \ m\ =\ n%
paulson@11416
   213
\rulenamedx{dvd_anti_sym}\isanewline
paulson@10594
   214
\isasymlbrakk k\ dvd\ m;\ k\ dvd\ n\isasymrbrakk \ \isasymLongrightarrow \ k\ dvd\ (m\ +\ n)
paulson@11416
   215
\rulenamedx{dvd_add}
paulson@10594
   216
\end{isabelle}
paulson@10594
   217
nipkow@11216
   218
\subsubsection{Simplifier Tricks}
paulson@10594
   219
The rule \isa{diff_mult_distrib} shown above is one of the few facts
paulson@10594
   220
about \isa{m\ -\ n} that is not subject to
paulson@10594
   221
the condition \isa{n\ \isasymle \  m}.  Natural number subtraction has few
paulson@10794
   222
nice properties; often you should remove it by simplifying with this split
paulson@10794
   223
rule:
paulson@10594
   224
\begin{isabelle}
paulson@10594
   225
P(a-b)\ =\ ((a<b\ \isasymlongrightarrow \ P\
paulson@10594
   226
0)\ \isasymand \ (\isasymforall d.\ a\ =\ b+d\ \isasymlongrightarrow \ P\
paulson@10594
   227
d))
paulson@10594
   228
\rulename{nat_diff_split}
paulson@10594
   229
\end{isabelle}
paulson@12156
   230
For example, splitting helps to prove the following fact:
paulson@10594
   231
\begin{isabelle}
paulson@12156
   232
\isacommand{lemma}\ "(n\ -\ 2)\ *\ (n\ +\ 2)\ =\ n\ *\ n\ -\ (4::nat)"\isanewline
paulson@12156
   233
\isacommand{apply}\ (simp\ split:\ nat_diff_split,\ clarify)\isanewline
paulson@12156
   234
\ 1.\ \isasymAnd d.\ \isasymlbrakk n\ <\ 2;\ n\ *\ n\ =\ 4\ +\ d\isasymrbrakk \ \isasymLongrightarrow \ d\ =\ 0
paulson@12156
   235
\end{isabelle}
paulson@12156
   236
The result lies outside the scope of linear arithmetic, but
paulson@12156
   237
 it is easily found
paulson@12156
   238
if we explicitly split \isa{n<2} as \isa{n=0} or \isa{n=1}:
paulson@12156
   239
\begin{isabelle}
paulson@12156
   240
\isacommand{apply}\ (subgoal_tac\ "n=0\ |\ n=1",\ force,\ arith)\isanewline
paulson@10594
   241
\isacommand{done}
paulson@10594
   242
\end{isabelle}
paulson@10594
   243
paulson@10594
   244
Suppose that two expressions are equal, differing only in 
paulson@10594
   245
associativity and commutativity of addition.  Simplifying with the
paulson@10594
   246
following equations sorts the terms and groups them to the right, making
paulson@10594
   247
the two expressions identical:
paulson@10594
   248
\begin{isabelle}
paulson@10594
   249
m\ +\ n\ +\ k\ =\ m\ +\ (n\ +\ k)
paulson@11416
   250
\rulenamedx{add_assoc}\isanewline
paulson@10594
   251
m\ +\ n\ =\ n\ +\ m%
paulson@11416
   252
\rulenamedx{add_commute}\isanewline
paulson@10594
   253
x\ +\ (y\ +\ z)\ =\ y\ +\ (x\
paulson@10594
   254
+\ z)
paulson@10594
   255
\rulename{add_left_commute}
paulson@10594
   256
\end{isabelle}
paulson@11494
   257
The name \isa{add_ac}\index{*add_ac (theorems)} 
paulson@11494
   258
refers to the list of all three theorems; similarly
paulson@11494
   259
there is \isa{mult_ac}.\index{*mult_ac (theorems)} 
paulson@11494
   260
Here is an example of the sorting effect.  Start
paulson@10594
   261
with this goal:
paulson@10594
   262
\begin{isabelle}
paulson@10594
   263
\ 1.\ Suc\ (i\ +\ j\ *\ l\ *\ k\ +\ m\ *\ n)\ =\
paulson@10594
   264
f\ (n\ *\ m\ +\ i\ +\ k\ *\ j\ *\ l)
