src/HOL/Library/Float.thy
 author hoelzl Thu Apr 19 11:55:30 2012 +0200 (2012-04-19) changeset 47601 050718fe6eee parent 47600 e12289b5796b child 47608 572d7e51de4d permissions -rw-r--r--
use real :: float => real as lifting-morphism so we can directlry use the rep_eq theorems
```     1 header {* Floating-Point Numbers *}
```
```     2
```
```     3 theory Float
```
```     4 imports Complex_Main "~~/src/HOL/Library/Lattice_Algebras"
```
```     5 begin
```
```     6
```
```     7 typedef float = "{m * 2 powr e | (m :: int) (e :: int). True }"
```
```     8   morphisms real_of_float float_of
```
```     9   by auto
```
```    10
```
```    11 defs (overloaded)
```
```    12   real_of_float_def[code_unfold]: "real \<equiv> real_of_float"
```
```    13
```
```    14 lemma type_definition_float': "type_definition real float_of float"
```
```    15   using type_definition_float unfolding real_of_float_def .
```
```    16
```
```    17 setup_lifting (no_code) type_definition_float'
```
```    18
```
```    19 lemmas float_of_inject[simp]
```
```    20
```
```    21 declare [[coercion "real :: float \<Rightarrow> real"]]
```
```    22
```
```    23 lemma real_of_float_eq:
```
```    24   fixes f1 f2 :: float shows "f1 = f2 \<longleftrightarrow> real f1 = real f2"
```
```    25   unfolding real_of_float_def real_of_float_inject ..
```
```    26
```
```    27 lemma float_of_real[simp]: "float_of (real x) = x"
```
```    28   unfolding real_of_float_def by (rule real_of_float_inverse)
```
```    29
```
```    30 lemma real_float[simp]: "x \<in> float \<Longrightarrow> real (float_of x) = x"
```
```    31   unfolding real_of_float_def by (rule float_of_inverse)
```
```    32
```
```    33 subsection {* Real operations preserving the representation as floating point number *}
```
```    34
```
```    35 lemma floatI: fixes m e :: int shows "m * 2 powr e = x \<Longrightarrow> x \<in> float"
```
```    36   by (auto simp: float_def)
```
```    37
```
```    38 lemma zero_float[simp]: "0 \<in> float" by (auto simp: float_def)
```
```    39 lemma one_float[simp]: "1 \<in> float" by (intro floatI[of 1 0]) simp
```
```    40 lemma numeral_float[simp]: "numeral i \<in> float" by (intro floatI[of "numeral i" 0]) simp
```
```    41 lemma neg_numeral_float[simp]: "neg_numeral i \<in> float" by (intro floatI[of "neg_numeral i" 0]) simp
```
```    42 lemma real_of_int_float[simp]: "real (x :: int) \<in> float" by (intro floatI[of x 0]) simp
```
```    43 lemma real_of_nat_float[simp]: "real (x :: nat) \<in> float" by (intro floatI[of x 0]) simp
```
```    44 lemma two_powr_int_float[simp]: "2 powr (real (i::int)) \<in> float" by (intro floatI[of 1 i]) simp
```
```    45 lemma two_powr_nat_float[simp]: "2 powr (real (i::nat)) \<in> float" by (intro floatI[of 1 i]) simp
```
```    46 lemma two_powr_minus_int_float[simp]: "2 powr - (real (i::int)) \<in> float" by (intro floatI[of 1 "-i"]) simp
```
```    47 lemma two_powr_minus_nat_float[simp]: "2 powr - (real (i::nat)) \<in> float" by (intro floatI[of 1 "-i"]) simp
```
```    48 lemma two_powr_numeral_float[simp]: "2 powr numeral i \<in> float" by (intro floatI[of 1 "numeral i"]) simp
```
```    49 lemma two_powr_neg_numeral_float[simp]: "2 powr neg_numeral i \<in> float" by (intro floatI[of 1 "neg_numeral i"]) simp
```
```    50 lemma two_pow_float[simp]: "2 ^ n \<in> float" by (intro floatI[of 1 "n"]) (simp add: powr_realpow)
```
```    51 lemma real_of_float_float[simp]: "real (f::float) \<in> float" by (cases f) simp
```
```    52
```
```    53 lemma plus_float[simp]: "r \<in> float \<Longrightarrow> p \<in> float \<Longrightarrow> r + p \<in> float"
```
```    54   unfolding float_def
```
```    55 proof (safe, simp)
```
```    56   fix e1 m1 e2 m2 :: int
```
```    57   { fix e1 m1 e2 m2 :: int assume "e1 \<le> e2"
```
```    58     then have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"
```
```    59       by (simp add: powr_realpow[symmetric] powr_divide2[symmetric] field_simps)
```
```    60     then have "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
```
```    61       by blast }
```
```    62   note * = this
```
```    63   show "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
```
```    64   proof (cases e1 e2 rule: linorder_le_cases)
```
```    65     assume "e2 \<le> e1" from *[OF this, of m2 m1] show ?thesis by (simp add: ac_simps)
```
```    66   qed (rule *)
```
```    67 qed
```
```    68
```
```    69 lemma uminus_float[simp]: "x \<in> float \<Longrightarrow> -x \<in> float"
```
```    70   apply (auto simp: float_def)
```
```    71   apply (rule_tac x="-x" in exI)
```
```    72   apply (rule_tac x="xa" in exI)
```
```    73   apply (simp add: field_simps)
```
```    74   done
```
```    75
```
```    76 lemma times_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x * y \<in> float"
```
```    77   apply (auto simp: float_def)
```
```    78   apply (rule_tac x="x * xa" in exI)
```
```    79   apply (rule_tac x="xb + xc" in exI)
```
```    80   apply (simp add: powr_add)
```
```    81   done
```
```    82
```
```    83 lemma minus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x - y \<in> float"
```
```    84   unfolding ab_diff_minus by (intro uminus_float plus_float)
```
```    85
```
```    86 lemma abs_float[simp]: "x \<in> float \<Longrightarrow> abs x \<in> float"
```
```    87   by (cases x rule: linorder_cases[of 0]) auto
```
```    88
```
```    89 lemma sgn_of_float[simp]: "x \<in> float \<Longrightarrow> sgn x \<in> float"
```
```    90   by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)
```
```    91
```
```    92 lemma div_power_2_float[simp]: "x \<in> float \<Longrightarrow> x / 2^d \<in> float"
```
```    93   apply (auto simp add: float_def)
```
```    94   apply (rule_tac x="x" in exI)
```
```    95   apply (rule_tac x="xa - d" in exI)
```
```    96   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
```
```    97   done
```
```    98
```
```    99 lemma div_power_2_int_float[simp]: "x \<in> float \<Longrightarrow> x / (2::int)^d \<in> float"
```
```   100   apply (auto simp add: float_def)
```
```   101   apply (rule_tac x="x" in exI)
```
```   102   apply (rule_tac x="xa - d" in exI)
```
```   103   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
```
```   104   done
```
```   105
```
```   106 lemma div_numeral_Bit0_float[simp]:
```
```   107   assumes x: "x / numeral n \<in> float" shows "x / (numeral (Num.Bit0 n)) \<in> float"
```
```   108 proof -
```
```   109   have "(x / numeral n) / 2^1 \<in> float"
```
```   110     by (intro x div_power_2_float)
```
```   111   also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"
```
```   112     by (induct n) auto
```
```   113   finally show ?thesis .
```
```   114 qed
```
```   115
```
```   116 lemma div_neg_numeral_Bit0_float[simp]:
```
```   117   assumes x: "x / numeral n \<in> float" shows "x / (neg_numeral (Num.Bit0 n)) \<in> float"
```
```   118 proof -
```
```   119   have "- (x / numeral (Num.Bit0 n)) \<in> float" using x by simp
```
```   120   also have "- (x / numeral (Num.Bit0 n)) = x / neg_numeral (Num.Bit0 n)"
```
```   121     unfolding neg_numeral_def by (simp del: minus_numeral)
```
```   122   finally show ?thesis .
```
```   123 qed
```
```   124
```
```   125 lift_definition Float :: "int \<Rightarrow> int \<Rightarrow> float" is "\<lambda>(m::int) (e::int). m * 2 powr e" by simp
```
```   126 declare Float.rep_eq[simp]
```
```   127
```
```   128 code_datatype Float
```
```   129
```
```   130 subsection {* Arithmetic operations on floating point numbers *}
```
```   131
```
```   132 instantiation float :: "{ring_1, linorder, linordered_ring, linordered_idom, numeral, equal}"
```
```   133 begin
```
```   134
```
```   135 lift_definition zero_float :: float is 0 by simp
```
```   136 declare zero_float.rep_eq[simp]
```
```   137 lift_definition one_float :: float is 1 by simp
```
```   138 declare one_float.rep_eq[simp]
```
```   139 lift_definition plus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op +" by simp
```
```   140 declare plus_float.rep_eq[simp]
```
```   141 lift_definition times_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op *" by simp
```
```   142 declare times_float.rep_eq[simp]
```
```   143 lift_definition minus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op -" by simp
```
```   144 declare minus_float.rep_eq[simp]
```
```   145 lift_definition uminus_float :: "float \<Rightarrow> float" is "uminus" by simp
```
```   146 declare uminus_float.rep_eq[simp]
```
```   147
```
```   148 lift_definition abs_float :: "float \<Rightarrow> float" is abs by simp
```
```   149 declare abs_float.rep_eq[simp]
```
```   150 lift_definition sgn_float :: "float \<Rightarrow> float" is sgn by simp
```
```   151 declare sgn_float.rep_eq[simp]
```
```   152
```
```   153 lift_definition equal_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op = :: real \<Rightarrow> real \<Rightarrow> bool" ..
