src/HOL/Library/Float.thy
author hoelzl
Wed Apr 29 20:19:50 2009 +0200 (2009-04-29)
changeset 31098 73dd67adf90a
parent 31021 53642251a04f
child 31467 f7d2aa438bee
permissions -rw-r--r--
replaced Ifloat => real_of_float and real, renamed ApproxEq => inequality, uneq => interpret_inequality, uneq' => approx_inequality, Ifloatarith => interpret_floatarith
wenzelm@30122
     1
(*  Title:      HOL/Library/Float.thy
wenzelm@30122
     2
    Author:     Steven Obua 2008
wenzelm@30122
     3
    Author:     Johannes Hoelzl, TU Muenchen <hoelzl@in.tum.de> 2008 / 2009
wenzelm@30122
     4
*)
huffman@29988
     5
huffman@29988
     6
header {* Floating-Point Numbers *}
huffman@29988
     7
haftmann@20485
     8
theory Float
haftmann@28952
     9
imports Complex_Main
haftmann@20485
    10
begin
obua@16782
    11
wenzelm@19765
    12
definition
wenzelm@21404
    13
  pow2 :: "int \<Rightarrow> real" where
hoelzl@29804
    14
  [simp]: "pow2 a = (if (0 <= a) then (2^(nat a)) else (inverse (2^(nat (-a)))))"
hoelzl@29804
    15
hoelzl@29804
    16
datatype float = Float int int
hoelzl@29804
    17
hoelzl@31098
    18
primrec of_float :: "float \<Rightarrow> real" where
hoelzl@31098
    19
  "of_float (Float a b) = real a * pow2 b"
hoelzl@31098
    20
hoelzl@31098
    21
defs (overloaded)
hoelzl@31098
    22
  real_of_float_def [code unfold]: "real == of_float"
hoelzl@31098
    23
hoelzl@31098
    24
primrec mantissa :: "float \<Rightarrow> int" where
hoelzl@31098
    25
  "mantissa (Float a b) = a"
hoelzl@31098
    26
hoelzl@31098
    27
primrec scale :: "float \<Rightarrow> int" where
hoelzl@31098
    28
  "scale (Float a b) = b"
wenzelm@21404
    29
hoelzl@29804
    30
instantiation float :: zero begin
hoelzl@29804
    31
definition zero_float where "0 = Float 0 0" 
hoelzl@29804
    32
instance ..
hoelzl@29804
    33
end
hoelzl@29804
    34
hoelzl@29804
    35
instantiation float :: one begin
hoelzl@29804
    36
definition one_float where "1 = Float 1 0"
hoelzl@29804
    37
instance ..
hoelzl@29804
    38
end
hoelzl@29804
    39
hoelzl@29804
    40
instantiation float :: number begin
hoelzl@29804
    41
definition number_of_float where "number_of n = Float n 0"
hoelzl@29804
    42
instance ..
hoelzl@29804
    43
end
obua@16782
    44
hoelzl@31098
    45
lemma real_of_float_simp[simp]: "real (Float a b) = real a * pow2 b"
hoelzl@31098
    46
  unfolding real_of_float_def using of_float.simps .
hoelzl@29804
    47
hoelzl@31098
    48
lemma real_of_float_neg_exp: "e < 0 \<Longrightarrow> real (Float m e) = real m * inverse (2^nat (-e))" by auto
hoelzl@31098
    49
lemma real_of_float_nge0_exp: "\<not> 0 \<le> e \<Longrightarrow> real (Float m e) = real m * inverse (2^nat (-e))" by auto
hoelzl@31098
    50
lemma real_of_float_ge0_exp: "0 \<le> e \<Longrightarrow> real (Float m e) = real m * (2^nat e)" by auto
obua@16782
    51
hoelzl@29804
    52
lemma Float_num[simp]: shows
hoelzl@31098
    53
   "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and 
hoelzl@31098
    54
   "real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
hoelzl@31098
    55
   "real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"
hoelzl@29804
    56
  by auto
obua@16782
    57
hoelzl@29804
    58
lemma pow2_0[simp]: "pow2 0 = 1" by simp
hoelzl@29804
    59
lemma pow2_1[simp]: "pow2 1 = 2" by simp
hoelzl@29804
    60
lemma pow2_neg: "pow2 x = inverse (pow2 (-x))" by simp
hoelzl@29804
    61
hoelzl@29804
    62
declare pow2_def[simp del]
obua@16782
    63
wenzelm@19765
    64
lemma pow2_add1: "pow2 (1 + a) = 2 * (pow2 a)"
obua@16782
    65
proof -
obua@16782
    66
  have h: "! n. nat (2 + int n) - Suc 0 = nat (1 + int n)" by arith
obua@16782
    67
  have g: "! a b. a - -1 = a + (1::int)" by arith
obua@16782
    68
  have pos: "! n. pow2 (int n + 1) = 2 * pow2 (int n)"
obua@16782
    69
    apply (auto, induct_tac n)
obua@16782
    70
    apply (simp_all add: pow2_def)
obua@16782
    71
    apply (rule_tac m1="2" and n1="nat (2 + int na)" in ssubst[OF realpow_num_eq_if])
huffman@23431
    72
    by (auto simp add: h)
obua@16782
    73
  show ?thesis
obua@16782
    74
  proof (induct a)
obua@16782
    75
    case (1 n)
nipkow@29667
    76
    from pos show ?case by (simp add: algebra_simps)
obua@16782
    77
  next
obua@16782
    78
    case (2 n)
obua@16782
    79
    show ?case
obua@16782
    80
      apply (auto)
obua@16782
    81
      apply (subst pow2_neg[of "- int n"])
huffman@23431
    82
      apply (subst pow2_neg[of "-1 - int n"])
obua@16782
    83
      apply (auto simp add: g pos)
obua@16782
    84
      done
wenzelm@19765
    85
  qed
obua@16782
    86
qed
wenzelm@19765
    87
obua@16782
    88
lemma pow2_add: "pow2 (a+b) = (pow2 a) * (pow2 b)"
obua@16782
    89
proof (induct b)
wenzelm@19765
    90
  case (1 n)
obua@16782
    91
  show ?case
obua@16782
    92
  proof (induct n)
obua@16782
    93
    case 0
obua@16782
    94
    show ?case by simp
obua@16782
    95
  next
obua@16782
    96
    case (Suc m)
nipkow@29667
    97
    show ?case by (auto simp add: algebra_simps pow2_add1 prems)
obua@16782
    98
  qed
obua@16782
    99
next
obua@16782
   100
  case (2 n)
wenzelm@19765
   101
  show ?case
obua@16782
   102
  proof (induct n)
obua@16782
   103
    case 0
wenzelm@19765
   104
    show ?case
obua@16782
   105
      apply (auto)
obua@16782
   106
      apply (subst pow2_neg[of "a + -1"])
obua@16782
   107
      apply (subst pow2_neg[of "-1"])
obua@16782
   108
      apply (simp)
obua@16782
   109
      apply (insert pow2_add1[of "-a"])
nipkow@29667
   110
      apply (simp add: algebra_simps)
obua@16782
   111
      apply (subst pow2_neg[of "-a"])
obua@16782
   112
      apply (simp)
obua@16782
   113
      done
obua@16782
   114
    case (Suc m)
wenzelm@19765
   115
    have a: "int m - (a + -2) =  1 + (int m - a + 1)" by arith
obua@16782
   116
    have b: "int m - -2 = 1 + (int m + 1)" by arith
obua@16782
   117
    show ?case
obua@16782
   118
      apply (auto)
obua@16782
   119
      apply (subst pow2_neg[of "a + (-2 - int m)"])
obua@16782
   120
      apply (subst pow2_neg[of "-2 - int m"])
nipkow@29667
   121
      apply (auto simp add: algebra_simps)
obua@16782
   122
      apply (subst a)
obua@16782
   123
      apply (subst b)
obua@16782
   124
      apply (simp only: pow2_add1)
obua@16782
   125
      apply (subst pow2_neg[of "int m - a + 1"])
obua@16782
   126
      apply (subst pow2_neg[of "int m + 1"])
obua@16782
   127
      apply auto
obua@16782
   128
      apply (insert prems)
nipkow@29667
   129
      apply (auto simp add: algebra_simps)
obua@16782
   130
      done
obua@16782
   131
  qed
obua@16782
   132
qed
obua@16782
   133
hoelzl@29804
   134
lemma float_components[simp]: "Float (mantissa f) (scale f) = f" by (cases f, auto)
hoelzl@29804
   135
hoelzl@29804
   136
lemma float_split: "\<exists> a b. x = Float a b" by (cases x, auto)
obua@16782
   137
hoelzl@29804
   138
lemma float_split2: "(\<forall> a b. x \<noteq> Float a b) = False" by (auto simp add: float_split)
hoelzl@29804
   139
hoelzl@31098
   140
lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
hoelzl@29804
   141
hoelzl@29804
   142
lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
hoelzl@29804
   143
by arith
wenzelm@21404
   144
hoelzl@29804
   145
function normfloat :: "float \<Rightarrow> float" where
hoelzl@29804
   146
"normfloat (Float a b) = (if a \<noteq> 0 \<and> even a then normfloat (Float (a div 2) (b+1)) else if a=0 then Float 0 0 else Float a b)"
hoelzl@29804
   147
by pat_completeness auto
hoelzl@29804
   148
termination by (relation "measure (nat o abs o mantissa)") (auto intro: abs_div_2_less)
hoelzl@29804
   149
declare normfloat.simps[simp del]
obua@16782
   150
hoelzl@31098
   151
theorem normfloat[symmetric, simp]: "real f = real (normfloat f)"
hoelzl@29804
   152
proof (induct f rule: normfloat.induct)
hoelzl@29804
   153
  case (1 a b)
hoelzl@29804
   154
  have real2: "2 = real (2::int)"
hoelzl@29804
   155
    by auto
hoelzl@29804
   156
  show ?case
hoelzl@29804
   157
    apply (subst normfloat.simps)
hoelzl@29804
   158
    apply (auto simp add: float_zero)
hoelzl@29804
   159
    apply (subst 1[symmetric])
hoelzl@29804
   160
    apply (auto simp add: pow2_add even_def)
hoelzl@29804
   161
    done
hoelzl@29804
   162
qed
obua@16782
   163
hoelzl@29804
   164
lemma pow2_neq_zero[simp]: "pow2 x \<noteq> 0"
hoelzl@29804
   165
  by (auto simp add: pow2_def)
obua@16782
   166
wenzelm@26313
   167
lemma pow2_int: "pow2 (int c) = 2^c"
obua@16782
   168
by (simp add: pow2_def)
obua@16782
   169
hoelzl@29804
   170
lemma zero_less_pow2[simp]:
obua@16782
   171
  "0 < pow2 x"
obua@16782
   172
proof -
obua@16782
   173
  {
obua@16782
   174
    fix y
wenzelm@19765
   175
    have "0 <= y \<Longrightarrow> 0 < pow2 y"
obua@16782
   176
      by (induct y, induct_tac n, simp_all add: pow2_add)
obua@16782
   177
  }
obua@16782
   178
  note helper=this
obua@16782
   179
  show ?thesis
obua@16782
   180
    apply (case_tac "0 <= x")
obua@16782
   181
    apply (simp add: helper)
obua@16782
   182
    apply (subst pow2_neg)
obua@16782
   183
    apply (simp add: helper)
obua@16782
   184
    done
obua@16782
   185
qed
obua@16782
   186
hoelzl@29804
   187
lemma normfloat_imp_odd_or_zero: "normfloat f = Float a b \<Longrightarrow> odd a \<or> (a = 0 \<and> b = 0)"
hoelzl@29804
   188
proof (induct f rule: normfloat.induct)
hoelzl@29804
   189
  case (1 u v)
hoelzl@29804
   190
  from 1 have ab: "normfloat (Float u v) = Float a b" by auto
hoelzl@29804
   191
  {
hoelzl@29804
   192
    assume eu: "even u"
hoelzl@29804
   193
    assume z: "u \<noteq> 0"
hoelzl@29804
   194
