src/HOL/Divides.thy
author nipkow
Fri Mar 06 17:38:47 2009 +0100 (2009-03-06)
changeset 30313 b2441b0c8d38
parent 30242 aea5d7fa7ef5
child 30476 0a41b0662264
child 30496 7cdcc9dd95cb
permissions -rw-r--r--
added lemmas
     1 (*  Title:      HOL/Divides.thy
     2     ID:         $Id$
     3     Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
     4     Copyright   1999  University of Cambridge
     5 *)
     6 
     7 header {* The division operators div and mod *}
     8 
     9 theory Divides
    10 imports Nat Power Product_Type
    11 uses "~~/src/Provers/Arith/cancel_div_mod.ML"
    12 begin
    13 
    14 subsection {* Syntactic division operations *}
    15 
    16 class div = dvd +
    17   fixes div :: "'a \<Rightarrow> 'a \<Rightarrow> 'a" (infixl "div" 70)
    18     and mod :: "'a \<Rightarrow> 'a \<Rightarrow> 'a" (infixl "mod" 70)
    19 
    20 
    21 subsection {* Abstract division in commutative semirings. *}
    22 
    23 class semiring_div = comm_semiring_1_cancel + div +
    24   assumes mod_div_equality: "a div b * b + a mod b = a"
    25     and div_by_0 [simp]: "a div 0 = 0"
    26     and div_0 [simp]: "0 div a = 0"
    27     and div_mult_self1 [simp]: "b \<noteq> 0 \<Longrightarrow> (a + c * b) div b = c + a div b"
    28 begin
    29 
    30 text {* @{const div} and @{const mod} *}
    31 
    32 lemma mod_div_equality2: "b * (a div b) + a mod b = a"
    33   unfolding mult_commute [of b]
    34   by (rule mod_div_equality)
    35 
    36 lemma mod_div_equality': "a mod b + a div b * b = a"
    37   using mod_div_equality [of a b]
    38   by (simp only: add_ac)
    39 
    40 lemma div_mod_equality: "((a div b) * b + a mod b) + c = a + c"
    41 by (simp add: mod_div_equality)
    42 
    43 lemma div_mod_equality2: "(b * (a div b) + a mod b) + c = a + c"
    44 by (simp add: mod_div_equality2)
    45 
    46 lemma mod_by_0 [simp]: "a mod 0 = a"
    47 using mod_div_equality [of a zero] by simp
    48 
    49 lemma mod_0 [simp]: "0 mod a = 0"
    50 using mod_div_equality [of zero a] div_0 by simp
    51 
    52 lemma div_mult_self2 [simp]:
    53   assumes "b \<noteq> 0"
    54   shows "(a + b * c) div b = c + a div b"
    55   using assms div_mult_self1 [of b a c] by (simp add: mult_commute)
    56 
    57 lemma mod_mult_self1 [simp]: "(a + c * b) mod b = a mod b"
    58 proof (cases "b = 0")
    59   case True then show ?thesis by simp
    60 next
    61   case False
    62   have "a + c * b = (a + c * b) div b * b + (a + c * b) mod b"
    63     by (simp add: mod_div_equality)
    64   also from False div_mult_self1 [of b a c] have
    65     "\<dots> = (c + a div b) * b + (a + c * b) mod b"
    66       by (simp add: algebra_simps)
    67   finally have "a = a div b * b + (a + c * b) mod b"
    68     by (simp add: add_commute [of a] add_assoc left_distrib)
    69   then have "a div b * b + (a + c * b) mod b = a div b * b + a mod b"
    70     by (simp add: mod_div_equality)
    71   then show ?thesis by simp
    72 qed
    73 
    74 lemma mod_mult_self2 [simp]: "(a + b * c) mod b = a mod b"
    75 by (simp add: mult_commute [of b])
    76 
    77 lemma div_mult_self1_is_id [simp]: "b \<noteq> 0 \<Longrightarrow> b * a div b = a"
    78   using div_mult_self2 [of b 0 a] by simp
    79 
    80 lemma div_mult_self2_is_id [simp]: "b \<noteq> 0 \<Longrightarrow> a * b div b = a"
    81   using div_mult_self1 [of b 0 a] by simp
    82 
    83 lemma mod_mult_self1_is_0 [simp]: "b * a mod b = 0"
    84   using mod_mult_self2 [of 0 b a] by simp
    85 
    86 lemma mod_mult_self2_is_0 [simp]: "a * b mod b = 0"
    87   using mod_mult_self1 [of 0 a b] by simp
    88 
    89 lemma div_by_1 [simp]: "a div 1 = a"
    90   using div_mult_self2_is_id [of 1 a] zero_neq_one by simp
    91 
    92 lemma mod_by_1 [simp]: "a mod 1 = 0"
    93 proof -
    94   from mod_div_equality [of a one] div_by_1 have "a + a mod 1 = a" by simp
    95   then have "a + a mod 1 = a + 0" by simp
    96   then show ?thesis by (rule add_left_imp_eq)
    97 qed
    98 
    99 lemma mod_self [simp]: "a mod a = 0"
   100   using mod_mult_self2_is_0 [of 1] by simp
   101 
   102 lemma div_self [simp]: "a \<noteq> 0 \<Longrightarrow> a div a = 1"
   103   using div_mult_self2_is_id [of _ 1] by simp
   104 
   105 lemma div_add_self1 [simp]:
   106   assumes "b \<noteq> 0"
   107   shows "(b + a) div b = a div b + 1"
   108   using assms div_mult_self1 [of b a 1] by (simp add: add_commute)
   109 
   110 lemma div_add_self2 [simp]:
   111   assumes "b \<noteq> 0"
   112   shows "(a + b) div b = a div b + 1"
   113   using assms div_add_self1 [of b a] by (simp add: add_commute)
   114 
   115 lemma mod_add_self1 [simp]:
   116   "(b + a) mod b = a mod b"
   117   using mod_mult_self1 [of a 1 b] by (simp add: add_commute)
   118 
   119 lemma mod_add_self2 [simp]:
   120   "(a + b) mod b = a mod b"
   121   using mod_mult_self1 [of a 1 b] by simp
   122 
   123 lemma mod_div_decomp:
   124   fixes a b
   125   obtains q r where "q = a div b" and "r = a mod b"
   126     and "a = q * b + r"
   127 proof -
   128   from mod_div_equality have "a = a div b * b + a mod b" by simp
   129   moreover have "a div b = a div b" ..
   130   moreover have "a mod b = a mod b" ..