```
```   154
```
```   155 lift_definition less_eq_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op \<le>" ..
```
```   156 declare less_eq_float.rep_eq[simp]
```
```   157 lift_definition less_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op <" ..
```
```   158 declare less_float.rep_eq[simp]
```
```   159
```
```   160 instance
```
```   161   proof qed (transfer, fastforce simp add: field_simps intro: mult_left_mono mult_right_mono)+
```
```   162 end
```
```   163
```
```   164 lemma real_of_float_power[simp]: fixes f::float shows "real (f^n) = real f^n"
```
```   165   by (induct n) simp_all
```
```   166
```
```   167 lemma fixes x y::float
```
```   168   shows real_of_float_min: "real (min x y) = min (real x) (real y)"
```
```   169     and real_of_float_max: "real (max x y) = max (real x) (real y)"
```
```   170   by (simp_all add: min_def max_def)
```
```   171
```
```   172 instance float :: dense_linorder
```
```   173 proof
```
```   174   fix a b :: float
```
```   175   show "\<exists>c. a < c"
```
```   176     apply (intro exI[of _ "a + 1"])
```
```   177     apply transfer
```
```   178     apply simp
```
```   179     done
```
```   180   show "\<exists>c. c < a"
```
```   181     apply (intro exI[of _ "a - 1"])
```
```   182     apply transfer
```
```   183     apply simp
```
```   184     done
```
```   185   assume "a < b"
```
```   186   then show "\<exists>c. a < c \<and> c < b"
```
```   187     apply (intro exI[of _ "(a + b) * Float 1 -1"])
```
```   188     apply transfer
```
```   189     apply (simp add: powr_neg_numeral)
```
```   190     done
```
```   191 qed
```
```   192
```
```   193 instantiation float :: lattice_ab_group_add
```
```   194 begin
```
```   195
```
```   196 definition inf_float::"float\<Rightarrow>float\<Rightarrow>float"
```
```   197 where "inf_float a b = min a b"
```
```   198
```
```   199 definition sup_float::"float\<Rightarrow>float\<Rightarrow>float"
```
```   200 where "sup_float a b = max a b"
```
```   201
```
```   202 instance
```
```   203   by default
```
```   204      (transfer, simp_all add: inf_float_def sup_float_def real_of_float_min real_of_float_max)+
```
```   205 end
```
```   206
```
```   207 lemma float_numeral[simp]: "real (numeral x :: float) = numeral x"
```
```   208   apply (induct x)
```
```   209   apply simp
```
```   210   apply (simp_all only: numeral_Bit0 numeral_Bit1 real_of_float_eq real_float
```
```   211                   plus_float.rep_eq one_float.rep_eq plus_float numeral_float one_float)
```
```   212   done
```
```   213
```
```   214 lemma transfer_numeral [transfer_rule]:
```
```   215   "fun_rel (op =) cr_float (numeral :: _ \<Rightarrow> real) (numeral :: _ \<Rightarrow> float)"
```
```   216   unfolding fun_rel_def cr_float_def by (simp add: real_of_float_def[symmetric])
```
```   217
```
```   218 lemma float_neg_numeral[simp]: "real (neg_numeral x :: float) = neg_numeral x"
```
```   219   by (simp add: minus_numeral[symmetric] del: minus_numeral)
```
```   220
```
```   221 lemma transfer_neg_numeral [transfer_rule]:
```
```   222   "fun_rel (op =) cr_float (neg_numeral :: _ \<Rightarrow> real) (neg_numeral :: _ \<Rightarrow> float)"
```
```   223   unfolding fun_rel_def cr_float_def by (simp add: real_of_float_def[symmetric])
```
```   224
```
```   225 lemma
```
```   226   shows float_of_numeral[simp]: "numeral k = float_of (numeral k)"
```
```   227     and float_of_neg_numeral[simp]: "neg_numeral k = float_of (neg_numeral k)"
```
```   228   unfolding real_of_float_eq by simp_all
```
```   229
```
```   230 subsection {* Represent floats as unique mantissa and exponent *}
```
```   231
```
```   232 lemma int_induct_abs[case_names less]:
```
```   233   fixes j :: int
```
```   234   assumes H: "\<And>n. (\<And>i. \<bar>i\<bar> < \<bar>n\<bar> \<Longrightarrow> P i) \<Longrightarrow> P n"
```
```   235   shows "P j"
```
```   236 proof (induct "nat \<bar>j\<bar>" arbitrary: j rule: less_induct)
```
```   237   case less show ?case by (rule H[OF less]) simp
```
```   238 qed
```
```   239
```
```   240 lemma int_cancel_factors:
```
```   241   fixes n :: int assumes "1 < r" shows "n = 0 \<or> (\<exists>k i. n = k * r ^ i \<and> \<not> r dvd k)"
```
```   242 proof (induct n rule: int_induct_abs)
```
```   243   case (less n)
```
```   244   { fix m assume n: "n \<noteq> 0" "n = m * r"
```
```   245     then have "\<bar>m \<bar> < \<bar>n\<bar>"
```
```   246       by (metis abs_dvd_iff abs_ge_self assms comm_semiring_1_class.normalizing_semiring_rules(7)
```
```   247                 dvd_imp_le_int dvd_refl dvd_triv_right linorder_neq_iff linorder_not_le
```
```   248                 mult_eq_0_iff zdvd_mult_cancel1)
```
```   249     from less[OF this] n have "\<exists>k i. n = k * r ^ Suc i \<and> \<not> r dvd k" by auto }
```
```   250   then show ?case
```
```   251     by (metis comm_semiring_1_class.normalizing_semiring_rules(12,7) dvdE power_0)
```
```   252 qed
```
```   253
```
```   254 lemma mult_powr_eq_mult_powr_iff_asym:
```
```   255   fixes m1 m2 e1 e2 :: int
```
```   256   assumes m1: "\<not> 2 dvd m1" and "e1 \<le> e2"
```
```   257   shows "m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
```
```   258 proof
```
```   259   have "m1 \<noteq> 0" using m1 unfolding dvd_def by auto
```
```   260   assume eq: "m1 * 2 powr e1 = m2 * 2 powr e2"
```
```   261   with `e1 \<le> e2` have "m1 = m2 * 2 powr nat (e2 - e1)"
```
```   262     by (simp add: powr_divide2[symmetric] field_simps)
```
```   263   also have "\<dots> = m2 * 2^nat (e2 - e1)"
```
```   264     by (simp add: powr_realpow)
```
```   265   finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"
```
```   266     unfolding real_of_int_inject .
