src/HOL/Library/Float.thy
author paulson <lp15@cam.ac.uk>
Sat Apr 11 11:56:40 2015 +0100 (2015-04-11)
changeset 60017 b785d6d06430
parent 59984 4f1eccec320c
child 60376 528a48f4ad87
permissions -rw-r--r--
Overloading of ln and powr, but "approximation" no longer works for powr. Code generation also fails due to type ambiguity in scala.
     1 (*  Title:      HOL/Library/Float.thy
     2     Author:     Johannes Hölzl, Fabian Immler
     3     Copyright   2012  TU München
     4 *)
     5 
     6 section {* Floating-Point Numbers *}
     7 
     8 theory Float
     9 imports Complex_Main Lattice_Algebras
    10 begin
    11 
    12 definition "float = {m * 2 powr e | (m :: int) (e :: int). True}"
    13 
    14 typedef float = float
    15   morphisms real_of_float float_of
    16   unfolding float_def by auto
    17 
    18 instantiation float :: real_of
    19 begin
    20 
    21 definition real_float :: "float \<Rightarrow> real" where
    22   real_of_float_def[code_unfold]: "real \<equiv> real_of_float"
    23 
    24 instance ..
    25 end
    26 
    27 lemma type_definition_float': "type_definition real float_of float"
    28   using type_definition_float unfolding real_of_float_def .
    29 
    30 setup_lifting type_definition_float'
    31 
    32 lemmas float_of_inject[simp]
    33 
    34 declare [[coercion "real :: float \<Rightarrow> real"]]
    35 
    36 lemma real_of_float_eq:
    37   fixes f1 f2 :: float shows "f1 = f2 \<longleftrightarrow> real f1 = real f2"
    38   unfolding real_of_float_def real_of_float_inject ..
    39 
    40 lemma float_of_real[simp]: "float_of (real x) = x"
    41   unfolding real_of_float_def by (rule real_of_float_inverse)
    42 
    43 lemma real_float[simp]: "x \<in> float \<Longrightarrow> real (float_of x) = x"
    44   unfolding real_of_float_def by (rule float_of_inverse)
    45 
    46 subsection {* Real operations preserving the representation as floating point number *}
    47 
    48 lemma floatI: fixes m e :: int shows "m * 2 powr e = x \<Longrightarrow> x \<in> float"
    49   by (auto simp: float_def)
    50 
    51 lemma zero_float[simp]: "0 \<in> float" by (auto simp: float_def)
    52 lemma one_float[simp]: "1 \<in> float" by (intro floatI[of 1 0]) simp
    53 lemma numeral_float[simp]: "numeral i \<in> float" by (intro floatI[of "numeral i" 0]) simp
    54 lemma neg_numeral_float[simp]: "- numeral i \<in> float" by (intro floatI[of "- numeral i" 0]) simp
    55 lemma real_of_int_float[simp]: "real (x :: int) \<in> float" by (intro floatI[of x 0]) simp
    56 lemma real_of_nat_float[simp]: "real (x :: nat) \<in> float" by (intro floatI[of x 0]) simp
    57 lemma two_powr_int_float[simp]: "2 powr (real (i::int)) \<in> float" by (intro floatI[of 1 i]) simp
    58 lemma two_powr_nat_float[simp]: "2 powr (real (i::nat)) \<in> float" by (intro floatI[of 1 i]) simp
    59 lemma two_powr_minus_int_float[simp]: "2 powr - (real (i::int)) \<in> float" by (intro floatI[of 1 "-i"]) simp
    60 lemma two_powr_minus_nat_float[simp]: "2 powr - (real (i::nat)) \<in> float" by (intro floatI[of 1 "-i"]) simp
    61 lemma two_powr_numeral_float[simp]: "2 powr numeral i \<in> float" by (intro floatI[of 1 "numeral i"]) simp
    62 lemma two_powr_neg_numeral_float[simp]: "2 powr - numeral i \<in> float" by (intro floatI[of 1 "- numeral i"]) simp
    63 lemma two_pow_float[simp]: "2 ^ n \<in> float" by (intro floatI[of 1 "n"]) (simp add: powr_realpow)