   131   note that ultimately show thesis by blast
   132 qed
   133 
   134 lemma dvd_eq_mod_eq_0 [code unfold]: "a dvd b \<longleftrightarrow> b mod a = 0"
   135 proof
   136   assume "b mod a = 0"
   137   with mod_div_equality [of b a] have "b div a * a = b" by simp
   138   then have "b = a * (b div a)" unfolding mult_commute ..
   139   then have "\<exists>c. b = a * c" ..
   140   then show "a dvd b" unfolding dvd_def .
   141 next
   142   assume "a dvd b"
   143   then have "\<exists>c. b = a * c" unfolding dvd_def .
   144   then obtain c where "b = a * c" ..
   145   then have "b mod a = a * c mod a" by simp
   146   then have "b mod a = c * a mod a" by (simp add: mult_commute)
   147   then show "b mod a = 0" by simp
   148 qed
   149 
   150 lemma mod_div_trivial [simp]: "a mod b div b = 0"
   151 proof (cases "b = 0")
   152   assume "b = 0"
   153   thus ?thesis by simp
   154 next
   155   assume "b \<noteq> 0"
   156   hence "a div b + a mod b div b = (a mod b + a div b * b) div b"
   157     by (rule div_mult_self1 [symmetric])
   158   also have "\<dots> = a div b"
   159     by (simp only: mod_div_equality')
   160   also have "\<dots> = a div b + 0"
   161     by simp
   162   finally show ?thesis
   163     by (rule add_left_imp_eq)
   164 qed
   165 
   166 lemma mod_mod_trivial [simp]: "a mod b mod b = a mod b"
   167 proof -
   168   have "a mod b mod b = (a mod b + a div b * b) mod b"
   169     by (simp only: mod_mult_self1)
   170   also have "\<dots> = a mod b"
   171     by (simp only: mod_div_equality')
   172   finally show ?thesis .
   173 qed
   174 
   175 lemma dvd_imp_mod_0: "a dvd b \<Longrightarrow> b mod a = 0"
   176 by (rule dvd_eq_mod_eq_0[THEN iffD1])
   177 
   178 lemma dvd_div_mult_self: "a dvd b \<Longrightarrow> (b div a) * a = b"
   179 by (subst (2) mod_div_equality [of b a, symmetric]) (simp add:dvd_imp_mod_0)
   180 
   181 lemma dvd_div_mult: "a dvd b \<Longrightarrow> (b div a) * c = b * c div a"
   182 apply (cases "a = 0")
   183  apply simp
   184 apply (auto simp: dvd_def mult_assoc)
   185 done
   186 
   187 lemma div_dvd_div[simp]:
   188   "a dvd b \<Longrightarrow> a dvd c \<Longrightarrow> (b div a dvd c div a) = (b dvd c)"
   189 apply (cases "a = 0")
   190  apply simp
   191 apply (unfold dvd_def)
   192 apply auto
   193  apply(blast intro:mult_assoc[symmetric])
   194 apply(fastsimp simp add: mult_assoc)
   195 done
   196 
   197 lemma dvd_mod_imp_dvd: "[| k dvd m mod n;  k dvd n |] ==> k dvd m"
   198   apply (subgoal_tac "k dvd (m div n) *n + m mod n")
   199    apply (simp add: mod_div_equality)
   200   apply (simp only: dvd_add dvd_mult)
   201   done
   202 
   203 text {* Addition respects modular equivalence. *}
   204 
   205 lemma mod_add_left_eq: "(a + b) mod c = (a mod c + b) mod c"
   206 proof -
   207   have "(a + b) mod c = (a div c * c + a mod c + b) mod c"
   208     by (simp only: mod_div_equality)
   209   also have "\<dots> = (a mod c + b + a div c * c) mod c"
   210     by (simp only: add_ac)
   211   also have "\<dots> = (a mod c + b) mod c"
   212     by (rule mod_mult_self1)
   213   finally show ?thesis .
   214 qed
   215 
   216 lemma mod_add_right_eq: "(a + b) mod c = (a + b mod c) mod c"
   217 proof -
   218   have "(a + b) mod c = (a + (b div c * c + b mod c)) mod c"
   219     by (simp only: mod_div_equality)
   220   also have "\<dots> = (a + b mod c + b div c * c) mod c"
   221     by (simp only: add_ac)
   222   also have "\<dots> = (a + b mod c) mod c"
   223     by (rule mod_mult_self1)
   224   finally show ?thesis .
   225 qed
   226 
   227 lemma mod_add_eq: "(a + b) mod c = (a mod c + b mod c) mod c"
   228 by (rule trans [OF mod_add_left_eq mod_add_right_eq])
   229 
   230 lemma mod_add_cong:
   231   assumes "a mod c = a' mod c"
   232   assumes "b mod c = b' mod c"
   233   shows "(a + b) mod c = (a' + b') mod c"
   234 proof -
   235   have "(a mod c + b mod c) mod c = (a' mod c + b' mod c) mod c"
   236     unfolding assms ..
   237   thus ?thesis
   238     by (simp only: mod_add_eq [symmetric])
   239 qed
   240 
   241 text {* Multiplication respects modular equivalence. *}
   242 
   243 lemma mod_mult_left_eq: "(a * b) mod c = ((a mod c) * b) mod c"
   244 proof -
   245   have "(a * b) mod c = ((a div c * c + a mod c) * b) mod c"
   246     by (simp only: mod_div_equality)
   247   also have "\<dots> = (a mod c * b + a div c * b * c) mod c"
   248     by (simp only: algebra_simps)
   249   also have "\<dots> = (a mod c * b) mod c"
   250     by (rule mod_mult_self1)
   251   finally show ?thesis .
   252 qed
   253 
   254 lemma mod_mult_right_eq: "(a * b) mod c = (a * (b mod c)) mod c"
   255 proof -
   256   have "(a * b) mod c = (a * (b div c * c + b mod c)) mod c"
   257     by (simp only: mod_div_equality)
   258   also have "\<dots> = (a * (b mod c) + a * (b div c) * c) mod c"
   259     by (simp only: algebra_simps)
   260   also have "\<dots> = (a * (b mod c)) mod c"
   261     by (rule mod_mult_self1)
   262   finally show ?thesis .