paulson@10594
   265
\end{isabelle}
paulson@10594
   266
%
paulson@10594
   267
Simplify using  \isa{add_ac} and \isa{mult_ac}:
paulson@10594
   268
\begin{isabelle}
paulson@10594
   269
\isacommand{apply}\ (simp\ add:\ add_ac\ mult_ac)
paulson@10594
   270
\end{isabelle}
paulson@10594
   271
%
paulson@10594
   272
Here is the resulting subgoal:
paulson@10594
   273
\begin{isabelle}
paulson@10594
   274
\ 1.\ Suc\ (i\ +\ (m\ *\ n\ +\ j\ *\ (k\ *\ l)))\
paulson@10594
   275
=\ f\ (i\ +\ (m\ *\ n\ +\ j\ *\ (k\ *\ l)))%
paulson@11416
   276
\end{isabelle}%
paulson@11416
   277
\index{natural numbers|)}\index{*nat (type)|)}
paulson@11416
   278
paulson@10594
   279
paulson@10594
   280
nipkow@11216
   281
\subsection{The Type of Integers, {\tt\slshape int}}
paulson@10594
   282
paulson@11416
   283
\index{integers|(}\index{*int (type)|(}%
paulson@10794
   284
Reasoning methods resemble those for the natural numbers, but induction and
paulson@10881
   285
the constant \isa{Suc} are not available.  HOL provides many lemmas
paulson@10794
   286
for proving inequalities involving integer multiplication and division,
paulson@10794
   287
similar to those shown above for type~\isa{nat}.  
paulson@10794
   288
paulson@11416
   289
The \rmindex{absolute value} function \cdx{abs} is overloaded for the numeric types.
paulson@10794
   290
It is defined for the integers; we have for example the obvious law
paulson@10794
   291
\begin{isabelle}
paulson@10794
   292
\isasymbar x\ *\ y\isasymbar \ =\ \isasymbar x\isasymbar \ *\ \isasymbar y\isasymbar 
paulson@10794
   293
\rulename{abs_mult}
paulson@10794
   294
\end{isabelle}
paulson@10594
   295
paulson@10794
   296
\begin{warn}
paulson@10794
   297
The absolute value bars shown above cannot be typed on a keyboard.  They
nipkow@10983
   298
can be entered using the X-symbol package.  In \textsc{ascii}, type \isa{abs x} to
paulson@10794
   299
get \isa{\isasymbar x\isasymbar}.
paulson@10794
   300
\end{warn}
paulson@10794
   301
paulson@10881
   302
The \isa{arith} method can prove facts about \isa{abs} automatically, 
paulson@10881
   303
though as it does so by case analysis, the cost can be exponential.
paulson@10881
   304
\begin{isabelle}
paulson@11174
   305
\isacommand{lemma}\ "abs\ (x+y)\ \isasymle \ abs\ x\ +\ abs\ (y\ ::\ int)"\isanewline
paulson@10881
   306
\isacommand{by}\ arith
paulson@10881
   307
\end{isabelle}
paulson@10794
   308
paulson@10794
   309
Concerning simplifier tricks, we have no need to eliminate subtraction: it
paulson@10794
   310
is well-behaved.  As with the natural numbers, the simplifier can sort the
paulson@11494
   311
operands of sums and products.  The name \isa{zadd_ac}\index{*zadd_ac (theorems)}
paulson@11494
   312
refers to the
paulson@10794
   313
associativity and commutativity theorems for integer addition, while
paulson@11494
   314
\isa{zmult_ac}\index{*zmult_ac (theorems)}
paulson@11494
   315
has the analogous theorems for multiplication.  The
paulson@10794
   316
prefix~\isa{z} in many theorem names recalls the use of $\mathbb{Z}$ to
paulson@10794
   317
denote the set of integers.