    have "normfloat (Float u v) = normfloat (Float (u div 2) (v + 1))"
hoelzl@29804
   195
      apply (subst normfloat.simps)
hoelzl@29804
   196
      by (simp add: eu z)
hoelzl@29804
   197
    with ab have "normfloat (Float (u div 2) (v + 1)) = Float a b" by simp
hoelzl@29804
   198
    with 1 eu z have ?case by auto
hoelzl@29804
   199
  }
hoelzl@29804
   200
  note case1 = this
hoelzl@29804
   201
  {
hoelzl@29804
   202
    assume "odd u \<or> u = 0"
hoelzl@29804
   203
    then have ou: "\<not> (u \<noteq> 0 \<and> even u)" by auto
hoelzl@29804
   204
    have "normfloat (Float u v) = (if u = 0 then Float 0 0 else Float u v)"
hoelzl@29804
   205
      apply (subst normfloat.simps)
hoelzl@29804
   206
      apply (simp add: ou)
hoelzl@29804
   207
      done
hoelzl@29804
   208
    with ab have "Float a b = (if u = 0 then Float 0 0 else Float u v)" by auto
hoelzl@29804
   209
    then have ?case
hoelzl@29804
   210
      apply (case_tac "u=0")
hoelzl@29804
   211
      apply (auto)
hoelzl@29804
   212
      by (insert ou, auto)
hoelzl@29804
   213
  }
hoelzl@29804
   214
  note case2 = this
hoelzl@29804
   215
  show ?case
hoelzl@29804
   216
    apply (case_tac "odd u \<or> u = 0")
hoelzl@29804
   217
    apply (rule case2)
hoelzl@29804
   218
    apply simp
hoelzl@29804
   219
    apply (rule case1)
hoelzl@29804
   220
    apply auto
hoelzl@29804
   221
    done
hoelzl@29804
   222
qed
hoelzl@29804
   223
hoelzl@29804
   224
lemma float_eq_odd_helper: 
hoelzl@29804
   225
  assumes odd: "odd a'"
hoelzl@31098
   226
  and floateq: "real (Float a b) = real (Float a' b')"
hoelzl@29804
   227
  shows "b \<le> b'"
hoelzl@29804
   228
proof - 
hoelzl@29804
   229
  {
hoelzl@29804
   230
    assume bcmp: "b > b'"
hoelzl@29804
   231
    from floateq have eq: "real a * pow2 b = real a' * pow2 b'" by simp
hoelzl@29804
   232
    {
hoelzl@29804
   233
      fix x y z :: real
hoelzl@29804
   234
      assume "y \<noteq> 0"
hoelzl@29804
   235
      then have "(x * inverse y = z) = (x = z * y)"
hoelzl@29804
   236
	by auto
hoelzl@29804
   237
    }
hoelzl@29804
   238
    note inverse = this
hoelzl@29804
   239
    have eq': "real a * (pow2 (b - b')) = real a'"
hoelzl@29804
   240
      apply (subst diff_int_def)
hoelzl@29804
   241
      apply (subst pow2_add)
hoelzl@29804
   242
      apply (subst pow2_neg[where x = "-b'"])
hoelzl@29804
   243
      apply simp
hoelzl@29804
   244
      apply (subst mult_assoc[symmetric])
hoelzl@29804
   245
      apply (subst inverse)
hoelzl@29804
   246
      apply (simp_all add: eq)
hoelzl@29804
   247
      done
hoelzl@29804
   248
    have "\<exists> z > 0. pow2 (b-b') = 2^z"
hoelzl@29804
   249
      apply (rule exI[where x="nat (b - b')"])
hoelzl@29804
   250
      apply (auto)
hoelzl@29804
   251
      apply (insert bcmp)
hoelzl@29804
   252
      apply simp
hoelzl@29804
   253
      apply (subst pow2_int[symmetric])
hoelzl@29804
   254
      apply auto
hoelzl@29804
   255
      done
hoelzl@29804
   256
    then obtain z where z: "z > 0 \<and> pow2 (b-b') = 2^z" by auto
hoelzl@29804
   257
    with eq' have "real a * 2^z = real a'"
hoelzl@29804
   258
      by auto
hoelzl@29804
   259
    then have "real a * real ((2::int)^z) = real a'"
hoelzl@29804
   260
      by auto
hoelzl@29804
   261
    then have "real (a * 2^z) = real a'"
hoelzl@29804
   262
      apply (subst real_of_int_mult)
hoelzl@29804
   263
      apply simp
hoelzl@29804
   264
      done
hoelzl@29804
   265
    then have a'_rep: "a * 2^z = a'" by arith
hoelzl@29804
   266
    then have "a' = a*2^z" by simp
hoelzl@29804
   267
    with z have "even a'" by simp
hoelzl@29804
   268
    with odd have False by auto
hoelzl@29804
   269
  }
hoelzl@29804
   270
  then show ?thesis by arith
hoelzl@29804
   271
qed
hoelzl@29804
   272
hoelzl@29804
   273
lemma float_eq_odd: 
hoelzl@29804
   274
  assumes odd1: "odd a"
hoelzl@29804
   275
  and odd2: "odd a'"
hoelzl@31098
   276
  and floateq: "real (Float a b) = real (Float a' b')"
hoelzl@29804
   277
  shows "a = a' \<and> b = b'"
hoelzl@29804
   278
proof -
hoelzl@29804
   279
  from 
hoelzl@29804
   280
     float_eq_odd_helper[OF odd2 floateq] 
hoelzl@29804
   281
     float_eq_odd_helper[OF odd1 floateq[symmetric]]
hoelzl@29804
   282
  have beq: "b = b'"  by arith
hoelzl@29804
   283
  with floateq show ?thesis by auto
hoelzl@29804
   284
qed
hoelzl@29804
   285
hoelzl@29804
   286
theorem normfloat_unique:
hoelzl@31098
   287
  assumes real_of_float_eq: "real f = real g"
hoelzl@29804
   288
  shows "normfloat f = normfloat g"
hoelzl@29804
   289
proof - 
hoelzl@29804
   290
  from float_split[of "normfloat f"] obtain a b where normf:"normfloat f = Float a b" by auto
hoelzl@29804
   291
  from float_split[of "normfloat g"] obtain a' b' where normg:"normfloat g = Float a' b'" by auto
hoelzl@31098
   292
  have "real (normfloat f) = real (normfloat g)"
hoelzl@31098
   293
    by (simp add: real_of_float_eq)
hoelzl@31098
   294
  then have float_eq: "real (Float a b) = real (Float a' b')"
hoelzl@29804
   295
    by (simp add: normf normg)
hoelzl@29804
   296
  have ab: "odd a \<or> (a = 0 \<and> b = 0)" by (rule normfloat_imp_odd_or_zero[OF normf])
hoelzl@29804
   297
  have ab': "odd a' \<or> (a' = 0 \<and> b' = 0)" by (rule normfloat_imp_odd_or_zero[OF normg])
hoelzl@29804
   298
  {
hoelzl@29804
   299
    assume odd: "odd a"
hoelzl@29804
   300
    then have "a \<noteq> 0" by (simp add: even_def, arith)
hoelzl@29804
   301
    with float_eq have "a' \<noteq> 0" by auto
hoelzl@29804
   302
    with ab' have "odd a'" by simp
hoelzl@29804
   303
    from odd this float_eq have "a = a' \<and> b = b'" by (rule float_eq_odd)
hoelzl@29804
   304
  }
hoelzl@29804
   305
  note odd_case = this
hoelzl@29804
   306
  {
hoelzl@29804
   307
    assume even: "even a"
hoelzl@29804
   308
    with ab have a0: "a = 0" by simp
hoelzl@29804
   309
    with float_eq have a0': "a' = 0" by auto 
hoelzl@29804
   310
    from a0 a0' ab ab' have "a = a' \<and> b = b'" by auto
hoelzl@29804
   311
  }
hoelzl@29804
   312
  note even_case = this
hoelzl@29804
   313
  from odd_case even_case show ?thesis
hoelzl@29804
   314
    apply (simp add: normf normg)
hoelzl@29804
   315
    apply (case_tac "even a")
hoelzl@29804
   316
    apply auto
hoelzl@29804
   317
    done
hoelzl@29804
   318
qed
hoelzl@29804
   319
hoelzl@29804
   320
instantiation float :: plus begin
hoelzl@29804
   321
fun plus_float where
hoelzl@29804
   322
[simp del]: "(Float a_m a_e) + (Float b_m b_e) = 
hoelzl@29804
   323
     (if a_e \<le> b_e then Float (a_m + b_m * 2^(nat(b_e - a_e))) a_e 
hoelzl@29804
   324
                   else Float (a_m * 2^(nat (a_e - b_e)) + b_m) b_e)"
hoelzl@29804
   325
instance ..
hoelzl@29804
   326
end
hoelzl@29804
   327
hoelzl@29804
   328
instantiation float :: uminus begin
haftmann@30960
   329
primrec uminus_float where [simp del]: "uminus_float (Float m e) = Float (-m) e"
hoelzl@29804
   330
instance ..
hoelzl@29804
   331
end
hoelzl@29804
   332
hoelzl@29804
   333
instantiation float :: minus begin
haftmann@30960
   334
definition minus_float where [simp del]: "(z::float) - w = z + (- w)"
hoelzl@29804
   335
instance ..
hoelzl@29804
   336
end
hoelzl@29804
   337
hoelzl@29804
   338
instantiation float :: times begin
hoelzl@29804
   339
fun times_float where [simp del]: "(Float a_m a_e) * (Float b_m b_e) = Float (a_m * b_m) (a_e + b_e)"
hoelzl@29804
   340
instance ..
hoelzl@29804
   341
end
hoelzl@29804
   342
haftmann@30960
   343
primrec float_pprt :: "float \<Rightarrow> float" where
haftmann@30960
   344
  "float_pprt (Float a e) = (if 0 <= a then (Float a e) else 0)"
hoelzl@29804
   345
haftmann@30960
   346
primrec float_nprt :: "float \<Rightarrow> float" where
haftmann@30960
   347
  "float_nprt (Float a e) = (if 0 <= a then 0 else (Float a e))" 
hoelzl@29804
   348
hoelzl@29804
   349
instantiation float :: ord begin
hoelzl@31098
   350
definition le_float_def: "z \<le> (w :: float) \<equiv> real z \<le> real w"
hoelzl@31098
   351
definition less_float_def: "z < (w :: float) \<equiv> real z < real w"
hoelzl@29804
   352
instance ..
hoelzl@29804
   353
end
hoelzl@29804
   354
hoelzl@31098
   355
lemma real_of_float_add[simp]: "real (a + b) = real a + real (b :: float)"
hoelzl@29804
   356
  by (cases a, cases b, simp add: algebra_simps plus_float.simps, 
hoelzl@29804
   357
      auto simp add: pow2_int[symmetric] pow2_add[symmetric])
hoelzl@29804
   358
hoelzl@31098
   359
lemma real_of_float_minus[simp]: "real (- a) = - real (a :: float)"
hoelzl@29804
   360
  by (cases a, simp add: uminus_float.simps)
hoelzl@29804
   361
hoelzl@31098
   362
lemma real_of_float_sub[simp]: "real (a - b) = real a - real (b :: float)"
haftmann@30960
   363
  by (cases a, cases b, simp add: minus_float_def)
hoelzl@29804
   364
hoelzl@31098
   365
lemma real_of_float_mult[simp]: "real (a*b) = real a * real (b :: float)"
hoelzl@29804
   366
  by (cases a, cases b, simp add: times_float.simps pow2_add)
hoelzl@29804
   367
hoelzl@31098
   368
lemma real_of_float_0[simp]: "real (0 :: float) = 0"
hoelzl@29804
   369
  by (auto simp add: zero_float_def float_zero)
hoelzl@29804
   370
hoelzl@31098
   371
lemma real_of_float_1[simp]: "real (1 :: float) = 1"
hoelzl@29804
   372
  by (auto simp add: one_float_def)
hoelzl@29804
   373
obua@16782
   374
lemma zero_le_float:
hoelzl@31098
   375
  "(0 <= real (Float a b)) = (0 <= a)"
hoelzl@29804
   376
  apply auto
hoelzl@29804
   377
  apply (auto simp add: zero_le_mult_iff)
obua@16782
   378
  apply (insert zero_less_pow2[of b])
obua@16782
   379
  apply (simp_all)
obua@16782
   380
  done
obua@16782
   381
obua@16782
   382
lemma float_le_zero:
hoelzl@31098
   383
  "(real (Float a b) <= 0) = (a <= 0)"
hoelzl@29804
   384
  apply auto
obua@16782
   385
  apply (auto simp add: mult_le_0_iff)
obua@16782
   386
  apply (insert zero_less_pow2[of b])
obua@16782
   387
  apply auto
obua@16782
   388
  done
obua@16782
   389
hoelzl@31098
   390
declare real_of_float_simp[simp del]
hoelzl@29804
   391
hoelzl@31098
   392
lemma real_of_float_pprt[simp]: "real (float_pprt a) = pprt (real a)"
hoelzl@29804
   393
  by (cases a, auto simp add: float_pprt.simps zero_le_float float_le_zero float_zero)
hoelzl@29804
   394
hoelzl@31098
   395
lemma real_of_float_nprt[simp]: "real (float_nprt a) = nprt (real a)"
hoelzl@29804
   396
  by (cases a,  auto simp add: float_nprt.simps zero_le_float float_le_zero float_zero)
hoelzl@29804
   397
hoelzl@29804
   398
instance float :: ab_semigroup_add
hoelzl@29804
   399
proof (intro_classes)
hoelzl@29804
   400
  fix a b c :: float
hoelzl@29804
   401
  show "a + b + c = a + (b + c)"
hoelzl@29804
   402
    by (cases a, cases b, cases c, auto simp add: algebra_simps power_add[symmetric] plus_float.simps)
hoelzl@29804
   403
next
hoelzl@29804
   404
  fix a b :: float
hoelzl@29804
   405
  show "a + b = b + a"
hoelzl@29804
   406
    by (cases a, cases b, simp add: plus_float.simps)
hoelzl@29804
   407
qed
hoelzl@29804
   408
hoelzl@29804
   409
instance float :: comm_monoid_mult
hoelzl@29804
   410
proof (intro_classes)
hoelzl@29804
   411
  fix a b c :: float
hoelzl@29804
   412
  show "a * b * c = a * (b * c)"
hoelzl@29804
   413
    by (cases a, cases b, cases c, simp add: times_float.simps)
hoelzl@29804
   414
next
hoelzl@29804
   415
  fix a b :: float
hoelzl@29804
   416
  show "a * b = b * a"
hoelzl@29804
   417
    by (cases a, cases b, simp add: times_float.simps)
hoelzl@29804
   418
next
hoelzl@29804
   419
  fix a :: float
hoelzl@29804
   420
  show "1 * a = a"
hoelzl@29804
   421
    by (cases a, simp add: times_float.simps one_float_def)
hoelzl@29804
   422
qed
hoelzl@29804
   423
hoelzl@29804
   424
(* Floats do NOT form a cancel_semigroup_add: *)
hoelzl@29804
   425
lemma "0 + Float 0 1 = 0 + Float 0 2"
hoelzl@29804
   426
  by (simp add: plus_float.simps zero_float_def)
hoelzl@29804
   427
hoelzl@29804
   428
instance float :: comm_semiring
hoelzl@29804
   429
proof (intro_classes)
hoelzl@29804
   430
  fix a b c :: float
hoelzl@29804
   431
  show "(a + b) * c = a * c + b * c"
hoelzl@29804
   432
    by (cases a, cases b, cases c, simp, simp add: plus_float.simps times_float.simps algebra_simps)
hoelzl@29804
   433
qed
hoelzl@29804
   434
hoelzl@29804
   435
(* Floats do NOT form an order, because "(x < y) = (x <= y & x <> y)" does NOT hold *)
hoelzl@29804
   436
hoelzl@29804
   437
instance float :: zero_neq_one
hoelzl@29804
   438
proof (intro_classes)
hoelzl@29804
   439
  show "(0::float) \<noteq> 1"
hoelzl@29804
   440
    by (simp add: zero_float_def one_float_def)
hoelzl@29804
   441
qed
hoelzl@29804
   442
hoelzl@29804
   443
lemma float_le_simp: "((x::float) \<le> y) = (0 \<le> y - x)"
hoelzl@29804
   444
  by (auto simp add: le_float_def)
hoelzl@29804
   445
hoelzl@29804
   446
lemma float_less_simp: "((x::float) < y) = (0 < y - x)"
hoelzl@29804
   447
  by (auto simp add: less_float_def)
hoelzl@29804
   448
hoelzl@31098
   449
lemma real_of_float_min: "real (min x y :: float) = min (real x) (real y)" unfolding min_def le_float_def by auto
hoelzl@31098
   450
lemma real_of_float_max: "real (max a b :: float) = max (real a) (real b)" unfolding max_def le_float_def by auto
hoelzl@29804
   451
hoelzl@31098
   452
lemma float_power: "real (x ^ n :: float) = real x ^ n"
haftmann@30960
   453
  by (induct n) simp_all
hoelzl@29804
   454
hoelzl@29804
   455
lemma zero_le_pow2[simp]: "0 \<le> pow2 s"
hoelzl@29804
   456
  apply (subgoal_tac "0 < pow2 s")
hoelzl@29804
   457
  apply (auto simp only:)
hoelzl@29804
   458
  apply auto
obua@16782
   459
  done
obua@16782
   460
hoelzl@29804
   461
lemma pow2_less_0_eq_False[simp]: "(pow2 s < 0) = False"
hoelzl@29804
   462
  apply auto
hoelzl@29804
   463
  apply (subgoal_tac "0 \<le> pow2 s")
hoelzl@29804
   464
  apply simp
hoelzl@29804
   465
  apply simp
obua@24301
   466
  done
obua@24301
   467
hoelzl@29804
   468
lemma pow2_le_0_eq_False[simp]: "(pow2 s \<le> 0) = False"
hoelzl@29804
   469
  apply auto
hoelzl@29804
   470
  apply (subgoal_tac "0 < pow2 s")
hoelzl@29804
   471
  apply simp
hoelzl@29804
   472
  apply simp
obua@24301
   473
  done
obua@24301
   474
hoelzl@29804
   475
lemma float_pos_m_pos: "0 < Float m e \<Longrightarrow> 0 < m"
hoelzl@31098
   476
  unfolding less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff
obua@16782
   477
  by auto
wenzelm@19765
   478
hoelzl@29804
   479
lemma float_pos_less1_e_neg: assumes "0 < Float m e" and "Float m e < 1" shows "e < 0"
hoelzl@29804
   480
proof -
hoelzl@29804
   481
  have "0 < m" using float_pos_m_pos `0 < Float m e` by auto
hoelzl@29804
   482
  hence "0 \<le> real m" and "1 \<le> real m" by auto
hoelzl@29804
   483
  
hoelzl@29804
   484
  show "e < 0"
hoelzl@29804
   485
  proof (rule ccontr)
hoelzl@29804
   486
    assume "\<not> e < 0" hence "0 \<le> e" by auto
hoelzl@29804
   487
    hence "1 \<le> pow2 e" unfolding pow2_def by auto
hoelzl@29804
   488
    from mult_mono[OF `1 \<le> real m` this `0 \<le> real m`]
hoelzl@31098
   489
    have "1 \<le> Float m e" by (simp add: le_float_def real_of_float_simp)
hoelzl@29804
   490
    thus False using `Float m e < 1` unfolding less_float_def le_float_def by auto
hoelzl@29804
   491
  qed
hoelzl@29804
   492
qed
hoelzl@29804
   493
hoelzl@29804
   494
lemma float_less1_mantissa_bound: assumes "0 < Float m e" "Float m e < 1" shows "m < 2^(nat (-e))"
hoelzl@29804
   495
proof -
hoelzl@29804
   496
  have "e < 0" using float_pos_less1_e_neg assms by auto
hoelzl@29804
   497
  have "\<And>x. (0::real) < 2^x" by auto
hoelzl@29804
   498
  have "real m < 2^(nat (-e))" using `Float m e < 1`
hoelzl@31098
   499
    unfolding less_float_def real_of_float_neg_exp[OF `e < 0`] real_of_float_1
hoelzl@29804
   500
          real_mult_less_iff1[of _ _ 1, OF `0 < 2^(nat (-e))`, symmetric] 
hoelzl@29804
   501
          real_mult_assoc by auto
hoelzl@29804
   502
  thus ?thesis unfolding real_of_int_less_iff[symmetric] by auto
hoelzl@29804
   503
qed
hoelzl@29804
   504
hoelzl@29804
   505
function bitlen :: "int \<Rightarrow> int" where
hoelzl@29804
   506
"bitlen 0 = 0" | 
hoelzl@29804
   507
"bitlen -1 = 1" | 
hoelzl@29804
   508
"0 < x \<Longrightarrow> bitlen x = 1 + (bitlen (x div 2))" | 
hoelzl@29804
   509
"x < -1 \<Longrightarrow> bitlen x = 1 + (bitlen (x div 2))"
hoelzl@29804
   510
  apply (case_tac "x = 0 \<or> x = -1 \<or> x < -1 \<or> x > 0")
hoelzl@29804
   511
  apply auto
hoelzl@29804
   512
  done
hoelzl@29804
   513
termination by (relation "measure (nat o abs)", auto)
hoelzl@29804
   514
hoelzl@29804
   515
lemma bitlen_ge0: "0 \<le> bitlen x" by (induct x rule: bitlen.induct, auto)
hoelzl@29804
   516
lemma bitlen_ge1: "x \<noteq> 0 \<Longrightarrow> 1 \<le> bitlen x" by (induct x rule: bitlen.induct, auto simp add: bitlen_ge0)
hoelzl@29804
   517
hoelzl@29804
   518
lemma bitlen_bounds': assumes "0 < x" shows "2^nat (bitlen x - 1) \<le> x \<and> x + 1 \<le> 2^nat (bitlen x)" (is "?P x")
hoelzl@29804
   519
  using `0 < x`
hoelzl@29804
   520
proof (induct x rule: bitlen.induct)
hoelzl@29804
   521
  fix x
hoelzl@29804
   522
  assume "0 < x" and hyp: "0 < x div 2 \<Longrightarrow> ?P (x div 2)" hence "0 \<le> x" and "x \<noteq> 0" by auto
hoelzl@29804
   523
  { fix x have "0 \<le> 1 + bitlen x" using bitlen_ge0[of x] by auto } note gt0_pls1 = this
hoelzl@29804
   524
hoelzl@29804
   525
  have "0 < (2::int)" by auto
obua@16782
   526
hoelzl@29804
   527
  show "?P x"
hoelzl@29804
   528
  proof (cases "x = 1")
hoelzl@29804
   529
    case True show "?P x" unfolding True by auto
hoelzl@29804
   530
  next
hoelzl@29804
   531
    case False hence "2 \<le> x" using `0 < x` `x \<noteq> 1` by auto
hoelzl@29804
   532
    hence "2 div 2 \<le> x div 2" by (rule zdiv_mono1, auto)
hoelzl@29804
   533
    hence "0 < x div 2" and "x div 2 \<noteq> 0" by auto
hoelzl@29804
   534
    hence bitlen_s1_ge0: "0 \<le> bitlen (x div 2) - 1" using bitlen_ge1[OF `x div 2 \<noteq> 0`] by auto
obua@16782
   535
hoelzl@29804
   536
    { from hyp[OF `0 < x div 2`]
hoelzl@29804
   537
      have "2 ^ nat (bitlen (x div 2) - 1) \<le> x div 2" by auto
hoelzl@29804
   538
      hence "2 ^ nat (bitlen (x div 2) - 1) * 2 \<le> x div 2 * 2" by (rule mult_right_mono, auto)
hoelzl@29804
   539
      also have "\<dots> \<le> x" using `0 < x` by auto
hoelzl@29804
   540
      finally have "2^nat (1 + bitlen (x div 2) - 1) \<le> x" unfolding power_Suc2[symmetric] Suc_nat_eq_nat_zadd1[OF bitlen_s1_ge0] by auto
hoelzl@29804
   541
    } moreover
hoelzl@29804
   542
    { have "x + 1 \<le> x - x mod 2 + 2"
hoelzl@29804
   543
      proof -
hoelzl@29804
   544
	have "x mod 2 < 2" using `0 < x` by auto
hoelzl@29804
   545
 	hence "x < x - x mod 2 +  2" unfolding algebra_simps by auto
hoelzl@29804
   546
	thus ?thesis by auto
hoelzl@29804
   547
      qed
hoelzl@29804
   548
      also have "x - x mod 2 + 2 = (x div 2 + 1) * 2" unfolding algebra_simps using `0 < x` zdiv_zmod_equality2[of x 2 0] by auto
hoelzl@29804
   549
      also have "\<dots> \<le> 2^nat (bitlen (x div 2)) * 2" using hyp[OF `0 < x div 2`, THEN conjunct2] by (rule mult_right_mono, auto)
hoelzl@29804
   550
      also have "\<dots> = 2^(1 + nat (bitlen (x div 2)))" unfolding power_Suc2[symmetric] by auto
hoelzl@29804
   551
      finally have "x + 1 \<le> 2^(1 + nat (bitlen (x div 2)))" .