    64 lemma real_of_float_float[simp]: "real (f::float) \<in> float" by (cases f) simp
    65 
    66 lemma plus_float[simp]: "r \<in> float \<Longrightarrow> p \<in> float \<Longrightarrow> r + p \<in> float"
    67   unfolding float_def
    68 proof (safe, simp)
    69   fix e1 m1 e2 m2 :: int
    70   { fix e1 m1 e2 m2 :: int assume "e1 \<le> e2"
    71     then have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"
    72       by (simp add: powr_realpow[symmetric] powr_divide2[symmetric] field_simps)
    73     then have "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
    74       by blast }
    75   note * = this
    76   show "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
    77   proof (cases e1 e2 rule: linorder_le_cases)
    78     assume "e2 \<le> e1" from *[OF this, of m2 m1] show ?thesis by (simp add: ac_simps)
    79   qed (rule *)
    80 qed
    81 
    82 lemma uminus_float[simp]: "x \<in> float \<Longrightarrow> -x \<in> float"
    83   apply (auto simp: float_def)
    84   apply hypsubst_thin
    85   apply (rename_tac m e)
    86   apply (rule_tac x="-m" in exI)
    87   apply (rule_tac x="e" in exI)
    88   apply (simp add: field_simps)
    89   done
    90 
    91 lemma times_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x * y \<in> float"
    92   apply (auto simp: float_def)
    93   apply hypsubst_thin
    94   apply (rename_tac mx my ex ey)
    95   apply (rule_tac x="mx * my" in exI)
    96   apply (rule_tac x="ex + ey" in exI)
    97   apply (simp add: powr_add)
    98   done
    99 
   100 lemma minus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x - y \<in> float"
   101   using plus_float [of x "- y"] by simp
   102 
   103 lemma abs_float[simp]: "x \<in> float \<Longrightarrow> abs x \<in> float"
   104   by (cases x rule: linorder_cases[of 0]) auto
   105 
   106 lemma sgn_of_float[simp]: "x \<in> float \<Longrightarrow> sgn x \<in> float"
   107   by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)
   108 
   109 lemma div_power_2_float[simp]: "x \<in> float \<Longrightarrow> x / 2^d \<in> float"
   110   apply (auto simp add: float_def)
   111   apply hypsubst_thin
   112   apply (rename_tac m e)
   113   apply (rule_tac x="m" in exI)
   114   apply (rule_tac x="e - d" in exI)
   115   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
   116   done
   117 
   118 lemma div_power_2_int_float[simp]: "x \<in> float \<Longrightarrow> x / (2::int)^d \<in> float"
   119   apply (auto simp add: float_def)
   120   apply hypsubst_thin
   121   apply (rename_tac m e)
   122   apply (rule_tac x="m" in exI)
   123   apply (rule_tac x="e - d" in exI)
   124   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
   125   done
   126 
   127 lemma div_numeral_Bit0_float[simp]:
   128   assumes x: "x / numeral n \<in> float" shows "x / (numeral (Num.Bit0 n)) \<in> float"
   129 proof -
   130   have "(x / numeral n) / 2^1 \<in> float"
   131     by (intro x div_power_2_float)
   132   also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"
   133     by (induct n) auto
   134   finally show ?thesis .
   135 qed
   136 
   137 lemma div_neg_numeral_Bit0_float[simp]:
   138   assumes x: "x / numeral n \<in> float" shows "x / (- numeral (Num.Bit0 n)) \<in> float"
   139 proof -
   140   have "- (x / numeral (Num.Bit0 n)) \<in> float" using x by simp
   141   also have "- (x / numeral (Num.Bit0 n)) = x / - numeral (Num.Bit0 n)"
   142     by simp
   143   finally show ?thesis .