   263 qed
   264 
   265 lemma mod_mult_eq: "(a * b) mod c = ((a mod c) * (b mod c)) mod c"
   266 by (rule trans [OF mod_mult_left_eq mod_mult_right_eq])
   267 
   268 lemma mod_mult_cong:
   269   assumes "a mod c = a' mod c"
   270   assumes "b mod c = b' mod c"
   271   shows "(a * b) mod c = (a' * b') mod c"
   272 proof -
   273   have "(a mod c * (b mod c)) mod c = (a' mod c * (b' mod c)) mod c"
   274     unfolding assms ..
   275   thus ?thesis
   276     by (simp only: mod_mult_eq [symmetric])
   277 qed
   278 
   279 lemma mod_mod_cancel:
   280   assumes "c dvd b"
   281   shows "a mod b mod c = a mod c"
   282 proof -
   283   from `c dvd b` obtain k where "b = c * k"
   284     by (rule dvdE)
   285   have "a mod b mod c = a mod (c * k) mod c"
   286     by (simp only: `b = c * k`)
   287   also have "\<dots> = (a mod (c * k) + a div (c * k) * k * c) mod c"
   288     by (simp only: mod_mult_self1)
   289   also have "\<dots> = (a div (c * k) * (c * k) + a mod (c * k)) mod c"
   290     by (simp only: add_ac mult_ac)
   291   also have "\<dots> = a mod c"
   292     by (simp only: mod_div_equality)
   293   finally show ?thesis .
   294 qed
   295 
   296 end
   297 
   298 class ring_div = semiring_div + comm_ring_1
   299 begin
   300 
   301 text {* Negation respects modular equivalence. *}
   302 
   303 lemma mod_minus_eq: "(- a) mod b = (- (a mod b)) mod b"
   304 proof -
   305   have "(- a) mod b = (- (a div b * b + a mod b)) mod b"
   306     by (simp only: mod_div_equality)
   307   also have "\<dots> = (- (a mod b) + - (a div b) * b) mod b"
   308     by (simp only: minus_add_distrib minus_mult_left add_ac)
   309   also have "\<dots> = (- (a mod b)) mod b"
   310     by (rule mod_mult_self1)
   311   finally show ?thesis .
   312 qed
   313 
   314 lemma mod_minus_cong:
   315   assumes "a mod b = a' mod b"
   316   shows "(- a) mod b = (- a') mod b"
   317 proof -
   318   have "(- (a mod b)) mod b = (- (a' mod b)) mod b"
   319     unfolding assms ..
   320   thus ?thesis
   321     by (simp only: mod_minus_eq [symmetric])
   322 qed
   323 
   324 text {* Subtraction respects modular equivalence. *}
   325 
   326 lemma mod_diff_left_eq: "(a - b) mod c = (a mod c - b) mod c"
   327   unfolding diff_minus
   328   by (intro mod_add_cong mod_minus_cong) simp_all
   329 
   330 lemma mod_diff_right_eq: "(a - b) mod c = (a - b mod c) mod c"
   331   unfolding diff_minus
   332   by (intro mod_add_cong mod_minus_cong) simp_all
   333 
   334 lemma mod_diff_eq: "(a - b) mod c = (a mod c - b mod c) mod c"
   335   unfolding diff_minus
   336   by (intro mod_add_cong mod_minus_cong) simp_all
   337 
   338 lemma mod_diff_cong:
   339   assumes "a mod c = a' mod c"
   340   assumes "b mod c = b' mod c"
   341   shows "(a - b) mod c = (a' - b') mod c"
   342   unfolding diff_minus using assms
   343   by (intro mod_add_cong mod_minus_cong)
   344 
   345 lemma dvd_neg_div: "y dvd x \<Longrightarrow> -x div y = - (x div y)"
   346 apply (case_tac "y = 0") apply simp
   347 apply (auto simp add: dvd_def)
   348 apply (subgoal_tac "-(y * k) = y * - k")
   349  apply (erule ssubst)
   350  apply (erule div_mult_self1_is_id)
   351 apply simp
   352 done
   353 
   354 lemma dvd_div_neg: "y dvd x \<Longrightarrow> x div -y = - (x div y)"
   355 apply (case_tac "y = 0") apply simp
   356 apply (auto simp add: dvd_def)
   357 apply (subgoal_tac "y * k = -y * -k")
   358  apply (erule ssubst)
   359  apply (rule div_mult_self1_is_id)
   360  apply simp
   361 apply simp
   362 done
   363 
   364 end
   365 
   366 
   367 subsection {* Division on @{typ nat} *}
   368 
   369 text {*
   370   We define @{const div} and @{const mod} on @{typ nat} by means
   371   of a characteristic relation with two input arguments
   372   @{term "m\<Colon>nat"}, @{term "n\<Colon>nat"} and two output arguments
   373   @{term "q\<Colon>nat"}(uotient) and @{term "r\<Colon>nat"}(emainder).
