src/HOL/Library/Float.thy
author wenzelm
Sat Oct 17 14:43:18 2009 +0200 (2009-10-17)
changeset 32960 69916a850301
parent 32069 6d28bbd33e2c
child 33555 a0a8a40385a2
permissions -rw-r--r--
eliminated hard tabulators, guessing at each author's individual tab-width;
tuned headers;
wenzelm@30122
     1
(*  Title:      HOL/Library/Float.thy
wenzelm@30122
     2
    Author:     Steven Obua 2008
wenzelm@30122
     3
    Author:     Johannes Hoelzl, TU Muenchen <hoelzl@in.tum.de> 2008 / 2009
wenzelm@30122
     4
*)
huffman@29988
     5
huffman@29988
     6
header {* Floating-Point Numbers *}
huffman@29988
     7
haftmann@20485
     8
theory Float
haftmann@28952
     9
imports Complex_Main
haftmann@20485
    10
begin
obua@16782
    11
wenzelm@19765
    12
definition
wenzelm@21404
    13
  pow2 :: "int \<Rightarrow> real" where
hoelzl@29804
    14
  [simp]: "pow2 a = (if (0 <= a) then (2^(nat a)) else (inverse (2^(nat (-a)))))"
hoelzl@29804
    15
hoelzl@29804
    16
datatype float = Float int int
hoelzl@29804
    17
hoelzl@31098
    18
primrec of_float :: "float \<Rightarrow> real" where
hoelzl@31098
    19
  "of_float (Float a b) = real a * pow2 b"
hoelzl@31098
    20
hoelzl@31098
    21
defs (overloaded)
haftmann@31998
    22
  real_of_float_def [code_unfold]: "real == of_float"
hoelzl@31098
    23
hoelzl@31098
    24
primrec mantissa :: "float \<Rightarrow> int" where
hoelzl@31098
    25
  "mantissa (Float a b) = a"
hoelzl@31098
    26
hoelzl@31098
    27
primrec scale :: "float \<Rightarrow> int" where
hoelzl@31098
    28
  "scale (Float a b) = b"
wenzelm@21404
    29
hoelzl@29804
    30
instantiation float :: zero begin
hoelzl@31467
    31
definition zero_float where "0 = Float 0 0"
hoelzl@29804
    32
instance ..
hoelzl@29804
    33
end
hoelzl@29804
    34
hoelzl@29804
    35
instantiation float :: one begin
hoelzl@29804
    36
definition one_float where "1 = Float 1 0"
hoelzl@29804
    37
instance ..
hoelzl@29804
    38
end
hoelzl@29804
    39
hoelzl@29804
    40
instantiation float :: number begin
hoelzl@29804
    41
definition number_of_float where "number_of n = Float n 0"
hoelzl@29804
    42
instance ..
hoelzl@29804
    43
end
obua@16782
    44
haftmann@32069
    45
lemma number_of_float_Float [code_unfold_post]:
hoelzl@31467
    46
  "number_of k = Float (number_of k) 0"
hoelzl@31467
    47
  by (simp add: number_of_float_def number_of_is_id)
hoelzl@31467
    48
hoelzl@31098
    49
lemma real_of_float_simp[simp]: "real (Float a b) = real a * pow2 b"
hoelzl@31098
    50
  unfolding real_of_float_def using of_float.simps .
hoelzl@29804
    51
hoelzl@31098
    52
lemma real_of_float_neg_exp: "e < 0 \<Longrightarrow> real (Float m e) = real m * inverse (2^nat (-e))" by auto
hoelzl@31098
    53
lemma real_of_float_nge0_exp: "\<not> 0 \<le> e \<Longrightarrow> real (Float m e) = real m * inverse (2^nat (-e))" by auto
hoelzl@31098
    54
lemma real_of_float_ge0_exp: "0 \<le> e \<Longrightarrow> real (Float m e) = real m * (2^nat e)" by auto
obua@16782
    55
hoelzl@29804
    56
lemma Float_num[simp]: shows
hoelzl@31467
    57
   "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
hoelzl@31098
    58
   "real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
hoelzl@31098
    59
   "real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"
hoelzl@29804
    60
  by auto
obua@16782
    61
hoelzl@31863
    62
lemma float_number_of[simp]: "real (number_of x :: float) = number_of x"
hoelzl@31863
    63
  by (simp only:number_of_float_def Float_num[unfolded number_of_is_id])
hoelzl@31863
    64
hoelzl@31863
    65
lemma float_number_of_int[simp]: "real (Float n 0) = real n"
hoelzl@31863
    66
  by (simp add: Float_num[unfolded number_of_is_id] real_of_float_simp pow2_def)
hoelzl@31863
    67
hoelzl@29804
    68
lemma pow2_0[simp]: "pow2 0 = 1" by simp
hoelzl@29804
    69
lemma pow2_1[simp]: "pow2 1 = 2" by simp
hoelzl@29804
    70
lemma pow2_neg: "pow2 x = inverse (pow2 (-x))" by simp
hoelzl@29804
    71
hoelzl@29804
    72
declare pow2_def[simp del]
obua@16782
    73
wenzelm@19765
    74
lemma pow2_add1: "pow2 (1 + a) = 2 * (pow2 a)"
obua@16782
    75
proof -
obua@16782
    76
  have h: "! n. nat (2 + int n) - Suc 0 = nat (1 + int n)" by arith
obua@16782
    77
  have g: "! a b. a - -1 = a + (1::int)" by arith
obua@16782
    78
  have pos: "! n. pow2 (int n + 1) = 2 * pow2 (int n)"
obua@16782
    79
    apply (auto, induct_tac n)
obua@16782
    80
    apply (simp_all add: pow2_def)
obua@16782
    81
    apply (rule_tac m1="2" and n1="nat (2 + int na)" in ssubst[OF realpow_num_eq_if])
huffman@23431
    82
    by (auto simp add: h)
obua@16782
    83
  show ?thesis
obua@16782
    84
  proof (induct a)
obua@16782
    85
    case (1 n)
nipkow@29667
    86
    from pos show ?case by (simp add: algebra_simps)
obua@16782
    87
  next
obua@16782
    88
    case (2 n)
obua@16782
    89
    show ?case
obua@16782
    90
      apply (auto)
obua@16782
    91
      apply (subst pow2_neg[of "- int n"])
huffman@23431
    92
      apply (subst pow2_neg[of "-1 - int n"])
obua@16782
    93
      apply (auto simp add: g pos)
obua@16782
    94
      done
wenzelm@19765
    95
  qed
obua@16782
    96
qed
wenzelm@19765
    97
obua@16782
    98
lemma pow2_add: "pow2 (a+b) = (pow2 a) * (pow2 b)"
obua@16782
    99
proof (induct b)
wenzelm@19765
   100
  case (1 n)
obua@16782
   101
  show ?case
obua@16782
   102
  proof (induct n)
obua@16782
   103
    case 0
obua@16782
   104
    show ?case by simp
obua@16782
   105
  next
obua@16782
   106
    case (Suc m)
nipkow@29667
   107
    show ?case by (auto simp add: algebra_simps pow2_add1 prems)
obua@16782
   108
  qed
obua@16782
   109
next
obua@16782
   110
  case (2 n)
wenzelm@19765
   111
  show ?case
obua@16782
   112
  proof (induct n)
obua@16782
   113
    case 0
wenzelm@19765
   114
    show ?case
obua@16782
   115
      apply (auto)
obua@16782
   116
      apply (subst pow2_neg[of "a + -1"])
obua@16782
   117
      apply (subst pow2_neg[of "-1"])
obua@16782
   118
      apply (simp)
obua@16782
   119
      apply (insert pow2_add1[of "-a"])
nipkow@29667
   120
      apply (simp add: algebra_simps)
obua@16782
   121
      apply (subst pow2_neg[of "-a"])
obua@16782
   122
      apply (simp)
obua@16782
   123
      done
obua@16782
   124
    case (Suc m)
wenzelm@19765
   125
    have a: "int m - (a + -2) =  1 + (int m - a + 1)" by arith
obua@16782
   126
    have b: "int m - -2 = 1 + (int m + 1)" by arith
obua@16782
   127
    show ?case
obua@16782
   128
      apply (auto)
obua@16782
   129
      apply (subst pow2_neg[of "a + (-2 - int m)"])
obua@16782
   130
      apply (subst pow2_neg[of "-2 - int m"])
nipkow@29667
   131
      apply (auto simp add: algebra_simps)
obua@16782
   132
      apply (subst a)
obua@16782
   133
      apply (subst b)
obua@16782
   134
      apply (simp only: pow2_add1)
obua@16782
   135
      apply (subst pow2_neg[of "int m - a + 1"])
obua@16782
   136
      apply (subst pow2_neg[of "int m + 1"])
obua@16782
   137
      apply auto
obua@16782
   138
      apply (insert prems)
nipkow@29667
   139
      apply (auto simp add: algebra_simps)
obua@16782
   140
      done
obua@16782
   141
  qed
obua@16782
   142
qed
obua@16782
   143
hoelzl@29804
   144
lemma float_components[simp]: "Float (mantissa f) (scale f) = f" by (cases f, auto)
hoelzl@29804
   145
hoelzl@29804
   146
lemma float_split: "\<exists> a b. x = Float a b" by (cases x, auto)
obua@16782
   147
hoelzl@29804
   148
lemma float_split2: "(\<forall> a b. x \<noteq> Float a b) = False" by (auto simp add: float_split)
hoelzl@29804
   149
hoelzl@31098
   150
lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
hoelzl@29804
   151
hoelzl@29804
   152
lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
hoelzl@29804
   153
by arith
wenzelm@21404
   154
hoelzl@29804
   155
function normfloat :: "float \<Rightarrow> float" where
hoelzl@29804
   156
"normfloat (Float a b) = (if a \<noteq> 0 \<and> even a then normfloat (Float (a div 2) (b+1)) else if a=0 then Float 0 0 else Float a b)"
hoelzl@29804
   157
by pat_completeness auto
hoelzl@29804
   158
termination by (relation "measure (nat o abs o mantissa)") (auto intro: abs_div_2_less)
hoelzl@29804
   159
declare normfloat.simps[simp del]
obua@16782
   160
hoelzl@31098
   161
theorem normfloat[symmetric, simp]: "real f = real (normfloat f)"
hoelzl@29804
   162
proof (induct f rule: normfloat.induct)
hoelzl@29804
   163
  case (1 a b)
hoelzl@29804
   164
  have real2: "2 = real (2::int)"
hoelzl@29804
   165
    by auto
hoelzl@29804
   166
  show ?case
hoelzl@29804
   167
    apply (subst normfloat.simps)
hoelzl@29804
   168
    apply (auto simp add: float_zero)
hoelzl@29804
   169
    apply (subst 1[symmetric])
hoelzl@29804
   170
    apply (auto simp add: pow2_add even_def)
hoelzl@29804
   171
    done
hoelzl@29804
   172
qed
obua@16782
   173
hoelzl@29804
   174
lemma pow2_neq_zero[simp]: "pow2 x \<noteq> 0"
hoelzl@29804
   175
  by (auto simp add: pow2_def)
obua@16782
   176
wenzelm@26313
   177
lemma pow2_int: "pow2 (int c) = 2^c"
obua@16782
   178
by (simp add: pow2_def)
obua@16782
   179
hoelzl@29804
   180
lemma zero_less_pow2[simp]:
obua@16782
   181
  "0 < pow2 x"
obua@16782
   182
proof -
obua@16782
   183
  {
obua@16782
   184
    fix y
wenzelm@19765
   185
    have "0 <= y \<Longrightarrow> 0 < pow2 y"
obua@16782
   186
      by (induct y, induct_tac n, simp_all add: pow2_add)
obua@16782
   187
  }
obua@16782
   188
  note helper=this
obua@16782
   189
  show ?thesis
obua@16782
   190
    apply (case_tac "0 <= x")
obua@16782
   191
    apply (simp add: helper)
obua@16782
   192
    apply (subst pow2_neg)
obua@16782
   193
    apply (simp add: helper)
obua@16782
   194
    done
obua@16782
   195
qed
obua@16782
   196
hoelzl@29804
   197
lemma normfloat_imp_odd_or_zero: "normfloat f = Float a b \<Longrightarrow> odd a \<or> (a = 0 \<and> b = 0)"