   144 qed
   145 
   146 lemma power_float[simp]: assumes "a \<in> float" shows "a ^ b \<in> float"
   147 proof -
   148   from assms obtain m e::int where "a = m * 2 powr e"
   149     by (auto simp: float_def)
   150   thus ?thesis
   151     by (auto intro!: floatI[where m="m^b" and e = "e*b"]
   152       simp: power_mult_distrib powr_realpow[symmetric] powr_powr)
   153 qed
   154 
   155 lift_definition Float :: "int \<Rightarrow> int \<Rightarrow> float" is "\<lambda>(m::int) (e::int). m * 2 powr e" by simp
   156 declare Float.rep_eq[simp]
   157 
   158 lemma compute_real_of_float[code]:
   159   "real_of_float (Float m e) = (if e \<ge> 0 then m * 2 ^ nat e else m / 2 ^ (nat (-e)))"
   160 by (simp add: real_of_float_def[symmetric] powr_int)
   161 
   162 code_datatype Float
   163 
   164 subsection {* Arithmetic operations on floating point numbers *}
   165 
   166 instantiation float :: "{ring_1, linorder, linordered_ring, linordered_idom, numeral, equal}"
   167 begin
   168 
   169 lift_definition zero_float :: float is 0 by simp
   170 declare zero_float.rep_eq[simp]
   171 lift_definition one_float :: float is 1 by simp
   172 declare one_float.rep_eq[simp]
   173 lift_definition plus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op +" by simp
   174 declare plus_float.rep_eq[simp]
   175 lift_definition times_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op *" by simp
   176 declare times_float.rep_eq[simp]
   177 lift_definition minus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op -" by simp
   178 declare minus_float.rep_eq[simp]
   179 lift_definition uminus_float :: "float \<Rightarrow> float" is "uminus" by simp
   180 declare uminus_float.rep_eq[simp]
   181 
   182 lift_definition abs_float :: "float \<Rightarrow> float" is abs by simp
   183 declare abs_float.rep_eq[simp]
   184 lift_definition sgn_float :: "float \<Rightarrow> float" is sgn by simp
   185 declare sgn_float.rep_eq[simp]
   186 
   187 lift_definition equal_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op = :: real \<Rightarrow> real \<Rightarrow> bool" .
   188 
   189 lift_definition less_eq_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op \<le>" .
   190 declare less_eq_float.rep_eq[simp]
   191 lift_definition less_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op <" .
   192 declare less_float.rep_eq[simp]
   193 
   194 instance
   195   proof qed (transfer, fastforce simp add: field_simps intro: mult_left_mono mult_right_mono)+
   196 end
   197 
   198 lemma Float_0_eq_0[simp]: "Float 0 e = 0"
   199   by transfer simp
   200 
   201 lemma real_of_float_power[simp]: fixes f::float shows "real (f^n) = real f^n"
   202   by (induct n) simp_all
   203 
   204 lemma fixes x y::float
   205   shows real_of_float_min: "real (min x y) = min (real x) (real y)"
   206     and real_of_float_max: "real (max x y) = max (real x) (real y)"
   207   by (simp_all add: min_def max_def)
   208 
   209 instance float :: unbounded_dense_linorder
   210 proof
   211   fix a b :: float
   212   show "\<exists>c. a < c"
   213     apply (intro exI[of _ "a + 1"])
   214     apply transfer
   215     apply simp
   216     done
   217   show "\<exists>c. c < a"
   218     apply (intro exI[of _ "a - 1"])
   219     apply transfer
   220     apply simp
   221     done
   222   assume "a < b"
   223   then show "\<exists>c. a < c \<and> c < b"
   224     apply (intro exI[of _ "(a + b) * Float 1 (- 1)"])
   225     apply transfer
   226     apply (simp add: powr_minus)
   227     done
   228 qed
   229 
   230 instantiation float :: lattice_ab_group_add
   231 begin
   232 
   233 definition inf_float::"float\<Rightarrow>float\<Rightarrow>float"
   234 where "inf_float a b = min a b"
   235 
   236 definition sup_float::"float\<Rightarrow>float\<Rightarrow>float"
   237 where "sup_float a b = max a b"
   238 
   239 instance
   240   by default
   241      (transfer, simp_all add: inf_float_def sup_float_def real_of_float_min real_of_float_max)+
   242 end
   243 
   244 lemma float_numeral[simp]: "real (numeral x :: float) = numeral x"
   245   apply (induct x)
   246   apply simp
   247   apply (simp_all only: numeral_Bit0 numeral_Bit1 real_of_float_eq real_float
   248                   plus_float.rep_eq one_float.rep_eq plus_float numeral_float one_float)
   249   done
   250 
   251 lemma transfer_numeral [transfer_rule]:
   252   "rel_fun (op =) pcr_float (numeral :: _ \<Rightarrow> real) (numeral :: _ \<Rightarrow> float)"
   253   unfolding rel_fun_def float.pcr_cr_eq  cr_float_def by simp
   254 
   255 lemma float_neg_numeral[simp]: "real (- numeral x :: float) = - numeral x"
   256   by simp
   257 
   258 lemma transfer_neg_numeral [transfer_rule]:
   259   "rel_fun (op =) pcr_float (- numeral :: _ \<Rightarrow> real) (- numeral :: _ \<Rightarrow> float)"
   260   unfolding rel_fun_def float.pcr_cr_eq cr_float_def by simp
   261 
   262 lemma
   263   shows float_of_numeral[simp]: "numeral k = float_of (numeral k)"
   264     and float_of_neg_numeral[simp]: "- numeral k = float_of (- numeral k)"
   265   unfolding real_of_float_eq by simp_all
   266 
   267 subsection {* Quickcheck *}
   268 
   269 instantiation float :: exhaustive
   270 begin
   271 
   272 definition exhaustive_float where
   273   "exhaustive_float f d =
   274     Quickcheck_Exhaustive.exhaustive (%x. Quickcheck_Exhaustive.exhaustive (%y. f (Float x y)) d) d"
   275 
   276 instance ..