   374 *}
   375 
   376 definition divmod_rel :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> bool" where
   377   "divmod_rel m n q r \<longleftrightarrow> m = q * n + r \<and> (if n > 0 then 0 \<le> r \<and> r < n else q = 0)"
   378 
   379 text {* @{const divmod_rel} is total: *}
   380 
   381 lemma divmod_rel_ex:
   382   obtains q r where "divmod_rel m n q r"
   383 proof (cases "n = 0")
   384   case True with that show thesis
   385     by (auto simp add: divmod_rel_def)
   386 next
   387   case False
   388   have "\<exists>q r. m = q * n + r \<and> r < n"
   389   proof (induct m)
   390     case 0 with `n \<noteq> 0`
   391     have "(0\<Colon>nat) = 0 * n + 0 \<and> 0 < n" by simp
   392     then show ?case by blast
   393   next
   394     case (Suc m) then obtain q' r'
   395       where m: "m = q' * n + r'" and n: "r' < n" by auto
   396     then show ?case proof (cases "Suc r' < n")
   397       case True
   398       from m n have "Suc m = q' * n + Suc r'" by simp
   399       with True show ?thesis by blast
   400     next
   401       case False then have "n \<le> Suc r'" by auto
   402       moreover from n have "Suc r' \<le> n" by auto
   403       ultimately have "n = Suc r'" by auto
   404       with m have "Suc m = Suc q' * n + 0" by simp
   405       with `n \<noteq> 0` show ?thesis by blast
   406     qed
   407   qed
   408   with that show thesis
   409     using `n \<noteq> 0` by (auto simp add: divmod_rel_def)
   410 qed
   411 
   412 text {* @{const divmod_rel} is injective: *}
   413 
   414 lemma divmod_rel_unique_div:
   415   assumes "divmod_rel m n q r"
   416     and "divmod_rel m n q' r'"
   417   shows "q = q'"
   418 proof (cases "n = 0")
   419   case True with assms show ?thesis
   420     by (simp add: divmod_rel_def)
   421 next
   422   case False
   423   have aux: "\<And>q r q' r'. q' * n + r' = q * n + r \<Longrightarrow> r < n \<Longrightarrow> q' \<le> (q\<Colon>nat)"
   424   apply (rule leI)
   425   apply (subst less_iff_Suc_add)
   426   apply (auto simp add: add_mult_distrib)
   427   done
   428   from `n \<noteq> 0` assms show ?thesis
   429     by (auto simp add: divmod_rel_def
   430       intro: order_antisym dest: aux sym)
   431 qed
   432 
   433 lemma divmod_rel_unique_mod:
   434   assumes "divmod_rel m n q r"
   435     and "divmod_rel m n q' r'"
   436   shows "r = r'"
   437 proof -
   438   from assms have "q = q'" by (rule divmod_rel_unique_div)
   439   with assms show ?thesis by (simp add: divmod_rel_def)
   440 qed
   441 
   442 text {*
   443   We instantiate divisibility on the natural numbers by
   444   means of @{const divmod_rel}:
   445 *}
   446 
   447 instantiation nat :: semiring_div
   448 begin
   449 
   450 definition divmod :: "nat \<Rightarrow> nat \<Rightarrow> nat \<times> nat" where
   451   [code del]: "divmod m n = (THE (q, r). divmod_rel m n q r)"
   452 
   453 definition div_nat where
   454   "m div n = fst (divmod m n)"
   455 
   456 definition mod_nat where
   457   "m mod n = snd (divmod m n)"
   458 
   459 lemma divmod_div_mod:
   460   "divmod m n = (m div n, m mod n)"
   461   unfolding div_nat_def mod_nat_def by simp
   462 
   463 lemma divmod_eq:
   464   assumes "divmod_rel m n q r" 
   465   shows "divmod m n = (q, r)"
   466   using assms by (auto simp add: divmod_def
   467     dest: divmod_rel_unique_div divmod_rel_unique_mod)
   468 
   469 lemma div_eq:
   470   assumes "divmod_rel m n q r" 
   471   shows "m div n = q"
   472   using assms by (auto dest: divmod_eq simp add: div_nat_def)
   473 
   474 lemma mod_eq:
   475   assumes "divmod_rel m n q r" 
   476   shows "m mod n = r"
   477   using assms by (auto dest: divmod_eq simp add: mod_nat_def)
   478 
   479 lemma divmod_rel: "divmod_rel m n (m div n) (m mod n)"
   480 proof -
   481   from divmod_rel_ex
   482     obtain q r where rel: "divmod_rel m n q r" .
   483   moreover with div_eq mod_eq have "m div n = q" and "m mod n = r"
   484     by simp_all
   485   ultimately show ?thesis by simp
   486 qed
   487 
   488 lemma divmod_zero:
   489   "divmod m 0 = (0, m)"
   490 proof -
   491   from divmod_rel [of m 0] show ?thesis
   492     unfolding divmod_div_mod divmod_rel_def by simp
   493 qed
   494 
   495 lemma divmod_base:
   496   assumes "m < n"
   497   shows "divmod m n = (0, m)"
   498 proof -
   499   from divmod_rel [of m n] show ?thesis
   500     unfolding divmod_div_mod divmod_rel_def
   501     using assms by (cases "m div n = 0")
   502       (auto simp add: gr0_conv_Suc [of "m div n"])
   503 qed
   504 
   505 lemma divmod_step:
   506   assumes "0 < n" and "n \<le> m"
   507   shows "divmod m n = (Suc ((m - n) div n), (m - n) mod n)"
   508 proof -
   509   from divmod_rel have divmod_m_n: "divmod_rel m n (m div n) (m mod n)" .
   510   with assms have m_div_n: "m div n \<ge> 1"
   511     by (cases "m div n") (auto simp add: divmod_rel_def)
   512   from assms divmod_m_n have "divmod_rel (m - n) n (m div n - Suc 0) (m mod n)"
   513     by (cases "m div n") (auto simp add: divmod_rel_def)
   514   with divmod_eq have "divmod (m - n) n = (m div n - Suc 0, m mod n)" by simp
   515   moreover from divmod_div_mod have "divmod (m - n) n = ((m - n) div n, (m - n) mod n)" .
   516   ultimately have "m div n = Suc ((m - n) div n)"
   517     and "m mod n = (m - n) mod n" using m_div_n by simp_all
   518   then show ?thesis using divmod_div_mod by simp
   519 qed
   520 
   521 text {* The ''recursion'' equations for @{const div} and @{const mod} *}
   522 