paulson@10594
   318
paulson@11416
   319
For division and remainder,\index{division!by negative numbers}
paulson@11416
   320
the treatment of negative divisors follows
paulson@10794
   321
mathematical practice: the sign of the remainder follows that
paulson@10594
   322
of the divisor:
paulson@10594
   323
\begin{isabelle}
paulson@12156
   324
0\ <\ b\ \isasymLongrightarrow \ 0\ \isasymle \ a\ mod\ b%
paulson@10594
   325
\rulename{pos_mod_sign}\isanewline
paulson@12156
   326
0\ <\ b\ \isasymLongrightarrow \ a\ mod\ b\ <\ b%
paulson@10594
   327
\rulename{pos_mod_bound}\isanewline
paulson@12156
   328
b\ <\ 0\ \isasymLongrightarrow \ a\ mod\ b\ \isasymle \ 0
paulson@10594
   329
\rulename{neg_mod_sign}\isanewline
paulson@12156
   330
b\ <\ 0\ \isasymLongrightarrow \ b\ <\ a\ mod\ b%
paulson@10594
   331
\rulename{neg_mod_bound}
paulson@10594
   332
\end{isabelle}
paulson@10594
   333
ML treats negative divisors in the same way, but most computer hardware
paulson@10594
   334
treats signed operands using the same rules as for multiplication.
paulson@10794
   335
Many facts about quotients and remainders are provided:
paulson@10594
   336
\begin{isabelle}
paulson@10594
   337
(a\ +\ b)\ div\ c\ =\isanewline
paulson@10594
   338
a\ div\ c\ +\ b\ div\ c\ +\ (a\ mod\ c\ +\ b\ mod\ c)\ div\ c%
paulson@10594
   339
\rulename{zdiv_zadd1_eq}
paulson@10594
   340
\par\smallskip
paulson@10594
   341
(a\ +\ b)\ mod\ c\ =\ (a\ mod\ c\ +\ b\ mod\ c)\ mod\ c%
paulson@10594
   342
\rulename{zmod_zadd1_eq}
paulson@10594
   343
\end{isabelle}
paulson@10594
   344
paulson@10594
   345
\begin{isabelle}
paulson@10594
   346
(a\ *\ b)\ div\ c\ =\ a\ *\ (b\ div\ c)\ +\ a\ *\ (b\ mod\ c)\ div\ c%
paulson@10594
   347
\rulename{zdiv_zmult1_eq}\isanewline
paulson@10594
   348
(a\ *\ b)\ mod\ c\ =\ a\ *\ (b\ mod\ c)\ mod\ c%
paulson@10594
   349
\rulename{zmod_zmult1_eq}
paulson@10594
   350
\end{isabelle}
paulson@10594
   351
paulson@10594
   352
\begin{isabelle}
paulson@12156
   353
0\ <\ c\ \isasymLongrightarrow \ a\ div\ (b*c)\ =\ a\ div\ b\ div\ c%
paulson@10594
   354
\rulename{zdiv_zmult2_eq}\isanewline
paulson@12156
   355
0\ <\ c\ \isasymLongrightarrow \ a\ mod\ (b*c)\ =\ b*(a\ div\ b\ mod\
paulson@10594
   356
c)\ +\ a\ mod\ b%
paulson@10594
   357
\rulename{zmod_zmult2_eq}
paulson@10594
   358
\end{isabelle}
paulson@10594
   359
The last two differ from their natural number analogues by requiring
paulson@10594
   360
\isa{c} to be positive.  Since division by zero yields zero, we could allow
paulson@10594
   361
\isa{c} to be zero.  However, \isa{c} cannot be negative: a counterexample
paulson@10594
   362
is
paulson@10594
   363
$\isa{a} = 7$, $\isa{b} = 2$ and $\isa{c} = -3$, when the left-hand side of
paulson@11416
   364
\isa{zdiv_zmult2_eq} is $-2$ while the right-hand side is~$-1$.%
paulson@11416
   365
\index{integers|)}\index{*int (type)|)}
paulson@10594
   366
paulson@13979
   367
Induction is less important for integers than it is for the natural numbers, but it can be valuable if the range of integers has a lower or upper bound.  There are four rules for integer induction, corresponding to the possible relations of the bound ($\geq$, $>$, $\leq$ and $<$):
paulson@13750
   368
\begin{isabelle}
paulson@13750
   369
\isasymlbrakk k\ \isasymle \ i;\ P\ k;\ \isasymAnd i.\ \isasymlbrakk k\ \isasymle \ i;\ P\ i\isasymrbrakk \ \isasymLongrightarrow \ P(i+1)\isasymrbrakk \ \isasymLongrightarrow \ P\ i%
paulson@13750
   370
\rulename{int_ge_induct}\isanewline
paulson@13750
   371