   277 
   278 end
   279 
   280 definition (in term_syntax) [code_unfold]:
   281   "valtermify_float x y = Code_Evaluation.valtermify Float {\<cdot>} x {\<cdot>} y"
   282 
   283 instantiation float :: full_exhaustive
   284 begin
   285 
   286 definition full_exhaustive_float where
   287   "full_exhaustive_float f d =
   288     Quickcheck_Exhaustive.full_exhaustive
   289       (\<lambda>x. Quickcheck_Exhaustive.full_exhaustive (\<lambda>y. f (valtermify_float x y)) d) d"
   290 
   291 instance ..
   292 
   293 end
   294 
   295 instantiation float :: random
   296 begin
   297 
   298 definition "Quickcheck_Random.random i =
   299   scomp (Quickcheck_Random.random (2 ^ nat_of_natural i))
   300     (\<lambda>man. scomp (Quickcheck_Random.random i) (\<lambda>exp. Pair (valtermify_float man exp)))"
   301 
   302 instance ..
   303 
   304 end
   305 
   306 
   307 subsection {* Represent floats as unique mantissa and exponent *}
   308 
   309 lemma int_induct_abs[case_names less]:
   310   fixes j :: int
   311   assumes H: "\<And>n. (\<And>i. \<bar>i\<bar> < \<bar>n\<bar> \<Longrightarrow> P i) \<Longrightarrow> P n"
   312   shows "P j"
   313 proof (induct "nat \<bar>j\<bar>" arbitrary: j rule: less_induct)
   314   case less show ?case by (rule H[OF less]) simp
   315 qed
   316 
   317 lemma int_cancel_factors:
   318   fixes n :: int assumes "1 < r" shows "n = 0 \<or> (\<exists>k i. n = k * r ^ i \<and> \<not> r dvd k)"
   319 proof (induct n rule: int_induct_abs)
   320   case (less n)
   321   { fix m assume n: "n \<noteq> 0" "n = m * r"
   322     then have "\<bar>m \<bar> < \<bar>n\<bar>"
   323       using `1 < r` by (simp add: abs_mult)
   324     from less[OF this] n have "\<exists>k i. n = k * r ^ Suc i \<and> \<not> r dvd k" by auto }
   325   then show ?case
   326     by (metis dvd_def monoid_mult_class.mult.right_neutral mult.commute power_0)
   327 qed
   328 
   329 lemma mult_powr_eq_mult_powr_iff_asym:
   330   fixes m1 m2 e1 e2 :: int
   331   assumes m1: "\<not> 2 dvd m1" and "e1 \<le> e2"
   332   shows "m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
   333 proof
   334   have "m1 \<noteq> 0" using m1 unfolding dvd_def by auto
   335   assume eq: "m1 * 2 powr e1 = m2 * 2 powr e2"
   336   with `e1 \<le> e2` have "m1 = m2 * 2 powr nat (e2 - e1)"
   337     by (simp add: powr_divide2[symmetric] field_simps)
   338   also have "\<dots> = m2 * 2^nat (e2 - e1)"
   339     by (simp add: powr_realpow)
   340   finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"
   341     unfolding real_of_int_inject .