hoelzl@29804
   198
proof (induct f rule: normfloat.induct)
hoelzl@29804
   199
  case (1 u v)
hoelzl@29804
   200
  from 1 have ab: "normfloat (Float u v) = Float a b" by auto
hoelzl@29804
   201
  {
hoelzl@29804
   202
    assume eu: "even u"
hoelzl@29804
   203
    assume z: "u \<noteq> 0"
hoelzl@29804
   204
    have "normfloat (Float u v) = normfloat (Float (u div 2) (v + 1))"
hoelzl@29804
   205
      apply (subst normfloat.simps)
hoelzl@29804
   206
      by (simp add: eu z)
hoelzl@29804
   207
    with ab have "normfloat (Float (u div 2) (v + 1)) = Float a b" by simp
hoelzl@29804
   208
    with 1 eu z have ?case by auto
hoelzl@29804
   209
  }
hoelzl@29804
   210
  note case1 = this
hoelzl@29804
   211
  {
hoelzl@29804
   212
    assume "odd u \<or> u = 0"
hoelzl@29804
   213
    then have ou: "\<not> (u \<noteq> 0 \<and> even u)" by auto
hoelzl@29804
   214
    have "normfloat (Float u v) = (if u = 0 then Float 0 0 else Float u v)"
hoelzl@29804
   215
      apply (subst normfloat.simps)
hoelzl@29804
   216
      apply (simp add: ou)
hoelzl@29804
   217
      done
hoelzl@29804
   218
    with ab have "Float a b = (if u = 0 then Float 0 0 else Float u v)" by auto
hoelzl@29804
   219
    then have ?case
hoelzl@29804
   220
      apply (case_tac "u=0")
hoelzl@29804
   221
      apply (auto)
hoelzl@29804
   222
      by (insert ou, auto)
hoelzl@29804
   223
  }
hoelzl@29804
   224
  note case2 = this
hoelzl@29804
   225
  show ?case
hoelzl@29804
   226
    apply (case_tac "odd u \<or> u = 0")
hoelzl@29804
   227
    apply (rule case2)
hoelzl@29804
   228
    apply simp
hoelzl@29804
   229
    apply (rule case1)
hoelzl@29804
   230
    apply auto
hoelzl@29804
   231
    done
hoelzl@29804
   232
qed
hoelzl@29804
   233
hoelzl@29804
   234
lemma float_eq_odd_helper: 
hoelzl@29804
   235
  assumes odd: "odd a'"
hoelzl@31098
   236
  and floateq: "real (Float a b) = real (Float a' b')"
hoelzl@29804
   237
  shows "b \<le> b'"
hoelzl@29804
   238
proof - 
hoelzl@29804
   239
  {
hoelzl@29804
   240
    assume bcmp: "b > b'"
hoelzl@29804
   241
    from floateq have eq: "real a * pow2 b = real a' * pow2 b'" by simp
hoelzl@29804
   242
    {
hoelzl@29804
   243
      fix x y z :: real
hoelzl@29804
   244
      assume "y \<noteq> 0"
hoelzl@29804
   245
      then have "(x * inverse y = z) = (x = z * y)"
wenzelm@32960
   246
        by auto
hoelzl@29804
   247
    }
hoelzl@29804
   248
    note inverse = this
hoelzl@29804
   249
    have eq': "real a * (pow2 (b - b')) = real a'"
hoelzl@29804
   250
      apply (subst diff_int_def)
hoelzl@29804
   251
      apply (subst pow2_add)
hoelzl@29804
   252
      apply (subst pow2_neg[where x = "-b'"])
hoelzl@29804
   253
      apply simp
hoelzl@29804
   254
      apply (subst mult_assoc[symmetric])
hoelzl@29804
   255
      apply (subst inverse)
hoelzl@29804
   256
      apply (simp_all add: eq)
hoelzl@29804
   257
      done
hoelzl@29804
   258
    have "\<exists> z > 0. pow2 (b-b') = 2^z"
hoelzl@29804
   259
      apply (rule exI[where x="nat (b - b')"])
hoelzl@29804
   260
      apply (auto)
hoelzl@29804
   261
      apply (insert bcmp)
hoelzl@29804
   262
      apply simp
hoelzl@29804
   263
      apply (subst pow2_int[symmetric])
hoelzl@29804
   264
      apply auto
hoelzl@29804
   265
      done
hoelzl@29804
   266
    then obtain z where z: "z > 0 \<and> pow2 (b-b') = 2^z" by auto
hoelzl@29804
   267
    with eq' have "real a * 2^z = real a'"
hoelzl@29804
   268
      by auto
hoelzl@29804
   269
    then have "real a * real ((2::int)^z) = real a'"
hoelzl@29804
   270
      by auto
hoelzl@29804
   271
    then have "real (a * 2^z) = real a'"
hoelzl@29804
   272
      apply (subst real_of_int_mult)
hoelzl@29804
   273
      apply simp
hoelzl@29804
   274
      done
hoelzl@29804
   275
    then have a'_rep: "a * 2^z = a'" by arith
hoelzl@29804
   276
    then have "a' = a*2^z" by simp
hoelzl@29804
   277
    with z have "even a'" by simp
hoelzl@29804
   278
    with odd have False by auto
hoelzl@29804
   279
  }
hoelzl@29804
   280
  then show ?thesis by arith
hoelzl@29804
   281
qed
hoelzl@29804
   282
hoelzl@29804
   283
lemma float_eq_odd: 
hoelzl@29804
   284
  assumes odd1: "odd a"
hoelzl@29804
   285
  and odd2: "odd a'"
hoelzl@31098
   286
  and floateq: "real (Float a b) = real (Float a' b')"
hoelzl@29804
   287
  shows "a = a' \<and> b = b'"
hoelzl@29804
   288
proof -
hoelzl@29804
   289
  from 
hoelzl@29804
   290
     float_eq_odd_helper[OF odd2 floateq] 
hoelzl@29804
   291
     float_eq_odd_helper[OF odd1 floateq[symmetric]]
hoelzl@29804
   292
  have beq: "b = b'"  by arith
hoelzl@29804
   293
  with floateq show ?thesis by auto
hoelzl@29804
   294
qed
hoelzl@29804
   295
hoelzl@29804
   296
theorem normfloat_unique:
hoelzl@31098
   297
  assumes real_of_float_eq: "real f = real g"
hoelzl@29804
   298
  shows "normfloat f = normfloat g"
hoelzl@29804
   299
proof - 
hoelzl@29804
   300
  from float_split[of "normfloat f"] obtain a b where normf:"normfloat f = Float a b" by auto
hoelzl@29804
   301
  from float_split[of "normfloat g"] obtain a' b' where normg:"normfloat g = Float a' b'" by auto
hoelzl@31098
   302
  have "real (normfloat f) = real (normfloat g)"
hoelzl@31098
   303
    by (simp add: real_of_float_eq)
hoelzl@31098
   304
  then have float_eq: "real (Float a b) = real (Float a' b')"
hoelzl@29804
   305
    by (simp add: normf normg)
hoelzl@29804
   306
  have ab: "odd a \<or> (a = 0 \<and> b = 0)" by (rule normfloat_imp_odd_or_zero[OF normf])
hoelzl@29804
   307
  have ab': "odd a' \<or> (a' = 0 \<and> b' = 0)" by (rule normfloat_imp_odd_or_zero[OF normg])
hoelzl@29804
   308
  {
hoelzl@29804
   309
    assume odd: "odd a"
hoelzl@29804
   310
    then have "a \<noteq> 0" by (simp add: even_def, arith)
hoelzl@29804
   311
    with float_eq have "a' \<noteq> 0" by auto
hoelzl@29804
   312
    with ab' have "odd a'" by simp
hoelzl@29804
   313
    from odd this float_eq have "a = a' \<and> b = b'" by (rule float_eq_odd)
hoelzl@29804
   314
  }
hoelzl@29804
   315
  note odd_case = this
hoelzl@29804
   316
  {
hoelzl@29804
   317
    assume even: "even a"
hoelzl@29804
   318
    with ab have a0: "a = 0" by simp
hoelzl@29804
   319
    with float_eq have a0': "a' = 0" by auto 
hoelzl@29804
   320
    from a0 a0' ab ab' have "a = a' \<and> b = b'" by auto
hoelzl@29804
   321
  }
hoelzl@29804
   322
  note even_case = this
hoelzl@29804
   323
  from odd_case even_case show ?thesis
hoelzl@29804
   324
    apply (simp add: normf normg)
hoelzl@29804
   325
    apply (case_tac "even a")
hoelzl@29804
   326
    apply auto
hoelzl@29804
   327
    done
hoelzl@29804
   328
qed
hoelzl@29804
   329
hoelzl@29804
   330
instantiation float :: plus begin
hoelzl@29804
   331
fun plus_float where
hoelzl@29804
   332
[simp del]: "(Float a_m a_e) + (Float b_m b_e) = 
hoelzl@29804
   333
     (if a_e \<le> b_e then Float (a_m + b_m * 2^(nat(b_e - a_e))) a_e 
hoelzl@29804
   334
                   else Float (a_m * 2^(nat (a_e - b_e)) + b_m) b_e)"
hoelzl@29804
   335
instance ..
hoelzl@29804
   336
end
hoelzl@29804
   337
hoelzl@29804
   338
instantiation float :: uminus begin
haftmann@30960
   339
primrec uminus_float where [simp del]: "uminus_float (Float m e) = Float (-m) e"
hoelzl@29804
   340
instance ..
hoelzl@29804
   341
end
hoelzl@29804
   342
hoelzl@29804
   343
instantiation float :: minus begin
haftmann@30960
   344
definition minus_float where [simp del]: "(z::float) - w = z + (- w)"
hoelzl@29804
   345
instance ..
hoelzl@29804
   346
end
hoelzl@29804
   347
hoelzl@29804
   348
instantiation float :: times begin
hoelzl@29804
   349
fun times_float where [simp del]: "(Float a_m a_e) * (Float b_m b_e) = Float (a_m * b_m) (a_e + b_e)"
hoelzl@29804
   350
instance ..
hoelzl@29804
   351
end
hoelzl@29804
   352
haftmann@30960
   353
primrec float_pprt :: "float \<Rightarrow> float" where
haftmann@30960
   354
  "float_pprt (Float a e) = (if 0 <= a then (Float a e) else 0)"
hoelzl@29804
   355
haftmann@30960
   356
primrec float_nprt :: "float \<Rightarrow> float" where
haftmann@30960
   357
  "float_nprt (Float a e) = (if 0 <= a then 0 else (Float a e))" 
hoelzl@29804
   358
hoelzl@29804
   359
instantiation float :: ord begin
hoelzl@31098
   360
definition le_float_def: "z \<le> (w :: float) \<equiv> real z \<le> real w"
hoelzl@31098
   361
definition less_float_def: "z < (w :: float) \<equiv> real z < real w"
hoelzl@29804
   362
instance ..
hoelzl@29804
   363
end
hoelzl@29804
   364
hoelzl@31098
   365
lemma real_of_float_add[simp]: "real (a + b) = real a + real (b :: float)"
hoelzl@29804
   366
  by (cases a, cases b, simp add: algebra_simps plus_float.simps, 
hoelzl@29804
   367
      auto simp add: pow2_int[symmetric] pow2_add[symmetric])
hoelzl@29804
   368
hoelzl@31098
   369
lemma real_of_float_minus[simp]: "real (- a) = - real (a :: float)"
hoelzl@29804
   370
  by (cases a, simp add: uminus_float.simps)
hoelzl@29804
   371
hoelzl@31098
   372
lemma real_of_float_sub[simp]: "real (a - b) = real a - real (b :: float)"
haftmann@30960
   373
  by (cases a, cases b, simp add: minus_float_def)
hoelzl@29804
   374
hoelzl@31098
   375
lemma real_of_float_mult[simp]: "real (a*b) = real a * real (b :: float)"
hoelzl@29804
   376
  by (cases a, cases b, simp add: times_float.simps pow2_add)
hoelzl@29804
   377
hoelzl@31098
   378
lemma real_of_float_0[simp]: "real (0 :: float) = 0"
hoelzl@29804
   379
  by (auto simp add: zero_float_def float_zero)
hoelzl@29804
   380
hoelzl@31098
   381
lemma real_of_float_1[simp]: "real (1 :: float) = 1"
hoelzl@29804
   382
  by (auto simp add: one_float_def)
hoelzl@29804
   383
obua@16782
   384
lemma zero_le_float:
hoelzl@31098
   385
  "(0 <= real (Float a b)) = (0 <= a)"
hoelzl@29804
   386
  apply auto
hoelzl@29804
   387
  apply (auto simp add: zero_le_mult_iff)
obua@16782