```
```   267   with m1 have "m1 = m2"
```
```   268     by (cases "nat (e2 - e1)") (auto simp add: dvd_def)
```
```   269   then show "m1 = m2 \<and> e1 = e2"
```
```   270     using eq `m1 \<noteq> 0` by (simp add: powr_inj)
```
```   271 qed simp
```
```   272
```
```   273 lemma mult_powr_eq_mult_powr_iff:
```
```   274   fixes m1 m2 e1 e2 :: int
```
```   275   shows "\<not> 2 dvd m1 \<Longrightarrow> \<not> 2 dvd m2 \<Longrightarrow> m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
```
```   276   using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]
```
```   277   using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]
```
```   278   by (cases e1 e2 rule: linorder_le_cases) auto
```
```   279
```
```   280 lemma floatE_normed:
```
```   281   assumes x: "x \<in> float"
```
```   282   obtains (zero) "x = 0"
```
```   283    | (powr) m e :: int where "x = m * 2 powr e" "\<not> 2 dvd m" "x \<noteq> 0"
```
```   284 proof atomize_elim
```
```   285   { assume "x \<noteq> 0"
```
```   286     from x obtain m e :: int where x: "x = m * 2 powr e" by (auto simp: float_def)
```
```   287     with `x \<noteq> 0` int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "\<not> 2 dvd k"
```
```   288       by auto
```
```   289     with `\<not> 2 dvd k` x have "\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m"
```
```   290       by (rule_tac exI[of _ "k"], rule_tac exI[of _ "e + int i"])
```
```   291          (simp add: powr_add powr_realpow) }
```
```   292   then show "x = 0 \<or> (\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m \<and> x \<noteq> 0)"
```
```   293     by blast
```
```   294 qed
```
```   295
```
```   296 lemma float_normed_cases:
```
```   297   fixes f :: float
```
```   298   obtains (zero) "f = 0"
```
```   299    | (powr) m e :: int where "real f = m * 2 powr e" "\<not> 2 dvd m" "f \<noteq> 0"
```
```   300 proof (atomize_elim, induct f)
```
```   301   case (float_of y) then show ?case
```
```   302     by (cases rule: floatE_normed) (auto simp: zero_float_def)
```
```   303 qed
```
```   304
```
```   305 definition mantissa :: "float \<Rightarrow> int" where
```
```   306   "mantissa f = fst (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
```
```   307    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
```
```   308
```
```   309 definition exponent :: "float \<Rightarrow> int" where
```
```   310   "exponent f = snd (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
```
```   311    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
```
```   312
```
```   313 lemma
```
```   314   shows exponent_0[simp]: "exponent (float_of 0) = 0" (is ?E)
```
```   315     and mantissa_0[simp]: "mantissa (float_of 0) = 0" (is ?M)
```
```   316 proof -
```
```   317   have "\<And>p::int \<times> int. fst p = 0 \<and> snd p = 0 \<longleftrightarrow> p = (0, 0)" by auto
```
```   318   then show ?E ?M
```
```   319     by (auto simp add: mantissa_def exponent_def zero_float_def)
```
```   320 qed
```
```   321
```
```   322 lemma
```
```   323   shows mantissa_exponent: "real f = mantissa f * 2 powr exponent f" (is ?E)
```
```   324     and mantissa_not_dvd: "f \<noteq> (float_of 0) \<Longrightarrow> \<not> 2 dvd mantissa f" (is "_ \<Longrightarrow> ?D")
```
```   325 proof cases
```
```   326   assume [simp]: "f \<noteq> (float_of 0)"
```
```   327   have "f = mantissa f * 2 powr exponent f \<and> \<not> 2 dvd mantissa f"
```
```   328   proof (cases f rule: float_normed_cases)
```
```   329     case (powr m e)
```
```   330     then have "\<exists>p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
```
```   331      \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p)"
```
```   332       by auto
```
```   333     then show ?thesis
```
```   334       unfolding exponent_def mantissa_def
```
```   335       by (rule someI2_ex) (simp add: zero_float_def)
```
```   336   qed (simp add: zero_float_def)
```
```   337   then show ?E ?D by auto
```
```   338 qed simp
```
```   339
```
```   340 lemma mantissa_noteq_0: "f \<noteq> float_of 0 \<Longrightarrow> mantissa f \<noteq> 0"
```
```   341   using mantissa_not_dvd[of f] by auto
```
```   342
```
```   343 lemma
```
```   344   fixes m e :: int
```
```   345   defines "f \<equiv> float_of (m * 2 powr e)"
```
```   346   assumes dvd: "\<not> 2 dvd m"
```
```   347   shows mantissa_float: "mantissa f = m" (is "?M")
```
```   348     and exponent_float: "m \<noteq> 0 \<Longrightarrow> exponent f = e" (is "_ \<Longrightarrow> ?E")
```
```   349 proof cases
```
```   350   assume "m = 0" with dvd show "mantissa f = m" by auto
```
```   351 next
```
```   352   assume "m \<noteq> 0"
```
```   353   then have f_not_0: "f \<noteq> float_of 0" by (simp add: f_def)
```
```   354   from mantissa_exponent[of f]
```
```   355   have "m * 2 powr e = mantissa f * 2 powr exponent f"
```
```   356     by (auto simp add: f_def)
```
```   357   then show "?M" "?E"
```
```   358     using mantissa_not_dvd[OF f_not_0] dvd
```
```   359     by (auto simp: mult_powr_eq_mult_powr_iff)
```
```   360 qed
```
```   361
```
```   362 subsection {* Compute arithmetic operations *}
```
```   363
```
```   364 lemma real_of_float_Float[code]: "real_of_float (Float m e) =
```
```   365   (if e \<ge> 0 then m * 2 ^ nat e else m * inverse (2 ^ nat (- e)))"
```
```   366 by (auto simp add: powr_realpow[symmetric] powr_minus real_of_float_def[symmetric])
```
```   367
```
```   368 lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"
```
```   369   unfolding real_of_float_eq mantissa_exponent[of f] by simp
```
```   370
```
```   371 lemma Float_cases[case_names Float, cases type: float]:
```
```   372   fixes f :: float
```
```   373   obtains (Float) m e :: int where "f = Float m e"
```
```   374   using Float_mantissa_exponent[symmetric]
```
```   375   by (atomize_elim) auto
```
```   376
```
```   377 lemma denormalize_shift:
```
```   378   assumes f_def: "f \<equiv> Float m e" and not_0: "f \<noteq> float_of 0"
```
```   379   obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"
```
```   380 proof
```
```   381   from mantissa_exponent[of f] f_def
```
```   382   have "m * 2 powr e = mantissa f * 2 powr exponent f"
```
```   383     by simp
```
```   384   then have eq: "m = mantissa f * 2 powr (exponent f - e)"
```
```   385     by (simp add: powr_divide2[symmetric] field_simps)
```
```   386   moreover
```
```   387   have "e \<le> exponent f"
```
```   388   proof (rule ccontr)
```
```   389     assume "\<not> e \<le> exponent f"
```
```   390     then have pos: "exponent f < e" by simp
```
```   391     then have "2 powr (exponent f - e) = 2 powr - real (e - exponent f)"
```
```   392       by simp
```
```   393     also have "\<dots> = 1 / 2^nat (e - exponent f)"
```
```   394       using pos by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])
```
```   395     finally have "m * 2^nat (e - exponent f) = real (mantissa f)"
```
```   396       using eq by simp
```
```   397     then have "mantissa f = m * 2^nat (e - exponent f)"
```
```   398       unfolding real_of_int_inject by simp
```
```   399     with `exponent f < e` have "2 dvd mantissa f"
```
```   400       apply (intro dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])
```
```   401       apply (cases "nat (e - exponent f)")
```
```   402       apply auto
```
```   403       done
```
```   404     then show False using mantissa_not_dvd[OF not_0] by simp
```
```   405   qed
```
```   406   ultimately have "real m = mantissa f * 2^nat (exponent f - e)"
```
```   407     by (simp add: powr_realpow[symmetric])
```
```   408   with `e \<le> exponent f`
```
```   409   show "m = mantissa f * 2 ^ nat (exponent f - e)" "e = exponent f - nat (exponent f - e)"
```
```   410     unfolding real_of_int_inject by auto
```
```   411 qed
```
```   412
```
```   413 lemma compute_zero[code_unfold, code]: "0 = Float 0 0"
```
```   414   by transfer simp
```
```   415
```
```   416 lemma compute_one[code_unfold, code]: "1 = Float 1 0"
```
```   417   by transfer simp
```
```   418
```
```   419 definition normfloat :: "float \<Rightarrow> float" where
```
```   420   [simp]: "normfloat x = x"
```
```   421
```
```   422 lemma compute_normfloat[code]: "normfloat (Float m e) =
```
```   423   (if m mod 2 = 0 \<and> m \<noteq> 0 then normfloat (Float (m div 2) (e + 1))
```
```   424                            else if m = 0 then 0 else Float m e)"
```
```   425   unfolding normfloat_def
```
```   426   by transfer (auto simp add: powr_add zmod_eq_0_iff)
```
```   427
```
```   428 lemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"
```
```   429   by transfer simp
```
```   430
```
```   431 lemma compute_float_neg_numeral[code_abbrev]: "Float (neg_numeral k) 0 = neg_numeral k"
```
```   432   by transfer simp
```
```   433
```
```   434 lemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"
```
```   435   by transfer simp
```
```   436
```
```   437 lemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"
```
```   438   by transfer (simp add: field_simps powr_add)
```
```   439
```
```   440 lemma compute_float_plus[code]: "Float m1 e1 + Float m2 e2 =
```
```   441   (if e1 \<le> e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1
```
```   442               else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"
```
```   443   by transfer (simp add: field_simps powr_realpow[symmetric] powr_divide2[symmetric])
```
```   444
```
```   445 lemma compute_float_minus[code]: fixes f g::float shows "f - g = f + (-g)"
```
```   446   by simp
```
```   447
```
```   448 lemma compute_float_sgn[code]: "sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"
```
```   449   by transfer (simp add: sgn_times)
```
```   450
```
```   451 lift_definition is_float_pos :: "float \<Rightarrow> bool" is "op < 0 :: real \<Rightarrow> bool" ..
```
```   452
```
```   453 lemma compute_is_float_pos[code]: "is_float_pos (Float m e) \<longleftrightarrow> 0 < m"
```
```   454   by transfer (auto simp add: zero_less_mult_iff not_le[symmetric, of _ 0])
```
```   455
```
```   456 lemma compute_float_less[code]: "a < b \<longleftrightarrow> is_float_pos (b - a)"
```
```   457   by transfer (simp add: field_simps)
```
```   458
```
```   459 lift_definition is_float_nonneg :: "float \<Rightarrow> bool" is "op \<le> 0 :: real \<Rightarrow> bool" ..