   523 lemma div_less [simp]:
   524   fixes m n :: nat
   525   assumes "m < n"
   526   shows "m div n = 0"
   527   using assms divmod_base divmod_div_mod by simp
   528 
   529 lemma le_div_geq:
   530   fixes m n :: nat
   531   assumes "0 < n" and "n \<le> m"
   532   shows "m div n = Suc ((m - n) div n)"
   533   using assms divmod_step divmod_div_mod by simp
   534 
   535 lemma mod_less [simp]:
   536   fixes m n :: nat
   537   assumes "m < n"
   538   shows "m mod n = m"
   539   using assms divmod_base divmod_div_mod by simp
   540 
   541 lemma le_mod_geq:
   542   fixes m n :: nat
   543   assumes "n \<le> m"
   544   shows "m mod n = (m - n) mod n"
   545   using assms divmod_step divmod_div_mod by (cases "n = 0") simp_all
   546 
   547 instance proof
   548   fix m n :: nat show "m div n * n + m mod n = m"
   549     using divmod_rel [of m n] by (simp add: divmod_rel_def)
   550 next
   551   fix n :: nat show "n div 0 = 0"
   552     using divmod_zero divmod_div_mod [of n 0] by simp
   553 next
   554   fix n :: nat show "0 div n = 0"
   555     using divmod_rel [of 0 n] by (cases n) (simp_all add: divmod_rel_def)
   556 next
   557   fix m n q :: nat assume "n \<noteq> 0" then show "(q + m * n) div n = m + q div n"
   558     by (induct m) (simp_all add: le_div_geq)
   559 qed
   560 
   561 end
   562 
   563 text {* Simproc for cancelling @{const div} and @{const mod} *}
   564 
   565 (*lemmas mod_div_equality_nat = semiring_div_class.times_div_mod_plus_zero_one.mod_div_equality [of "m\<Colon>nat" n, standard]
   566 lemmas mod_div_equality2_nat = mod_div_equality2 [of "n\<Colon>nat" m, standard*)
   567 
   568 ML {*
   569 structure CancelDivModData =
   570 struct
   571 
   572 val div_name = @{const_name div};
   573 val mod_name = @{const_name mod};
   574 val mk_binop = HOLogic.mk_binop;
   575 val mk_sum = ArithData.mk_sum;
   576 val dest_sum = ArithData.dest_sum;
   577 
   578 (*logic*)
   579 
   580 val div_mod_eqs = map mk_meta_eq [@{thm div_mod_equality}, @{thm div_mod_equality2}]
   581 
   582 val trans = trans
   583 
   584 val prove_eq_sums =
   585   let val simps = @{thm add_0} :: @{thm add_0_right} :: @{thms add_ac}
   586   in ArithData.prove_conv all_tac (ArithData.simp_all_tac simps) end;
   587 
   588 end;
   589 
   590 structure CancelDivMod = CancelDivModFun(CancelDivModData);
   591 
   592 val cancel_div_mod_proc = Simplifier.simproc (the_context ())
   593   "cancel_div_mod" ["(m::nat) + n"] (K CancelDivMod.proc);
   594 
   595 Addsimprocs[cancel_div_mod_proc];
   596 *}
   597 
   598 text {* code generator setup *}
   599 
   600 lemma divmod_if [code]: "divmod m n = (if n = 0 \<or> m < n then (0, m) else
   601   let (q, r) = divmod (m - n) n in (Suc q, r))"
   602 by (simp add: divmod_zero divmod_base divmod_step)
   603     (simp add: divmod_div_mod)
   604 
   605 code_modulename SML
   606   Divides Nat
   607 
   608 code_modulename OCaml
   609   Divides Nat
   610 
   611 code_modulename Haskell
   612   Divides Nat
   613 
   614 
   615 subsubsection {* Quotient *}
   616 
   617 lemma div_geq: "0 < n \<Longrightarrow>  \<not> m < n \<Longrightarrow> m div n = Suc ((m - n) div n)"
   618 by (simp add: le_div_geq linorder_not_less)
   619 
   620 lemma div_if: "0 < n \<Longrightarrow> m div n = (if m < n then 0 else Suc ((m - n) div n))"
   621 by (simp add: div_geq)
   622 
   623 lemma div_mult_self_is_m [simp]: "0<n ==> (m*n) div n = (m::nat)"
   624 by simp
   625 
   626 lemma div_mult_self1_is_m [simp]: "0<n ==> (n*m) div n = (m::nat)"
   627 by simp
   628 
   629 
   630 subsubsection {* Remainder *}
   631 
   632 lemma mod_less_divisor [simp]:
   633   fixes m n :: nat
   634   assumes "n > 0"
   635   shows "m mod n < (n::nat)"
   636   using assms divmod_rel unfolding divmod_rel_def by auto
   637 
   638 lemma mod_less_eq_dividend [simp]:
   639   fixes m n :: nat
   640   shows "m mod n \<le> m"
   641 proof (rule add_leD2)
   642   from mod_div_equality have "m div n * n + m mod n = m" .
   643   then show "m div n * n + m mod n \<le> m" by auto
   644 qed
   645 
   646 lemma mod_geq: "\<not> m < (n\<Colon>nat) \<Longrightarrow> m mod n = (m - n) mod n"
   647 by (simp add: le_mod_geq linorder_not_less)
   648 
   649 lemma mod_if: "m mod (n\<Colon>nat) = (if m < n then m else (m - n) mod n)"
   650 by (simp add: le_mod_geq)
   651 
   652 lemma mod_1 [simp]: "m mod Suc 0 = 0"
   653 by (induct m) (simp_all add: mod_geq)
   654 
   655 lemma mod_mult_distrib: "(m mod n) * (k\<Colon>nat) = (m * k) mod (n * k)"
   656   apply (cases "n = 0", simp)
   657   apply (cases "k = 0", simp)
   658   apply (induct m rule: nat_less_induct)
   659   apply (subst mod_if, simp)
   660   apply (simp add: mod_geq diff_mult_distrib)
   661   done
   662 
   663 lemma mod_mult_distrib2: "(k::nat) * (m mod n) = (k*m) mod (k*n)"
   664 by (simp add: mult_commute [of k] mod_mult_distrib)
   665 
   666 (* a simple rearrangement of mod_div_equality: *)
   667 lemma mult_div_cancel: "(n::nat) * (m div n) = m - (m mod n)"
   668 by (cut_tac a = m and b = n in mod_div_equality2, arith)
   669 
   670 lemma mod_le_divisor[simp]: "0 < n \<Longrightarrow> m mod n \<le> (n::nat)"
   671   apply (drule mod_less_divisor [where m = m])
   672   apply simp
   673   done
   674 
   675 subsubsection {* Quotient and Remainder *}
   676 
   677 lemma divmod_rel_mult1_eq:
   678   "[| divmod_rel b c q r; c > 0 |]
   679    ==> divmod_rel (a*b) c (a*q + a*r div c) (a*r mod c)"