   342   with m1 have "m1 = m2"
   343     by (cases "nat (e2 - e1)") (auto simp add: dvd_def)
   344   then show "m1 = m2 \<and> e1 = e2"
   345     using eq `m1 \<noteq> 0` by (simp add: powr_inj)
   346 qed simp
   347 
   348 lemma mult_powr_eq_mult_powr_iff:
   349   fixes m1 m2 e1 e2 :: int
   350   shows "\<not> 2 dvd m1 \<Longrightarrow> \<not> 2 dvd m2 \<Longrightarrow> m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
   351   using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]
   352   using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]
   353   by (cases e1 e2 rule: linorder_le_cases) auto
   354 
   355 lemma floatE_normed:
   356   assumes x: "x \<in> float"
   357   obtains (zero) "x = 0"
   358    | (powr) m e :: int where "x = m * 2 powr e" "\<not> 2 dvd m" "x \<noteq> 0"
   359 proof atomize_elim
   360   { assume "x \<noteq> 0"
   361     from x obtain m e :: int where x: "x = m * 2 powr e" by (auto simp: float_def)
   362     with `x \<noteq> 0` int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "\<not> 2 dvd k"
   363       by auto
   364     with `\<not> 2 dvd k` x have "\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m"
   365       by (rule_tac exI[of _ "k"], rule_tac exI[of _ "e + int i"])
   366          (simp add: powr_add powr_realpow) }
   367   then show "x = 0 \<or> (\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m \<and> x \<noteq> 0)"
   368     by blast
   369 qed
   370 
   371 lemma float_normed_cases:
   372   fixes f :: float
   373   obtains (zero) "f = 0"
   374    | (powr) m e :: int where "real f = m * 2 powr e" "\<not> 2 dvd m" "f \<noteq> 0"
   375 proof (atomize_elim, induct f)
   376   case (float_of y) then show ?case
   377     by (cases rule: floatE_normed) (auto simp: zero_float_def)
   378 qed
   379 
   380 definition mantissa :: "float \<Rightarrow> int" where
   381   "mantissa f = fst (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   382    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
   383 
   384 definition exponent :: "float \<Rightarrow> int" where
   385   "exponent f = snd (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   386    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
   387 
   388 lemma
   389   shows exponent_0[simp]: "exponent (float_of 0) = 0" (is ?E)
   390     and mantissa_0[simp]: "mantissa (float_of 0) = 0" (is ?M)
   391 proof -
   392   have "\<And>p::int \<times> int. fst p = 0 \<and> snd p = 0 \<longleftrightarrow> p = (0, 0)" by auto
   393   then show ?E ?M
   394     by (auto simp add: mantissa_def exponent_def zero_float_def)
   395 qed
   396 
   397 lemma
   398   shows mantissa_exponent: "real f = mantissa f * 2 powr exponent f" (is ?E)
   399     and mantissa_not_dvd: "f \<noteq> (float_of 0) \<Longrightarrow> \<not> 2 dvd mantissa f" (is "_ \<Longrightarrow> ?D")
   400 proof cases
   401   assume [simp]: "f \<noteq> (float_of 0)"
   402   have "f = mantissa f * 2 powr exponent f \<and> \<not> 2 dvd mantissa f"
   403   proof (cases f rule: float_normed_cases)
   404     case (powr m e)
   405     then have "\<exists>p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   406      \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p)"
   407       by auto
   408     then show ?thesis
   409       unfolding exponent_def mantissa_def
   410       by (rule someI2_ex) (simp add: zero_float_def)
   411   qed (simp add: zero_float_def)
   412   then show ?E ?D by auto
   413 qed simp
   414 
   415 lemma mantissa_noteq_0: "f \<noteq> float_of 0 \<Longrightarrow> mantissa f \<noteq> 0"
   416   using mantissa_not_dvd[of f] by auto
   417 
   418 lemma
   419   fixes m e :: int
   420   defines "f \<equiv> float_of (m * 2 powr e)"
   421   assumes dvd: "\<not> 2 dvd m"
   422   shows mantissa_float: "mantissa f = m" (is "?M")
   423     and exponent_float: "m \<noteq> 0 \<Longrightarrow> exponent f = e" (is "_ \<Longrightarrow> ?E")
   424 proof cases
   425   assume "m = 0" with dvd show "mantissa f = m" by auto
   426 next
   427   assume "m \<noteq> 0"
   428   then have f_not_0: "f \<noteq> float_of 0" by (simp add: f_def)
   429   from mantissa_exponent[of f]
   430   have "m * 2 powr e = mantissa f * 2 powr exponent f"
   431     by (auto simp add: f_def)
   432   then show "?M" "?E"
   433     using mantissa_not_dvd[OF f_not_0] dvd
   434     by (auto simp: mult_powr_eq_mult_powr_iff)
   435 qed
   436 
   437 subsection {* Compute arithmetic operations *}
   438 