hoelzl@29804
   552
    }
hoelzl@29804
   553
    ultimately show ?thesis
hoelzl@29804
   554
      unfolding bitlen.simps(3)[OF `0 < x`] nat_add_distrib[OF zero_le_one bitlen_ge0]
hoelzl@29804
   555
      unfolding add_commute nat_add_distrib[OF zero_le_one gt0_pls1]
hoelzl@29804
   556
      by auto
hoelzl@29804
   557
  qed
hoelzl@29804
   558
next
hoelzl@29804
   559
  fix x :: int assume "x < -1" and "0 < x" hence False by auto
hoelzl@29804
   560
  thus "?P x" by auto
hoelzl@29804
   561
qed auto
hoelzl@29804
   562
hoelzl@29804
   563
lemma bitlen_bounds: assumes "0 < x" shows "2^nat (bitlen x - 1) \<le> x \<and> x < 2^nat (bitlen x)"
hoelzl@29804
   564
  using bitlen_bounds'[OF `0<x`] by auto
hoelzl@29804
   565
hoelzl@29804
   566
lemma bitlen_div: assumes "0 < m" shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
hoelzl@29804
   567
proof -
hoelzl@29804
   568
  let ?B = "2^nat(bitlen m - 1)"
hoelzl@29804
   569
hoelzl@29804
   570
  have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
hoelzl@29804
   571
  hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   572
  thus "1 \<le> real m / ?B" by auto
hoelzl@29804
   573
hoelzl@29804
   574
  have "m \<noteq> 0" using assms by auto
hoelzl@29804
   575
  have "0 \<le> bitlen m - 1" using bitlen_ge1[OF `m \<noteq> 0`] by auto
obua@16782
   576
hoelzl@29804
   577
  have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
hoelzl@29804
   578
  also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using bitlen_ge1[OF `m \<noteq> 0`] by auto
hoelzl@29804
   579
  also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
hoelzl@29804
   580
  finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
hoelzl@29804
   581
  hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
hoelzl@29804
   582
  thus "real m / ?B < 2" by auto
hoelzl@29804
   583
qed
hoelzl@29804
   584
hoelzl@29804
   585
lemma float_gt1_scale: assumes "1 \<le> Float m e"
hoelzl@29804
   586
  shows "0 \<le> e + (bitlen m - 1)"
hoelzl@29804
   587
proof (cases "0 \<le> e")
hoelzl@29804
   588
  have "0 < Float m e" using assms unfolding less_float_def le_float_def by auto
hoelzl@29804
   589
  hence "0 < m" using float_pos_m_pos by auto
hoelzl@29804
   590
  hence "m \<noteq> 0" by auto
hoelzl@29804
   591
  case True with bitlen_ge1[OF `m \<noteq> 0`] show ?thesis by auto
hoelzl@29804
   592
next
hoelzl@29804
   593
  have "0 < Float m e" using assms unfolding less_float_def le_float_def by auto
hoelzl@29804
   594
  hence "0 < m" using float_pos_m_pos by auto
hoelzl@29804
   595
  hence "m \<noteq> 0" and "1 < (2::int)" by auto
hoelzl@29804
   596
  case False let ?S = "2^(nat (-e))"
hoelzl@31098
   597
  have "1 \<le> real m * inverse ?S" using assms unfolding le_float_def real_of_float_nge0_exp[OF False] by auto
hoelzl@29804
   598
  hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
hoelzl@29804
   599
  hence "?S \<le> real m" unfolding mult_assoc by auto
hoelzl@29804
   600
  hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   601
  from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
hoelzl@29804
   602
  have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
hoelzl@29804
   603
  hence "-e < bitlen m" using False bitlen_ge0 by auto
hoelzl@29804
   604
  thus ?thesis by auto
hoelzl@29804
   605
qed
hoelzl@29804
   606
hoelzl@31098
   607
lemma normalized_float: assumes "m \<noteq> 0" shows "real (Float m (- (bitlen m - 1))) = real m / 2^nat (bitlen m - 1)"
hoelzl@29804
   608
proof (cases "- (bitlen m - 1) = 0")
hoelzl@31098
   609
  case True show ?thesis unfolding real_of_float_simp pow2_def using True by auto
hoelzl@29804
   610
next
hoelzl@29804
   611
  case False hence P: "\<not> 0 \<le> - (bitlen m - 1)" using bitlen_ge1[OF `m \<noteq> 0`] by auto
hoelzl@31098
   612
  show ?thesis unfolding real_of_float_nge0_exp[OF P] real_divide_def by auto
hoelzl@29804
   613
qed
hoelzl@29804
   614
hoelzl@29804
   615
lemma bitlen_Pls: "bitlen (Int.Pls) = Int.Pls" by (subst Pls_def, subst Pls_def, simp)
hoelzl@29804
   616
hoelzl@29804
   617
lemma bitlen_Min: "bitlen (Int.Min) = Int.Bit1 Int.Pls" by (subst Min_def, simp add: Bit1_def) 
hoelzl@29804
   618
hoelzl@29804
   619
lemma bitlen_B0: "bitlen (Int.Bit0 b) = (if iszero b then Int.Pls else Int.succ (bitlen b))"
hoelzl@29804
   620
  apply (auto simp add: iszero_def succ_def)
hoelzl@29804
   621
  apply (simp add: Bit0_def Pls_def)
hoelzl@29804
   622
  apply (subst Bit0_def)
hoelzl@29804
   623
  apply simp
hoelzl@29804
   624
  apply (subgoal_tac "0 < 2 * b \<or> 2 * b < -1")
hoelzl@29804
   625
  apply auto
hoelzl@29804
   626
  done
obua@16782
   627
hoelzl@29804
   628
lemma bitlen_B1: "bitlen (Int.Bit1 b) = (if iszero (Int.succ b) then Int.Bit1 Int.Pls else Int.succ (bitlen b))"
hoelzl@29804
   629
proof -
hoelzl@29804
   630
  have h: "! x. (2*x + 1) div 2 = (x::int)"
hoelzl@29804
   631
    by arith    
hoelzl@29804
   632
  show ?thesis
hoelzl@29804
   633
    apply (auto simp add: iszero_def succ_def)
hoelzl@29804
   634
    apply (subst Bit1_def)+
hoelzl@29804
   635
    apply simp
hoelzl@29804
   636
    apply (subgoal_tac "2 * b + 1 = -1")
hoelzl@29804
   637
    apply (simp only:)
hoelzl@29804
   638
    apply simp_all
hoelzl@29804
   639
    apply (subst Bit1_def)
hoelzl@29804
   640
    apply simp
hoelzl@29804
   641
    apply (subgoal_tac "0 < 2 * b + 1 \<or> 2 * b + 1 < -1")
hoelzl@29804
   642
    apply (auto simp add: h)
hoelzl@29804
   643
    done
hoelzl@29804
   644
qed
hoelzl@29804
   645
hoelzl@29804
   646
lemma bitlen_number_of: "bitlen (number_of w) = number_of (bitlen w)"
hoelzl@29804
   647
  by (simp add: number_of_is_id)
obua@16782
   648
hoelzl@29804
   649
lemma [code]: "bitlen x = 
hoelzl@29804
   650
     (if x = 0  then 0 
hoelzl@29804
   651
 else if x = -1 then 1 
hoelzl@29804
   652
                else (1 + (bitlen (x div 2))))"
hoelzl@29804
   653
  by (cases "x = 0 \<or> x = -1 \<or> 0 < x") auto
hoelzl@29804
   654
hoelzl@29804
   655
definition lapprox_posrat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   656
where
hoelzl@29804
   657
  "lapprox_posrat prec x y = 
hoelzl@29804
   658
   (let 
hoelzl@29804
   659
       l = nat (int prec + bitlen y - bitlen x) ;
hoelzl@29804
   660
       d = (x * 2^l) div y
hoelzl@29804
   661
    in normfloat (Float d (- (int l))))"
hoelzl@29804
   662
hoelzl@29804
   663
lemma pow2_minus: "pow2 (-x) = inverse (pow2 x)"
hoelzl@29804
   664
  unfolding pow2_neg[of "-x"] by auto
hoelzl@29804
   665
hoelzl@29804
   666
lemma lapprox_posrat: 
hoelzl@29804
   667
  assumes x: "0 \<le> x"
hoelzl@29804
   668
  and y: "0 < y"
hoelzl@31098
   669
  shows "real (lapprox_posrat prec x y) \<le> real x / real y"
hoelzl@29804
   670
proof -
hoelzl@29804
   671
  let ?l = "nat (int prec + bitlen y - bitlen x)"
hoelzl@29804
   672
  
hoelzl@29804
   673
  have "real (x * 2^?l div y) * inverse (2^?l) \<le> (real (x * 2^?l) / real y) * inverse (2^?l)" 
hoelzl@29804
   674
    by (rule mult_right_mono, fact real_of_int_div4, simp)
hoelzl@29804
   675
  also have "\<dots> \<le> (real x / real y) * 2^?l * inverse (2^?l)" by auto
hoelzl@29804
   676
  finally have "real (x * 2^?l div y) * inverse (2^?l) \<le> real x / real y" unfolding real_mult_assoc by auto
hoelzl@31098
   677
  thus ?thesis unfolding lapprox_posrat_def Let_def normfloat real_of_float_simp
hoelzl@29804
   678
    unfolding pow2_minus pow2_int minus_minus .
hoelzl@29804
   679
qed
obua@16782
   680
hoelzl@29804
   681
lemma real_of_int_div_mult: 
hoelzl@29804
   682
  fixes x y c :: int assumes "0 < y" and "0 < c"
hoelzl@29804
   683
  shows "real (x div y) \<le> real (x * c div y) * inverse (real c)"
hoelzl@29804
   684
proof -
hoelzl@29804
   685
  have "c * (x div y) + 0 \<le> c * x div y" unfolding zdiv_zmult1_eq[of c x y]
hoelzl@29804
   686
    by (rule zadd_left_mono, 
hoelzl@29804
   687
        auto intro!: mult_nonneg_nonneg 
hoelzl@29804
   688
             simp add: pos_imp_zdiv_nonneg_iff[OF `0 < y`] `0 < c`[THEN less_imp_le] pos_mod_sign[OF `0 < y`])
hoelzl@29804
   689
  hence "real (x div y) * real c \<le> real (x * c div y)" 
hoelzl@29804
   690
    unfolding real_of_int_mult[symmetric] real_of_int_le_iff zmult_commute by auto
hoelzl@29804
   691
  hence "real (x div y) * real c * inverse (real c) \<le> real (x * c div y) * inverse (real c)"
hoelzl@29804
   692
    using `0 < c` by auto
hoelzl@29804
   693
  thus ?thesis unfolding real_mult_assoc using `0 < c` by auto
hoelzl@29804
   694
qed
hoelzl@29804
   695
hoelzl@29804
   696
lemma lapprox_posrat_bottom: assumes "0 < y"
hoelzl@31098
   697
  shows "real (x div y) \<le> real (lapprox_posrat n x y)" 
hoelzl@29804
   698
proof -
hoelzl@29804
   699
  have pow: "\<And>x. (0::int) < 2^x" by auto
hoelzl@29804
   700
  show ?thesis
hoelzl@31098
   701
    unfolding lapprox_posrat_def Let_def real_of_float_add normfloat real_of_float_simp pow2_minus pow2_int
hoelzl@29804
   702
    using real_of_int_div_mult[OF `0 < y` pow] by auto
hoelzl@29804
   703
qed
hoelzl@29804
   704
hoelzl@29804
   705
lemma lapprox_posrat_nonneg: assumes "0 \<le> x" and "0 < y"
hoelzl@31098
   706
  shows "0 \<le> real (lapprox_posrat n x y)" 
hoelzl@29804
   707
proof -
hoelzl@29804
   708
  show ?thesis
hoelzl@31098
   709
    unfolding lapprox_posrat_def Let_def real_of_float_add normfloat real_of_float_simp pow2_minus pow2_int
hoelzl@29804
   710
    using pos_imp_zdiv_nonneg_iff[OF `0 < y`] assms by (auto intro!: mult_nonneg_nonneg)
hoelzl@29804
   711
qed
hoelzl@29804
   712
hoelzl@29804
   713
definition rapprox_posrat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   714
where
hoelzl@29804
   715
  "rapprox_posrat prec x y = (let
hoelzl@29804
   716
     l = nat (int prec + bitlen y - bitlen x) ;
hoelzl@29804
   717
     X = x * 2^l ;
hoelzl@29804
   718
     d = X div y ;
hoelzl@29804
   719
     m = X mod y
hoelzl@29804
   720
   in normfloat (Float (d + (if m = 0 then 0 else 1)) (- (int l))))"
obua@16782
   721
hoelzl@29804
   722
lemma rapprox_posrat:
hoelzl@29804
   723
  assumes x: "0 \<le> x"
hoelzl@29804
   724
  and y: "0 < y"
hoelzl@31098
   725
  shows "real x / real y \<le> real (rapprox_posrat prec x y)"
hoelzl@29804
   726
proof -
hoelzl@29804
   727
  let ?l = "nat (int prec + bitlen y - bitlen x)" let ?X = "x * 2^?l"
hoelzl@29804
   728
  show ?thesis 
hoelzl@29804
   729
  proof (cases "?X mod y = 0")
hoelzl@29804
   730
    case True hence "y \<noteq> 0" and "y dvd ?X" using `0 < y` by auto
hoelzl@29804
   731
    from real_of_int_div[OF this]
hoelzl@29804
   732
    have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
hoelzl@29804
   733
    also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
hoelzl@29804
   734
    finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
hoelzl@29804
   735
    thus ?thesis unfolding rapprox_posrat_def Let_def normfloat if_P[OF True] 
hoelzl@31098
   736
      unfolding real_of_float_simp pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   737
  next
hoelzl@29804
   738
    case False
hoelzl@29804
   739
    have "0 \<le> real y" and "real y \<noteq> 0" using `0 < y` by auto
hoelzl@29804
   740
    have "0 \<le> real y * 2^?l" by (rule mult_nonneg_nonneg, rule `0 \<le> real y`, auto)
obua@16782
   741
hoelzl@29804
   742
    have "?X = y * (?X div y) + ?X mod y" by auto
hoelzl@29804
   743
    also have "\<dots> \<le> y * (?X div y) + y" by (rule add_mono, auto simp add: pos_mod_bound[OF `0 < y`, THEN less_imp_le])
hoelzl@29804
   744
    also have "\<dots> = y * (?X div y + 1)" unfolding zadd_zmult_distrib2 by auto
hoelzl@29804
   745
    finally have "real ?X \<le> real y * real (?X div y + 1)" unfolding real_of_int_le_iff real_of_int_mult[symmetric] .
hoelzl@29804
   746
    hence "real ?X / (real y * 2^?l) \<le> real y * real (?X div y + 1) / (real y * 2^?l)" 
hoelzl@29804
   747
      by (rule divide_right_mono, simp only: `0 \<le> real y * 2^?l`)
hoelzl@29804
   748
    also have "\<dots> = real y * real (?X div y + 1) / real y / 2^?l" by auto
hoelzl@29804
   749
    also have "\<dots> = real (?X div y + 1) * inverse (2^?l)" unfolding nonzero_mult_divide_cancel_left[OF `real y \<noteq> 0`] 
hoelzl@29804
   750
      unfolding real_divide_def ..
hoelzl@31098
   751
    finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
hoelzl@29804
   752
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   753
  qed
hoelzl@29804
   754
qed
hoelzl@29804
   755
hoelzl@29804
   756
lemma rapprox_posrat_le1: assumes "0 \<le> x" and "0 < y" and "x \<le> y"
hoelzl@31098
   757
  shows "real (rapprox_posrat n x y) \<le> 1"
hoelzl@29804
   758
proof -
hoelzl@29804
   759
  let ?l = "nat (int n + bitlen y - bitlen x)" let ?X = "x * 2^?l"
hoelzl@29804
   760
  show ?thesis
hoelzl@29804
   761
  proof (cases "?X mod y = 0")
hoelzl@29804
   762
    case True hence "y \<noteq> 0" and "y dvd ?X" using `0 < y` by auto
hoelzl@29804
   763
    from real_of_int_div[OF this]
hoelzl@29804
   764
    have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
hoelzl@29804
   765
    also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
hoelzl@29804
   766
    finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
hoelzl@29804
   767
    also have "real x / real y \<le> 1" using `0 \<le> x` and `0 < y` and `x \<le> y` by auto
hoelzl@29804
   768
    finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat if_P[OF True]
hoelzl@31098
   769
      unfolding real_of_float_simp pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   770
  next
hoelzl@29804
   771
    case False
hoelzl@29804
   772
    have "x \<noteq> y"
hoelzl@29804
   773
    proof (rule ccontr)
hoelzl@29804
   774
      assume "\<not> x \<noteq> y" hence "x = y" by auto
nipkow@30034
   775
      have "?X mod y = 0" unfolding `x = y` using mod_mult_self1_is_0 by auto
hoelzl@29804
   776
      thus False using False by auto
hoelzl@29804
   777
    qed
hoelzl@29804
   778
    hence "x < y" using `x \<le> y` by auto
hoelzl@29804
   779
    hence "real x / real y < 1" using `0 < y` and `0 \<le> x` by auto
obua@16782
   780
hoelzl@29804
   781
    from real_of_int_div4[of "?X" y]
hoelzl@29804
   782
    have "real (?X div y) \<le> (real x / real y) * 2^?l" unfolding real_of_int_mult times_divide_eq_left real_of_int_power[symmetric] real_number_of .