   680 by (auto simp add: split_ifs divmod_rel_def algebra_simps)
   681 
   682 lemma div_mult1_eq: "(a*b) div c = a*(b div c) + a*(b mod c) div (c::nat)"
   683 apply (cases "c = 0", simp)
   684 apply (blast intro: divmod_rel [THEN divmod_rel_mult1_eq, THEN div_eq])
   685 done
   686 
   687 lemma divmod_rel_add1_eq:
   688   "[| divmod_rel a c aq ar; divmod_rel b c bq br;  c > 0 |]
   689    ==> divmod_rel (a + b) c (aq + bq + (ar+br) div c) ((ar + br) mod c)"
   690 by (auto simp add: split_ifs divmod_rel_def algebra_simps)
   691 
   692 (*NOT suitable for rewriting: the RHS has an instance of the LHS*)
   693 lemma div_add1_eq:
   694   "(a+b) div (c::nat) = a div c + b div c + ((a mod c + b mod c) div c)"
   695 apply (cases "c = 0", simp)
   696 apply (blast intro: divmod_rel_add1_eq [THEN div_eq] divmod_rel)
   697 done
   698 
   699 lemma mod_lemma: "[| (0::nat) < c; r < b |] ==> b * (q mod c) + r < b * c"
   700   apply (cut_tac m = q and n = c in mod_less_divisor)
   701   apply (drule_tac [2] m = "q mod c" in less_imp_Suc_add, auto)
   702   apply (erule_tac P = "%x. ?lhs < ?rhs x" in ssubst)
   703   apply (simp add: add_mult_distrib2)
   704   done
   705 
   706 lemma divmod_rel_mult2_eq: "[| divmod_rel a b q r;  0 < b;  0 < c |]
   707       ==> divmod_rel a (b*c) (q div c) (b*(q mod c) + r)"
   708 by (auto simp add: mult_ac divmod_rel_def add_mult_distrib2 [symmetric] mod_lemma)
   709 
   710 lemma div_mult2_eq: "a div (b*c) = (a div b) div (c::nat)"
   711   apply (cases "b = 0", simp)
   712   apply (cases "c = 0", simp)
   713   apply (force simp add: divmod_rel [THEN divmod_rel_mult2_eq, THEN div_eq])
   714   done
   715 
   716 lemma mod_mult2_eq: "a mod (b*c) = b*(a div b mod c) + a mod (b::nat)"
   717   apply (cases "b = 0", simp)
   718   apply (cases "c = 0", simp)
   719   apply (auto simp add: mult_commute divmod_rel [THEN divmod_rel_mult2_eq, THEN mod_eq])
   720   done
   721 
   722 
   723 subsubsection{*Cancellation of Common Factors in Division*}
   724 
   725 lemma div_mult_mult_lemma:
   726     "[| (0::nat) < b;  0 < c |] ==> (c*a) div (c*b) = a div b"
   727 by (auto simp add: div_mult2_eq)
   728 
   729 lemma div_mult_mult1 [simp]: "(0::nat) < c ==> (c*a) div (c*b) = a div b"
   730   apply (cases "b = 0")
   731   apply (auto simp add: linorder_neq_iff [of b] div_mult_mult_lemma)
   732   done
   733 
   734 lemma div_mult_mult2 [simp]: "(0::nat) < c ==> (a*c) div (b*c) = a div b"
   735   apply (drule div_mult_mult1)
   736   apply (auto simp add: mult_commute)
   737   done
   738 
   739 
   740 subsubsection{*Further Facts about Quotient and Remainder*}
   741 
   742 lemma div_1 [simp]: "m div Suc 0 = m"
   743 by (induct m) (simp_all add: div_geq)
   744 
   745 
   746 (* Monotonicity of div in first argument *)
   747 lemma div_le_mono [rule_format (no_asm)]:
   748     "\<forall>m::nat. m \<le> n --> (m div k) \<le> (n div k)"
   749 apply (case_tac "k=0", simp)
   750 apply (induct "n" rule: nat_less_induct, clarify)
   751 apply (case_tac "n<k")
   752 (* 1  case n<k *)
   753 apply simp
   754 (* 2  case n >= k *)
   755 apply (case_tac "m<k")
   756 (* 2.1  case m<k *)
   757 apply simp
   758 (* 2.2  case m>=k *)
   759 apply (simp add: div_geq diff_le_mono)
   760 done
   761 
   762 (* Antimonotonicity of div in second argument *)
   763 lemma div_le_mono2: "!!m::nat. [| 0<m; m\<le>n |] ==> (k div n) \<le> (k div m)"
   764 apply (subgoal_tac "0<n")
   765  prefer 2 apply simp
   766 apply (induct_tac k rule: nat_less_induct)
   767 apply (rename_tac "k")
   768 apply (case_tac "k<n", simp)
   769 apply (subgoal_tac "~ (k<m) ")
   770  prefer 2 apply simp
   771 apply (simp add: div_geq)
   772 apply (subgoal_tac "(k-n) div n \<le> (k-m) div n")
   773  prefer 2
   774  apply (blast intro: div_le_mono diff_le_mono2)
   775 apply (rule le_trans, simp)
   776 apply (simp)
   777 done
   778 
   779 lemma div_le_dividend [simp]: "m div n \<le> (m::nat)"
   780 apply (case_tac "n=0", simp)
   781 apply (subgoal_tac "m div n \<le> m div 1", simp)
   782 apply (rule div_le_mono2)
   783 apply (simp_all (no_asm_simp))
   784 done
   785 
   786 (* Similar for "less than" *)
   787 lemma div_less_dividend [rule_format]:
   788      "!!n::nat. 1<n ==> 0 < m --> m div n < m"
   789 apply (induct_tac m rule: nat_less_induct)
   790 apply (rename_tac "m")
   791 apply (case_tac "m<n", simp)
   792 apply (subgoal_tac "0<n")
   793  prefer 2 apply simp
   794 apply (simp add: div_geq)
   795 apply (case_tac "n<m")
   796  apply (subgoal_tac "(m-n) div n < (m-n) ")
   797   apply (rule impI less_trans_Suc)+
   798 apply assumption
   799   apply (simp_all)
   800 done
   801 
   802 declare div_less_dividend [simp]
   803 
   804 text{*A fact for the mutilated chess board*}
   805 lemma mod_Suc: "Suc(m) mod n = (if Suc(m mod n) = n then 0 else Suc(m mod n))"
   806 apply (case_tac "n=0", simp)
   807 apply (induct "m" rule: nat_less_induct)
   808 apply (case_tac "Suc (na) <n")
   809 (* case Suc(na) < n *)
   810 apply (frule lessI [THEN less_trans], simp add: less_not_refl3)
   811 (* case n \<le> Suc(na) *)
   812 apply (simp add: linorder_not_less le_Suc_eq mod_geq)
   813 apply (auto simp add: Suc_diff_le le_mod_geq)
   814 done
   815 
   816 
   817 subsubsection {* The Divides Relation *}
   818 
   819 lemma dvd_1_left [iff]: "Suc 0 dvd k"
   820   unfolding dvd_def by simp
   821 
   822 lemma dvd_1_iff_1 [simp]: "(m dvd Suc 0) = (m = Suc 0)"
   823 by (simp add: dvd_def)
   824 
   825 lemma nat_dvd_1_iff_1 [simp]: "m dvd (1::nat) \<longleftrightarrow> m = 1"