```
```   460
```
```   461 lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) \<longleftrightarrow> 0 \<le> m"
```
```   462   by transfer (auto simp add: zero_le_mult_iff not_less[symmetric, of _ 0])
```
```   463
```
```   464 lemma compute_float_le[code]: "a \<le> b \<longleftrightarrow> is_float_nonneg (b - a)"
```
```   465   by transfer (simp add: field_simps)
```
```   466
```
```   467 lift_definition is_float_zero :: "float \<Rightarrow> bool"  is "op = 0 :: real \<Rightarrow> bool" by simp
```
```   468
```
```   469 lemma compute_is_float_zero[code]: "is_float_zero (Float m e) \<longleftrightarrow> 0 = m"
```
```   470   by transfer (auto simp add: is_float_zero_def)
```
```   471
```
```   472 lemma compute_float_abs[code]: "abs (Float m e) = Float (abs m) e"
```
```   473   by transfer (simp add: abs_mult)
```
```   474
```
```   475 lemma compute_float_eq[code]: "equal_class.equal f g = is_float_zero (f - g)"
```
```   476   by transfer simp
```
```   477
```
```   478 subsection {* Rounding Real numbers *}
```
```   479
```
```   480 definition round_down :: "int \<Rightarrow> real \<Rightarrow> real" where
```
```   481   "round_down prec x = floor (x * 2 powr prec) * 2 powr -prec"
```
```   482
```
```   483 definition round_up :: "int \<Rightarrow> real \<Rightarrow> real" where
```
```   484   "round_up prec x = ceiling (x * 2 powr prec) * 2 powr -prec"
```
```   485
```
```   486 lemma round_down_float[simp]: "round_down prec x \<in> float"
```
```   487   unfolding round_down_def
```
```   488   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
```
```   489
```
```   490 lemma round_up_float[simp]: "round_up prec x \<in> float"
```
```   491   unfolding round_up_def
```
```   492   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
```
```   493
```
```   494 lemma round_up: "x \<le> round_up prec x"
```
```   495   by (simp add: powr_minus_divide le_divide_eq round_up_def)
```
```   496
```
```   497 lemma round_down: "round_down prec x \<le> x"
```
```   498   by (simp add: powr_minus_divide divide_le_eq round_down_def)
```
```   499
```
```   500 lemma round_up_0[simp]: "round_up p 0 = 0"
```
```   501   unfolding round_up_def by simp
```
```   502
```
```   503 lemma round_down_0[simp]: "round_down p 0 = 0"
```
```   504   unfolding round_down_def by simp
```
```   505
```
```   506 lemma round_up_diff_round_down:
```
```   507   "round_up prec x - round_down prec x \<le> 2 powr -prec"
```
```   508 proof -
```
```   509   have "round_up prec x - round_down prec x =
```
```   510     (ceiling (x * 2 powr prec) - floor (x * 2 powr prec)) * 2 powr -prec"
```
```   511     by (simp add: round_up_def round_down_def field_simps)
```
```   512   also have "\<dots> \<le> 1 * 2 powr -prec"
```
```   513     by (rule mult_mono)
```
```   514        (auto simp del: real_of_int_diff
```
```   515              simp: real_of_int_diff[symmetric] real_of_int_le_one_cancel_iff ceiling_diff_floor_le_1)
```
```   516   finally show ?thesis by simp
```
```   517 qed
```
```   518
```
```   519 lemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"
```
```   520   unfolding round_down_def
```
```   521   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
```
```   522     (simp add: powr_add[symmetric])
```
```   523
```
```   524 lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"
```
```   525   unfolding round_up_def
```
```   526   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
```
```   527     (simp add: powr_add[symmetric])
```
```   528
```
```   529 subsection {* Rounding Floats *}
```
```   530
```
```   531 lift_definition float_up :: "int \<Rightarrow> float \<Rightarrow> float" is round_up by simp
```
```   532 declare float_up.rep_eq[simp]
```
```   533
```
```   534 lemma float_up_correct:
```
```   535   shows "real (float_up e f) - real f \<in> {0..2 powr -e}"
```
```   536 unfolding atLeastAtMost_iff
```
```   537 proof
```
```   538   have "round_up e f - f \<le> round_up e f - round_down e f" using round_down by simp
```
```   539   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
```
```   540   finally show "real (float_up e f) - real f \<le> 2 powr real (- e)"
```
```   541     by simp
```
```   542 qed (simp add: algebra_simps round_up)
```
```   543
```
```   544 lift_definition float_down :: "int \<Rightarrow> float \<Rightarrow> float" is round_down by simp
```
```   545 declare float_down.rep_eq[simp]
```
```   546
```
```   547 lemma float_down_correct:
```
```   548   shows "real f - real (float_down e f) \<in> {0..2 powr -e}"
```
```   549 unfolding atLeastAtMost_iff
```
```   550 proof
```
```   551   have "f - round_down e f \<le> round_up e f - round_down e f" using round_up by simp
```
```   552   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
```
```   553   finally show "real f - real (float_down e f) \<le> 2 powr real (- e)"
```
```   554     by simp
```
```   555 qed (simp add: algebra_simps round_down)
```
```   556
```
```   557 lemma compute_float_down[code]:
```
```   558   "float_down p (Float m e) =
```
```   559     (if p + e < 0 then Float (m div 2^nat (-(p + e))) (-p) else Float m e)"
```
```   560 proof cases
```
```   561   assume "p + e < 0"
```
```   562   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
```
```   563     using powr_realpow[of 2 "nat (-(p + e))"] by simp
```
```   564   also have "... = 1 / 2 powr p / 2 powr e"
```
```   565     unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
```
```   566   finally show ?thesis
```
```   567     using `p + e < 0`
```
```   568     by transfer (simp add: ac_simps round_down_def floor_divide_eq_div[symmetric])
```
```   569 next
```
```   570   assume "\<not> p + e < 0"
```
```   571   then have r: "real e + real p = real (nat (e + p))" by simp
```
```   572   have r: "\<lfloor>(m * 2 powr e) * 2 powr real p\<rfloor> = (m * 2 powr e) * 2 powr real p"
```
```   573     by (auto intro: exI[where x="m*2^nat (e+p)"]
```
```   574              simp add: ac_simps powr_add[symmetric] r powr_realpow)
```
```   575   with `\<not> p + e < 0` show ?thesis
```
```   576     by transfer
```
```   577        (auto simp add: round_down_def field_simps powr_add powr_minus inverse_eq_divide)
```
```   578 qed
```
```   579
```
```   580 lemma ceil_divide_floor_conv:
```
```   581 assumes "b \<noteq> 0"
```
```   582 shows "\<lceil>real a / real b\<rceil> = (if b dvd a then a div b else \<lfloor>real a / real b\<rfloor> + 1)"
```
```   583 proof cases
```
```   584   assume "\<not> b dvd a"
```
```   585   hence "a mod b \<noteq> 0" by auto
```
```   586   hence ne: "real (a mod b) / real b \<noteq> 0" using `b \<noteq> 0` by auto
```
```   587   have "\<lceil>real a / real b\<rceil> = \<lfloor>real a / real b\<rfloor> + 1"
```
```   588   apply (rule ceiling_eq) apply (auto simp: floor_divide_eq_div[symmetric])
```
```   589   proof -
```
```   590     have "real \<lfloor>real a / real b\<rfloor> \<le> real a / real b" by simp
```
```   591     moreover have "real \<lfloor>real a / real b\<rfloor> \<noteq> real a / real b"
```
```   592     apply (subst (2) real_of_int_div_aux) unfolding floor_divide_eq_div using ne `b \<noteq> 0` by auto
```
```   593     ultimately show "real \<lfloor>real a / real b\<rfloor> < real a / real b" by arith
```
```   594   qed
```
```   595   thus ?thesis using `\<not> b dvd a` by simp
```
```   596 qed (simp add: ceiling_def real_of_int_minus[symmetric] divide_minus_left[symmetric]
```
```   597   floor_divide_eq_div dvd_neg_div del: divide_minus_left real_of_int_minus)
```
```   598
```
```   599 lemma compute_float_up[code]:
```
```   600   "float_up p (Float m e) =
```
```   601     (let P = 2^nat (-(p + e)); r = m mod P in
```
```   602       if p + e < 0 then Float (m div P + (if r = 0 then 0 else 1)) (-p) else Float m e)"
```
```   603 proof cases
```
```   604   assume "p + e < 0"
```
```   605   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
```
```   606     using powr_realpow[of 2 "nat (-(p + e))"] by simp
```
```   607   also have "... = 1 / 2 powr p / 2 powr e"
```
```   608   unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
```
```   609   finally have twopow_rewrite:
```
```   610     "real ((2::int) ^ nat (- (p + e))) = 1 / 2 powr real p / 2 powr real e" .