hoelzl@29804
   783
    also have "\<dots> < 1 * 2^?l" using `real x / real y < 1` by (rule mult_strict_right_mono, auto)
hoelzl@29804
   784
    finally have "?X div y < 2^?l" unfolding real_of_int_less_iff[of _ "2^?l", symmetric] by auto
hoelzl@29804
   785
    hence "?X div y + 1 \<le> 2^?l" by auto
hoelzl@29804
   786
    hence "real (?X div y + 1) * inverse (2^?l) \<le> 2^?l * inverse (2^?l)"
hoelzl@29804
   787
      unfolding real_of_int_le_iff[of _ "2^?l", symmetric] real_of_int_power[symmetric] real_number_of
hoelzl@29804
   788
      by (rule mult_right_mono, auto)
hoelzl@29804
   789
    hence "real (?X div y + 1) * inverse (2^?l) \<le> 1" by auto
hoelzl@31098
   790
    thus ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
hoelzl@29804
   791
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   792
  qed
hoelzl@29804
   793
qed
obua@16782
   794
hoelzl@29804
   795
lemma zdiv_greater_zero: fixes a b :: int assumes "0 < a" and "a \<le> b"
hoelzl@29804
   796
  shows "0 < b div a"
hoelzl@29804
   797
proof (rule ccontr)
hoelzl@29804
   798
  have "0 \<le> b" using assms by auto
hoelzl@29804
   799
  assume "\<not> 0 < b div a" hence "b div a = 0" using `0 \<le> b`[unfolded pos_imp_zdiv_nonneg_iff[OF `0<a`, of b, symmetric]] by auto
hoelzl@29804
   800
  have "b = a * (b div a) + b mod a" by auto
hoelzl@29804
   801
  hence "b = b mod a" unfolding `b div a = 0` by auto
hoelzl@29804
   802
  hence "b < a" using `0 < a`[THEN pos_mod_bound, of b] by auto
hoelzl@29804
   803
  thus False using `a \<le> b` by auto
hoelzl@29804
   804
qed
hoelzl@29804
   805
hoelzl@29804
   806
lemma rapprox_posrat_less1: assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
hoelzl@31098
   807
  shows "real (rapprox_posrat n x y) < 1"
hoelzl@29804
   808
proof (cases "x = 0")
hoelzl@31098
   809
  case True thus ?thesis unfolding rapprox_posrat_def True Let_def normfloat real_of_float_simp by auto
hoelzl@29804
   810
next
hoelzl@29804
   811
  case False hence "0 < x" using `0 \<le> x` by auto
hoelzl@29804
   812
  hence "x < y" using assms by auto
hoelzl@29804
   813
  
hoelzl@29804
   814
  let ?l = "nat (int n + bitlen y - bitlen x)" let ?X = "x * 2^?l"
hoelzl@29804
   815
  show ?thesis
hoelzl@29804
   816
  proof (cases "?X mod y = 0")
hoelzl@29804
   817
    case True hence "y \<noteq> 0" and "y dvd ?X" using `0 < y` by auto
hoelzl@29804
   818
    from real_of_int_div[OF this]
hoelzl@29804
   819
    have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
hoelzl@29804
   820
    also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
hoelzl@29804
   821
    finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
hoelzl@29804
   822
    also have "real x / real y < 1" using `0 \<le> x` and `0 < y` and `x < y` by auto
hoelzl@31098
   823
    finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_P[OF True]
hoelzl@29804
   824
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   825
  next
hoelzl@29804
   826
    case False
hoelzl@29804
   827
    hence "(real x / real y) < 1 / 2" using `0 < y` and `0 \<le> x` `2 * x < y` by auto
obua@16782
   828
hoelzl@29804
   829
    have "0 < ?X div y"
hoelzl@29804
   830
    proof -
hoelzl@29804
   831
      have "2^nat (bitlen x - 1) \<le> y" and "y < 2^nat (bitlen y)"
hoelzl@29804
   832
	using bitlen_bounds[OF `0 < x`, THEN conjunct1] bitlen_bounds[OF `0 < y`, THEN conjunct2] `x < y` by auto
hoelzl@29804
   833
      hence "(2::int)^nat (bitlen x - 1) < 2^nat (bitlen y)" by (rule order_le_less_trans)
hoelzl@29804
   834
      hence "bitlen x \<le> bitlen y" by auto
hoelzl@29804
   835
      hence len_less: "nat (bitlen x - 1) \<le> nat (int (n - 1) + bitlen y)" by auto
hoelzl@29804
   836
hoelzl@29804
   837
      have "x \<noteq> 0" and "y \<noteq> 0" using `0 < x` `0 < y` by auto
hoelzl@29804
   838
hoelzl@29804
   839
      have exp_eq: "nat (int (n - 1) + bitlen y) - nat (bitlen x - 1) = ?l"
hoelzl@29804
   840
	using `bitlen x \<le> bitlen y` bitlen_ge1[OF `x \<noteq> 0`] bitlen_ge1[OF `y \<noteq> 0`] `0 < n` by auto
hoelzl@29804
   841
hoelzl@29804
   842
      have "y * 2^nat (bitlen x - 1) \<le> y * x" 
hoelzl@29804
   843
	using bitlen_bounds[OF `0 < x`, THEN conjunct1] `0 < y`[THEN less_imp_le] by (rule mult_left_mono)
hoelzl@29804
   844
      also have "\<dots> \<le> 2^nat (bitlen y) * x" using bitlen_bounds[OF `0 < y`, THEN conjunct2, THEN less_imp_le] `0 \<le> x` by (rule mult_right_mono)
hoelzl@29804
   845
      also have "\<dots> \<le> x * 2^nat (int (n - 1) + bitlen y)" unfolding mult_commute[of x] by (rule mult_right_mono, auto simp add: `0 \<le> x`)
hoelzl@29804
   846
      finally have "real y * 2^nat (bitlen x - 1) * inverse (2^nat (bitlen x - 1)) \<le> real x * 2^nat (int (n - 1) + bitlen y) * inverse (2^nat (bitlen x - 1))"
hoelzl@29804
   847
	unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   848
      hence "real y \<le> real x * (2^nat (int (n - 1) + bitlen y) / (2^nat (bitlen x - 1)))" 
hoelzl@29804
   849
	unfolding real_mult_assoc real_divide_def by auto
hoelzl@29804
   850
      also have "\<dots> = real x * (2^(nat (int (n - 1) + bitlen y) - nat (bitlen x - 1)))" using power_diff[of "2::real", OF _ len_less] by auto
hoelzl@29804
   851
      finally have "y \<le> x * 2^?l" unfolding exp_eq unfolding real_of_int_le_iff[symmetric] by auto
hoelzl@29804
   852
      thus ?thesis using zdiv_greater_zero[OF `0 < y`] by auto
hoelzl@29804
   853
    qed
hoelzl@29804
   854
hoelzl@29804
   855
    from real_of_int_div4[of "?X" y]
hoelzl@29804
   856
    have "real (?X div y) \<le> (real x / real y) * 2^?l" unfolding real_of_int_mult times_divide_eq_left real_of_int_power[symmetric] real_number_of .
hoelzl@29804
   857
    also have "\<dots> < 1/2 * 2^?l" using `real x / real y < 1/2` by (rule mult_strict_right_mono, auto)
hoelzl@29804
   858
    finally have "?X div y * 2 < 2^?l" unfolding real_of_int_less_iff[of _ "2^?l", symmetric] by auto
hoelzl@29804
   859
    hence "?X div y + 1 < 2^?l" using `0 < ?X div y` by auto
hoelzl@29804
   860
    hence "real (?X div y + 1) * inverse (2^?l) < 2^?l * inverse (2^?l)"
hoelzl@29804
   861
      unfolding real_of_int_less_iff[of _ "2^?l", symmetric] real_of_int_power[symmetric] real_number_of
hoelzl@29804
   862
      by (rule mult_strict_right_mono, auto)
hoelzl@29804
   863
    hence "real (?X div y + 1) * inverse (2^?l) < 1" by auto
hoelzl@31098
   864
    thus ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
hoelzl@29804
   865
      unfolding pow2_minus pow2_int minus_minus by auto
hoelzl@29804
   866
  qed
hoelzl@29804
   867
qed
hoelzl@29804
   868
hoelzl@29804
   869
lemma approx_rat_pattern: fixes P and ps :: "nat * int * int"
hoelzl@29804
   870
  assumes Y: "\<And>y prec x. \<lbrakk>y = 0; ps = (prec, x, 0)\<rbrakk> \<Longrightarrow> P" 
hoelzl@29804
   871
  and A: "\<And>x y prec. \<lbrakk>0 \<le> x; 0 < y; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   872
  and B: "\<And>x y prec. \<lbrakk>x < 0; 0 < y; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   873
  and C: "\<And>x y prec. \<lbrakk>x < 0; y < 0; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   874
  and D: "\<And>x y prec. \<lbrakk>0 \<le> x; y < 0; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
hoelzl@29804
   875
  shows P
obua@16782
   876
proof -
hoelzl@29804
   877
  obtain prec x y where [simp]: "ps = (prec, x, y)" by (cases ps, auto)
hoelzl@29804
   878
  from Y have "y = 0 \<Longrightarrow> P" by auto
hoelzl@29804
   879
  moreover { assume "0 < y" have P proof (cases "0 \<le> x") case True with A and `0 < y` show P by auto next case False with B and `0 < y` show P by auto qed } 
hoelzl@29804
   880
  moreover { assume "y < 0" have P proof (cases "0 \<le> x") case True with D and `y < 0` show P by auto next case False with C and `y < 0` show P by auto qed }
hoelzl@29804
   881
  ultimately show P by (cases "y = 0 \<or> 0 < y \<or> y < 0", auto)
obua@16782
   882
qed
obua@16782
   883
hoelzl@29804
   884
function lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   885
where
hoelzl@29804
   886
  "y = 0 \<Longrightarrow> lapprox_rat prec x y = 0"
hoelzl@29804
   887
| "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> lapprox_rat prec x y = lapprox_posrat prec x y"
hoelzl@29804
   888
| "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> lapprox_rat prec x y = - (rapprox_posrat prec (-x) y)"
hoelzl@29804
   889
| "x < 0 \<Longrightarrow> y < 0 \<Longrightarrow> lapprox_rat prec x y = lapprox_posrat prec (-x) (-y)"
hoelzl@29804
   890
| "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> lapprox_rat prec x y = - (rapprox_posrat prec x (-y))"
hoelzl@29804
   891
apply simp_all by (rule approx_rat_pattern)
hoelzl@29804
   892
termination by lexicographic_order
obua@16782
   893
hoelzl@29804
   894
lemma compute_lapprox_rat[code]:
hoelzl@29804
   895
      "lapprox_rat prec x y = (if y = 0 then 0 else if 0 \<le> x then (if 0 < y then lapprox_posrat prec x y else - (rapprox_posrat prec x (-y))) 
hoelzl@29804
   896
                                                             else (if 0 < y then - (rapprox_posrat prec (-x) y) else lapprox_posrat prec (-x) (-y)))"
hoelzl@29804
   897
  by auto
hoelzl@29804
   898
            
hoelzl@31098
   899
lemma lapprox_rat: "real (lapprox_rat prec x y) \<le> real x / real y"
hoelzl@29804
   900
proof -      
hoelzl@29804
   901
  have h[rule_format]: "! a b b'. b' \<le> b \<longrightarrow> a \<le> b' \<longrightarrow> a \<le> (b::real)" by auto
hoelzl@29804
   902
  show ?thesis
hoelzl@29804
   903
    apply (case_tac "y = 0")
hoelzl@29804
   904
    apply simp
hoelzl@29804
   905
    apply (case_tac "0 \<le> x \<and> 0 < y")
hoelzl@29804
   906
    apply (simp add: lapprox_posrat)
hoelzl@29804
   907
    apply (case_tac "x < 0 \<and> 0 < y")
hoelzl@29804
   908
    apply simp
hoelzl@29804
   909
    apply (subst minus_le_iff)   
hoelzl@29804
   910
    apply (rule h[OF rapprox_posrat])
hoelzl@29804
   911
    apply (simp_all)
hoelzl@29804
   912
    apply (case_tac "x < 0 \<and> y < 0")
hoelzl@29804
   913
    apply simp
hoelzl@29804
   914
    apply (rule h[OF _ lapprox_posrat])
hoelzl@29804
   915
    apply (simp_all)
hoelzl@29804
   916
    apply (case_tac "0 \<le> x \<and> y < 0")
hoelzl@29804
   917
    apply (simp)
hoelzl@29804
   918
    apply (subst minus_le_iff)   
hoelzl@29804
   919
    apply (rule h[OF rapprox_posrat])
hoelzl@29804
   920
    apply simp_all
hoelzl@29804
   921
    apply arith
hoelzl@29804
   922
    done
hoelzl@29804
   923
qed
obua@16782
   924
hoelzl@29804
   925
lemma lapprox_rat_bottom: assumes "0 \<le> x" and "0 < y"
hoelzl@31098
   926
  shows "real (x div y) \<le> real (lapprox_rat n x y)" 
hoelzl@29804
   927
  unfolding lapprox_rat.simps(2)[OF assms]  using lapprox_posrat_bottom[OF `0<y`] .