   826 by (simp add: dvd_def)
   827 
   828 lemma dvd_anti_sym: "[| m dvd n; n dvd m |] ==> m = (n::nat)"
   829   unfolding dvd_def
   830   by (force dest: mult_eq_self_implies_10 simp add: mult_assoc mult_eq_1_iff)
   831 
   832 text {* @{term "op dvd"} is a partial order *}
   833 
   834 interpretation dvd!: order "op dvd" "\<lambda>n m \<Colon> nat. n dvd m \<and> \<not> m dvd n"
   835   proof qed (auto intro: dvd_refl dvd_trans dvd_anti_sym)
   836 
   837 lemma nat_dvd_diff[simp]: "[| k dvd m; k dvd n |] ==> k dvd (m-n :: nat)"
   838 unfolding dvd_def
   839 by (blast intro: diff_mult_distrib2 [symmetric])
   840 
   841 lemma dvd_diffD: "[| k dvd m-n; k dvd n; n\<le>m |] ==> k dvd (m::nat)"
   842   apply (erule linorder_not_less [THEN iffD2, THEN add_diff_inverse, THEN subst])
   843   apply (blast intro: dvd_add)
   844   done
   845 
   846 lemma dvd_diffD1: "[| k dvd m-n; k dvd m; n\<le>m |] ==> k dvd (n::nat)"
   847 by (drule_tac m = m in nat_dvd_diff, auto)
   848 
   849 lemma dvd_reduce: "(k dvd n + k) = (k dvd (n::nat))"
   850   apply (rule iffI)
   851    apply (erule_tac [2] dvd_add)
   852    apply (rule_tac [2] dvd_refl)
   853   apply (subgoal_tac "n = (n+k) -k")
   854    prefer 2 apply simp
   855   apply (erule ssubst)
   856   apply (erule nat_dvd_diff)
   857   apply (rule dvd_refl)
   858   done
   859 
   860 lemma dvd_mod: "!!n::nat. [| f dvd m; f dvd n |] ==> f dvd m mod n"
   861   unfolding dvd_def
   862   apply (case_tac "n = 0", auto)
   863   apply (blast intro: mod_mult_distrib2 [symmetric])
   864   done
   865 
   866 lemma dvd_mod_iff: "k dvd n ==> ((k::nat) dvd m mod n) = (k dvd m)"
   867 by (blast intro: dvd_mod_imp_dvd dvd_mod)
   868 
   869 lemma dvd_mult_cancel: "!!k::nat. [| k*m dvd k*n; 0<k |] ==> m dvd n"
   870   unfolding dvd_def
   871   apply (erule exE)
   872   apply (simp add: mult_ac)
   873   done
   874 
   875 lemma dvd_mult_cancel1: "0<m ==> (m*n dvd m) = (n = (1::nat))"
   876   apply auto
   877    apply (subgoal_tac "m*n dvd m*1")
   878    apply (drule dvd_mult_cancel, auto)
   879   done
   880 
   881 lemma dvd_mult_cancel2: "0<m ==> (n*m dvd m) = (n = (1::nat))"
   882   apply (subst mult_commute)
   883   apply (erule dvd_mult_cancel1)
   884   done
   885 
   886 lemma dvd_imp_le: "[| k dvd n; 0 < n |] ==> k \<le> (n::nat)"
   887   apply (unfold dvd_def, clarify)
   888   apply (simp_all (no_asm_use) add: zero_less_mult_iff)
   889   apply (erule conjE)
   890   apply (rule le_trans)
   891    apply (rule_tac [2] le_refl [THEN mult_le_mono])
   892    apply (erule_tac [2] Suc_leI, simp)
   893   done
   894 
   895 lemma dvd_mult_div_cancel: "n dvd m ==> n * (m div n) = (m::nat)"
   896   apply (subgoal_tac "m mod n = 0")
   897    apply (simp add: mult_div_cancel)
   898   apply (simp only: dvd_eq_mod_eq_0)
   899   done
   900 
   901 lemma nat_zero_less_power_iff [simp]: "(x^n > 0) = (x > (0::nat) | n=0)"
   902   by (induct n) auto
   903 
   904 lemma power_dvd_imp_le: "[|i^m dvd i^n;  (1::nat) < i|] ==> m \<le> n"
   905   apply (rule power_le_imp_le_exp, assumption)
   906   apply (erule dvd_imp_le, simp)
   907   done
   908 
   909 lemma mod_eq_0_iff: "(m mod d = 0) = (\<exists>q::nat. m = d*q)"
   910 by (auto simp add: dvd_eq_mod_eq_0 [symmetric] dvd_def)
   911 
   912 lemmas mod_eq_0D [dest!] = mod_eq_0_iff [THEN iffD1]
   913 
   914 (*Loses information, namely we also have r<d provided d is nonzero*)
   915 lemma mod_eqD: "(m mod d = r) ==> \<exists>q::nat. m = r + q*d"
   916   apply (cut_tac a = m in mod_div_equality)
   917   apply (simp only: add_ac)
   918   apply (blast intro: sym)
   919   done
   920 
   921 lemma split_div:
   922  "P(n div k :: nat) =
   923  ((k = 0 \<longrightarrow> P 0) \<and> (k \<noteq> 0 \<longrightarrow> (!i. !j<k. n = k*i + j \<longrightarrow> P i)))"
   924  (is "?P = ?Q" is "_ = (_ \<and> (_ \<longrightarrow> ?R))")
   925 proof
   926   assume P: ?P
   927   show ?Q
   928   proof (cases)
   929     assume "k = 0"
   930     with P show ?Q by simp
   931   next
   932     assume not0: "k \<noteq> 0"
   933     thus ?Q
   934     proof (simp, intro allI impI)
   935       fix i j
   936       assume n: "n = k*i + j" and j: "j < k"
   937       show "P i"
   938       proof (cases)
   939         assume "i = 0"
   940         with n j P show "P i" by simp
   941       next
   942         assume "i \<noteq> 0"
   943         with not0 n j P show "P i" by(simp add:add_ac)
   944       qed
   945     qed
   946   qed
   947 next
   948   assume Q: ?Q
   949   show ?P
   950   proof (cases)
   951     assume "k = 0"
   952     with Q show ?P by simp
   953   next
   954     assume not0: "k \<noteq> 0"
   955     with Q have R: ?R by simp
   956     from not0 R[THEN spec,of "n div k",THEN spec, of "n mod k"]
   957     show ?P by simp
   958   qed
   959 qed
   960 
   961 lemma split_div_lemma:
   962   assumes "0 < n"
   963   shows "n * q \<le> m \<and> m < n * Suc q \<longleftrightarrow> q = ((m\<Colon>nat) div n)" (is "?lhs \<longleftrightarrow> ?rhs")
   964 proof
   965   assume ?rhs
   966   with mult_div_cancel have nq: "n * q = m - (m mod n)" by simp
   967   then have A: "n * q \<le> m" by simp
   968   have "n - (m mod n) > 0" using mod_less_divisor assms by auto
   969   then have "m < m + (n - (m mod n))" by simp
   970   then have "m < n + (m - (m mod n))" by simp
   971   with nq have "m < n + n * q" by simp
   972   then have B: "m < n * Suc q" by simp
   973   from A B show ?lhs ..