   388
  apply (insert zero_less_pow2[of b])
obua@16782
   389
  apply (simp_all)
obua@16782
   390
  done
obua@16782
   391
obua@16782
   392
lemma float_le_zero:
hoelzl@31098
   393
  "(real (Float a b) <= 0) = (a <= 0)"
hoelzl@29804
   394
  apply auto
obua@16782
   395
  apply (auto simp add: mult_le_0_iff)
obua@16782
   396
  apply (insert zero_less_pow2[of b])
obua@16782
   397
  apply auto
obua@16782
   398
  done
obua@16782
   399
hoelzl@31098
   400
declare real_of_float_simp[simp del]
hoelzl@29804
   401
hoelzl@31098
   402
lemma real_of_float_pprt[simp]: "real (float_pprt a) = pprt (real a)"
hoelzl@29804
   403
  by (cases a, auto simp add: float_pprt.simps zero_le_float float_le_zero float_zero)
hoelzl@29804
   404
hoelzl@31098
   405
lemma real_of_float_nprt[simp]: "real (float_nprt a) = nprt (real a)"
hoelzl@29804
   406
  by (cases a,  auto simp add: float_nprt.simps zero_le_float float_le_zero float_zero)
hoelzl@29804
   407
hoelzl@29804
   408
instance float :: ab_semigroup_add
hoelzl@29804
   409
proof (intro_classes)
hoelzl@29804
   410
  fix a b c :: float
hoelzl@29804
   411
  show "a + b + c = a + (b + c)"
hoelzl@29804
   412
    by (cases a, cases b, cases c, auto simp add: algebra_simps power_add[symmetric] plus_float.simps)
hoelzl@29804
   413
next
hoelzl@29804
   414
  fix a b :: float
hoelzl@29804
   415
  show "a + b = b + a"
hoelzl@29804
   416
    by (cases a, cases b, simp add: plus_float.simps)
hoelzl@29804
   417
qed
hoelzl@29804
   418
hoelzl@29804
   419
instance float :: comm_monoid_mult
hoelzl@29804
   420
proof (intro_classes)
hoelzl@29804
   421
  fix a b c :: float
hoelzl@29804
   422
  show "a * b * c = a * (b * c)"
hoelzl@29804
   423
    by (cases a, cases b, cases c, simp add: times_float.simps)
hoelzl@29804
   424
next
hoelzl@29804
   425
  fix a b :: float
hoelzl@29804
   426
  show "a * b = b * a"
hoelzl@29804
   427
    by (cases a, cases b, simp add: times_float.simps)
hoelzl@29804
   428
next
hoelzl@29804
   429
  fix a :: float
hoelzl@29804
   430
  show "1 * a = a"
hoelzl@29804
   431
    by (cases a, simp add: times_float.simps one_float_def)
hoelzl@29804
   432
qed
hoelzl@29804
   433
hoelzl@29804
   434
(* Floats do NOT form a cancel_semigroup_add: *)
hoelzl@29804
   435
lemma "0 + Float 0 1 = 0 + Float 0 2"
hoelzl@29804
   436
  by (simp add: plus_float.simps zero_float_def)
hoelzl@29804
   437
hoelzl@29804
   438
instance float :: comm_semiring
hoelzl@29804
   439
proof (intro_classes)
hoelzl@29804
   440
  fix a b c :: float
hoelzl@29804
   441
  show "(a + b) * c = a * c + b * c"
hoelzl@29804
   442
    by (cases a, cases b, cases c, simp, simp add: plus_float.simps times_float.simps algebra_simps)
hoelzl@29804
   443
qed
hoelzl@29804
   444
hoelzl@29804
   445
(* Floats do NOT form an order, because "(x < y) = (x <= y & x <> y)" does NOT hold *)
hoelzl@29804
   446
hoelzl@29804
   447
instance float :: zero_neq_one
hoelzl@29804
   448
proof (intro_classes)
hoelzl@29804
   449
  show "(0::float) \<noteq> 1"
hoelzl@29804
   450
    by (simp add: zero_float_def one_float_def)
hoelzl@29804
   451
qed
hoelzl@29804
   452
hoelzl@29804
   453
lemma float_le_simp: "((x::float) \<le> y) = (0 \<le> y - x)"
hoelzl@29804
   454
  by (auto simp add: le_float_def)
hoelzl@29804
   455
hoelzl@29804
   456
lemma float_less_simp: "((x::float) < y) = (0 < y - x)"
hoelzl@29804
   457
  by (auto simp add: less_float_def)
hoelzl@29804
   458
hoelzl@31098
   459
lemma real_of_float_min: "real (min x y :: float) = min (real x) (real y)" unfolding min_def le_float_def by auto
hoelzl@31098
   460
lemma real_of_float_max: "real (max a b :: float) = max (real a) (real b)" unfolding max_def le_float_def by auto
hoelzl@29804
   461
hoelzl@31098
   462
lemma float_power: "real (x ^ n :: float) = real x ^ n"
haftmann@30960
   463
  by (induct n) simp_all
hoelzl@29804
   464
hoelzl@29804
   465
lemma zero_le_pow2[simp]: "0 \<le> pow2 s"
hoelzl@29804
   466
  apply (subgoal_tac "0 < pow2 s")
hoelzl@29804
   467
  apply (auto simp only:)
hoelzl@29804
   468
  apply auto
obua@16782
   469
  done
obua@16782
   470
hoelzl@29804
   471
lemma pow2_less_0_eq_False[simp]: "(pow2 s < 0) = False"
hoelzl@29804
   472
  apply auto
hoelzl@29804
   473
  apply (subgoal_tac "0 \<le> pow2 s")
hoelzl@29804
   474
  apply simp
hoelzl@29804
   475
  apply simp
obua@24301
   476
  done
obua@24301
   477
hoelzl@29804
   478
lemma pow2_le_0_eq_False[simp]: "(pow2 s \<le> 0) = False"
hoelzl@29804
   479
  apply auto
hoelzl@29804
   480
  apply (subgoal_tac "0 < pow2 s")
hoelzl@29804
   481
  apply simp
hoelzl@29804
   482
  apply simp
obua@24301
   483
  done
obua@24301
   484
hoelzl@29804
   485
lemma float_pos_m_pos: "0 < Float m e \<Longrightarrow> 0 < m"
hoelzl@31098
   486
  unfolding less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff
obua@16782
   487
  by auto
wenzelm@19765
   488
hoelzl@29804
   489
lemma float_pos_less1_e_neg: assumes "0 < Float m e" and "Float m e < 1" shows "e < 0"
hoelzl@29804
   490
proof -
hoelzl@29804
   491
  have "0 < m" using float_pos_m_pos `0 < Float m e` by auto
hoelzl@29804
   492
  hence "0 \<le> real m" and "1 \<le> real m" by auto
hoelzl@29804
   493
  
hoelzl@29804
   494
  show "e < 0"
hoelzl@29804
   495
  proof (rule ccontr)
hoelzl@29804
   496
    assume "\<not> e < 0" hence "0 \<le> e" by auto
hoelzl@29804
   497
    hence "1 \<le> pow2 e" unfolding pow2_def by auto
hoelzl@29804
   498
    from mult_mono[OF `1 \<le> real m` this `0 \<le> real m`]
hoelzl@31098
   499
    have "1 \<le> Float m e" by (simp add: le_float_def real_of_float_simp)
hoelzl@29804
   500
    thus False using `Float m e < 1` unfolding less_float_def le_float_def by auto
hoelzl@29804
   501
  qed
hoelzl@29804
   502
qed
hoelzl@29804
   503
hoelzl@29804
   504
lemma float_less1_mantissa_bound: assumes "0 < Float m e" "Float m e < 1" shows "m < 2^(nat (-e))"
hoelzl@29804
   505
proof -
hoelzl@29804
   506
  have "e < 0" using float_pos_less1_e_neg assms by auto
hoelzl@29804
   507
  have "\<And>x. (0::real) < 2^x" by auto
hoelzl@29804
   508
  have "real m < 2^(nat (-e))" using `Float m e < 1`
hoelzl@31098
   509
    unfolding less_float_def real_of_float_neg_exp[OF `e < 0`] real_of_float_1
hoelzl@29804
   510
          real_mult_less_iff1[of _ _ 1, OF `0 < 2^(nat (-e))`, symmetric] 
hoelzl@29804
   511
          real_mult_assoc by auto
hoelzl@29804
   512
  thus ?thesis unfolding real_of_int_less_iff[symmetric] by auto
hoelzl@29804
   513
qed
hoelzl@29804
   514
hoelzl@29804
   515
function bitlen :: "int \<Rightarrow> int" where
hoelzl@29804
   516
"bitlen 0 = 0" | 
hoelzl@29804
   517
"bitlen -1 = 1" | 
hoelzl@29804
   518
"0 < x \<Longrightarrow> bitlen x = 1 + (bitlen (x div 2))" | 
hoelzl@29804
   519
"x < -1 \<Longrightarrow> bitlen x = 1 + (bitlen (x div 2))"
hoelzl@29804
   520
  apply (case_tac "x = 0 \<or> x = -1 \<or> x < -1 \<or> x > 0")
hoelzl@29804
   521
  apply auto
hoelzl@29804
   522
  done
hoelzl@29804
   523
termination by (relation "measure (nat o abs)", auto)
hoelzl@29804
   524
hoelzl@29804
   525
lemma bitlen_ge0: "0 \<le> bitlen x" by (induct x rule: bitlen.induct, auto)
hoelzl@29804
   526
lemma bitlen_ge1: "x \<noteq> 0 \<Longrightarrow> 1 \<le> bitlen x" by (induct x rule: bitlen.induct, auto simp add: bitlen_ge0)
hoelzl@29804
   527
hoelzl@29804
   528
lemma bitlen_bounds': assumes "0 < x" shows "2^nat (bitlen x - 1) \<le> x \<and> x + 1 \<le> 2^nat (bitlen x)" (is "?P x")
hoelzl@29804
   529
  using `0 < x`
hoelzl@29804
   530
proof (induct x rule: bitlen.induct)
hoelzl@29804
   531
  fix x
hoelzl@29804
   532
  assume "0 < x" and hyp: "0 < x div 2 \<Longrightarrow> ?P (x div 2)" hence "0 \<le> x" and "x \<noteq> 0" by auto
hoelzl@29804
   533
  { fix x have "0 \<le> 1 + bitlen x" using bitlen_ge0[of x] by auto } note gt0_pls1 = this
hoelzl@29804
   534
hoelzl@29804
   535
  have "0 < (2::int)" by auto
obua@16782
   536
hoelzl@29804
   537
  show "?P x"
hoelzl@29804
   538
  proof (cases "x = 1")
hoelzl@29804
   539
    case True show "?P x" unfolding True by auto
hoelzl@29804
   540
  next
hoelzl@29804
   541
    case False hence "2 \<le> x" using `0 < x` `x \<noteq> 1` by auto
hoelzl@29804
   542
    hence "2 div 2 \<le> x div 2" by (rule zdiv_mono1, auto)
hoelzl@29804
   543
    hence "0 < x div 2" and "x div 2 \<noteq> 0" by auto
hoelzl@29804
   544
    hence bitlen_s1_ge0: "0 \<le> bitlen (x div 2) - 1" using bitlen_ge1[OF `x div 2 \<noteq> 0`] by auto
obua@16782
   545
hoelzl@29804
   546
    { from hyp[OF `0 < x div 2`]
hoelzl@29804
   547
      have "2 ^ nat (bitlen (x div 2) - 1) \<le> x div 2" by auto
hoelzl@29804
   548
      hence "2 ^ nat (bitlen (x div 2) - 1) * 2 \<le> x div 2 * 2" by (rule mult_right_mono, auto)
hoelzl@29804
   549
      also have "\<dots> \<le> x" using `0 < x` by auto
hoelzl@29804
   550
      finally have "2^nat (1 + bitlen (x div 2) - 1) \<le> x" unfolding power_Suc2[symmetric] Suc_nat_eq_nat_zadd1[OF bitlen_s1_ge0] by auto
hoelzl@29804
   551
    } moreover
hoelzl@29804
   552
    { have "x + 1 \<le> x - x mod 2 + 2"
hoelzl@29804
   553
      proof -
wenzelm@32960
   554
        have "x mod 2 < 2" using `0 < x` by auto
wenzelm@32960
   555
        hence "x < x - x mod 2 +  2" unfolding algebra_simps by auto
wenzelm@32960
   556
        thus ?thesis by auto
hoelzl@29804
   557
      qed
hoelzl@29804
   558
      also have "x - x mod 2 + 2 = (x div 2 + 1) * 2" unfolding algebra_simps using `0 < x` zdiv_zmod_equality2[of x 2 0] by auto
hoelzl@29804
   559
      also have "\<dots> \<le> 2^nat (bitlen (x div 2)) * 2" using hyp[OF `0 < x div 2`, THEN conjunct2] by (rule mult_right_mono, auto)
hoelzl@29804
   560
      also have "\<dots> = 2^(1 + nat (bitlen (x div 2)))" unfolding power_Suc2[symmetric] by auto
hoelzl@29804
   561
      finally have "x + 1 \<le> 2^(1 + nat (bitlen (x div 2)))" .