\isasymlbrakk k\ <\ i;\ P(k+1);\ \isasymAnd i.\ \isasymlbrakk k\ <\ i;\ P\ i\isasymrbrakk \ \isasymLongrightarrow \ P(i+1)\isasymrbrakk \ \isasymLongrightarrow \ P\ i%
paulson@13750
   372
\rulename{int_gr_induct}\isanewline
paulson@13750
   373
\isasymlbrakk i\ \isasymle \ k;\ P\ k;\ \isasymAnd i.\ \isasymlbrakk i\ \isasymle \ k;\ P\ i\isasymrbrakk \ \isasymLongrightarrow \ P(i-1)\isasymrbrakk \ \isasymLongrightarrow \ P\ i%
paulson@13750
   374
\rulename{int_le_induct}\isanewline
paulson@13750
   375
\isasymlbrakk i\ <\ k;\ P(k-1);\ \isasymAnd i.\ \isasymlbrakk i\ <\ k;\ P\ i\isasymrbrakk \ \isasymLongrightarrow \ P(i-1)\isasymrbrakk \ \isasymLongrightarrow \ P\ i%
paulson@13750
   376
\rulename{int_less_induct}
paulson@13750
   377
\end{isabelle}
paulson@13750
   378
paulson@10594
   379
nipkow@11216
   380
\subsection{The Type of Real Numbers, {\tt\slshape real}}
paulson@10594
   381
paulson@11416
   382
\index{real numbers|(}\index{*real (type)|(}%
paulson@10777
   383
The real numbers enjoy two significant properties that the integers lack. 
paulson@10777
   384
They are
paulson@10777
   385
\textbf{dense}: between every two distinct real numbers there lies another.
paulson@10777
   386
This property follows from the division laws, since if $x<y$ then between
paulson@10777
   387
them lies $(x+y)/2$.  The second property is that they are
paulson@10777
   388
\textbf{complete}: every set of reals that is bounded above has a least
paulson@10777
   389
upper bound.  Completeness distinguishes the reals from the rationals, for
paulson@10777
   390
which the set $\{x\mid x^2<2\}$ has no least upper bound.  (It could only be
paulson@10777
   391
$\surd2$, which is irrational.)
paulson@10794
   392
The formalization of completeness is complicated; rather than
paulson@10777
   393
reproducing it here, we refer you to the theory \texttt{RComplete} in
paulson@10777
   394
directory \texttt{Real}.
paulson@10794
   395
Density, however, is trivial to express:
paulson@10777
   396
\begin{isabelle}
paulson@10777
   397
x\ <\ y\ \isasymLongrightarrow \ \isasymexists r.\ x\ <\ r\ \isasymand \ r\ <\ y%
paulson@10777
   398
\rulename{real_dense}
paulson@10777
   399
\end{isabelle}
paulson@10777
   400
paulson@10777
   401
Here is a selection of rules about the division operator.  The following
paulson@10777
   402
are installed as default simplification rules in order to express
paulson@10777
   403
combinations of products and quotients as rational expressions:
paulson@10777
   404
\begin{isabelle}
paulson@11174
   405
x\ *\ (y\ /\ z)\ =\ x\ *\ y\ /\ z
paulson@10777
   406
\rulename{real_times_divide1_eq}\isanewline
paulson@11174
   407
y\ /\ z\ *\ x\ =\ y\ *\ x\ /\ z
paulson@10777
   408
\rulename{real_times_divide2_eq}\isanewline
paulson@11174
   409
x\ /\ (y\ /\ z)\ =\ x\ *\ z\ /\ y
paulson@10777
   410
\rulename{real_divide_divide1_eq}\isanewline
paulson@10777
   411
x\ /\ y\ /\ z\ =\ x\ /\ (y\ *\ z)
paulson@10777
   412
\rulename{real_divide_divide2_eq}
paulson@10777
   413
\end{isabelle}
paulson@10777
   414
paulson@10777
   415
Signs are extracted from quotients in the hope that complementary terms can
paulson@10777
   416
then be cancelled:
paulson@10777
   417
\begin{isabelle}
paulson@10777
   418
-\ x\ /\ y\ =\ -\ (x\ /\ y)
paulson@10777
   419
\rulename{real_minus_divide_eq}\isanewline
paulson@10777
   420
x\ /\ -\ y\ =\ -\ (x\ /\ y)
paulson@10777
   421
\rulename{real_divide_minus_eq}
paulson@10777
   422
\end{isabelle}
paulson@10777
   423
paulson@10777
   424
The following distributive law is available, but it is not installed as a
paulson@10777
   425
simplification rule.