```
```   611   with `p + e < 0` have powr_rewrite:
```
```   612     "2 powr real e * 2 powr real p = 1 / real ((2::int) ^ nat (- (p + e)))"
```
```   613     unfolding powr_divide2 by simp
```
```   614   show ?thesis
```
```   615   proof cases
```
```   616     assume "2^nat (-(p + e)) dvd m"
```
```   617     with `p + e < 0` twopow_rewrite show ?thesis unfolding Let_def
```
```   618       by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div dvd_eq_mod_eq_0)
```
```   619   next
```
```   620     assume ndvd: "\<not> 2 ^ nat (- (p + e)) dvd m"
```
```   621     have one_div: "real m * (1 / real ((2::int) ^ nat (- (p + e)))) =
```
```   622       real m / real ((2::int) ^ nat (- (p + e)))"
```
```   623       by (simp add: field_simps)
```
```   624     have "real \<lceil>real m * (2 powr real e * 2 powr real p)\<rceil> =
```
```   625       real \<lfloor>real m * (2 powr real e * 2 powr real p)\<rfloor> + 1"
```
```   626       using ndvd unfolding powr_rewrite one_div
```
```   627       by (subst ceil_divide_floor_conv) (auto simp: field_simps)
```
```   628     thus ?thesis using `p + e < 0` twopow_rewrite
```
```   629       unfolding Let_def
```
```   630       by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div[symmetric])
```
```   631   qed
```
```   632 next
```
```   633   assume "\<not> p + e < 0"
```
```   634   then have r1: "real e + real p = real (nat (e + p))" by simp
```
```   635   have r: "\<lceil>(m * 2 powr e) * 2 powr real p\<rceil> = (m * 2 powr e) * 2 powr real p"
```
```   636     by (auto simp add: ac_simps powr_add[symmetric] r1 powr_realpow
```
```   637       intro: exI[where x="m*2^nat (e+p)"])
```
```   638   then show ?thesis using `\<not> p + e < 0`
```
```   639     unfolding Let_def
```
```   640     by transfer
```
```   641        (simp add: round_up_def floor_divide_eq_div field_simps powr_add powr_minus inverse_eq_divide)
```
```   642 qed
```
```   643
```
```   644 lemmas real_of_ints =
```
```   645   real_of_int_zero
```
```   646   real_of_one
```
```   647   real_of_int_add
```
```   648   real_of_int_minus
```
```   649   real_of_int_diff
```
```   650   real_of_int_mult
```
```   651   real_of_int_power
```
```   652   real_numeral
```
```   653 lemmas real_of_nats =
```
```   654   real_of_nat_zero
```
```   655   real_of_nat_one
```
```   656   real_of_nat_1
```
```   657   real_of_nat_add
```
```   658   real_of_nat_mult
```
```   659   real_of_nat_power
```
```   660
```
```   661 lemmas int_of_reals = real_of_ints[symmetric]
```
```   662 lemmas nat_of_reals = real_of_nats[symmetric]
```
```   663
```
```   664 lemma two_real_int: "(2::real) = real (2::int)" by simp
```
```   665 lemma two_real_nat: "(2::real) = real (2::nat)" by simp
```
```   666
```
```   667 lemma mult_cong: "a = c ==> b = d ==> a*b = c*d" by simp
```
```   668
```
```   669 subsection {* Compute bitlen of integers *}
```
```   670
```
```   671 definition bitlen :: "int \<Rightarrow> int" where
```
```   672   "bitlen a = (if a > 0 then \<lfloor>log 2 a\<rfloor> + 1 else 0)"
```
```   673
```
```   674 lemma bitlen_nonneg: "0 \<le> bitlen x"
```
```   675 proof -
```
```   676   {
```
```   677     assume "0 > x"
```
```   678     have "-1 = log 2 (inverse 2)" by (subst log_inverse) simp_all
```
```   679     also have "... < log 2 (-x)" using `0 > x` by auto
```
```   680     finally have "-1 < log 2 (-x)" .
```
```   681   } thus "0 \<le> bitlen x" unfolding bitlen_def by (auto intro!: add_nonneg_nonneg)
```
```   682 qed
```
```   683
```
```   684 lemma bitlen_bounds:
```
```   685   assumes "x > 0"
```
```   686   shows "2 ^ nat (bitlen x - 1) \<le> x \<and> x < 2 ^ nat (bitlen x)"
```
```   687 proof
```
```   688   have "(2::real) ^ nat \<lfloor>log 2 (real x)\<rfloor> = 2 powr real (floor (log 2 (real x)))"
```
```   689     using powr_realpow[symmetric, of 2 "nat \<lfloor>log 2 (real x)\<rfloor>"] `x > 0`
```
```   690     using real_nat_eq_real[of "floor (log 2 (real x))"]
```
```   691     by simp
```
```   692   also have "... \<le> 2 powr log 2 (real x)"
```
```   693     by simp
```
```   694   also have "... = real x"
```
```   695     using `0 < x` by simp
```
```   696   finally have "2 ^ nat \<lfloor>log 2 (real x)\<rfloor> \<le> real x" by simp
```
```   697   thus "2 ^ nat (bitlen x - 1) \<le> x" using `x > 0`
```
```   698     by (simp add: bitlen_def)
```
```   699 next
```
```   700   have "x \<le> 2 powr (log 2 x)" using `x > 0` by simp
```
```   701   also have "... < 2 ^ nat (\<lfloor>log 2 (real x)\<rfloor> + 1)"
```
```   702     apply (simp add: powr_realpow[symmetric])
```
```   703     using `x > 0` by simp
```
```   704   finally show "x < 2 ^ nat (bitlen x)" using `x > 0`
```
```   705     by (simp add: bitlen_def ac_simps int_of_reals del: real_of_ints)
```
```   706 qed
```
```   707
```
```   708 lemma bitlen_pow2[simp]:
```
```   709   assumes "b > 0"
```
```   710   shows "bitlen (b * 2 ^ c) = bitlen b + c"
```
```   711 proof -
```
```   712   from assms have "b * 2 ^ c > 0" by (auto intro: mult_pos_pos)
```
```   713   thus ?thesis
```
```   714     using floor_add[of "log 2 b" c] assms
```
```   715     by (auto simp add: log_mult log_nat_power bitlen_def)
```
```   716 qed
```
```   717
```
```   718 lemma bitlen_Float:
```
```   719 fixes m e
```
```   720 defines "f \<equiv> Float m e"
```
```   721 shows "bitlen (\<bar>mantissa f\<bar>) + exponent f = (if m = 0 then 0 else bitlen \<bar>m\<bar> + e)"
```
```   722 proof cases
```
```   723   assume "m \<noteq> 0"
```
```   724   hence "f \<noteq> float_of 0"
```
```   725     unfolding real_of_float_eq by (simp add: f_def)
```
```   726   hence "mantissa f \<noteq> 0"
```
```   727     by (simp add: mantissa_noteq_0)
```
```   728   moreover
```
```   729   from f_def[THEN denormalize_shift, OF `f \<noteq> float_of 0`] guess i .
```
```   730   ultimately show ?thesis by (simp add: abs_mult)
```
```   731 qed (simp add: f_def bitlen_def Float_def)
```
```   732
```
```   733 lemma compute_bitlen[code]:
```
```   734   shows "bitlen x = (if x > 0 then bitlen (x div 2) + 1 else 0)"
```
```   735 proof -
```
```   736   { assume "2 \<le> x"
```
```   737     then have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 (x - x mod 2)\<rfloor>"
```
```   738       by (simp add: log_mult zmod_zdiv_equality')
```
```   739     also have "\<dots> = \<lfloor>log 2 (real x)\<rfloor>"
```
```   740     proof cases
```
```   741       assume "x mod 2 = 0" then show ?thesis by simp
```
```   742     next
```
```   743       def n \<equiv> "\<lfloor>log 2 (real x)\<rfloor>"
```
```   744       then have "0 \<le> n"
```
```   745         using `2 \<le> x` by simp
```
```   746       assume "x mod 2 \<noteq> 0"
```
```   747       with `2 \<le> x` have "x mod 2 = 1" "\<not> 2 dvd x" by (auto simp add: dvd_eq_mod_eq_0)
```
```   748       with `2 \<le> x` have "x \<noteq> 2^nat n" by (cases "nat n") auto
```
```   749       moreover
```
```   750       { have "real (2^nat n :: int) = 2 powr (nat n)"
```
```   751           by (simp add: powr_realpow)
```
```   752         also have "\<dots> \<le> 2 powr (log 2 x)"
```
```   753           using `2 \<le> x` by (simp add: n_def del: powr_log_cancel)
```
```   754         finally have "2^nat n \<le> x" using `2 \<le> x` by simp }
```
```   755       ultimately have "2^nat n \<le> x - 1" by simp
```
```   756       then have "2^nat n \<le> real (x - 1)"
```
```   757         unfolding real_of_int_le_iff[symmetric] by simp
```
```   758       { have "n = \<lfloor>log 2 (2^nat n)\<rfloor>"
```
```   759           using `0 \<le> n` by (simp add: log_nat_power)
```
```   760         also have "\<dots> \<le> \<lfloor>log 2 (x - 1)\<rfloor>"
```
```   761           using `2^nat n \<le> real (x - 1)` `0 \<le> n` `2 \<le> x` by (auto intro: floor_mono)
```
```   762         finally have "n \<le> \<lfloor>log 2 (x - 1)\<rfloor>" . }
```
```   763       moreover have "\<lfloor>log 2 (x - 1)\<rfloor> \<le> n"
```
```   764         using `2 \<le> x` by (auto simp add: n_def intro!: floor_mono)
```
```   765       ultimately show "\<lfloor>log 2 (x - x mod 2)\<rfloor> = \<lfloor>log 2 x\<rfloor>"
```
```   766         unfolding n_def `x mod 2 = 1` by auto
```
```   767     qed
```
```   768     finally have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 x\<rfloor>" . }
```
```   769   moreover
```
```   770   { assume "x < 2" "0 < x"
```
```   771     then have "x = 1" by simp
```
```   772     then have "\<lfloor>log 2 (real x)\<rfloor> = 0" by simp }
```
```   773   ultimately show ?thesis
```
```   774     unfolding bitlen_def
```
```   775     by (auto simp: pos_imp_zdiv_pos_iff not_le)
```
```   776 qed
```
```   777
```
```   778 lemma float_gt1_scale: assumes "1 \<le> Float m e"
```
```   779   shows "0 \<le> e + (bitlen m - 1)"
```
```   780 proof -
```
```   781   have "0 < Float m e" using assms by auto
```
```   782   hence "0 < m" using powr_gt_zero[of 2 e]
```
```   783     by (auto simp: zero_less_mult_iff)
```
```   784   hence "m \<noteq> 0" by auto
```
```   785   show ?thesis
```
```   786   proof (cases "0 \<le> e")
```
```   787     case True thus ?thesis using `0 < m`  by (simp add: bitlen_def)
```
```   788   next
```
```   789     have "(1::int) < 2" by simp
```
```   790     case False let ?S = "2^(nat (-e))"
```
```   791     have "inverse (2 ^ nat (- e)) = 2 powr e" using assms False powr_realpow[of 2 "nat (-e)"]
```
```   792       by (auto simp: powr_minus field_simps inverse_eq_divide)
```
```   793     hence "1 \<le> real m * inverse ?S" using assms False powr_realpow[of 2 "nat (-e)"]
```
```   794       by (auto simp: powr_minus)
```
```   795     hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
```
```   796     hence "?S \<le> real m" unfolding mult_assoc by auto
```
```   797     hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
```
```   798     from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
```
```   799     have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
```
```   800     hence "-e < bitlen m" using False by auto
```
```   801     thus ?thesis by auto
```
```   802   qed
```
```   803 qed
```
```   804