hoelzl@29804
   562
    }
hoelzl@29804
   563
    ultimately show ?thesis
hoelzl@29804
   564
      unfolding bitlen.simps(3)[OF `0 < x`] nat_add_distrib[OF zero_le_one bitlen_ge0]
hoelzl@29804
   565
      unfolding add_commute nat_add_distrib[OF zero_le_one gt0_pls1]
hoelzl@29804
   566
      by auto
hoelzl@29804
   567
  qed
hoelzl@29804
   568
next
hoelzl@29804
   569
  fix x :: int assume "x < -1" and "0 < x" hence False by auto
hoelzl@29804
   570
  thus "?P x" by auto
hoelzl@29804
   571
qed auto
hoelzl@29804
   572
hoelzl@29804
   573
lemma bitlen_bounds: assumes "0 < x" shows "2^nat (bitlen x - 1) \<le> x \<and> x < 2^nat (bitlen x)"
hoelzl@29804
   574
  using bitlen_bounds'[OF `0<x`] by auto
hoelzl@29804
   575
hoelzl@29804
   576
lemma bitlen_div: assumes "0 < m" shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
hoelzl@29804
   577
proof -
hoelzl@29804
   578
  let ?B = "2^nat(bitlen m - 1)"
hoelzl@29804
   579
hoelzl@29804
   580
  have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
hoelzl@29804
   581
  hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   582
  thus "1 \<le> real m / ?B" by auto
hoelzl@29804
   583
hoelzl@29804
   584
  have "m \<noteq> 0" using assms by auto
hoelzl@29804
   585
  have "0 \<le> bitlen m - 1" using bitlen_ge1[OF `m \<noteq> 0`] by auto
obua@16782
   586
hoelzl@29804
   587
  have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
hoelzl@29804
   588
  also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using bitlen_ge1[OF `m \<noteq> 0`] by auto
hoelzl@29804
   589
  also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
hoelzl@29804
   590
  finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
hoelzl@29804
   591
  hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
hoelzl@29804
   592
  thus "real m / ?B < 2" by auto
hoelzl@29804
   593
qed
hoelzl@29804
   594
hoelzl@29804
   595
lemma float_gt1_scale: assumes "1 \<le> Float m e"
hoelzl@29804
   596
  shows "0 \<le> e + (bitlen m - 1)"
hoelzl@29804
   597
proof (cases "0 \<le> e")
hoelzl@29804
   598
  have "0 < Float m e" using assms unfolding less_float_def le_float_def by auto
hoelzl@29804
   599
  hence "0 < m" using float_pos_m_pos by auto
hoelzl@29804
   600
  hence "m \<noteq> 0" by auto
hoelzl@29804
   601
  case True with bitlen_ge1[OF `m \<noteq> 0`] show ?thesis by auto
hoelzl@29804
   602
next
hoelzl@29804
   603
  have "0 < Float m e" using assms unfolding less_float_def le_float_def by auto
hoelzl@29804
   604
  hence "0 < m" using float_pos_m_pos by auto
hoelzl@29804
   605
  hence "m \<noteq> 0" and "1 < (2::int)" by auto
hoelzl@29804
   606
  case False let ?S = "2^(nat (-e))"
hoelzl@31098
   607
  have "1 \<le> real m * inverse ?S" using assms unfolding le_float_def real_of_float_nge0_exp[OF False] by auto
hoelzl@29804
   608
  hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
hoelzl@29804
   609
  hence "?S \<le> real m" unfolding mult_assoc by auto
hoelzl@29804
   610
  hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   611
  from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
hoelzl@29804
   612
  have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
hoelzl@29804
   613
  hence "-e < bitlen m" using False bitlen_ge0 by auto
hoelzl@29804
   614
  thus ?thesis by auto
hoelzl@29804
   615
qed
hoelzl@29804
   616
hoelzl@31098
   617
lemma normalized_float: assumes "m \<noteq> 0" shows "real (Float m (- (bitlen m - 1))) = real m / 2^nat (bitlen m - 1)"
hoelzl@29804
   618
proof (cases "- (bitlen m - 1) = 0")
hoelzl@31098
   619
  case True show ?thesis unfolding real_of_float_simp pow2_def using True by auto
hoelzl@29804
   620
next
hoelzl@29804
   621
  case False hence P: "\<not> 0 \<le> - (bitlen m - 1)" using bitlen_ge1[OF `m \<noteq> 0`] by auto
hoelzl@31098
   622
  show ?thesis unfolding real_of_float_nge0_exp[OF P] real_divide_def by auto
hoelzl@29804
   623
qed
hoelzl@29804
   624
hoelzl@29804
   625
lemma bitlen_Pls: "bitlen (Int.Pls) = Int.Pls" by (subst Pls_def, subst Pls_def, simp)
hoelzl@29804
   626
hoelzl@29804
   627
lemma bitlen_Min: "bitlen (Int.Min) = Int.Bit1 Int.Pls" by (subst Min_def, simp add: Bit1_def) 
hoelzl@29804
   628
hoelzl@29804
   629
lemma bitlen_B0: "bitlen (Int.Bit0 b) = (if iszero b then Int.Pls else Int.succ (bitlen b))"
hoelzl@29804
   630
  apply (auto simp add: iszero_def succ_def)
hoelzl@29804
   631
  apply (simp add: Bit0_def Pls_def)
hoelzl@29804
   632
  apply (subst Bit0_def)
hoelzl@29804
   633
  apply simp
hoelzl@29804
   634
  apply (subgoal_tac "0 < 2 * b \<or> 2 * b < -1")
hoelzl@29804
   635
  apply auto
hoelzl@29804
   636
  done
obua@16782
   637
hoelzl@29804
   638
lemma bitlen_B1: "bitlen (Int.Bit1 b) = (if iszero (Int.succ b) then Int.Bit1 Int.Pls else Int.succ (bitlen b))"
hoelzl@29804
   639
proof -
hoelzl@29804
   640
  have h: "! x. (2*x + 1) div 2 = (x::int)"
hoelzl@29804
   641
    by arith    
hoelzl@29804
   642
  show ?thesis
hoelzl@29804
   643
    apply (auto simp add: iszero_def succ_def)
hoelzl@29804
   644
    apply (subst Bit1_def)+
hoelzl@29804
   645
    apply simp
hoelzl@29804
   646
    apply (subgoal_tac "2 * b + 1 = -1")
hoelzl@29804
   647
    apply (simp only:)
hoelzl@29804
   648
    apply simp_all
hoelzl@29804
   649
    apply (subst Bit1_def)
hoelzl@29804
   650
    apply simp
hoelzl@29804
   651
    apply (subgoal_tac "0 < 2 * b + 1 \<or> 2 * b + 1 < -1")
hoelzl@29804
   652
    apply (auto simp add: h)
hoelzl@29804
   653
    done
hoelzl@29804
   654
qed
hoelzl@29804
   655
hoelzl@29804
   656
lemma bitlen_number_of: "bitlen (number_of w) = number_of (bitlen w)"
hoelzl@29804
   657
  by (simp add: number_of_is_id)
obua@16782
   658
hoelzl@29804
   659
lemma [code]: "bitlen x = 
hoelzl@29804
   660
     (if x = 0  then 0 
hoelzl@29804
   661
 else if x = -1 then 1 
hoelzl@29804
   662
                else (1 + (bitlen (x div 2))))"
hoelzl@29804
   663
  by (cases "x = 0 \<or> x = -1 \<or> 0 < x") auto
hoelzl@29804
   664
hoelzl@29804
   665
definition lapprox_posrat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   666
where
hoelzl@29804
   667
  "lapprox_posrat prec x y = 
hoelzl@29804
   668
   (let 
hoelzl@29804
   669
       l = nat (int prec + bitlen y - bitlen x) ;
hoelzl@29804
   670
       d = (x * 2^l) div y
hoelzl@29804
   671
    in normfloat (Float d (- (int l))))"
hoelzl@29804
   672
hoelzl@29804
   673
lemma pow2_minus: "pow2 (-x) = inverse (pow2 x)"
hoelzl@29804
   674
  unfolding pow2_neg[of "-x"] by auto
hoelzl@29804
   675
hoelzl@29804
   676
lemma lapprox_posrat: 
hoelzl@29804
   677
  assumes x: "0 \<le> x"
hoelzl@29804
   678
  and y: "0 < y"
hoelzl@31098
   679
  shows "real (lapprox_posrat prec x y) \<le> real x / real y"
hoelzl@29804
   680
proof -
hoelzl@29804
   681
  let ?l = "nat (int prec + bitlen y - bitlen x)"
hoelzl@29804
   682
  
hoelzl@29804
   683
  have "real (x * 2^?l div y) * inverse (2^?l) \<le> (real (x * 2^?l) / real y) * inverse (2^?l)" 
hoelzl@29804
   684
    by (rule mult_right_mono, fact real_of_int_div4, simp)
hoelzl@29804
   685
  also have "\<dots> \<le> (real x / real y) * 2^?l * inverse (2^?l)" by auto
hoelzl@29804
   686
  finally have "real (x * 2^?l div y) * inverse (2^?l) \<le> real x / real y" unfolding real_mult_assoc by auto
hoelzl@31098
   687
  thus ?thesis unfolding lapprox_posrat_def Let_def normfloat real_of_float_simp
hoelzl@29804
   688
    unfolding pow2_minus pow2_int minus_minus .
hoelzl@29804
   689
qed
obua@16782
   690
hoelzl@29804
   691
lemma real_of_int_div_mult: 
hoelzl@29804
   692
  fixes x y c :: int assumes "0 < y" and "0 < c"
hoelzl@29804
   693
  shows "real (x div y) \<le> real (x * c div y) * inverse (real c)"
hoelzl@29804
   694
proof -
hoelzl@29804
   695
  have "c * (x div y) + 0 \<le> c * x div y" unfolding zdiv_zmult1_eq[of c x y]
hoelzl@29804
   696
    by (rule zadd_left_mono, 
hoelzl@29804
   697
        auto intro!: mult_nonneg_nonneg 
hoelzl@29804
   698
             simp add: pos_imp_zdiv_nonneg_iff[OF `0 < y`] `0 < c`[THEN less_imp_le] pos_mod_sign[OF `0 < y`])
hoelzl@29804
   699
  hence "real (x div y) * real c \<le> real (x * c div y)" 
hoelzl@29804
   700
    unfolding real_of_int_mult[symmetric] real_of_int_le_iff zmult_commute by auto
hoelzl@29804
   701
  hence "real (x div y) * real c * inverse (real c) \<le> real (x * c div y) * inverse (real c)"
hoelzl@29804
   702
    using `0 < c` by auto
hoelzl@29804
   703
  thus ?thesis unfolding real_mult_assoc using `0 < c` by auto
hoelzl@29804
   704
qed
hoelzl@29804
   705
hoelzl@29804
   706
lemma lapprox_posrat_bottom: assumes "0 < y"
hoelzl@31098
   707
  shows "real (x div y) \<le> real (lapprox_posrat n x y)" 
hoelzl@29804
   708
proof -
hoelzl@29804
   709
  have pow: "\<And>x. (0::int) < 2^x" by auto
hoelzl@29804
   710
  show ?thesis
hoelzl@31098
   711
    unfolding lapprox_posrat_def Let_def real_of_float_add normfloat real_of_float_simp pow2_minus pow2_int
hoelzl@29804
   712
    using real_of_int_div_mult[OF `0 < y` pow] by auto
hoelzl@29804
   713
qed
hoelzl@29804
   714
hoelzl@29804
   715
lemma lapprox_posrat_nonneg: assumes "0 \<le> x" and "0 < y"
hoelzl@31098
   716
  shows "0 \<le> real (lapprox_posrat n x y)" 
hoelzl@29804
   717
proof -
hoelzl@29804
   718
  show ?thesis
hoelzl@31098
   719
    unfolding lapprox_posrat_def Let_def real_of_float_add normfloat real_of_float_simp pow2_minus pow2_int
hoelzl@29804
   720
    using pos_imp_zdiv_nonneg_iff[OF `0 < y`] assms by (auto intro!: mult_nonneg_nonneg)
hoelzl@29804
   721
qed
hoelzl@29804
   722
hoelzl@29804
   723
definition rapprox_posrat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   724
where
hoelzl@29804
   725
  "rapprox_posrat prec x y = (let
hoelzl@29804
   726
     l = nat (int prec + bitlen y - bitlen x) ;
hoelzl@29804
   727
     X = x * 2^l ;
hoelzl@29804
   728
     d = X div y ;
hoelzl@29804
   729
     m = X mod y
hoelzl@29804
   730
   in normfloat (Float (d + (if m = 0 then 0 else 1)) (- (int l))))"
obua@16782
   731
hoelzl@29804
   732
lemma rapprox_posrat:
hoelzl@29804
   733
  assumes x: "0 \<le> x"
hoelzl@29804
   734
  and y: "0 < y"
hoelzl@31098
   735
  shows "real x / real y \<le> real (rapprox_posrat prec x y)"
hoelzl@29804
   736
proof -
hoelzl@29804
   737
  let ?l = "nat (int prec + bitlen y - bitlen x)" let ?X = "x * 2^?l"
hoelzl@29804
   738
  show ?thesis 
hoelzl@29804
   739
  proof (cases "?X mod y = 0")
hoelzl@29804
   740
    case True hence "y \<noteq> 0" and "y dvd ?X" using `0 < y` by auto
hoelzl@29804
   741
    from real_of_int_div[OF this]
hoelzl@29804
   742
    have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
hoelzl@29804
   743
    also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
hoelzl@29804
   744
    finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
hoelzl@29804
   745
    thus ?thesis unfolding rapprox_posrat_def Let_def normfloat if_P[OF True] 
hoelzl@31098
   746
      unfolding real_of_float_simp pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   747
  next
hoelzl@29804
   748
    case False
hoelzl@29804
   749
    have "0 \<le> real y" and "real y \<noteq> 0" using `0 < y` by auto
hoelzl@29804
   750
    have "0 \<le> real y * 2^?l" by (rule mult_nonneg_nonneg, rule `0 \<le> real y`, auto)
obua@16782
   751
hoelzl@29804
   752
    have "?X = y * (?X div y) + ?X mod y" by auto
hoelzl@29804
   753
    also have "\<dots> \<le> y * (?X div y) + y" by (rule add_mono, auto simp add: pos_mod_bound[OF `0 < y`, THEN less_imp_le])
hoelzl@29804
   754
    also have "\<dots> = y * (?X div y + 1)" unfolding zadd_zmult_distrib2 by auto
hoelzl@29804
   755
    finally have "real ?X \<le> real y * real (?X div y + 1)" unfolding real_of_int_le_iff real_of_int_mult[symmetric] .
hoelzl@29804
   756
    hence "real ?X / (real y * 2^?l) \<le> real y * real (?X div y + 1) / (real y * 2^?l)" 
hoelzl@29804
   757
      by (rule divide_right_mono, simp only: `0 \<le> real y * 2^?l`)
hoelzl@29804
   758
    also have "\<dots> = real y * real (?X div y + 1) / real y / 2^?l" by auto
hoelzl@29804
   759
    also have "\<dots> = real (?X div y + 1) * inverse (2^?l)" unfolding nonzero_mult_divide_cancel_left[OF `real y \<noteq> 0`] 
hoelzl@29804
   760
      unfolding real_divide_def ..
hoelzl@31098
   761
    finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
hoelzl@29804
   762
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   763
  qed
hoelzl@29804
   764
qed
hoelzl@29804
   765
hoelzl@29804
   766
lemma rapprox_posrat_le1: assumes "0 \<le> x" and "0 < y" and "x \<le> y"
hoelzl@31098
   767
  shows "real (rapprox_posrat n x y) \<le> 1"
hoelzl@29804
   768
proof -
hoelzl@29804
   769
  let ?l = "nat (int n + bitlen y - bitlen x)" let ?X = "x * 2^?l"
hoelzl@29804
   770
  show ?thesis
hoelzl@29804
   771
  proof (cases "?X mod y = 0")
hoelzl@29804
   772
    case True hence "y \<noteq> 0" and "y dvd ?X" using `0 < y` by auto
hoelzl@29804
   773
    from real_of_int_div[OF this]
hoelzl@29804
   774
    have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
hoelzl@29804
   775
    also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
hoelzl@29804
   776
    finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
hoelzl@29804
   777
    also have "real x / real y \<le> 1" using `0 \<le> x` and `0 < y` and `x \<le> y` by auto
hoelzl@29804
   778
    finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat if_P[OF True]
hoelzl@31098
   779
      unfolding real_of_float_simp pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   780
  next
hoelzl@29804
   781
    case False
hoelzl@29804
   782
    have "x \<noteq> y"
hoelzl@29804
   783
    proof (rule ccontr)
hoelzl@29804
   784
      assume "\<not> x \<noteq> y" hence "x = y" by auto
nipkow@30034
   785
      have "?X mod y = 0" unfolding `x = y` using mod_mult_self1_is_0 by auto
hoelzl@29804
   786
      thus False using False by auto
hoelzl@29804
   787
    qed
hoelzl@29804
   788
    hence "x < y" using `x \<le> y` by auto
hoelzl@29804
   789
    hence "real x / real y < 1" using `0 < y` and `0 \<le> x` by auto
obua@16782
   790
hoelzl@29804
   791
    from real_of_int_div4[of "?X" y]
hoelzl@29804
   792
    have "real (?X div y) \<le> (real x / real y) * 2^?l" unfolding real_of_int_mult times_divide_eq_left real_of_int_power[symmetric] real_number_of .