paulson@10777
   426
\begin{isabelle}
paulson@10777
   427
(x\ +\ y)\ /\ z\ =\ x\ /\ z\ +\ y\ /\ z%
paulson@10777
   428
\rulename{real_add_divide_distrib}
paulson@10777
   429
\end{isabelle}
paulson@10777
   430
paulson@10594
   431
As with the other numeric types, the simplifier can sort the operands of
paulson@10594
   432
addition and multiplication.  The name \isa{real_add_ac} refers to the
paulson@10777
   433
associativity and commutativity theorems for addition, while similarly
paulson@10594
   434
\isa{real_mult_ac} contains those properties for multiplication. 
paulson@10594
   435
paulson@10777
   436
The absolute value function \isa{abs} is
paulson@10777
   437
defined for the reals, along with many theorems such as this one about
paulson@10777
   438
exponentiation:
paulson@10777
   439
\begin{isabelle}
paulson@12333
   440
\isasymbar r\ \isacharcircum \ n\isasymbar\ =\ 
paulson@12333
   441
\isasymbar r\isasymbar \ \isacharcircum \ n
paulson@10777
   442
\rulename{realpow_abs}
paulson@10777
   443
\end{isabelle}
paulson@10777
   444
paulson@11416
   445
Numeric literals\index{numeric literals!for type \protect\isa{real}}
paulson@11416
   446
for type \isa{real} have the same syntax as those for type
paulson@11174
   447
\isa{int} and only express integral values.  Fractions expressed
paulson@11174
   448
using the division operator are automatically simplified to lowest terms:
paulson@11174
   449
\begin{isabelle}
paulson@12156
   450
\ 1.\ P\ ((3\ /\ 4)\ *\ (8\ /\ 15))\isanewline
paulson@11174
   451
\isacommand{apply} simp\isanewline
paulson@12156
   452
\ 1.\ P\ (2\ /\ 5)
paulson@11174
   453
\end{isabelle}
paulson@11174
   454
Exponentiation can express floating-point values such as
paulson@12156
   455
\isa{2 * 10\isacharcircum6}, but at present no special simplification
paulson@11174
   456
is performed.
paulson@11174
   457
paulson@11174
   458
paulson@10881
   459
\begin{warn}
paulson@10881
   460
Type \isa{real} is only available in the logic HOL-Real, which
paulson@12156
   461
is  HOL extended with a definitional development of the real
paulson@11174
   462
numbers.  Base your theory upon theory
paulson@11428
   463
\thydx{Real}, not the usual \isa{Main}.%
paulson@11416
   464
\index{real numbers|)}\index{*real (type)|)}
paulson@11416
   465
Launch Isabelle using the command 
paulson@11174
   466
\begin{verbatim}
paulson@11174
   467
Isabelle -l HOL-Real
paulson@11174
   468
\end{verbatim}
paulson@10881
   469
\end{warn}
paulson@10777
   470
paulson@10777
   471
Also distributed with Isabelle is HOL-Hyperreal,
paulson@11416
   472
whose theory \isa{Hyperreal} defines the type \tydx{hypreal} of 
paulson@11416
   473
\rmindex{non-standard reals}.  These
paulson@10777
   474
\textbf{hyperreals} include infinitesimals, which represent infinitely
paulson@10777
   475
small and infinitely large quantities; they facilitate proofs
paulson@10794
   476
about limits, differentiation and integration~\cite{fleuriot-jcm}.  The
paulson@10794
   477
development defines an infinitely large number, \isa{omega} and an
paulson@10881
   478
infinitely small positive number, \isa{epsilon}.  The 
paulson@12333
   479
relation $x\approx y$ means ``$x$ is infinitely close to~$y$.''
paulson@12333
   480
Theory \isa{Hyperreal} also defines transcendental functions such as sine,
paulson@12333
   481
cosine, exponential and logarithm --- even the versions for type
paulson@12333
   482
\isa{real}, because they are defined using nonstandard limits.%
paulson@11494
   483
\index{numbers|)}