   974 next
   975   assume P: ?lhs
   976   then have "divmod_rel m n q (m - n * q)"
   977     unfolding divmod_rel_def by (auto simp add: mult_ac)
   978   then show ?rhs using divmod_rel by (rule divmod_rel_unique_div)
   979 qed
   980 
   981 theorem split_div':
   982   "P ((m::nat) div n) = ((n = 0 \<and> P 0) \<or>
   983    (\<exists>q. (n * q \<le> m \<and> m < n * (Suc q)) \<and> P q))"
   984   apply (case_tac "0 < n")
   985   apply (simp only: add: split_div_lemma)
   986   apply simp_all
   987   done
   988 
   989 lemma split_mod:
   990  "P(n mod k :: nat) =
   991  ((k = 0 \<longrightarrow> P n) \<and> (k \<noteq> 0 \<longrightarrow> (!i. !j<k. n = k*i + j \<longrightarrow> P j)))"
   992  (is "?P = ?Q" is "_ = (_ \<and> (_ \<longrightarrow> ?R))")
   993 proof
   994   assume P: ?P
   995   show ?Q
   996   proof (cases)
   997     assume "k = 0"
   998     with P show ?Q by simp
   999   next
  1000     assume not0: "k \<noteq> 0"
  1001     thus ?Q
  1002     proof (simp, intro allI impI)
  1003       fix i j
  1004       assume "n = k*i + j" "j < k"
  1005       thus "P j" using not0 P by(simp add:add_ac mult_ac)
  1006     qed
  1007   qed
  1008 next
  1009   assume Q: ?Q
  1010   show ?P
  1011   proof (cases)
  1012     assume "k = 0"
  1013     with Q show ?P by simp
  1014   next
  1015     assume not0: "k \<noteq> 0"
  1016     with Q have R: ?R by simp
  1017     from not0 R[THEN spec,of "n div k",THEN spec, of "n mod k"]
  1018     show ?P by simp
  1019   qed
  1020 qed
  1021 
  1022 theorem mod_div_equality': "(m::nat) mod n = m - (m div n) * n"
  1023   apply (rule_tac P="%x. m mod n = x - (m div n) * n" in
  1024     subst [OF mod_div_equality [of _ n]])
  1025   apply arith
  1026   done
  1027 
  1028 lemma div_mod_equality':
  1029   fixes m n :: nat
  1030   shows "m div n * n = m - m mod n"
  1031 proof -
  1032   have "m mod n \<le> m mod n" ..
  1033   from div_mod_equality have 
  1034     "m div n * n + m mod n - m mod n = m - m mod n" by simp
  1035   with diff_add_assoc [OF `m mod n \<le> m mod n`, of "m div n * n"] have
  1036     "m div n * n + (m mod n - m mod n) = m - m mod n"
  1037     by simp
  1038   then show ?thesis by simp
  1039 qed
  1040 
  1041 
  1042 subsubsection {*An ``induction'' law for modulus arithmetic.*}
  1043 
  1044 lemma mod_induct_0:
  1045   assumes step: "\<forall>i<p. P i \<longrightarrow> P ((Suc i) mod p)"
  1046   and base: "P i" and i: "i<p"
  1047   shows "P 0"
  1048 proof (rule ccontr)
  1049   assume contra: "\<not>(P 0)"
  1050   from i have p: "0<p" by simp
  1051   have "\<forall>k. 0<k \<longrightarrow> \<not> P (p-k)" (is "\<forall>k. ?A k")
  1052   proof
  1053     fix k
  1054     show "?A k"
  1055     proof (induct k)
  1056       show "?A 0" by simp  -- "by contradiction"
  1057     next
  1058       fix n
  1059       assume ih: "?A n"
  1060       show "?A (Suc n)"
  1061       proof (clarsimp)
  1062         assume y: "P (p - Suc n)"
  1063         have n: "Suc n < p"
  1064         proof (rule ccontr)
  1065           assume "\<not>(Suc n < p)"
  1066           hence "p - Suc n = 0"
  1067             by simp
  1068           with y contra show "False"
  1069             by simp
  1070         qed
  1071         hence n2: "Suc (p - Suc n) = p-n" by arith
  1072         from p have "p - Suc n < p" by arith
  1073         with y step have z: "P ((Suc (p - Suc n)) mod p)"
  1074           by blast
  1075         show "False"
  1076         proof (cases "n=0")
  1077           case True
  1078           with z n2 contra show ?thesis by simp
  1079         next
  1080           case False
  1081           with p have "p-n < p" by arith
  1082           with z n2 False ih show ?thesis by simp
  1083         qed
  1084       qed
  1085     qed
  1086   qed
  1087   moreover
  1088   from i obtain k where "0<k \<and> i+k=p"
  1089     by (blast dest: less_imp_add_positive)
  1090   hence "0<k \<and> i=p-k" by auto
  1091   moreover
  1092   note base
  1093   ultimately
  1094   show "False" by blast
  1095 qed
  1096 
  1097 lemma mod_induct:
  1098   assumes step: "\<forall>i<p. P i \<longrightarrow> P ((Suc i) mod p)"
  1099   and base: "P i" and i: "i<p" and j: "j<p"
  1100   shows "P j"
  1101 proof -
  1102   have "\<forall>j<p. P j"
  1103   proof
  1104     fix j
  1105     show "j<p \<longrightarrow> P j" (is "?A j")
  1106     proof (induct j)
  1107       from step base i show "?A 0"
  1108         by (auto elim: mod_induct_0)
  1109     next
  1110       fix k
  1111       assume ih: "?A k"
  1112       show "?A (Suc k)"
  1113       proof
  1114         assume suc: "Suc k < p"
  1115         hence k: "k<p" by simp
  1116         with ih have "P k" ..
  1117         with step k have "P (Suc k mod p)"
  1118           by blast
  1119         moreover
  1120         from suc have "Suc k mod p = Suc k"
  1121           by simp
  1122         ultimately
  1123         show "P (Suc k)" by simp
  1124       qed
  1125     qed
  1126   qed
  1127   with j show ?thesis by blast
  1128 qed
  1129 
  1130 end