hoelzl@29804
   793
    also have "\<dots> < 1 * 2^?l" using `real x / real y < 1` by (rule mult_strict_right_mono, auto)
hoelzl@29804
   794
    finally have "?X div y < 2^?l" unfolding real_of_int_less_iff[of _ "2^?l", symmetric] by auto
hoelzl@29804
   795
    hence "?X div y + 1 \<le> 2^?l" by auto
hoelzl@29804
   796
    hence "real (?X div y + 1) * inverse (2^?l) \<le> 2^?l * inverse (2^?l)"
hoelzl@29804
   797
      unfolding real_of_int_le_iff[of _ "2^?l", symmetric] real_of_int_power[symmetric] real_number_of
hoelzl@29804
   798
      by (rule mult_right_mono, auto)
hoelzl@29804
   799
    hence "real (?X div y + 1) * inverse (2^?l) \<le> 1" by auto
hoelzl@31098
   800
    thus ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
hoelzl@29804
   801
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   802
  qed
hoelzl@29804
   803
qed
obua@16782
   804
hoelzl@29804
   805
lemma zdiv_greater_zero: fixes a b :: int assumes "0 < a" and "a \<le> b"
hoelzl@29804
   806
  shows "0 < b div a"
hoelzl@29804
   807
proof (rule ccontr)
hoelzl@29804
   808
  have "0 \<le> b" using assms by auto
hoelzl@29804
   809
  assume "\<not> 0 < b div a" hence "b div a = 0" using `0 \<le> b`[unfolded pos_imp_zdiv_nonneg_iff[OF `0<a`, of b, symmetric]] by auto
hoelzl@29804
   810
  have "b = a * (b div a) + b mod a" by auto
hoelzl@29804
   811
  hence "b = b mod a" unfolding `b div a = 0` by auto
hoelzl@29804
   812
  hence "b < a" using `0 < a`[THEN pos_mod_bound, of b] by auto
hoelzl@29804
   813
  thus False using `a \<le> b` by auto
hoelzl@29804
   814
qed
hoelzl@29804
   815
hoelzl@29804
   816
lemma rapprox_posrat_less1: assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
hoelzl@31098
   817
  shows "real (rapprox_posrat n x y) < 1"
hoelzl@29804
   818
proof (cases "x = 0")
hoelzl@31098
   819
  case True thus ?thesis unfolding rapprox_posrat_def True Let_def normfloat real_of_float_simp by auto
hoelzl@29804
   820
next
hoelzl@29804
   821
  case False hence "0 < x" using `0 \<le> x` by auto
hoelzl@29804
   822
  hence "x < y" using assms by auto
hoelzl@29804
   823
  
hoelzl@29804
   824
  let ?l = "nat (int n + bitlen y - bitlen x)" let ?X = "x * 2^?l"
hoelzl@29804
   825
  show ?thesis
hoelzl@29804
   826
  proof (cases "?X mod y = 0")
hoelzl@29804
   827
    case True hence "y \<noteq> 0" and "y dvd ?X" using `0 < y` by auto
hoelzl@29804
   828
    from real_of_int_div[OF this]
hoelzl@29804
   829
    have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
hoelzl@29804
   830
    also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
hoelzl@29804
   831
    finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
hoelzl@29804
   832
    also have "real x / real y < 1" using `0 \<le> x` and `0 < y` and `x < y` by auto
hoelzl@31098
   833
    finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_P[OF True]
hoelzl@29804
   834
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   835
  next
hoelzl@29804
   836
    case False
hoelzl@29804
   837
    hence "(real x / real y) < 1 / 2" using `0 < y` and `0 \<le> x` `2 * x < y` by auto
obua@16782
   838
hoelzl@29804
   839
    have "0 < ?X div y"
hoelzl@29804
   840
    proof -
hoelzl@29804
   841
      have "2^nat (bitlen x - 1) \<le> y" and "y < 2^nat (bitlen y)"
wenzelm@32960
   842
        using bitlen_bounds[OF `0 < x`, THEN conjunct1] bitlen_bounds[OF `0 < y`, THEN conjunct2] `x < y` by auto
hoelzl@29804
   843
      hence "(2::int)^nat (bitlen x - 1) < 2^nat (bitlen y)" by (rule order_le_less_trans)
hoelzl@29804
   844
      hence "bitlen x \<le> bitlen y" by auto
hoelzl@29804
   845
      hence len_less: "nat (bitlen x - 1) \<le> nat (int (n - 1) + bitlen y)" by auto
hoelzl@29804
   846
hoelzl@29804
   847
      have "x \<noteq> 0" and "y \<noteq> 0" using `0 < x` `0 < y` by auto
hoelzl@29804
   848
hoelzl@29804
   849
      have exp_eq: "nat (int (n - 1) + bitlen y) - nat (bitlen x - 1) = ?l"
wenzelm@32960
   850
        using `bitlen x \<le> bitlen y` bitlen_ge1[OF `x \<noteq> 0`] bitlen_ge1[OF `y \<noteq> 0`] `0 < n` by auto
hoelzl@29804
   851
hoelzl@29804
   852
      have "y * 2^nat (bitlen x - 1) \<le> y * x" 
wenzelm@32960
   853
        using bitlen_bounds[OF `0 < x`, THEN conjunct1] `0 < y`[THEN less_imp_le] by (rule mult_left_mono)
hoelzl@29804
   854
      also have "\<dots> \<le> 2^nat (bitlen y) * x" using bitlen_bounds[OF `0 < y`, THEN conjunct2, THEN less_imp_le] `0 \<le> x` by (rule mult_right_mono)
hoelzl@29804
   855
      also have "\<dots> \<le> x * 2^nat (int (n - 1) + bitlen y)" unfolding mult_commute[of x] by (rule mult_right_mono, auto simp add: `0 \<le> x`)
hoelzl@29804
   856
      finally have "real y * 2^nat (bitlen x - 1) * inverse (2^nat (bitlen x - 1)) \<le> real x * 2^nat (int (n - 1) + bitlen y) * inverse (2^nat (bitlen x - 1))"
wenzelm@32960
   857
        unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   858
      hence "real y \<le> real x * (2^nat (int (n - 1) + bitlen y) / (2^nat (bitlen x - 1)))" 
wenzelm@32960
   859
        unfolding real_mult_assoc real_divide_def by auto
hoelzl@29804
   860
      also have "\<dots> = real x * (2^(nat (int (n - 1) + bitlen y) - nat (bitlen x - 1)))" using power_diff[of "2::real", OF _ len_less] by auto
hoelzl@29804
   861
      finally have "y \<le> x * 2^?l" unfolding exp_eq unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   862
      thus ?thesis using zdiv_greater_zero[OF `0 < y`] by auto
hoelzl@29804
   863
    qed
hoelzl@29804
   864
hoelzl@29804
   865
    from real_of_int_div4[of "?X" y]
hoelzl@29804
   866
    have "real (?X div y) \<le> (real x / real y) * 2^?l" unfolding real_of_int_mult times_divide_eq_left real_of_int_power[symmetric] real_number_of .
hoelzl@29804
   867
    also have "\<dots> < 1/2 * 2^?l" using `real x / real y < 1/2` by (rule mult_strict_right_mono, auto)
hoelzl@29804
   868
    finally have "?X div y * 2 < 2^?l" unfolding real_of_int_less_iff[of _ "2^?l", symmetric] by auto
hoelzl@29804
   869
    hence "?X div y + 1 < 2^?l" using `0 < ?X div y` by auto
hoelzl@29804
   870
    hence "real (?X div y + 1) * inverse (2^?l) < 2^?l * inverse (2^?l)"
hoelzl@29804
   871
      unfolding real_of_int_less_iff[of _ "2^?l", symmetric] real_of_int_power[symmetric] real_number_of
hoelzl@29804
   872
      by (rule mult_strict_right_mono, auto)
hoelzl@29804
   873
    hence "real (?X div y + 1) * inverse (2^?l) < 1" by auto
hoelzl@31098
   874
    thus ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
hoelzl@29804
   875
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   876
  qed
hoelzl@29804
   877
qed
hoelzl@29804
   878
hoelzl@29804
   879
lemma approx_rat_pattern: fixes P and ps :: "nat * int * int"
hoelzl@29804
   880
  assumes Y: "\<And>y prec x. \<lbrakk>y = 0; ps = (prec, x, 0)\<rbrakk> \<Longrightarrow> P" 
hoelzl@29804
   881
  and A: "\<And>x y prec. \<lbrakk>0 \<le> x; 0 < y; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   882
  and B: "\<And>x y prec. \<lbrakk>x < 0; 0 < y; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   883
  and C: "\<And>x y prec. \<lbrakk>x < 0; y < 0; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   884
  and D: "\<And>x y prec. \<lbrakk>0 \<le> x; y < 0; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   885
  shows P
obua@16782
   886
proof -
hoelzl@29804
   887
  obtain prec x y where [simp]: "ps = (prec, x, y)" by (cases ps, auto)
hoelzl@29804
   888
  from Y have "y = 0 \<Longrightarrow> P" by auto
hoelzl@29804
   889
  moreover { assume "0 < y" have P proof (cases "0 \<le> x") case True with A and `0 < y` show P by auto next case False with B and `0 < y` show P by auto qed } 
hoelzl@29804
   890
  moreover { assume "y < 0" have P proof (cases "0 \<le> x") case True with D and `y < 0` show P by auto next case False with C and `y < 0` show P by auto qed }
hoelzl@29804
   891
  ultimately show P by (cases "y = 0 \<or> 0 < y \<or> y < 0", auto)
obua@16782
   892
qed
obua@16782
   893
hoelzl@29804
   894
function lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   895
where
hoelzl@29804
   896
  "y = 0 \<Longrightarrow> lapprox_rat prec x y = 0"
hoelzl@29804
   897
| "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> lapprox_rat prec x y = lapprox_posrat prec x y"
hoelzl@29804
   898
| "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> lapprox_rat prec x y = - (rapprox_posrat prec (-x) y)"
hoelzl@29804
   899
| "x < 0 \<Longrightarrow> y < 0 \<Longrightarrow> lapprox_rat prec x y = lapprox_posrat prec (-x) (-y)"
hoelzl@29804
   900
| "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> lapprox_rat prec x y = - (rapprox_posrat prec x (-y))"
hoelzl@29804
   901
apply simp_all by (rule approx_rat_pattern)
hoelzl@29804
   902
termination by lexicographic_order
obua@16782
   903
hoelzl@29804
   904
lemma compute_lapprox_rat[code]:
hoelzl@29804
   905
      "lapprox_rat prec x y = (if y = 0 then 0 else if 0 \<le> x then (if 0 < y then lapprox_posrat prec x y else - (rapprox_posrat prec x (-y))) 
hoelzl@29804
   906
                                                             else (if 0 < y then - (rapprox_posrat prec (-x) y) else lapprox_posrat prec (-x) (-y)))"
hoelzl@29804
   907
  by auto
hoelzl@29804
   908
            
hoelzl@31098
   909
lemma lapprox_rat: "real (lapprox_rat prec x y) \<le> real x / real y"
hoelzl@29804
   910
proof -      
hoelzl@29804
   911
  have h[rule_format]: "! a b b'. b' \<le> b \<longrightarrow> a \<le> b' \<longrightarrow> a \<le> (b::real)" by auto
hoelzl@29804
   912
  show ?thesis
hoelzl@29804
   913
    apply (case_tac "y = 0")
hoelzl@29804
   914
    apply simp
hoelzl@29804
   915
    apply (case_tac "0 \<le> x \<and> 0 < y")
hoelzl@29804
   916
    apply (simp add: lapprox_posrat)
hoelzl@29804
   917
    apply (case_tac "x < 0 \<and> 0 < y")
hoelzl@29804
   918
    apply simp
hoelzl@29804
   919
    apply (subst minus_le_iff)   
hoelzl@29804
   920
    apply (rule h[OF rapprox_posrat])
hoelzl@29804
   921
    apply (simp_all)
hoelzl@29804
   922
    apply (case_tac "x < 0 \<and> y < 0")
hoelzl@29804
   923
    apply simp
hoelzl@29804
   924
    apply (rule h[OF _ lapprox_posrat])
hoelzl@29804
   925
    apply (simp_all)
hoelzl@29804
   926
    apply (case_tac "0 \<le> x \<and> y < 0")
hoelzl@29804
   927
    apply (simp)
hoelzl@29804
   928
    apply (subst minus_le_iff)   
hoelzl@29804
   929
    apply (rule h[OF rapprox_posrat])
hoelzl@29804
   930
    apply simp_all
hoelzl@29804
   931
    apply arith
hoelzl@29804
   932
    done
hoelzl@29804
   933
qed
obua@16782
   934
hoelzl@29804
   935
lemma lapprox_rat_bottom: assumes "0 \<le> x" and "0 < y"
hoelzl@31098
   936
  shows "real (x div y) \<le> real (lapprox_rat n x y)" 
hoelzl@29804
   937
  unfolding lapprox_rat.simps(2)[OF assms]  using lapprox_posrat_bottom[OF `0<y`] .