hoelzl@29804
   928
hoelzl@29804
   929
function rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
hoelzl@29804
   930
where
hoelzl@29804
   931
  "y = 0 \<Longrightarrow> rapprox_rat prec x y = 0"
hoelzl@29804
   932
| "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> rapprox_rat prec x y = rapprox_posrat prec x y"
hoelzl@29804
   933
| "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> rapprox_rat prec x y = - (lapprox_posrat prec (-x) y)"
hoelzl@29804
   934
| "x < 0 \<Longrightarrow> y < 0 \<Longrightarrow> rapprox_rat prec x y = rapprox_posrat prec (-x) (-y)"
hoelzl@29804
   935
| "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> rapprox_rat prec x y = - (lapprox_posrat prec x (-y))"
hoelzl@29804
   936
apply simp_all by (rule approx_rat_pattern)
hoelzl@29804
   937
termination by lexicographic_order
obua@16782
   938
hoelzl@29804
   939
lemma compute_rapprox_rat[code]:
hoelzl@29804
   940
      "rapprox_rat prec x y = (if y = 0 then 0 else if 0 \<le> x then (if 0 < y then rapprox_posrat prec x y else - (lapprox_posrat prec x (-y))) else 
hoelzl@29804
   941
                                                                  (if 0 < y then - (lapprox_posrat prec (-x) y) else rapprox_posrat prec (-x) (-y)))"
hoelzl@29804
   942
  by auto
obua@16782
   943
hoelzl@31098
   944
lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
hoelzl@29804
   945
proof -      
hoelzl@29804
   946
  have h[rule_format]: "! a b b'. b' \<le> b \<longrightarrow> a \<le> b' \<longrightarrow> a \<le> (b::real)" by auto
hoelzl@29804
   947
  show ?thesis
hoelzl@29804
   948
    apply (case_tac "y = 0")
hoelzl@29804
   949
    apply simp
hoelzl@29804
   950
    apply (case_tac "0 \<le> x \<and> 0 < y")
hoelzl@29804
   951
    apply (simp add: rapprox_posrat)
hoelzl@29804
   952
    apply (case_tac "x < 0 \<and> 0 < y")
hoelzl@29804
   953
    apply simp
hoelzl@29804
   954
    apply (subst le_minus_iff)   
hoelzl@29804
   955
    apply (rule h[OF _ lapprox_posrat])
hoelzl@29804
   956
    apply (simp_all)
hoelzl@29804
   957
    apply (case_tac "x < 0 \<and> y < 0")
hoelzl@29804
   958
    apply simp
hoelzl@29804
   959
    apply (rule h[OF rapprox_posrat])
hoelzl@29804
   960
    apply (simp_all)
hoelzl@29804
   961
    apply (case_tac "0 \<le> x \<and> y < 0")
hoelzl@29804
   962
    apply (simp)
hoelzl@29804
   963
    apply (subst le_minus_iff)   
hoelzl@29804
   964
    apply (rule h[OF _ lapprox_posrat])
hoelzl@29804
   965
    apply simp_all
hoelzl@29804
   966
    apply arith
hoelzl@29804
   967
    done
hoelzl@29804
   968
qed
obua@16782
   969
hoelzl@29804
   970
lemma rapprox_rat_le1: assumes "0 \<le> x" and "0 < y" and "x \<le> y"
hoelzl@31098
   971
  shows "real (rapprox_rat n x y) \<le> 1"
hoelzl@29804
   972
  unfolding rapprox_rat.simps(2)[OF `0 \<le> x` `0 < y`] using rapprox_posrat_le1[OF assms] .
hoelzl@29804
   973
hoelzl@29804
   974
lemma rapprox_rat_neg: assumes "x < 0" and "0 < y"
hoelzl@31098
   975
  shows "real (rapprox_rat n x y) \<le> 0"
hoelzl@29804
   976
  unfolding rapprox_rat.simps(3)[OF assms] using lapprox_posrat_nonneg[of "-x" y n] assms by auto
hoelzl@29804
   977
hoelzl@29804
   978
lemma rapprox_rat_nonneg_neg: assumes "0 \<le> x" and "y < 0"
hoelzl@31098
   979
  shows "real (rapprox_rat n x y) \<le> 0"
hoelzl@29804
   980
  unfolding rapprox_rat.simps(5)[OF assms] using lapprox_posrat_nonneg[of x "-y" n] assms by auto
obua@16782
   981
hoelzl@29804
   982
lemma rapprox_rat_nonpos_pos: assumes "x \<le> 0" and "0 < y"
hoelzl@31098
   983
  shows "real (rapprox_rat n x y) \<le> 0"
hoelzl@29804
   984
proof (cases "x = 0") 
hoelzl@29804
   985
  case True hence "0 \<le> x" by auto show ?thesis unfolding rapprox_rat.simps(2)[OF `0 \<le> x` `0 < y`]
hoelzl@29804
   986
    unfolding True rapprox_posrat_def Let_def by auto
hoelzl@29804
   987
next
hoelzl@29804
   988
  case False hence "x < 0" using assms by auto
hoelzl@29804
   989
  show ?thesis using rapprox_rat_neg[OF `x < 0` `0 < y`] .
hoelzl@29804
   990
qed
hoelzl@29804
   991
hoelzl@29804
   992
fun float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
hoelzl@29804
   993
where
hoelzl@29804
   994
  "float_divl prec (Float m1 s1) (Float m2 s2) = 
hoelzl@29804
   995
    (let
hoelzl@29804
   996
       l = lapprox_rat prec m1 m2;
hoelzl@29804
   997
       f = Float 1 (s1 - s2)
hoelzl@29804
   998
     in
hoelzl@29804
   999
       f * l)"     
obua@16782
  1000
hoelzl@31098
  1001
lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
hoelzl@29804
  1002
proof - 
hoelzl@29804
  1003
  from float_split[of x] obtain mx sx where x: "x = Float mx sx" by auto
hoelzl@29804
  1004
  from float_split[of y] obtain my sy where y: "y = Float my sy" by auto
hoelzl@29804
  1005
  have "real mx / real my \<le> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1006
    apply (case_tac "my = 0")
hoelzl@29804
  1007
    apply simp
hoelzl@29804
  1008
    apply (case_tac "my > 0")       
hoelzl@29804
  1009
    apply (subst pos_le_divide_eq)
hoelzl@29804
  1010
    apply simp
hoelzl@29804
  1011
    apply (subst pos_le_divide_eq)
hoelzl@29804
  1012
    apply (simp add: mult_pos_pos)
hoelzl@29804
  1013
    apply simp
hoelzl@29804
  1014
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1015
    apply simp
hoelzl@29804
  1016
    apply (subgoal_tac "my < 0")
hoelzl@29804
  1017
    apply auto
hoelzl@29804
  1018
    apply (simp add: field_simps)
hoelzl@29804
  1019
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1020
    apply (simp add: field_simps)
hoelzl@29804
  1021
    done
hoelzl@31098
  1022
  then have "real (lapprox_rat prec mx my) \<le> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1023
    by (rule order_trans[OF lapprox_rat])
hoelzl@31098
  1024
  then have "real (lapprox_rat prec mx my) * pow2 (sx - sy) \<le> real mx * pow2 sx / (real my * pow2 sy)"
hoelzl@29804
  1025
    apply (subst pos_le_divide_eq[symmetric])
hoelzl@29804
  1026
    apply simp_all
hoelzl@29804
  1027
    done
hoelzl@31098
  1028
  then have "pow2 (sx - sy) * real (lapprox_rat prec mx my) \<le> real mx * pow2 sx / (real my * pow2 sy)"
hoelzl@29804
  1029
    by (simp add: algebra_simps)
hoelzl@29804
  1030
  then show ?thesis
hoelzl@31098
  1031
    by (simp add: x y Let_def real_of_float_simp)
hoelzl@29804
  1032
qed
obua@16782
  1033
hoelzl@29804
  1034
lemma float_divl_lower_bound: assumes "0 \<le> x" and "0 < y" shows "0 \<le> float_divl prec x y"
hoelzl@29804
  1035
proof (cases x, cases y)
hoelzl@29804
  1036
  fix xm xe ym ye :: int
hoelzl@29804
  1037
  assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
hoelzl@31098
  1038
  have "0 \<le> xm" using `0 \<le> x`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 zero_le_mult_iff] by auto
hoelzl@31098
  1039
  have "0 < ym" using `0 < y`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff] by auto
obua@16782
  1040
hoelzl@31098
  1041
  have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
hoelzl@31098
  1042
  moreover have "0 \<le> real (lapprox_rat prec xm ym)" by (rule order_trans[OF _ lapprox_rat_bottom[OF `0 \<le> xm` `0 < ym`]], auto simp add: `0 \<le> xm` pos_imp_zdiv_nonneg_iff[OF `0 < ym`])
hoelzl@29804
  1043
  ultimately show "0 \<le> float_divl prec x y"
hoelzl@31098
  1044
    unfolding x_eq y_eq float_divl.simps Let_def le_float_def real_of_float_0 by (auto intro!: mult_nonneg_nonneg)
hoelzl@29804
  1045
qed
hoelzl@29804
  1046
hoelzl@29804
  1047
lemma float_divl_pos_less1_bound: assumes "0 < x" and "x < 1" and "0 < prec" shows "1 \<le> float_divl prec 1 x"
hoelzl@29804
  1048
proof (cases x)
hoelzl@29804
  1049
  case (Float m e)
hoelzl@29804
  1050
  from `0 < x` `x < 1` have "0 < m" "e < 0" using float_pos_m_pos float_pos_less1_e_neg unfolding Float by auto
hoelzl@29804
  1051
  let ?b = "nat (bitlen m)" and ?e = "nat (-e)"
hoelzl@29804
  1052
  have "1 \<le> m" and "m \<noteq> 0" using `0 < m` by auto
hoelzl@29804
  1053
  with bitlen_bounds[OF `0 < m`] have "m < 2^?b" and "(2::int) \<le> 2^?b" by auto
hoelzl@29804
  1054
  hence "1 \<le> bitlen m" using power_le_imp_le_exp[of "2::int" 1 ?b] by auto
hoelzl@29804
  1055
  hence pow_split: "nat (int prec + bitlen m - 1) = (prec - 1) + ?b" using `0 < prec` by auto
hoelzl@29804
  1056
  
hoelzl@29804
  1057
  have pow_not0: "\<And>x. (2::real)^x \<noteq> 0" by auto
obua@16782
  1058
hoelzl@29804
  1059
  from float_less1_mantissa_bound `0 < x` `x < 1` Float 
hoelzl@29804
  1060
  have "m < 2^?e" by auto
hoelzl@29804
  1061
  with bitlen_bounds[OF `0 < m`, THEN conjunct1]
hoelzl@29804
  1062
  have "(2::int)^nat (bitlen m - 1) < 2^?e" by (rule order_le_less_trans)
hoelzl@29804
  1063
  from power_less_imp_less_exp[OF _ this]
hoelzl@29804
  1064
  have "bitlen m \<le> - e" by auto
hoelzl@29804
  1065
  hence "(2::real)^?b \<le> 2^?e" by auto
hoelzl@29804
  1066
  hence "(2::real)^?b * inverse (2^?b) \<le> 2^?e * inverse (2^?b)" by (rule mult_right_mono, auto)
hoelzl@29804
  1067
  hence "(1::real) \<le> 2^?e * inverse (2^?b)" by auto
hoelzl@29804
  1068
  also
hoelzl@29804
  1069
  let ?d = "real (2 ^ nat (int prec + bitlen m - 1) div m) * inverse (2 ^ nat (int prec + bitlen m - 1))"
hoelzl@29804
  1070
  { have "2^(prec - 1) * m \<le> 2^(prec - 1) * 2^?b" using `m < 2^?b`[THEN less_imp_le] by (rule mult_left_mono, auto)
hoelzl@29804
  1071
    also have "\<dots> = 2 ^ nat (int prec + bitlen m - 1)" unfolding pow_split zpower_zadd_distrib by auto
hoelzl@29804
  1072
    finally have "2^(prec - 1) * m div m \<le> 2 ^ nat (int prec + bitlen m - 1) div m" using `0 < m` by (rule zdiv_mono1)
nipkow@30181
  1073
    hence "2^(prec - 1) \<le> 2 ^ nat (int prec + bitlen m - 1) div m" unfolding div_mult_self2_is_id[OF `m \<noteq> 0`] .
hoelzl@29804
  1074
    hence "2^(prec - 1) * inverse (2 ^ nat (int prec + bitlen m - 1)) \<le> ?d"
hoelzl@29804
  1075
      unfolding real_of_int_le_iff[of "2^(prec - 1)", symmetric] by auto }
hoelzl@29804
  1076
  from mult_left_mono[OF this[unfolded pow_split power_add inverse_mult_distrib real_mult_assoc[symmetric] right_inverse[OF pow_not0] real_mult_1], of "2^?e"]
hoelzl@29804
  1077
  have "2^?e * inverse (2^?b) \<le> 2^?e * ?d" unfolding pow_split power_add by auto
hoelzl@29804
  1078
  finally have "1 \<le> 2^?e * ?d" .