```
```   805 lemma bitlen_div: assumes "0 < m" shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
```
```   806 proof -
```
```   807   let ?B = "2^nat(bitlen m - 1)"
```
```   808
```
```   809   have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
```
```   810   hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
```
```   811   thus "1 \<le> real m / ?B" by auto
```
```   812
```
```   813   have "m \<noteq> 0" using assms by auto
```
```   814   have "0 \<le> bitlen m - 1" using `0 < m` by (auto simp: bitlen_def)
```
```   815
```
```   816   have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
```
```   817   also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using `0 < m` by (auto simp: bitlen_def)
```
```   818   also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
```
```   819   finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
```
```   820   hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
```
```   821   thus "real m / ?B < 2" by auto
```
```   822 qed
```
```   823
```
```   824 subsection {* Approximation of positive rationals *}
```
```   825
```
```   826 lemma zdiv_zmult_twopow_eq: fixes a b::int shows "a div b div (2 ^ n) = a div (b * 2 ^ n)"
```
```   827 by (simp add: zdiv_zmult2_eq)
```
```   828
```
```   829 lemma div_mult_twopow_eq: fixes a b::nat shows "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)"
```
```   830   by (cases "b=0") (simp_all add: div_mult2_eq[symmetric] ac_simps)
```
```   831
```
```   832 lemma real_div_nat_eq_floor_of_divide:
```
```   833   fixes a b::nat
```
```   834   shows "a div b = real (floor (a/b))"
```
```   835 by (metis floor_divide_eq_div real_of_int_of_nat_eq zdiv_int)
```
```   836
```
```   837 definition "rat_precision prec x y = int prec - (bitlen x - bitlen y)"
```
```   838
```
```   839 lift_definition lapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
```
```   840   is "\<lambda>prec (x::nat) (y::nat). round_down (rat_precision prec x y) (x / y)" by simp
```
```   841
```
```   842 lemma compute_lapprox_posrat[code]:
```
```   843   fixes prec x y
```
```   844   shows "lapprox_posrat prec x y =
```
```   845    (let
```
```   846        l = rat_precision prec x y;
```
```   847        d = if 0 \<le> l then x * 2^nat l div y else x div 2^nat (- l) div y
```
```   848     in normfloat (Float d (- l)))"
```
```   849     unfolding div_mult_twopow_eq Let_def normfloat_def
```
```   850     by transfer
```
```   851        (simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide field_simps
```
```   852              del: two_powr_minus_int_float)
```
```   853
```
```   854 lift_definition rapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
```
```   855   is "\<lambda>prec (x::nat) (y::nat). round_up (rat_precision prec x y) (x / y)" by simp
```
```   856
```
```   857 (* TODO: optimize using zmod_zmult2_eq, pdivmod ? *)
```
```   858 lemma compute_rapprox_posrat[code]:
```
```   859   fixes prec x y
```
```   860   defines "l \<equiv> rat_precision prec x y"
```
```   861   shows "rapprox_posrat prec x y = (let
```
```   862      l = l ;
```
```   863      X = if 0 \<le> l then (x * 2^nat l, y) else (x, y * 2^nat(-l)) ;
```
```   864      d = fst X div snd X ;
```
```   865      m = fst X mod snd X
```
```   866    in normfloat (Float (d + (if m = 0 \<or> y = 0 then 0 else 1)) (- l)))"
```
```   867 proof (cases "y = 0")
```
```   868   assume "y = 0" thus ?thesis unfolding Let_def normfloat_def by transfer simp
```
```   869 next
```
```   870   assume "y \<noteq> 0"
```
```   871   show ?thesis
```
```   872   proof (cases "0 \<le> l")
```
```   873     assume "0 \<le> l"
```
```   874     def x' == "x * 2 ^ nat l"
```
```   875     have "int x * 2 ^ nat l = x'" by (simp add: x'_def int_mult int_power)
```
```   876     moreover have "real x * 2 powr real l = real x'"
```
```   877       by (simp add: powr_realpow[symmetric] `0 \<le> l` x'_def)
```
```   878     ultimately show ?thesis
```
```   879       unfolding Let_def normfloat_def
```
```   880       using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] `0 \<le> l` `y \<noteq> 0`
```
```   881         l_def[symmetric, THEN meta_eq_to_obj_eq]
```
```   882       by transfer
```
```   883          (simp add: floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0 round_up_def)
```
```   884    next
```
```   885     assume "\<not> 0 \<le> l"
```
```   886     def y' == "y * 2 ^ nat (- l)"
```
```   887     from `y \<noteq> 0` have "y' \<noteq> 0" by (simp add: y'_def)
```
```   888     have "int y * 2 ^ nat (- l) = y'" by (simp add: y'_def int_mult int_power)
```
```   889     moreover have "real x * real (2::int) powr real l / real y = x / real y'"
```
```   890       using `\<not> 0 \<le> l`
```
```   891       by (simp add: powr_realpow[symmetric] powr_minus y'_def field_simps inverse_eq_divide)
```
```   892     ultimately show ?thesis
```
```   893       unfolding Let_def normfloat_def
```
```   894       using ceil_divide_floor_conv[of y' x] `\<not> 0 \<le> l` `y' \<noteq> 0` `y \<noteq> 0`
```
```   895         l_def[symmetric, THEN meta_eq_to_obj_eq]
```
```   896       by transfer
```
```   897          (simp add: round_up_def ceil_divide_floor_conv floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0)
```
```   898   qed
```
```   899 qed
```
```   900
```
```   901 lemma rat_precision_pos:
```
```   902   assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
```
```   903   shows "rat_precision n (int x) (int y) > 0"
```
```   904 proof -
```
```   905   { assume "0 < x" hence "log 2 x + 1 = log 2 (2 * x)" by (simp add: log_mult) }
```
```   906   hence "bitlen (int x) < bitlen (int y)" using assms
```
```   907     by (simp add: bitlen_def del: floor_add_one)
```
```   908       (auto intro!: floor_mono simp add: floor_add_one[symmetric] simp del: floor_add floor_add_one)
```
```   909   thus ?thesis
```
```   910     using assms by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)
```
```   911 qed
```
```   912
```
```   913 lemma power_aux: assumes "x > 0" shows "(2::int) ^ nat (x - 1) \<le> 2 ^ nat x - 1"
```
```   914 proof -
```
```   915   def y \<equiv> "nat (x - 1)" moreover
```
```   916   have "(2::int) ^ y \<le> (2 ^ (y + 1)) - 1" by simp
```
```   917   ultimately show ?thesis using assms by simp
```
```   918 qed
```
```   919
```
```   920 lemma rapprox_posrat_less1:
```
```   921   assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
```
```   922   shows "real (rapprox_posrat n x y) < 1"
```
```   923 proof -
```
```   924   have powr1: "2 powr real (rat_precision n (int x) (int y)) =
```
```   925     2 ^ nat (rat_precision n (int x) (int y))" using rat_precision_pos[of x y n] assms
```
```   926     by (simp add: powr_realpow[symmetric])
```
```   927   have "x * 2 powr real (rat_precision n (int x) (int y)) / y = (x / y) *
```
```   928      2 powr real (rat_precision n (int x) (int y))" by simp
```
```   929   also have "... < (1 / 2) * 2 powr real (rat_precision n (int x) (int y))"
```
```   930     apply (rule mult_strict_right_mono) by (insert assms) auto
```
```   931   also have "\<dots> = 2 powr real (rat_precision n (int x) (int y) - 1)"
```
```   932     by (simp add: powr_add diff_def powr_neg_numeral)
```
```   933   also have "\<dots> = 2 ^ nat (rat_precision n (int x) (int y) - 1)"
```
```   934     using rat_precision_pos[of x y n] assms by (simp add: powr_realpow[symmetric])
```
```   935   also have "\<dots> \<le> 2 ^ nat (rat_precision n (int x) (int y)) - 1"
```
```   936     unfolding int_of_reals real_of_int_le_iff
```
```   937     using rat_precision_pos[OF assms] by (rule power_aux)
```
```   938   finally show ?thesis
```
```   939     apply (transfer fixing: n x y)
```
```   940     apply (simp add: round_up_def field_simps powr_minus inverse_eq_divide powr1)
```
```   941     unfolding int_of_reals real_of_int_less_iff
```
```   942     apply (simp add: ceiling_less_eq)
```
```   943     done
```
```   944 qed
```
```   945
```
```   946 lift_definition lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
```
```   947   "\<lambda>prec (x::int) (y::int). round_down (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
```
```   948
```
```   949 lemma compute_lapprox_rat[code]:
```
```   950   "lapprox_rat prec x y =
```
```   951     (if y = 0 then 0
```
```   952     else if 0 \<le> x then
```
```   953       (if 0 < y then lapprox_posrat prec (nat x) (nat y)
```
```   954       else - (rapprox_posrat prec (nat x) (nat (-y))))
```
```   955       else (if 0 < y
```
```   956         then - (rapprox_posrat prec (nat (-x)) (nat y))
```
```   957         else lapprox_posrat prec (nat (-x)) (nat (-y))))"
```
```   958   by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)
```
```   959
```
```   960 lift_definition rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
```
```   961   "\<lambda>prec (x::int) (y::int). round_up (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
```
```   962
```
```   963 lemma compute_rapprox_rat[code]:
```
```   964   "rapprox_rat prec x y =
```
```   965     (if y = 0 then 0
```
```   966     else if 0 \<le> x then
```
```   967       (if 0 < y then rapprox_posrat prec (nat x) (nat y)
```
```   968       else - (lapprox_posrat prec (nat x) (nat (-y))))
```
```   969       else (if 0 < y
```
```   970         then - (lapprox_posrat prec (nat (-x)) (nat y))
```
```   971         else rapprox_posrat prec (nat (-x)) (nat (-y))))"
```
```   972   by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)
```
```   973
```
```   974 subsection {* Division *}
```
```   975
```
```   976 lift_definition float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is
```
```   977   "\<lambda>(prec::nat) a b. round_down (prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)" by simp
```
```   978
```
```   979 lemma compute_float_divl[code]:
```
```   980   "float_divl prec (Float m1 s1) (Float m2 s2) = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
```
```   981 proof cases
```
```   982   let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
```
```   983   let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