hoelzl@29804
   938
hoelzl@29804
   939
function rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   940
where
hoelzl@29804
   941
  "y = 0 \<Longrightarrow> rapprox_rat prec x y = 0"
hoelzl@29804
   942
| "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> rapprox_rat prec x y = rapprox_posrat prec x y"
hoelzl@29804
   943
| "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> rapprox_rat prec x y = - (lapprox_posrat prec (-x) y)"
hoelzl@29804
   944
| "x < 0 \<Longrightarrow> y < 0 \<Longrightarrow> rapprox_rat prec x y = rapprox_posrat prec (-x) (-y)"
hoelzl@29804
   945
| "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> rapprox_rat prec x y = - (lapprox_posrat prec x (-y))"
hoelzl@29804
   946
apply simp_all by (rule approx_rat_pattern)
hoelzl@29804
   947
termination by lexicographic_order
obua@16782
   948
hoelzl@29804
   949
lemma compute_rapprox_rat[code]:
hoelzl@29804
   950
      "rapprox_rat prec x y = (if y = 0 then 0 else if 0 \<le> x then (if 0 < y then rapprox_posrat prec x y else - (lapprox_posrat prec x (-y))) else 
hoelzl@29804
   951
                                                                  (if 0 < y then - (lapprox_posrat prec (-x) y) else rapprox_posrat prec (-x) (-y)))"
hoelzl@29804
   952
  by auto
obua@16782
   953
hoelzl@31098
   954
lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
hoelzl@29804
   955
proof -      
hoelzl@29804
   956
  have h[rule_format]: "! a b b'. b' \<le> b \<longrightarrow> a \<le> b' \<longrightarrow> a \<le> (b::real)" by auto
hoelzl@29804
   957
  show ?thesis
hoelzl@29804
   958
    apply (case_tac "y = 0")
hoelzl@29804
   959
    apply simp
hoelzl@29804
   960
    apply (case_tac "0 \<le> x \<and> 0 < y")
hoelzl@29804
   961
    apply (simp add: rapprox_posrat)
hoelzl@29804
   962
    apply (case_tac "x < 0 \<and> 0 < y")
hoelzl@29804
   963
    apply simp
hoelzl@29804
   964
    apply (subst le_minus_iff)   
hoelzl@29804
   965
    apply (rule h[OF _ lapprox_posrat])
hoelzl@29804
   966
    apply (simp_all)
hoelzl@29804
   967
    apply (case_tac "x < 0 \<and> y < 0")
hoelzl@29804
   968
    apply simp
hoelzl@29804
   969
    apply (rule h[OF rapprox_posrat])
hoelzl@29804
   970
    apply (simp_all)
hoelzl@29804
   971
    apply (case_tac "0 \<le> x \<and> y < 0")
hoelzl@29804
   972
    apply (simp)
hoelzl@29804
   973
    apply (subst le_minus_iff)   
hoelzl@29804
   974
    apply (rule h[OF _ lapprox_posrat])
hoelzl@29804
   975
    apply simp_all
hoelzl@29804
   976
    apply arith
hoelzl@29804
   977
    done
hoelzl@29804
   978
qed
obua@16782
   979
hoelzl@29804
   980
lemma rapprox_rat_le1: assumes "0 \<le> x" and "0 < y" and "x \<le> y"
hoelzl@31098
   981
  shows "real (rapprox_rat n x y) \<le> 1"
hoelzl@29804
   982
  unfolding rapprox_rat.simps(2)[OF `0 \<le> x` `0 < y`] using rapprox_posrat_le1[OF assms] .
hoelzl@29804
   983
hoelzl@29804
   984
lemma rapprox_rat_neg: assumes "x < 0" and "0 < y"
hoelzl@31098
   985
  shows "real (rapprox_rat n x y) \<le> 0"
hoelzl@29804
   986
  unfolding rapprox_rat.simps(3)[OF assms] using lapprox_posrat_nonneg[of "-x" y n] assms by auto
hoelzl@29804
   987
hoelzl@29804
   988
lemma rapprox_rat_nonneg_neg: assumes "0 \<le> x" and "y < 0"
hoelzl@31098
   989
  shows "real (rapprox_rat n x y) \<le> 0"
hoelzl@29804
   990
  unfolding rapprox_rat.simps(5)[OF assms] using lapprox_posrat_nonneg[of x "-y" n] assms by auto
obua@16782
   991
hoelzl@29804
   992
lemma rapprox_rat_nonpos_pos: assumes "x \<le> 0" and "0 < y"
hoelzl@31098
   993
  shows "real (rapprox_rat n x y) \<le> 0"
hoelzl@29804
   994
proof (cases "x = 0") 
hoelzl@29804
   995
  case True hence "0 \<le> x" by auto show ?thesis unfolding rapprox_rat.simps(2)[OF `0 \<le> x` `0 < y`]
hoelzl@29804
   996
    unfolding True rapprox_posrat_def Let_def by auto
hoelzl@29804
   997
next
hoelzl@29804
   998
  case False hence "x < 0" using assms by auto
hoelzl@29804
   999
  show ?thesis using rapprox_rat_neg[OF `x < 0` `0 < y`] .
hoelzl@29804
  1000
qed
hoelzl@29804
  1001
hoelzl@29804
  1002
fun float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
hoelzl@29804
  1003
where
hoelzl@29804
  1004
  "float_divl prec (Float m1 s1) (Float m2 s2) = 
hoelzl@29804
  1005
    (let
hoelzl@29804
  1006
       l = lapprox_rat prec m1 m2;
hoelzl@29804
  1007
       f = Float 1 (s1 - s2)
hoelzl@29804
  1008
     in
hoelzl@29804
  1009
       f * l)"     
obua@16782
  1010
hoelzl@31098
  1011
lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
hoelzl@29804
  1012
proof - 
hoelzl@29804
  1013
  from float_split[of x] obtain mx sx where x: "x = Float mx sx" by auto
hoelzl@29804
  1014
  from float_split[of y] obtain my sy where y: "y = Float my sy" by auto
hoelzl@29804
  1015
  have "real mx / real my \<le> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1016
    apply (case_tac "my = 0")
hoelzl@29804
  1017
    apply simp
hoelzl@29804
  1018
    apply (case_tac "my > 0")       
hoelzl@29804
  1019
    apply (subst pos_le_divide_eq)
hoelzl@29804
  1020
    apply simp
hoelzl@29804
  1021
    apply (subst pos_le_divide_eq)
hoelzl@29804
  1022
    apply (simp add: mult_pos_pos)
hoelzl@29804
  1023
    apply simp
hoelzl@29804
  1024
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1025
    apply simp
hoelzl@29804
  1026
    apply (subgoal_tac "my < 0")
hoelzl@29804
  1027
    apply auto
hoelzl@29804
  1028
    apply (simp add: field_simps)
hoelzl@29804
  1029
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1030
    apply (simp add: field_simps)
hoelzl@29804
  1031
    done
hoelzl@31098
  1032
  then have "real (lapprox_rat prec mx my) \<le> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1033
    by (rule order_trans[OF lapprox_rat])
hoelzl@31098
  1034
  then have "real (lapprox_rat prec mx my) * pow2 (sx - sy) \<le> real mx * pow2 sx / (real my * pow2 sy)"
hoelzl@29804
  1035
    apply (subst pos_le_divide_eq[symmetric])
hoelzl@29804
  1036
    apply simp_all
hoelzl@29804
  1037
    done
hoelzl@31098
  1038
  then have "pow2 (sx - sy) * real (lapprox_rat prec mx my) \<le> real mx * pow2 sx / (real my * pow2 sy)"
hoelzl@29804
  1039
    by (simp add: algebra_simps)
hoelzl@29804
  1040
  then show ?thesis
hoelzl@31098
  1041
    by (simp add: x y Let_def real_of_float_simp)
hoelzl@29804
  1042
qed
obua@16782
  1043
hoelzl@29804
  1044
lemma float_divl_lower_bound: assumes "0 \<le> x" and "0 < y" shows "0 \<le> float_divl prec x y"
hoelzl@29804
  1045
proof (cases x, cases y)
hoelzl@29804
  1046
  fix xm xe ym ye :: int
hoelzl@29804
  1047
  assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
hoelzl@31098
  1048
  have "0 \<le> xm" using `0 \<le> x`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 zero_le_mult_iff] by auto
hoelzl@31098
  1049
  have "0 < ym" using `0 < y`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff] by auto
obua@16782
  1050
hoelzl@31098
  1051
  have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
hoelzl@31098
  1052
  moreover have "0 \<le> real (lapprox_rat prec xm ym)" by (rule order_trans[OF _ lapprox_rat_bottom[OF `0 \<le> xm` `0 < ym`]], auto simp add: `0 \<le> xm` pos_imp_zdiv_nonneg_iff[OF `0 < ym`])
hoelzl@29804
  1053
  ultimately show "0 \<le> float_divl prec x y"
hoelzl@31098
  1054
    unfolding x_eq y_eq float_divl.simps Let_def le_float_def real_of_float_0 by (auto intro!: mult_nonneg_nonneg)
hoelzl@29804
  1055
qed
hoelzl@29804
  1056
hoelzl@29804
  1057
lemma float_divl_pos_less1_bound: assumes "0 < x" and "x < 1" and "0 < prec" shows "1 \<le> float_divl prec 1 x"
hoelzl@29804
  1058
proof (cases x)
hoelzl@29804
  1059
  case (Float m e)
hoelzl@29804
  1060
  from `0 < x` `x < 1` have "0 < m" "e < 0" using float_pos_m_pos float_pos_less1_e_neg unfolding Float by auto
hoelzl@29804
  1061
  let ?b = "nat (bitlen m)" and ?e = "nat (-e)"
hoelzl@29804
  1062
  have "1 \<le> m" and "m \<noteq> 0" using `0 < m` by auto
hoelzl@29804
  1063
  with bitlen_bounds[OF `0 < m`] have "m < 2^?b" and "(2::int) \<le> 2^?b" by auto
hoelzl@29804
  1064
  hence "1 \<le> bitlen m" using power_le_imp_le_exp[of "2::int" 1 ?b] by auto
hoelzl@29804
  1065
  hence pow_split: "nat (int prec + bitlen m - 1) = (prec - 1) + ?b" using `0 < prec` by auto
hoelzl@29804
  1066
  
hoelzl@29804
  1067
  have pow_not0: "\<And>x. (2::real)^x \<noteq> 0" by auto
obua@16782
  1068
hoelzl@29804
  1069
  from float_less1_mantissa_bound `0 < x` `x < 1` Float 
hoelzl@29804
  1070
  have "m < 2^?e" by auto
hoelzl@29804
  1071
  with bitlen_bounds[OF `0 < m`, THEN conjunct1]
hoelzl@29804
  1072
  have "(2::int)^nat (bitlen m - 1) < 2^?e" by (rule order_le_less_trans)
hoelzl@29804
  1073
  from power_less_imp_less_exp[OF _ this]
hoelzl@29804
  1074
  have "bitlen m \<le> - e" by auto
hoelzl@29804
  1075
  hence "(2::real)^?b \<le> 2^?e" by auto
hoelzl@29804
  1076
  hence "(2::real)^?b * inverse (2^?b) \<le> 2^?e * inverse (2^?b)" by (rule mult_right_mono, auto)
hoelzl@29804
  1077
  hence "(1::real) \<le> 2^?e * inverse (2^?b)" by auto
hoelzl@29804
  1078
  also
hoelzl@29804
  1079
  let ?d = "real (2 ^ nat (int prec + bitlen m - 1) div m) * inverse (2 ^ nat (int prec + bitlen m - 1))"
hoelzl@29804
  1080
  { have "2^(prec - 1) * m \<le> 2^(prec - 1) * 2^?b" using `m < 2^?b`[THEN less_imp_le] by (rule mult_left_mono, auto)
hoelzl@29804
  1081
    also have "\<dots> = 2 ^ nat (int prec + bitlen m - 1)" unfolding pow_split zpower_zadd_distrib by auto
hoelzl@29804
  1082
    finally have "2^(prec - 1) * m div m \<le> 2 ^ nat (int prec + bitlen m - 1) div m" using `0 < m` by (rule zdiv_mono1)
nipkow@30181
  1083
    hence "2^(prec - 1) \<le> 2 ^ nat (int prec + bitlen m - 1) div m" unfolding div_mult_self2_is_id[OF `m \<noteq> 0`] .
hoelzl@29804
  1084
    hence "2^(prec - 1) * inverse (2 ^ nat (int prec + bitlen m - 1)) \<le> ?d"
hoelzl@29804
  1085
      unfolding real_of_int_le_iff[of "2^(prec - 1)", symmetric] by auto }
hoelzl@29804
  1086
  from mult_left_mono[OF this[unfolded pow_split power_add inverse_mult_distrib real_mult_assoc[symmetric] right_inverse[OF pow_not0] real_mult_1], of "2^?e"]
hoelzl@29804
  1087
  have "2^?e * inverse (2^?b) \<le> 2^?e * ?d" unfolding pow_split power_add by auto
hoelzl@29804
  1088
  finally have "1 \<le> 2^?e * ?d" .