hoelzl@29804
  1079
  
hoelzl@29804
  1080
  have e_nat: "0 - e = int (nat (-e))" using `e < 0` by auto
hoelzl@29804
  1081
  have "bitlen 1 = 1" using bitlen.simps by auto
hoelzl@29804
  1082
  
hoelzl@29804
  1083
  show ?thesis 
hoelzl@29804
  1084
    unfolding one_float_def Float float_divl.simps Let_def lapprox_rat.simps(2)[OF zero_le_one `0 < m`] lapprox_posrat_def `bitlen 1 = 1`
hoelzl@31098
  1085
    unfolding le_float_def real_of_float_mult normfloat real_of_float_simp pow2_minus pow2_int e_nat
hoelzl@29804
  1086
    using `1 \<le> 2^?e * ?d` by (auto simp add: pow2_def)
hoelzl@29804
  1087
qed
obua@16782
  1088
hoelzl@29804
  1089
fun float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
hoelzl@29804
  1090
where
hoelzl@29804
  1091
  "float_divr prec (Float m1 s1) (Float m2 s2) = 
hoelzl@29804
  1092
    (let
hoelzl@29804
  1093
       r = rapprox_rat prec m1 m2;
hoelzl@29804
  1094
       f = Float 1 (s1 - s2)
hoelzl@29804
  1095
     in
hoelzl@29804
  1096
       f * r)"  
obua@16782
  1097
hoelzl@31098
  1098
lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
hoelzl@29804
  1099
proof - 
hoelzl@29804
  1100
  from float_split[of x] obtain mx sx where x: "x = Float mx sx" by auto
hoelzl@29804
  1101
  from float_split[of y] obtain my sy where y: "y = Float my sy" by auto
hoelzl@29804
  1102
  have "real mx / real my \<ge> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1103
    apply (case_tac "my = 0")
hoelzl@29804
  1104
    apply simp
hoelzl@29804
  1105
    apply (case_tac "my > 0")
hoelzl@29804
  1106
    apply auto
hoelzl@29804
  1107
    apply (subst pos_divide_le_eq)
hoelzl@29804
  1108
    apply (rule mult_pos_pos)+
hoelzl@29804
  1109
    apply simp_all
hoelzl@29804
  1110
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1111
    apply simp
hoelzl@29804
  1112
    apply (subgoal_tac "my < 0")
hoelzl@29804
  1113
    apply auto
hoelzl@29804
  1114
    apply (simp add: field_simps)
hoelzl@29804
  1115
    apply (subst pow2_add[symmetric])
hoelzl@29804
  1116
    apply (simp add: field_simps)
hoelzl@29804
  1117
    done
hoelzl@31098
  1118
  then have "real (rapprox_rat prec mx my) \<ge> (real mx * pow2 sx / (real my * pow2 sy)) / (pow2 (sx - sy))"
hoelzl@29804
  1119
    by (rule order_trans[OF _ rapprox_rat])
hoelzl@31098
  1120
  then have "real (rapprox_rat prec mx my) * pow2 (sx - sy) \<ge> real mx * pow2 sx / (real my * pow2 sy)"
hoelzl@29804
  1121
    apply (subst pos_divide_le_eq[symmetric])
hoelzl@29804
  1122
    apply simp_all
hoelzl@29804
  1123
    done
hoelzl@29804
  1124
  then show ?thesis
hoelzl@31098
  1125
    by (simp add: x y Let_def algebra_simps real_of_float_simp)
hoelzl@29804
  1126
qed
obua@16782
  1127
hoelzl@29804
  1128
lemma float_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 \<le> float_divr prec 1 x"
hoelzl@29804
  1129
proof -
hoelzl@31098
  1130
  have "1 \<le> 1 / real x" using `0 < x` and `x < 1` unfolding less_float_def by auto
hoelzl@31098
  1131
  also have "\<dots> \<le> real (float_divr prec 1 x)" using float_divr[where x=1 and y=x] by auto
hoelzl@29804
  1132
  finally show ?thesis unfolding le_float_def by auto
hoelzl@29804
  1133
qed
hoelzl@29804
  1134
hoelzl@29804
  1135
lemma float_divr_nonpos_pos_upper_bound: assumes "x \<le> 0" and "0 < y" shows "float_divr prec x y \<le> 0"
hoelzl@29804
  1136
proof (cases x, cases y)
hoelzl@29804
  1137
  fix xm xe ym ye :: int
hoelzl@29804
  1138
  assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
hoelzl@31098
  1139
  have "xm \<le> 0" using `x \<le> 0`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 mult_le_0_iff] by auto
hoelzl@31098
  1140
  have "0 < ym" using `0 < y`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff] by auto
hoelzl@29804
  1141
hoelzl@31098
  1142
  have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
hoelzl@31098
  1143
  moreover have "real (rapprox_rat prec xm ym) \<le> 0" using rapprox_rat_nonpos_pos[OF `xm \<le> 0` `0 < ym`] .
hoelzl@29804
  1144
  ultimately show "float_divr prec x y \<le> 0"
hoelzl@31098
  1145
    unfolding x_eq y_eq float_divr.simps Let_def le_float_def real_of_float_0 real_of_float_mult by (auto intro!: mult_nonneg_nonpos)
hoelzl@29804
  1146
qed
obua@16782
  1147
hoelzl@29804
  1148
lemma float_divr_nonneg_neg_upper_bound: assumes "0 \<le> x" and "y < 0" shows "float_divr prec x y \<le> 0"
hoelzl@29804
  1149
proof (cases x, cases y)
hoelzl@29804
  1150
  fix xm xe ym ye :: int
hoelzl@29804
  1151
  assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
hoelzl@31098
  1152
  have "0 \<le> xm" using `0 \<le> x`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 zero_le_mult_iff] by auto
hoelzl@31098
  1153
  have "ym < 0" using `y < 0`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 mult_less_0_iff] by auto
hoelzl@29804
  1154
  hence "0 < - ym" by auto
hoelzl@29804
  1155
hoelzl@31098
  1156
  have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
hoelzl@31098
  1157
  moreover have "real (rapprox_rat prec xm ym) \<le> 0" using rapprox_rat_nonneg_neg[OF `0 \<le> xm` `ym < 0`] .
hoelzl@29804
  1158
  ultimately show "float_divr prec x y \<le> 0"
hoelzl@31098
  1159
    unfolding x_eq y_eq float_divr.simps Let_def le_float_def real_of_float_0 real_of_float_mult by (auto intro!: mult_nonneg_nonpos)
hoelzl@29804
  1160
qed
hoelzl@29804
  1161
haftmann@30960
  1162
primrec round_down :: "nat \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1163
"round_down prec (Float m e) = (let d = bitlen m - int prec in
hoelzl@29804
  1164
     if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)
hoelzl@29804
  1165
              else Float m e)"
hoelzl@29804
  1166
haftmann@30960
  1167
primrec round_up :: "nat \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1168
"round_up prec (Float m e) = (let d = bitlen m - int prec in
hoelzl@29804
  1169
  if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P in Float (n + (if r = 0 then 0 else 1)) (e + d) 
hoelzl@29804
  1170
           else Float m e)"
obua@16782
  1171
hoelzl@31098
  1172
lemma round_up: "real x \<le> real (round_up prec x)"
hoelzl@29804
  1173
proof (cases x)
hoelzl@29804
  1174
  case (Float m e)
hoelzl@29804
  1175
  let ?d = "bitlen m - int prec"
hoelzl@29804
  1176
  let ?p = "(2::int)^nat ?d"
hoelzl@29804
  1177
  have "0 < ?p" by auto
hoelzl@29804
  1178
  show "?thesis"
hoelzl@29804
  1179
  proof (cases "0 < ?d")
hoelzl@29804
  1180
    case True
hoelzl@29804
  1181
    hence pow_d: "pow2 ?d = real ?p" unfolding pow2_int[symmetric] power_real_number_of[symmetric] by auto
hoelzl@29804
  1182
    show ?thesis
hoelzl@29804
  1183
    proof (cases "m mod ?p = 0")
hoelzl@29804
  1184
      case True
hoelzl@29804
  1185
      have m: "m = m div ?p * ?p + 0" unfolding True[symmetric] using zdiv_zmod_equality2[where k=0, unfolded monoid_add_class.add_0_right, symmetric] .
hoelzl@31098
  1186
      have "real (Float m e) = real (Float (m div ?p) (e + ?d))" unfolding real_of_float_simp arg_cong[OF m, of real]
hoelzl@29804
  1187
	by (auto simp add: pow2_add `0 < ?d` pow_d)
hoelzl@29804
  1188
      thus ?thesis
hoelzl@29804
  1189
	unfolding Float round_up.simps Let_def if_P[OF `m mod ?p = 0`] if_P[OF `0 < ?d`]
hoelzl@29804
  1190
	by auto
hoelzl@29804
  1191
    next
hoelzl@29804
  1192
      case False
hoelzl@29804
  1193
      have "m = m div ?p * ?p + m mod ?p" unfolding zdiv_zmod_equality2[where k=0, unfolded monoid_add_class.add_0_right] ..
hoelzl@29804
  1194
      also have "\<dots> \<le> (m div ?p + 1) * ?p" unfolding left_distrib zmult_1 by (rule add_left_mono, rule pos_mod_bound[OF `0 < ?p`, THEN less_imp_le])
hoelzl@31098
  1195
      finally have "real (Float m e) \<le> real (Float (m div ?p + 1) (e + ?d))" unfolding real_of_float_simp add_commute[of e]
hoelzl@29804
  1196
	unfolding pow2_add mult_assoc[symmetric] real_of_int_le_iff[of m, symmetric]
hoelzl@29804
  1197
	by (auto intro!: mult_mono simp add: pow2_add `0 < ?d` pow_d)
hoelzl@29804
  1198
      thus ?thesis
hoelzl@29804
  1199
	unfolding Float round_up.simps Let_def if_not_P[OF `\<not> m mod ?p = 0`] if_P[OF `0 < ?d`] .
hoelzl@29804
  1200
    qed
hoelzl@29804
  1201
  next
hoelzl@29804
  1202
    case False
hoelzl@29804
  1203
    show ?thesis
hoelzl@29804
  1204
      unfolding Float round_up.simps Let_def if_not_P[OF False] .. 
hoelzl@29804
  1205
  qed
hoelzl@29804
  1206
qed
obua@16782
  1207
hoelzl@31098
  1208
lemma round_down: "real (round_down prec x) \<le> real x"
hoelzl@29804
  1209
proof (cases x)
hoelzl@29804
  1210
  case (Float m e)
hoelzl@29804
  1211
  let ?d = "bitlen m - int prec"
hoelzl@29804
  1212
  let ?p = "(2::int)^nat ?d"
hoelzl@29804
  1213
  have "0 < ?p" by auto
hoelzl@29804
  1214
  show "?thesis"
hoelzl@29804
  1215
  proof (cases "0 < ?d")
hoelzl@29804
  1216
    case True
hoelzl@29804
  1217
    hence pow_d: "pow2 ?d = real ?p" unfolding pow2_int[symmetric] power_real_number_of[symmetric] by auto
hoelzl@29804
  1218
    have "m div ?p * ?p \<le> m div ?p * ?p + m mod ?p" by (auto simp add: pos_mod_bound[OF `0 < ?p`, THEN less_imp_le])
hoelzl@29804
  1219
    also have "\<dots> \<le> m" unfolding zdiv_zmod_equality2[where k=0, unfolded monoid_add_class.add_0_right] ..
hoelzl@31098
  1220
    finally have "real (Float (m div ?p) (e + ?d)) \<le> real (Float m e)" unfolding real_of_float_simp add_commute[of e]
hoelzl@29804
  1221
      unfolding pow2_add mult_assoc[symmetric] real_of_int_le_iff[of _ m, symmetric]
hoelzl@29804
  1222
      by (auto intro!: mult_mono simp add: pow2_add `0 < ?d` pow_d)
hoelzl@29804
  1223
    thus ?thesis
hoelzl@29804
  1224
      unfolding Float round_down.simps Let_def if_P[OF `0 < ?d`] .
hoelzl@29804
  1225
  next
hoelzl@29804
  1226
    case False
hoelzl@29804
  1227
    show ?thesis
hoelzl@29804
  1228
      unfolding Float round_down.simps Let_def if_not_P[OF False] .. 
hoelzl@29804
  1229
  qed
hoelzl@29804
  1230
qed
hoelzl@29804
  1231
hoelzl@29804
  1232
definition lb_mult :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1233
"lb_mult prec x y = (case normfloat (x * y) of Float m e \<Rightarrow> let
hoelzl@29804
  1234
    l = bitlen m - int prec
hoelzl@29804
  1235
  in if l > 0 then Float (m div (2^nat l)) (e + l)
hoelzl@29804
  1236
              else Float m e)"
obua@16782
  1237
hoelzl@29804
  1238
definition ub_mult :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1239
"ub_mult prec x y = (case normfloat (x * y) of Float m e \<Rightarrow> let
hoelzl@29804
  1240
    l = bitlen m - int prec
hoelzl@29804
  1241
  in if l > 0 then Float (m div (2^nat l) + 1) (e + l)
hoelzl@29804
  1242
              else Float m e)"
obua@16782
  1243
hoelzl@31098
  1244
lemma lb_mult: "real (lb_mult prec x y) \<le> real (x * y)"
hoelzl@29804
  1245
proof (cases "normfloat (x * y)")
hoelzl@29804
  1246
  case (Float m e)
hoelzl@29804
  1247
  hence "odd m \<or> (m = 0 \<and> e = 0)" by (rule normfloat_imp_odd_or_zero)
hoelzl@29804
  1248
  let ?l = "bitlen m - int prec"
hoelzl@31098
  1249
  have "real (lb_mult prec x y) \<le> real (normfloat (x * y))"
hoelzl@29804
  1250
  proof (cases "?l > 0")
hoelzl@29804
  1251
    case False thus ?thesis unfolding lb_mult_def Float Let_def float.cases by auto
hoelzl@29804
  1252
  next
hoelzl@29804
  1253
    case True
hoelzl@29804
  1254
    have "real (m div 2^(nat ?l)) * pow2 ?l \<le> real m"
hoelzl@29804
  1255
    proof -
hoelzl@29804
  1256
      have "real (m div 2^(nat ?l)) * pow2 ?l = real (2^(nat ?l) * (m div 2^(nat ?l)))" unfolding real_of_int_mult real_of_int_power[symmetric] real_number_of unfolding pow2_int[symmetric] 
hoelzl@29804
  1257
	using `?l > 0` by auto
hoelzl@29804
  1258
      also have "\<dots> \<le> real (2^(nat ?l) * (m div 2^(nat ?l)) + m mod 2^(nat ?l))" unfolding real_of_int_add by auto
hoelzl@29804
  1259
      also have "\<dots> = real m" unfolding zmod_zdiv_equality[symmetric] ..
hoelzl@29804
  1260
      finally show ?thesis by auto
hoelzl@29804
  1261
    qed
hoelzl@31098
  1262
    thus ?thesis unfolding lb_mult_def Float Let_def float.cases if_P[OF True] real_of_float_simp pow2_add real_mult_commute real_mult_assoc by auto
hoelzl@29804
  1263
  qed
hoelzl@31098
  1264
  also have "\<dots> = real (x * y)" unfolding normfloat ..
hoelzl@29804
  1265
  finally show ?thesis .