```
```   984   assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
```
```   985   then have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) = rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
```
```   986     by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
```
```   987   have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
```
```   988     by (simp add: field_simps powr_divide2[symmetric])
```
```   989
```
```   990   show ?thesis
```
```   991     using not_0
```
```   992     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_down_shift, simp add: field_simps)
```
```   993 qed (transfer, auto)
```
```   994
```
```   995 lift_definition float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is
```
```   996   "\<lambda>(prec::nat) a b. round_up (prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)" by simp
```
```   997
```
```   998 lemma compute_float_divr[code]:
```
```   999   "float_divr prec (Float m1 s1) (Float m2 s2) = rapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
```
```  1000 proof cases
```
```  1001   let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
```
```  1002   let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
```
```  1003   assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
```
```  1004   then have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) = rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
```
```  1005     by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
```
```  1006   have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
```
```  1007     by (simp add: field_simps powr_divide2[symmetric])
```
```  1008
```
```  1009   show ?thesis
```
```  1010     using not_0
```
```  1011     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_up_shift, simp add: field_simps)
```
```  1012 qed (transfer, auto)
```
```  1013
```
```  1014 subsection {* Lemmas needed by Approximate *}
```
```  1015
```
```  1016 lemma Float_num[simp]: shows
```
```  1017    "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
```
```  1018    "real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
```
```  1019    "real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"
```
```  1020 using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"] two_powr_int_float[of "-3"]
```
```  1021 using powr_realpow[of 2 2] powr_realpow[of 2 3]
```
```  1022 using powr_minus[of 2 1] powr_minus[of 2 2] powr_minus[of 2 3]
```
```  1023 by auto
```
```  1024
```
```  1025 lemma real_of_Float_int[simp]: "real (Float n 0) = real n" by simp
```
```  1026
```
```  1027 lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
```
```  1028
```
```  1029 lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
```
```  1030 by arith
```
```  1031
```
```  1032 lemma lapprox_rat:
```
```  1033   shows "real (lapprox_rat prec x y) \<le> real x / real y"
```
```  1034   using round_down by (simp add: lapprox_rat_def)
```
```  1035
```
```  1036 lemma mult_div_le: fixes a b:: int assumes "b > 0" shows "a \<ge> b * (a div b)"
```
```  1037 proof -
```
```  1038   from zmod_zdiv_equality'[of a b]
```
```  1039   have "a = b * (a div b) + a mod b" by simp
```
```  1040   also have "... \<ge> b * (a div b) + 0" apply (rule add_left_mono) apply (rule pos_mod_sign)
```
```  1041   using assms by simp
```
```  1042   finally show ?thesis by simp
```
```  1043 qed
```
```  1044
```
```  1045 lemma lapprox_rat_nonneg:
```
```  1046   fixes n x y
```
```  1047   defines "p == int n - ((bitlen \<bar>x\<bar>) - (bitlen \<bar>y\<bar>))"
```
```  1048   assumes "0 \<le> x" "0 < y"
```
```  1049   shows "0 \<le> real (lapprox_rat n x y)"
```
```  1050 using assms unfolding lapprox_rat_def p_def[symmetric] round_down_def real_of_int_minus[symmetric]
```
```  1051    powr_int[of 2, simplified]
```
```  1052   by (auto simp add: inverse_eq_divide intro!: mult_nonneg_nonneg divide_nonneg_pos mult_pos_pos)
```
```  1053
```
```  1054 lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
```
```  1055   using round_up by (simp add: rapprox_rat_def)
```
```  1056
```
```  1057 lemma rapprox_rat_le1:
```
```  1058   fixes n x y
```
```  1059   assumes xy: "0 \<le> x" "0 < y" "x \<le> y"
```
```  1060   shows "real (rapprox_rat n x y) \<le> 1"
```
```  1061 proof -
```
```  1062   have "bitlen \<bar>x\<bar> \<le> bitlen \<bar>y\<bar>"
```
```  1063     using xy unfolding bitlen_def by (auto intro!: floor_mono)
```
```  1064   then have "0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>" by (simp add: rat_precision_def)
```
```  1065   have "real \<lceil>real x / real y * 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>
```
```  1066       \<le> real \<lceil>2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>"
```
```  1067     using xy by (auto intro!: ceiling_mono simp: field_simps)
```
```  1068   also have "\<dots> = 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"
```
```  1069     using `0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>`
```
```  1070     by (auto intro!: exI[of _ "2^nat (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"] simp: powr_int)
```
```  1071   finally show ?thesis
```
```  1072     by (simp add: rapprox_rat_def round_up_def)
```
```  1073        (simp add: powr_minus inverse_eq_divide)
```
```  1074 qed
```
```  1075
```
```  1076 lemma rapprox_rat_nonneg_neg:
```
```  1077   "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
```
```  1078   unfolding rapprox_rat_def round_up_def
```
```  1079   by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)
```
```  1080
```
```  1081 lemma rapprox_rat_neg:
```
```  1082   "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
```
```  1083   unfolding rapprox_rat_def round_up_def
```
```  1084   by (auto simp: field_simps mult_le_0_iff)
```
```  1085
```
```  1086 lemma rapprox_rat_nonpos_pos:
```
```  1087   "x \<le> 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
```
```  1088   unfolding rapprox_rat_def round_up_def
```
```  1089   by (auto simp: field_simps mult_le_0_iff)
```
```  1090
```
```  1091 lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
```
```  1092   by transfer (simp add: round_down)
```
```  1093
```
```  1094 lemma float_divl_lower_bound:
```
```  1095   "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> 0 \<le> real (float_divl prec x y)"
```
```  1096   by transfer (simp add: round_down_def zero_le_mult_iff zero_le_divide_iff)
```
```  1097
```
```  1098 lemma exponent_1: "exponent 1 = 0"
```
```  1099   using exponent_float[of 1 0] by (simp add: one_float_def)
```
```  1100
```
```  1101 lemma mantissa_1: "mantissa 1 = 1"
```
```  1102   using mantissa_float[of 1 0] by (simp add: one_float_def)
```
```  1103
```
```  1104 lemma bitlen_1: "bitlen 1 = 1"
```
```  1105   by (simp add: bitlen_def)
```
```  1106
```
```  1107 lemma mantissa_eq_zero_iff: "mantissa x = 0 \<longleftrightarrow> x = 0"
```
```  1108 proof
```
```  1109   assume "mantissa x = 0" hence z: "0 = real x" using mantissa_exponent by simp
```
```  1110   show "x = 0" by (simp add: zero_float_def z)
```
```  1111 qed (simp add: zero_float_def)
```
```  1112
```
```  1113 lemma float_upper_bound: "x \<le> 2 powr (bitlen \<bar>mantissa x\<bar> + exponent x)"
```
```  1114 proof (cases "x = 0", simp)
```
```  1115   assume "x \<noteq> 0" hence "mantissa x \<noteq> 0" using mantissa_eq_zero_iff by auto
```
```  1116   have "x = mantissa x * 2 powr (exponent x)" by (rule mantissa_exponent)
```
```  1117   also have "mantissa x \<le> \<bar>mantissa x\<bar>" by simp
```
```  1118   also have "... \<le> 2 powr (bitlen \<bar>mantissa x\<bar>)"
```
```  1119     using bitlen_bounds[of "\<bar>mantissa x\<bar>"] bitlen_nonneg `mantissa x \<noteq> 0`
```
```  1120     by (simp add: powr_int) (simp only: two_real_int int_of_reals real_of_int_abs[symmetric]
```
```  1121       real_of_int_le_iff less_imp_le)
```
```  1122   finally show ?thesis by (simp add: powr_add)
```
```  1123 qed
```
```  1124
```
```  1125 lemma float_divl_pos_less1_bound:
```
```  1126   "0 < real x \<Longrightarrow> real x < 1 \<Longrightarrow> prec \<ge> 1 \<Longrightarrow> 1 \<le> real (float_divl prec 1 x)"
```
```  1127 proof transfer
```
```  1128   fix prec :: nat and x :: real assume x: "0 < x" "x < 1" "x \<in> float" and prec: "1 \<le> prec"
```
```  1129   def p \<equiv> "int prec + \<lfloor>log 2 \<bar>x\<bar>\<rfloor>"
```
```  1130   show "1 \<le> round_down (int prec + \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - \<lfloor>log 2 \<bar>1\<bar>\<rfloor>) (1 / x) "
```
```  1131   proof cases
```
```  1132     assume nonneg: "0 \<le> p"
```
```  1133     hence "2 powr real (p) = floor (real ((2::int) ^ nat p)) * floor (1::real)"
```
```  1134       by (simp add: powr_int del: real_of_int_power) simp
```
```  1135     also have "floor (1::real) \<le> floor (1 / x)" using x prec by simp
```
```  1136     also have "floor (real ((2::int) ^ nat p)) * floor (1 / x) \<le>
```
```  1137       floor (real ((2::int) ^ nat p) * (1 / x))"
```
```  1138       by (rule le_mult_floor) (auto simp: x prec less_imp_le)
```
```  1139     finally have "2 powr real p \<le> floor (2 powr nat p / x)" by (simp add: powr_realpow)
```
```  1140     thus ?thesis unfolding p_def[symmetric]
```
```  1141       using x prec nonneg by (simp add: powr_minus inverse_eq_divide round_down_def)
```
```  1142   next
```
```  1143     assume neg: "\<not> 0 \<le> p"
```
```  1144
```
```  1145     have "x = 2 powr (log 2 x)"
```
```  1146       using x by simp
```
```  1147     also have "2 powr (log 2 x) \<le> 2 powr p"
```
```  1148     proof (rule powr_mono)
```
```  1149       have "log 2 x \<le> \<lceil>log 2 x\<rceil>"
```
```  1150         by simp
```
```  1151       also have "\<dots> \<le> \<lfloor>log 2 x\<rfloor> + 1"
```
```  1152         using ceiling_diff_floor_le_1[of "log 2 x"] by simp
```
```  1153       also have "\<dots> \<le> \<lfloor>log 2 x\<rfloor> + prec"
```
```  1154         using prec by simp
```
```  1155       finally show "log 2 x \<le> real p"
```
```  1156         using x by (simp add: p_def)
```
```  1157     qed simp
```
```  1158     finally have x_le: "x \<le> 2 powr p" .