hoelzl@29804
  1089
  
hoelzl@29804
  1090
  have e_nat: "0 - e = int (nat (-e))" using `e < 0` by auto
hoelzl@29804
  1091
  have "bitlen 1 = 1" using bitlen.simps by auto
hoelzl@29804
  1092
  
hoelzl@29804
  1093
  show ?thesis 
hoelzl@29804
  1094
    unfolding one_float_def Float float_divl.simps Let_def lapprox_rat.simps(2)[OF zero_le_one `0 < m`] lapprox_posrat_def `bitlen 1 = 1`
hoelzl@31098
  1095
    unfolding le_float_def real_of_float_mult normfloat real_of_float_simp pow2_minus pow2_int e_nat
hoelzl@29804
  1096
    using `1 \<le> 2^?e * ?d` by (auto simp add: pow2_def)
hoelzl@29804
  1097
qed
obua@16782
  1098
hoelzl@29804
  1099
fun float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
hoelzl@29804
  1100
where
hoelzl@29804
  1101
  "float_divr prec (Float m1 s1) (Float m2 s2) = 
hoelzl@29804
  1102
    (let
hoelzl@29804
  1103
       r = rapprox_rat prec m1 m2;
hoelzl@29804
  1104
       f = Float 1 (s1 - s2)
hoelzl@29804
  1105
     in
hoelzl@29804
  1106
       f * r)"  
obua@16782
  1107
hoelzl@31098
  1108
lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
hoelzl@29804
  1109
proof - 
hoelzl@29804
  1110
  from float_split[of x] obtain mx sx where x: "x = Float mx sx" by auto
hoelzl@29804
  1111
  from float_split[of y] obtain my sy where y: "y = Float my sy" by auto
hoelzl@29804
  1112
  have "real mx / real my \<ge> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1113
    apply (case_tac "my = 0")
hoelzl@29804
  1114
    apply simp
hoelzl@29804
  1115
    apply (case_tac "my > 0")
hoelzl@29804
  1116
    apply auto
hoelzl@29804
  1117
    apply (subst pos_divide_le_eq)
hoelzl@29804
  1118
    apply (rule mult_pos_pos)+
hoelzl@29804
  1119
    apply simp_all
hoelzl@29804
  1120
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1121
    apply simp
hoelzl@29804
  1122
    apply (subgoal_tac "my < 0")
hoelzl@29804
  1123
    apply auto
hoelzl@29804
  1124
    apply (simp add: field_simps)
hoelzl@29804
  1125
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1126
    apply (simp add: field_simps)
hoelzl@29804
  1127
    done
hoelzl@31098
  1128
  then have "real (rapprox_rat prec mx my) \<ge> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1129
    by (rule order_trans[OF _ rapprox_rat])
hoelzl@31098
  1130
  then have "real (rapprox_rat prec mx my) * pow2 (sx - sy) \<ge> real mx * pow2 sx / (real my * pow2 sy)"
hoelzl@29804
  1131
    apply (subst pos_divide_le_eq[symmetric])
hoelzl@29804
  1132
    apply simp_all
hoelzl@29804
  1133
    done
hoelzl@29804
  1134
  then show ?thesis
hoelzl@31098
  1135
    by (simp add: x y Let_def algebra_simps real_of_float_simp)
hoelzl@29804
  1136
qed
obua@16782
  1137
hoelzl@29804
  1138
lemma float_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 \<le> float_divr prec 1 x"
hoelzl@29804
  1139
proof -
hoelzl@31098
  1140
  have "1 \<le> 1 / real x" using `0 < x` and `x < 1` unfolding less_float_def by auto
hoelzl@31098
  1141
  also have "\<dots> \<le> real (float_divr prec 1 x)" using float_divr[where x=1 and y=x] by auto
hoelzl@29804
  1142
  finally show ?thesis unfolding le_float_def by auto
hoelzl@29804
  1143
qed
hoelzl@29804
  1144
hoelzl@29804
  1145
lemma float_divr_nonpos_pos_upper_bound: assumes "x \<le> 0" and "0 < y" shows "float_divr prec x y \<le> 0"
hoelzl@29804
  1146
proof (cases x, cases y)
hoelzl@29804
  1147
  fix xm xe ym ye :: int
hoelzl@29804
  1148
  assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
hoelzl@31098
  1149
  have "xm \<le> 0" using `x \<le> 0`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 mult_le_0_iff] by auto
hoelzl@31098
  1150
  have "0 < ym" using `0 < y`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff] by auto
hoelzl@29804
  1151
hoelzl@31098
  1152
  have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
hoelzl@31098
  1153
  moreover have "real (rapprox_rat prec xm ym) \<le> 0" using rapprox_rat_nonpos_pos[OF `xm \<le> 0` `0 < ym`] .
hoelzl@29804
  1154
  ultimately show "float_divr prec x y \<le> 0"
hoelzl@31098
  1155
    unfolding x_eq y_eq float_divr.simps Let_def le_float_def real_of_float_0 real_of_float_mult by (auto intro!: mult_nonneg_nonpos)
hoelzl@29804
  1156
qed
obua@16782
  1157
hoelzl@29804
  1158
lemma float_divr_nonneg_neg_upper_bound: assumes "0 \<le> x" and "y < 0" shows "float_divr prec x y \<le> 0"
hoelzl@29804
  1159
proof (cases x, cases y)
hoelzl@29804
  1160
  fix xm xe ym ye :: int
hoelzl@29804
  1161
  assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
hoelzl@31098
  1162
  have "0 \<le> xm" using `0 \<le> x`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 zero_le_mult_iff] by auto
hoelzl@31098
  1163
  have "ym < 0" using `y < 0`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 mult_less_0_iff] by auto
hoelzl@29804
  1164
  hence "0 < - ym" by auto
hoelzl@29804
  1165
hoelzl@31098
  1166
  have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
hoelzl@31098
  1167
  moreover have "real (rapprox_rat prec xm ym) \<le> 0" using rapprox_rat_nonneg_neg[OF `0 \<le> xm` `ym < 0`] .
hoelzl@29804
  1168
  ultimately show "float_divr prec x y \<le> 0"
hoelzl@31098
  1169
    unfolding x_eq y_eq float_divr.simps Let_def le_float_def real_of_float_0 real_of_float_mult by (auto intro!: mult_nonneg_nonpos)
hoelzl@29804
  1170
qed
hoelzl@29804
  1171
haftmann@30960
  1172
primrec round_down :: "nat \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1173
"round_down prec (Float m e) = (let d = bitlen m - int prec in
hoelzl@29804
  1174
     if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)
hoelzl@29804
  1175
              else Float m e)"
hoelzl@29804
  1176
haftmann@30960
  1177
primrec round_up :: "nat \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1178
"round_up prec (Float m e) = (let d = bitlen m - int prec in
hoelzl@29804
  1179
  if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P in Float (n + (if r = 0 then 0 else 1)) (e + d) 
hoelzl@29804
  1180
           else Float m e)"
obua@16782
  1181
hoelzl@31098
  1182
lemma round_up: "real x \<le> real (round_up prec x)"
hoelzl@29804
  1183
proof (cases x)
hoelzl@29804
  1184
  case (Float m e)
hoelzl@29804
  1185
  let ?d = "bitlen m - int prec"
hoelzl@29804
  1186
  let ?p = "(2::int)^nat ?d"
hoelzl@29804
  1187
  have "0 < ?p" by auto
hoelzl@29804
  1188
  show "?thesis"
hoelzl@29804
  1189
  proof (cases "0 < ?d")
hoelzl@29804
  1190
    case True
hoelzl@29804
  1191
    hence pow_d: "pow2 ?d = real ?p" unfolding pow2_int[symmetric] power_real_number_of[symmetric] by auto
hoelzl@29804
  1192
    show ?thesis
hoelzl@29804
  1193
    proof (cases "m mod ?p = 0")
hoelzl@29804
  1194
      case True
hoelzl@29804
  1195
      have m: "m = m div ?p * ?p + 0" unfolding True[symmetric] using zdiv_zmod_equality2[where k=0, unfolded monoid_add_class.add_0_right, symmetric] .
hoelzl@31098
  1196
      have "real (Float m e) = real (Float (m div ?p) (e + ?d))" unfolding real_of_float_simp arg_cong[OF m, of real]
wenzelm@32960
  1197
        by (auto simp add: pow2_add `0 < ?d` pow_d)
hoelzl@29804
  1198
      thus ?thesis
wenzelm@32960
  1199
        unfolding Float round_up.simps Let_def if_P[OF `m mod ?p = 0`] if_P[OF `0 < ?d`]
wenzelm@32960
  1200
        by auto
hoelzl@29804
  1201
    next
hoelzl@29804
  1202
      case False
hoelzl@29804
  1203
      have "m = m div ?p * ?p + m mod ?p" unfolding zdiv_zmod_equality2[where k=0, unfolded monoid_add_class.add_0_right] ..
hoelzl@29804
  1204
      also have "\<dots> \<le> (m div ?p + 1) * ?p" unfolding left_distrib zmult_1 by (rule add_left_mono, rule pos_mod_bound[OF `0 < ?p`, THEN less_imp_le])
hoelzl@31098
  1205
      finally have "real (Float m e) \<le> real (Float (m div ?p + 1) (e + ?d))" unfolding real_of_float_simp add_commute[of e]
wenzelm@32960
  1206
        unfolding pow2_add mult_assoc[symmetric] real_of_int_le_iff[of m, symmetric]
wenzelm@32960
  1207
        by (auto intro!: mult_mono simp add: pow2_add `0 < ?d` pow_d)
hoelzl@29804
  1208
      thus ?thesis
wenzelm@32960
  1209
        unfolding Float round_up.simps Let_def if_not_P[OF `\<not> m mod ?p = 0`] if_P[OF `0 < ?d`] .
hoelzl@29804
  1210
    qed
hoelzl@29804
  1211
  next
hoelzl@29804
  1212
    case False
hoelzl@29804
  1213
    show ?thesis
hoelzl@29804
  1214
      unfolding Float round_up.simps Let_def if_not_P[OF False] .. 
hoelzl@29804
  1215
  qed
hoelzl@29804
  1216
qed
obua@16782
  1217
hoelzl@31098
  1218
lemma round_down: "real (round_down prec x) \<le> real x"
hoelzl@29804
  1219
proof (cases x)
hoelzl@29804
  1220
  case (Float m e)
hoelzl@29804
  1221
  let ?d = "bitlen m - int prec"
hoelzl@29804
  1222
  let ?p = "(2::int)^nat ?d"
hoelzl@29804
  1223
  have "0 < ?p" by auto
hoelzl@29804
  1224
  show "?thesis"
hoelzl@29804
  1225
  proof (cases "0 < ?d")
hoelzl@29804
  1226
    case True
hoelzl@29804
  1227
    hence pow_d: "pow2 ?d = real ?p" unfolding pow2_int[symmetric] power_real_number_of[symmetric] by auto
hoelzl@29804
  1228
    have "m div ?p * ?p \<le> m div ?p * ?p + m mod ?p" by (auto simp add: pos_mod_bound[OF `0 < ?p`, THEN less_imp_le])
hoelzl@29804
  1229
    also have "\<dots> \<le> m" unfolding zdiv_zmod_equality2[where k=0, unfolded monoid_add_class.add_0_right] ..
hoelzl@31098
  1230
    finally have "real (Float (m div ?p) (e + ?d)) \<le> real (Float m e)" unfolding real_of_float_simp add_commute[of e]
hoelzl@29804
  1231
      unfolding pow2_add mult_assoc[symmetric] real_of_int_le_iff[of _ m, symmetric]
hoelzl@29804
  1232
      by (auto intro!: mult_mono simp add: pow2_add `0 < ?d` pow_d)
hoelzl@29804
  1233
    thus ?thesis
hoelzl@29804
  1234
      unfolding Float round_down.simps Let_def if_P[OF `0 < ?d`] .
hoelzl@29804
  1235
  next
hoelzl@29804
  1236
    case False
hoelzl@29804
  1237
    show ?thesis
hoelzl@29804
  1238
      unfolding Float round_down.simps Let_def if_not_P[OF False] .. 
hoelzl@29804
  1239
  qed
hoelzl@29804
  1240
qed
hoelzl@29804
  1241
hoelzl@29804
  1242
definition lb_mult :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1243
"lb_mult prec x y = (case normfloat (x * y) of Float m e \<Rightarrow> let
hoelzl@29804
  1244
    l = bitlen m - int prec
hoelzl@29804
  1245
  in if l > 0 then Float (m div (2^nat l)) (e + l)
hoelzl@29804
  1246
              else Float m e)"
obua@16782
  1247
hoelzl@29804
  1248
definition ub_mult :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1249
"ub_mult prec x y = (case normfloat (x * y) of Float m e \<Rightarrow> let
hoelzl@29804
  1250
    l = bitlen m - int prec
hoelzl@29804
  1251
  in if l > 0 then Float (m div (2^nat l) + 1) (e + l)
hoelzl@29804
  1252
              else Float m e)"
obua@16782
  1253
hoelzl@31098
  1254
lemma lb_mult: "real (lb_mult prec x y) \<le> real (x * y)"
hoelzl@29804
  1255
proof (cases "normfloat (x * y)")
hoelzl@29804
  1256
  case (Float m e)
hoelzl@29804
  1257
  hence "odd m \<or> (m = 0 \<and> e = 0)" by (rule normfloat_imp_odd_or_zero)
hoelzl@29804
  1258
  let ?l = "bitlen m - int prec"
hoelzl@31098
  1259
  have "real (lb_mult prec x y) \<le> real (normfloat (x * y))"
hoelzl@29804
  1260
  proof (cases "?l > 0")
hoelzl@29804
  1261
    case False thus ?thesis unfolding lb_mult_def Float Let_def float.cases by auto
hoelzl@29804
  1262
  next
hoelzl@29804
  1263
    case True
hoelzl@29804
  1264
    have "real (m div 2^(nat ?l)) * pow2 ?l \<le> real m"
hoelzl@29804
  1265
    proof -
hoelzl@29804
  1266
      have "real (m div 2^(nat ?l)) * pow2 ?l = real (2^(nat ?l) * (m div 2^(nat ?l)))" unfolding real_of_int_mult real_of_int_power[symmetric] real_number_of unfolding pow2_int[symmetric] 
wenzelm@32960
  1267
        using `?l > 0` by auto
hoelzl@29804
  1268
      also have "\<dots> \<le> real (2^(nat ?l) * (m div 2^(nat ?l)) + m mod 2^(nat ?l))" unfolding real_of_int_add by auto
hoelzl@29804
  1269
      also have "\<dots> = real m" unfolding zmod_zdiv_equality[symmetric] ..
hoelzl@29804
  1270
      finally show ?thesis by auto
hoelzl@29804
  1271
    qed
hoelzl@31098
  1272
    thus ?thesis unfolding lb_mult_def Float Let_def float.cases if_P[OF True] real_of_float_simp pow2_add real_mult_commute real_mult_assoc by auto
hoelzl@29804
  1273
  qed
hoelzl@31098
  1274
  also have "\<dots> = real (x * y)" unfolding normfloat ..