hoelzl@29804
  1266
qed
obua@16782
  1267
hoelzl@31098
  1268
lemma ub_mult: "real (x * y) \<le> real (ub_mult prec x y)"
hoelzl@29804
  1269
proof (cases "normfloat (x * y)")
hoelzl@29804
  1270
  case (Float m e)
hoelzl@29804
  1271
  hence "odd m \<or> (m = 0 \<and> e = 0)" by (rule normfloat_imp_odd_or_zero)
hoelzl@29804
  1272
  let ?l = "bitlen m - int prec"
hoelzl@31098
  1273
  have "real (x * y) = real (normfloat (x * y))" unfolding normfloat ..
hoelzl@31098
  1274
  also have "\<dots> \<le> real (ub_mult prec x y)"
hoelzl@29804
  1275
  proof (cases "?l > 0")
hoelzl@29804
  1276
    case False thus ?thesis unfolding ub_mult_def Float Let_def float.cases by auto
hoelzl@29804
  1277
  next
hoelzl@29804
  1278
    case True
hoelzl@29804
  1279
    have "real m \<le> real (m div 2^(nat ?l) + 1) * pow2 ?l"
hoelzl@29804
  1280
    proof -
hoelzl@29804
  1281
      have "m mod 2^(nat ?l) < 2^(nat ?l)" by (rule pos_mod_bound) auto
hoelzl@29804
  1282
      hence mod_uneq: "real (m mod 2^(nat ?l)) \<le> 1 * 2^(nat ?l)" unfolding zmult_1 real_of_int_less_iff[symmetric] by auto
hoelzl@29804
  1283
      
hoelzl@29804
  1284
      have "real m = real (2^(nat ?l) * (m div 2^(nat ?l)) + m mod 2^(nat ?l))" unfolding zmod_zdiv_equality[symmetric] ..
hoelzl@29804
  1285
      also have "\<dots> = real (m div 2^(nat ?l)) * 2^(nat ?l) + real (m mod 2^(nat ?l))" unfolding real_of_int_add by auto
hoelzl@29804
  1286
      also have "\<dots> \<le> (real (m div 2^(nat ?l)) + 1) * 2^(nat ?l)" unfolding real_add_mult_distrib using mod_uneq by auto
hoelzl@29804
  1287
      finally show ?thesis unfolding pow2_int[symmetric] using True by auto
hoelzl@29804
  1288
    qed
hoelzl@31098
  1289
    thus ?thesis unfolding ub_mult_def Float Let_def float.cases if_P[OF True] real_of_float_simp pow2_add real_mult_commute real_mult_assoc by auto
hoelzl@29804
  1290
  qed
hoelzl@29804
  1291
  finally show ?thesis .
hoelzl@29804
  1292
qed
hoelzl@29804
  1293
haftmann@30960
  1294
primrec float_abs :: "float \<Rightarrow> float" where
haftmann@30960
  1295
  "float_abs (Float m e) = Float \<bar>m\<bar> e"
hoelzl@29804
  1296
hoelzl@29804
  1297
instantiation float :: abs begin
hoelzl@29804
  1298
definition abs_float_def: "\<bar>x\<bar> = float_abs x"
hoelzl@29804
  1299
instance ..
hoelzl@29804
  1300
end
obua@16782
  1301
hoelzl@31098
  1302
lemma real_of_float_abs: "real \<bar>x :: float\<bar> = \<bar>real x\<bar>" 
hoelzl@29804
  1303
proof (cases x)
hoelzl@29804
  1304
  case (Float m e)
hoelzl@29804
  1305
  have "\<bar>real m\<bar> * pow2 e = \<bar>real m * pow2 e\<bar>" unfolding abs_mult by auto
hoelzl@31098
  1306
  thus ?thesis unfolding Float abs_float_def float_abs.simps real_of_float_simp by auto
hoelzl@29804
  1307
qed
hoelzl@29804
  1308
haftmann@30960
  1309
primrec floor_fl :: "float \<Rightarrow> float" where
haftmann@30960
  1310
  "floor_fl (Float m e) = (if 0 \<le> e then Float m e
hoelzl@29804
  1311
                                  else Float (m div (2 ^ (nat (-e)))) 0)"
obua@16782
  1312
hoelzl@31098
  1313
lemma floor_fl: "real (floor_fl x) \<le> real x"
hoelzl@29804
  1314
proof (cases x)
hoelzl@29804
  1315
  case (Float m e)
hoelzl@29804
  1316
  show ?thesis
hoelzl@29804
  1317
  proof (cases "0 \<le> e")
hoelzl@29804
  1318
    case False
hoelzl@29804
  1319
    hence me_eq: "pow2 (-e) = pow2 (int (nat (-e)))" by auto
hoelzl@31098
  1320
    have "real (Float (m div (2 ^ (nat (-e)))) 0) = real (m div 2 ^ (nat (-e)))" unfolding real_of_float_simp by auto
hoelzl@29804
  1321
    also have "\<dots> \<le> real m / real ((2::int) ^ (nat (-e)))" using real_of_int_div4 .
hoelzl@29804
  1322
    also have "\<dots> = real m * inverse (2 ^ (nat (-e)))" unfolding power_real_number_of[symmetric] real_divide_def ..
hoelzl@31098
  1323
    also have "\<dots> = real (Float m e)" unfolding real_of_float_simp me_eq pow2_int pow2_neg[of e] ..
hoelzl@29804
  1324
    finally show ?thesis unfolding Float floor_fl.simps if_not_P[OF `\<not> 0 \<le> e`] .
hoelzl@29804
  1325
  next
hoelzl@29804
  1326
    case True thus ?thesis unfolding Float by auto
hoelzl@29804
  1327
  qed
hoelzl@29804
  1328
qed
obua@16782
  1329
hoelzl@29804
  1330
lemma floor_pos_exp: assumes floor: "Float m e = floor_fl x" shows "0 \<le> e"
hoelzl@29804
  1331
proof (cases x)
hoelzl@29804
  1332
  case (Float mx me)
hoelzl@29804
  1333
  from floor[unfolded Float floor_fl.simps] show ?thesis by (cases "0 \<le> me", auto)
hoelzl@29804
  1334
qed
hoelzl@29804
  1335
hoelzl@29804
  1336
declare floor_fl.simps[simp del]
obua@16782
  1337
haftmann@30960
  1338
primrec ceiling_fl :: "float \<Rightarrow> float" where
haftmann@30960
  1339
  "ceiling_fl (Float m e) = (if 0 \<le> e then Float m e
hoelzl@29804
  1340
                                    else Float (m div (2 ^ (nat (-e))) + 1) 0)"
obua@16782
  1341
hoelzl@31098
  1342
lemma ceiling_fl: "real x \<le> real (ceiling_fl x)"
hoelzl@29804
  1343
proof (cases x)
hoelzl@29804
  1344
  case (Float m e)
hoelzl@29804
  1345
  show ?thesis
hoelzl@29804
  1346
  proof (cases "0 \<le> e")
hoelzl@29804
  1347
    case False
hoelzl@29804
  1348
    hence me_eq: "pow2 (-e) = pow2 (int (nat (-e)))" by auto
hoelzl@31098
  1349
    have "real (Float m e) = real m * inverse (2 ^ (nat (-e)))" unfolding real_of_float_simp me_eq pow2_int pow2_neg[of e] ..
hoelzl@29804
  1350
    also have "\<dots> = real m / real ((2::int) ^ (nat (-e)))" unfolding power_real_number_of[symmetric] real_divide_def ..
hoelzl@29804
  1351
    also have "\<dots> \<le> 1 + real (m div 2 ^ (nat (-e)))" using real_of_int_div3[unfolded diff_le_eq] .
hoelzl@31098
  1352
    also have "\<dots> = real (Float (m div (2 ^ (nat (-e))) + 1) 0)" unfolding real_of_float_simp by auto
hoelzl@29804
  1353
    finally show ?thesis unfolding Float ceiling_fl.simps if_not_P[OF `\<not> 0 \<le> e`] .
hoelzl@29804
  1354
  next
hoelzl@29804
  1355
    case True thus ?thesis unfolding Float by auto
hoelzl@29804
  1356
  qed
hoelzl@29804
  1357
qed
hoelzl@29804
  1358
hoelzl@29804
  1359
declare ceiling_fl.simps[simp del]
hoelzl@29804
  1360
hoelzl@29804
  1361
definition lb_mod :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1362
"lb_mod prec x ub lb = x - ceiling_fl (float_divr prec x lb) * ub"
hoelzl@29804
  1363
hoelzl@29804
  1364
definition ub_mod :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
hoelzl@29804
  1365
"ub_mod prec x ub lb = x - floor_fl (float_divl prec x ub) * lb"
obua@16782
  1366
hoelzl@31098
  1367
lemma lb_mod: fixes k :: int assumes "0 \<le> real x" and "real k * y \<le> real x" (is "?k * y \<le> ?x")
hoelzl@31098
  1368
  assumes "0 < real lb" "real lb \<le> y" (is "?lb \<le> y") "y \<le> real ub" (is "y \<le> ?ub")
hoelzl@31098
  1369
  shows "real (lb_mod prec x ub lb) \<le> ?x - ?k * y"
hoelzl@29804
  1370
proof -
hoelzl@29804
  1371
  have "?lb \<le> ?ub" by (auto!)
hoelzl@29804
  1372
  have "0 \<le> ?lb" and "?lb \<noteq> 0" by (auto!)
hoelzl@29804
  1373
  have "?k * y \<le> ?x" using assms by auto
hoelzl@29804
  1374
  also have "\<dots> \<le> ?x / ?lb * ?ub" by (metis mult_left_mono[OF `?lb \<le> ?ub` `0 \<le> ?x`] divide_right_mono[OF _ `0 \<le> ?lb` ] times_divide_eq_left nonzero_mult_divide_cancel_right[OF `?lb \<noteq> 0`])
hoelzl@31098
  1375
  also have "\<dots> \<le> real (ceiling_fl (float_divr prec x lb)) * ?ub" by (metis mult_right_mono order_trans `0 \<le> ?lb` `?lb \<le> ?ub` float_divr ceiling_fl)
hoelzl@31098
  1376
  finally show ?thesis unfolding lb_mod_def real_of_float_sub real_of_float_mult by auto
hoelzl@29804
  1377
qed
obua@16782
  1378
hoelzl@31098
  1379
lemma ub_mod: fixes k :: int and x :: float assumes "0 \<le> real x" and "real x \<le> real k * y" (is "?x \<le> ?k * y")
hoelzl@31098
  1380
  assumes "0 < real lb" "real lb \<le> y" (is "?lb \<le> y") "y \<le> real ub" (is "y \<le> ?ub")
hoelzl@31098
  1381
  shows "?x - ?k * y \<le> real (ub_mod prec x ub lb)"
hoelzl@29804
  1382
proof -
hoelzl@29804
  1383
  have "?lb \<le> ?ub" by (auto!)
hoelzl@29804
  1384
  hence "0 \<le> ?lb" and "0 \<le> ?ub" and "?ub \<noteq> 0" by (auto!)
hoelzl@31098
  1385
  have "real (floor_fl (float_divl prec x ub)) * ?lb \<le> ?x / ?ub * ?lb" by (metis mult_right_mono order_trans `0 \<le> ?lb` `?lb \<le> ?ub` float_divl floor_fl)
hoelzl@29804
  1386
  also have "\<dots> \<le> ?x" by (metis mult_left_mono[OF `?lb \<le> ?ub` `0 \<le> ?x`] divide_right_mono[OF _ `0 \<le> ?ub` ] times_divide_eq_left nonzero_mult_divide_cancel_right[OF `?ub \<noteq> 0`])
hoelzl@29804
  1387
  also have "\<dots> \<le> ?k * y" using assms by auto
hoelzl@31098
  1388
  finally show ?thesis unfolding ub_mod_def real_of_float_sub real_of_float_mult by auto
hoelzl@29804
  1389
qed
obua@16782
  1390
hoelzl@29804
  1391
lemma le_float_def': "f \<le> g = (case f - g of Float a b \<Rightarrow> a \<le> 0)"
hoelzl@29804
  1392
proof -
hoelzl@31098
  1393
  have le_transfer: "(f \<le> g) = (real (f - g) \<le> 0)" by (auto simp add: le_float_def)
hoelzl@29804
  1394
  from float_split[of "f - g"] obtain a b where f_diff_g: "f - g = Float a b" by auto
hoelzl@31098
  1395
  with le_transfer have le_transfer': "f \<le> g = (real (Float a b) \<le> 0)" by simp
hoelzl@29804
  1396
  show ?thesis by (simp add: le_transfer' f_diff_g float_le_zero)
hoelzl@29804
  1397
qed
hoelzl@29804
  1398
hoelzl@29804
  1399
lemma float_less_zero:
hoelzl@31098
  1400
  "(real (Float a b) < 0) = (a < 0)"
hoelzl@31098
  1401
  apply (auto simp add: mult_less_0_iff real_of_float_simp)
hoelzl@29804
  1402
  done
hoelzl@29804
  1403
hoelzl@29804
  1404
lemma less_float_def': "f < g = (case f - g of Float a b \<Rightarrow> a < 0)"
hoelzl@29804
  1405
proof -
hoelzl@31098
  1406
  have less_transfer: "(f < g) = (real (f - g) < 0)" by (auto simp add: less_float_def)
hoelzl@29804
  1407
  from float_split[of "f - g"] obtain a b where f_diff_g: "f - g = Float a b" by auto
hoelzl@31098
  1408
  with less_transfer have less_transfer': "f < g = (real (Float a b) < 0)" by simp
hoelzl@29804
  1409
  show ?thesis by (simp add: less_transfer' f_diff_g float_less_zero)
hoelzl@29804
  1410
qed
wenzelm@20771
  1411
obua@16782
  1412
end