```
```  1159
```
```  1160     from neg have "2 powr real p \<le> 2 powr 0"
```
```  1161       by (intro powr_mono) auto
```
```  1162     also have "\<dots> \<le> \<lfloor>2 powr 0\<rfloor>" by simp
```
```  1163     also have "\<dots> \<le> \<lfloor>2 powr real p / x\<rfloor>" unfolding real_of_int_le_iff
```
```  1164       using x x_le by (intro floor_mono) (simp add:  pos_le_divide_eq mult_pos_pos)
```
```  1165     finally show ?thesis
```
```  1166       using prec x unfolding p_def[symmetric]
```
```  1167       by (simp add: round_down_def powr_minus_divide pos_le_divide_eq mult_pos_pos)
```
```  1168   qed
```
```  1169 qed
```
```  1170
```
```  1171 lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
```
```  1172   using round_up by transfer simp
```
```  1173
```
```  1174 lemma float_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 \<le> float_divr prec 1 x"
```
```  1175 proof -
```
```  1176   have "1 \<le> 1 / real x" using `0 < x` and `x < 1` by auto
```
```  1177   also have "\<dots> \<le> real (float_divr prec 1 x)" using float_divr[where x=1 and y=x] by auto
```
```  1178   finally show ?thesis by auto
```
```  1179 qed
```
```  1180
```
```  1181 lemma float_divr_nonpos_pos_upper_bound:
```
```  1182   "real x \<le> 0 \<Longrightarrow> 0 < real y \<Longrightarrow> real (float_divr prec x y) \<le> 0"
```
```  1183   by transfer (auto simp: field_simps mult_le_0_iff divide_le_0_iff round_up_def)
```
```  1184
```
```  1185 lemma float_divr_nonneg_neg_upper_bound:
```
```  1186   "0 \<le> real x \<Longrightarrow> real y < 0 \<Longrightarrow> real (float_divr prec x y) \<le> 0"
```
```  1187   by transfer (auto simp: field_simps mult_le_0_iff zero_le_mult_iff divide_le_0_iff round_up_def)
```
```  1188
```
```  1189 lift_definition float_round_up :: "nat \<Rightarrow> float \<Rightarrow> float" is
```
```  1190   "\<lambda>(prec::nat) x. round_up (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x" by simp
```
```  1191
```
```  1192 lemma float_round_up: "real x \<le> real (float_round_up prec x)"
```
```  1193   using round_up by transfer simp
```
```  1194
```
```  1195 lift_definition float_round_down :: "nat \<Rightarrow> float \<Rightarrow> float" is
```
```  1196   "\<lambda>(prec::nat) x. round_down (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x" by simp
```
```  1197
```
```  1198 lemma float_round_down: "real (float_round_down prec x) \<le> real x"
```
```  1199   using round_down by transfer simp
```
```  1200
```
```  1201 lemma floor_add2[simp]: "\<lfloor> real i + x \<rfloor> = i + \<lfloor> x \<rfloor>"
```
```  1202   using floor_add[of x i] by (simp del: floor_add add: ac_simps)
```
```  1203
```
```  1204 lemma compute_float_round_down[code]:
```
```  1205   "float_round_down prec (Float m e) = (let d = bitlen (abs m) - int prec in
```
```  1206     if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)
```
```  1207              else Float m e)"
```
```  1208   using compute_float_down[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
```
```  1209   unfolding Let_def
```
```  1210   by transfer (simp add: field_simps abs_mult log_mult bitlen_def cong del: if_weak_cong)
```
```  1211
```
```  1212 lemma compute_float_round_up[code]:
```
```  1213   "float_round_up prec (Float m e) = (let d = (bitlen (abs m) - int prec) in
```
```  1214      if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P
```
```  1215                    in Float (n + (if r = 0 then 0 else 1)) (e + d)
```
```  1216               else Float m e)"
```
```  1217   using compute_float_up[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
```
```  1218   unfolding Let_def
```
```  1219   by transfer (simp add: field_simps abs_mult log_mult bitlen_def cong del: if_weak_cong)
```
```  1220
```
```  1221 lemma Float_le_zero_iff: "Float a b \<le> 0 \<longleftrightarrow> a \<le> 0"
```
```  1222  apply (auto simp: zero_float_def mult_le_0_iff)
```
```  1223  using powr_gt_zero[of 2 b] by simp
```
```  1224
```
```  1225 (* TODO: how to use as code equation? -> pprt_float?! *)
```
```  1226 lemma compute_pprt[code]: "pprt (Float a e) = (if a <= 0 then 0 else (Float a e))"
```
```  1227 unfolding pprt_def sup_float_def max_def Float_le_zero_iff ..
```
```  1228
```
```  1229 (* TODO: how to use as code equation? *)
```
```  1230 lemma compute_nprt[code]: "nprt (Float a e) = (if a <= 0 then (Float a e) else 0)"
```
```  1231 unfolding nprt_def inf_float_def min_def Float_le_zero_iff ..
```
```  1232
```
```  1233 lemma of_float_pprt[simp]: fixes a::float shows "real (pprt a) = pprt (real a)"
```
```  1234   unfolding pprt_def sup_float_def max_def sup_real_def by auto
```
```  1235
```
```  1236 lemma of_float_nprt[simp]: fixes a::float shows "real (nprt a) = nprt (real a)"
```
```  1237   unfolding nprt_def inf_float_def min_def inf_real_def by auto
```
```  1238
```
```  1239 lift_definition int_floor_fl :: "float \<Rightarrow> int" is floor by simp
```
```  1240
```
```  1241 lemma compute_int_floor_fl[code]:
```
```  1242   "int_floor_fl (Float m e) = (if 0 \<le> e then m * 2 ^ nat e else m div (2 ^ (nat (-e))))"
```
```  1243   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
```
```  1244
```
```  1245 lift_definition floor_fl :: "float \<Rightarrow> float" is "\<lambda>x. real (floor x)" by simp
```
```  1246
```
```  1247 lemma compute_floor_fl[code]:
```
```  1248   "floor_fl (Float m e) = (if 0 \<le> e then Float m e else Float (m div (2 ^ (nat (-e)))) 0)"
```
```  1249   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
```
```  1250
```
```  1251 lemma floor_fl: "real (floor_fl x) \<le> real x" by transfer simp
```
```  1252
```
```  1253 lemma int_floor_fl: "real (int_floor_fl x) \<le> real x" by transfer simp
```
```  1254
```
```  1255 lemma floor_pos_exp: "exponent (floor_fl x) \<ge> 0"
```
```  1256 proof cases
```
```  1257   assume nzero: "floor_fl x \<noteq> float_of 0"
```
```  1258   have "floor_fl x = Float \<lfloor>real x\<rfloor> 0" by transfer simp
```
```  1259   from denormalize_shift[OF this[THEN eq_reflection] nzero] guess i . note i = this
```
```  1260   thus ?thesis by simp
```
```  1261 qed (simp add: floor_fl_def)
```
```  1262
```
```  1263 end
```
```  1264
```