hoelzl@29804
  1275
  finally show ?thesis .
hoelzl@29804
  1276
qed
obua@16782
  1277
hoelzl@31098
  1278
lemma ub_mult: "real (x * y) \<le> real (ub_mult prec x y)"
hoelzl@29804
  1279
proof (cases "normfloat (x * y)")
hoelzl@29804
  1280
  case (Float m e)
hoelzl@29804
  1281
  hence "odd m \<or> (m = 0 \<and> e = 0)" by (rule normfloat_imp_odd_or_zero)
hoelzl@29804
  1282
  let ?l = "bitlen m - int prec"
hoelzl@31098
  1283
  have "real (x * y) = real (normfloat (x * y))" unfolding normfloat ..
hoelzl@31098
  1284
  also have "\<dots> \<le> real (ub_mult prec x y)"
hoelzl@29804
  1285
  proof (cases "?l > 0")
hoelzl@29804
  1286
    case False thus ?thesis unfolding ub_mult_def Float Let_def float.cases by auto
hoelzl@29804
  1287
  next
hoelzl@29804
  1288
    case True
hoelzl@29804
  1289
    have "real m \<le> real (m div 2^(nat ?l) + 1) * pow2 ?l"
hoelzl@29804
  1290
    proof -
hoelzl@29804
  1291
      have "m mod 2^(nat ?l) < 2^(nat ?l)" by (rule pos_mod_bound) auto
hoelzl@29804
  1292
      hence mod_uneq: "real (m mod 2^(nat ?l)) \<le> 1 * 2^(nat ?l)" unfolding zmult_1 real_of_int_less_iff[symmetric] by auto
hoelzl@29804
  1293
      
hoelzl@29804
  1294
      have "real m = real (2^(nat ?l) * (m div 2^(nat ?l)) + m mod 2^(nat ?l))" unfolding zmod_zdiv_equality[symmetric] ..
hoelzl@29804
  1295
      also have "\<dots> = real (m div 2^(nat ?l)) * 2^(nat ?l) + real (m mod 2^(nat ?l))" unfolding real_of_int_add by auto
hoelzl@29804
  1296
      also have "\<dots> \<le> (real (m div 2^(nat ?l)) + 1) * 2^(nat ?l)" unfolding real_add_mult_distrib using mod_uneq by auto
hoelzl@29804
  1297
      finally show ?thesis unfolding pow2_int[symmetric] using True by auto
hoelzl@29804
  1298
    qed
hoelzl@31098
  1299
    thus ?thesis unfolding ub_mult_def Float Let_def float.cases if_P[OF True] real_of_float_simp pow2_add real_mult_commute real_mult_assoc by auto
hoelzl@29804
  1300
  qed
hoelzl@29804
  1301
  finally show ?thesis .
hoelzl@29804
  1302
qed
hoelzl@29804
  1303
haftmann@30960
  1304
primrec float_abs :: "float \<Rightarrow> float" where
haftmann@30960
  1305
  "float_abs (Float m e) = Float \<bar>m\<bar> e"
hoelzl@29804
  1306
hoelzl@29804
  1307
instantiation float :: abs begin
hoelzl@29804
  1308
definition abs_float_def: "\<bar>x\<bar> = float_abs x"
hoelzl@29804
  1309
instance ..
hoelzl@29804
  1310
end
obua@16782
  1311
hoelzl@31098
  1312
lemma real_of_float_abs: "real \<bar>x :: float\<bar> = \<bar>real x\<bar>" 
hoelzl@29804
  1313
proof (cases x)
hoelzl@29804
  1314
  case (Float m e)
hoelzl@29804
  1315
  have "\<bar>real m\<bar> * pow2 e = \<bar>real m * pow2 e\<bar>" unfolding abs_mult by auto
hoelzl@31098
  1316
  thus ?thesis unfolding Float abs_float_def float_abs.simps real_of_float_simp by auto
hoelzl@29804
  1317
qed
hoelzl@29804
  1318
haftmann@30960
  1319
primrec floor_fl :: "float \<Rightarrow> float" where
haftmann@30960
  1320
  "floor_fl (Float m e) = (if 0 \<le> e then Float m e
hoelzl@29804
  1321
                                  else Float (m div (2 ^ (nat (-e)))) 0)"
obua@16782
  1322
hoelzl@31098
  1323
lemma floor_fl: "real (floor_fl x) \<le> real x"
hoelzl@29804
  1324
proof (cases x)
hoelzl@29804
  1325
  case (Float m e)
hoelzl@29804
  1326
  show ?thesis
hoelzl@29804
  1327
  proof (cases "0 \<le> e")
hoelzl@29804
  1328
    case False
hoelzl@29804
  1329
    hence me_eq: "pow2 (-e) = pow2 (int (nat (-e)))" by auto
hoelzl@31098
  1330
    have "real (Float (m div (2 ^ (nat (-e)))) 0) = real (m div 2 ^ (nat (-e)))" unfolding real_of_float_simp by auto
hoelzl@29804
  1331
    also have "\<dots> \<le> real m / real ((2::int) ^ (nat (-e)))" using real_of_int_div4 .
hoelzl@29804
  1332
    also have "\<dots> = real m * inverse (2 ^ (nat (-e)))" unfolding power_real_number_of[symmetric] real_divide_def ..
hoelzl@31098
  1333
    also have "\<dots> = real (Float m e)" unfolding real_of_float_simp me_eq pow2_int pow2_neg[of e] ..
hoelzl@29804
  1334
    finally show ?thesis unfolding Float floor_fl.simps if_not_P[OF `\<not> 0 \<le> e`] .
hoelzl@29804
  1335
  next
hoelzl@29804
  1336
    case True thus ?thesis unfolding Float by auto
hoelzl@29804
  1337
  qed
hoelzl@29804
  1338
qed
obua@16782
  1339
hoelzl@29804
  1340
lemma floor_pos_exp: assumes floor: "Float m e = floor_fl x" shows "0 \<le> e"
hoelzl@29804
  1341
proof (cases x)
hoelzl@29804
  1342
  case (Float mx me)
hoelzl@29804
  1343
  from floor[unfolded Float floor_fl.simps] show ?thesis by (cases "0 \<le> me", auto)
hoelzl@29804
  1344
qed
hoelzl@29804
  1345
hoelzl@29804
  1346
declare floor_fl.simps[simp del]
obua@16782
  1347
haftmann@30960
  1348
primrec ceiling_fl :: "float \<Rightarrow> float" where
haftmann@30960
  1349
  "ceiling_fl (Float m e) = (if 0 \<le> e then Float m e
hoelzl@29804
  1350
                                    else Float (m div (2 ^ (nat (-e))) + 1) 0)"
obua@16782
  1351
hoelzl@31098
  1352
lemma ceiling_fl: "real x \<le> real (ceiling_fl x)"
hoelzl@29804
  1353
proof (cases x)
hoelzl@29804
  1354
  case (Float m e)
hoelzl@29804
  1355
  show ?thesis
hoelzl@29804
  1356
  proof (cases "0 \<le> e")
hoelzl@29804
  1357
    case False
hoelzl@29804
  1358
    hence me_eq: "pow2 (-e) = pow2 (int (nat (-e)))" by auto
hoelzl@31098
  1359
    have "real (Float m e) = real m * inverse (2 ^ (nat (-e)))" unfolding real_of_float_simp me_eq pow2_int pow2_neg[of e] ..
hoelzl@29804
  1360
    also have "\<dots> = real m / real ((2::int) ^ (nat (-e)))" unfolding power_real_number_of[symmetric] real_divide_def ..
hoelzl@29804
  1361
    also have "\<dots> \<le> 1 + real (m div 2 ^ (nat (-e)))" using real_of_int_div3[unfolded diff_le_eq] .
hoelzl@31098
  1362
    also have "\<dots> = real (Float (m div (2 ^ (nat (-e))) + 1) 0)" unfolding real_of_float_simp by auto
hoelzl@29804
  1363
    finally show ?thesis unfolding Float ceiling_fl.simps if_not_P[OF `\<not> 0 \<le> e`] .
hoelzl@29804
  1364
  next
hoelzl@29804
  1365
    case True thus ?thesis unfolding Float by auto
hoelzl@29804
  1366
  qed
hoelzl@29804
  1367
qed
hoelzl@29804
  1368
hoelzl@29804
  1369
declare ceiling_fl.simps[simp del]
hoelzl@29804
  1370
hoelzl@29804
  1371
definition lb_mod :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1372
"lb_mod prec x ub lb = x - ceiling_fl (float_divr prec x lb) * ub"
hoelzl@29804
  1373
hoelzl@29804
  1374
definition ub_mod :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1375
"ub_mod prec x ub lb = x - floor_fl (float_divl prec x ub) * lb"
obua@16782
  1376
hoelzl@31098
  1377
lemma lb_mod: fixes k :: int assumes "0 \<le> real x" and "real k * y \<le> real x" (is "?k * y \<le> ?x")
hoelzl@31098
  1378
  assumes "0 < real lb" "real lb \<le> y" (is "?lb \<le> y") "y \<le> real ub" (is "y \<le> ?ub")
hoelzl@31098
  1379
  shows "real (lb_mod prec x ub lb) \<le> ?x - ?k * y"
hoelzl@29804
  1380
proof -
hoelzl@29804
  1381
  have "?lb \<le> ?ub" by (auto!)
hoelzl@29804
  1382
  have "0 \<le> ?lb" and "?lb \<noteq> 0" by (auto!)
hoelzl@29804
  1383
  have "?k * y \<le> ?x" using assms by auto
hoelzl@29804
  1384
  also have "\<dots> \<le> ?x / ?lb * ?ub" by (metis mult_left_mono[OF `?lb \<le> ?ub` `0 \<le> ?x`] divide_right_mono[OF _ `0 \<le> ?lb` ] times_divide_eq_left nonzero_mult_divide_cancel_right[OF `?lb \<noteq> 0`])
hoelzl@31098
  1385
  also have "\<dots> \<le> real (ceiling_fl (float_divr prec x lb)) * ?ub" by (metis mult_right_mono order_trans `0 \<le> ?lb` `?lb \<le> ?ub` float_divr ceiling_fl)
hoelzl@31098
  1386
  finally show ?thesis unfolding lb_mod_def real_of_float_sub real_of_float_mult by auto
hoelzl@29804
  1387
qed
obua@16782
  1388
hoelzl@31098
  1389
lemma ub_mod: fixes k :: int and x :: float assumes "0 \<le> real x" and "real x \<le> real k * y" (is "?x \<le> ?k * y")
hoelzl@31098
  1390
  assumes "0 < real lb" "real lb \<le> y" (is "?lb \<le> y") "y \<le> real ub" (is "y \<le> ?ub")
hoelzl@31098
  1391
  shows "?x - ?k * y \<le> real (ub_mod prec x ub lb)"
hoelzl@29804
  1392
proof -
hoelzl@29804
  1393
  have "?lb \<le> ?ub" by (auto!)
hoelzl@29804
  1394
  hence "0 \<le> ?lb" and "0 \<le> ?ub" and "?ub \<noteq> 0" by (auto!)
hoelzl@31098
  1395
  have "real (floor_fl (float_divl prec x ub)) * ?lb \<le> ?x / ?ub * ?lb" by (metis mult_right_mono order_trans `0 \<le> ?lb` `?lb \<le> ?ub` float_divl floor_fl)
hoelzl@29804
  1396
  also have "\<dots> \<le> ?x" by (metis mult_left_mono[OF `?lb \<le> ?ub` `0 \<le> ?x`] divide_right_mono[OF _ `0 \<le> ?ub` ] times_divide_eq_left nonzero_mult_divide_cancel_right[OF `?ub \<noteq> 0`])
hoelzl@29804
  1397
  also have "\<dots> \<le> ?k * y" using assms by auto
hoelzl@31098
  1398
  finally show ?thesis unfolding ub_mod_def real_of_float_sub real_of_float_mult by auto
hoelzl@29804
  1399
qed
obua@16782
  1400
hoelzl@29804
  1401
lemma le_float_def': "f \<le> g = (case f - g of Float a b \<Rightarrow> a \<le> 0)"
hoelzl@29804
  1402
proof -
hoelzl@31098
  1403
  have le_transfer: "(f \<le> g) = (real (f - g) \<le> 0)" by (auto simp add: le_float_def)
hoelzl@29804
  1404
  from float_split[of "f - g"] obtain a b where f_diff_g: "f - g = Float a b" by auto
hoelzl@31098
  1405
  with le_transfer have le_transfer': "f \<le> g = (real (Float a b) \<le> 0)" by simp
hoelzl@29804
  1406
  show ?thesis by (simp add: le_transfer' f_diff_g float_le_zero)
hoelzl@29804
  1407
qed
hoelzl@29804
  1408
hoelzl@29804
  1409
lemma float_less_zero:
hoelzl@31098
  1410
  "(real (Float a b) < 0) = (a < 0)"
hoelzl@31098
  1411
  apply (auto simp add: mult_less_0_iff real_of_float_simp)
hoelzl@29804
  1412
  done
hoelzl@29804
  1413
hoelzl@29804
  1414
lemma less_float_def': "f < g = (case f - g of Float a b \<Rightarrow> a < 0)"
hoelzl@29804
  1415
proof -
hoelzl@31098
  1416
  have less_transfer: "(f < g) = (real (f - g) < 0)" by (auto simp add: less_float_def)
hoelzl@29804
  1417
  from float_split[of "f - g"] obtain a b where f_diff_g: "f - g = Float a b" by auto
hoelzl@31098
  1418
  with less_transfer have less_transfer': "f < g = (real (Float a b) < 0)" by simp
hoelzl@29804
  1419
  show ?thesis by (simp add: less_transfer' f_diff_g float_less_zero)
hoelzl@29804
  1420
qed
wenzelm@20771
  1421
obua@16782
  1422
end