   439 lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"
   440   unfolding real_of_float_eq mantissa_exponent[of f] by simp
   441 
   442 lemma Float_cases[case_names Float, cases type: float]:
   443   fixes f :: float
   444   obtains (Float) m e :: int where "f = Float m e"
   445   using Float_mantissa_exponent[symmetric]
   446   by (atomize_elim) auto
   447 
   448 lemma denormalize_shift:
   449   assumes f_def: "f \<equiv> Float m e" and not_0: "f \<noteq> float_of 0"
   450   obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"
   451 proof
   452   from mantissa_exponent[of f] f_def
   453   have "m * 2 powr e = mantissa f * 2 powr exponent f"
   454     by simp
   455   then have eq: "m = mantissa f * 2 powr (exponent f - e)"
   456     by (simp add: powr_divide2[symmetric] field_simps)
   457   moreover
   458   have "e \<le> exponent f"
   459   proof (rule ccontr)
   460     assume "\<not> e \<le> exponent f"
   461     then have pos: "exponent f < e" by simp
   462     then have "2 powr (exponent f - e) = 2 powr - real (e - exponent f)"
   463       by simp
   464     also have "\<dots> = 1 / 2^nat (e - exponent f)"
   465       using pos by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])
   466     finally have "m * 2^nat (e - exponent f) = real (mantissa f)"
   467       using eq by simp
   468     then have "mantissa f = m * 2^nat (e - exponent f)"
   469       unfolding real_of_int_inject by simp
   470     with `exponent f < e` have "2 dvd mantissa f"
   471       apply (intro dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])
   472       apply (cases "nat (e - exponent f)")
   473       apply auto
   474       done
   475     then show False using mantissa_not_dvd[OF not_0] by simp
   476   qed
   477   ultimately have "real m = mantissa f * 2^nat (exponent f - e)"
   478     by (simp add: powr_realpow[symmetric])
   479   with `e \<le> exponent f`
   480   show "m = mantissa f * 2 ^ nat (exponent f - e)" "e = exponent f - nat (exponent f - e)"
   481     unfolding real_of_int_inject by auto
   482 qed
   483 
   484 lemma compute_float_zero[code_unfold, code]: "0 = Float 0 0"
   485   by transfer simp
   486 hide_fact (open) compute_float_zero
   487 
   488 lemma compute_float_one[code_unfold, code]: "1 = Float 1 0"
   489   by transfer simp
   490 hide_fact (open) compute_float_one
   491 
   492 lift_definition normfloat :: "float \<Rightarrow> float" is "\<lambda>x. x" .
   493 lemma normloat_id[simp]: "normfloat x = x" by transfer rule
   494 
   495 lemma compute_normfloat[code]: "normfloat (Float m e) =
   496   (if m mod 2 = 0 \<and> m \<noteq> 0 then normfloat (Float (m div 2) (e + 1))
   497                            else if m = 0 then 0 else Float m e)"
   498   by transfer (auto simp add: powr_add zmod_eq_0_iff)
   499 hide_fact (open) compute_normfloat
   500 
   501 lemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"
   502   by transfer simp
   503 hide_fact (open) compute_float_numeral
   504 
   505 lemma compute_float_neg_numeral[code_abbrev]: "Float (- numeral k) 0 = - numeral k"
   506   by transfer simp
   507 hide_fact (open) compute_float_neg_numeral
   508 
   509 lemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"
   510   by transfer simp
   511 hide_fact (open) compute_float_uminus
   512 
   513 lemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"
   514   by transfer (simp add: field_simps powr_add)
   515 hide_fact (open) compute_float_times
   516 
   517 lemma compute_float_plus[code]: "Float m1 e1 + Float m2 e2 =
   518   (if m1 = 0 then Float m2 e2 else if m2 = 0 then Float m1 e1 else
   519   if e1 \<le> e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1
   520               else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"
   521   by transfer (simp add: field_simps powr_realpow[symmetric] powr_divide2[symmetric])
   522 hide_fact (open) compute_float_plus
   523 
   524 lemma compute_float_minus[code]: fixes f g::float shows "f - g = f + (-g)"
   525   by simp
   526 hide_fact (open) compute_float_minus
   527 
   528 lemma compute_float_sgn[code]: "sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"
   529   by transfer (simp add: sgn_times)
   530 hide_fact (open) compute_float_sgn
   531 
   532 lift_definition is_float_pos :: "float \<Rightarrow> bool" is "op < 0 :: real \<Rightarrow> bool" .
   533 
   534 lemma compute_is_float_pos[code]: "is_float_pos (Float m e) \<longleftrightarrow> 0 < m"
   535   by transfer (auto simp add: zero_less_mult_iff not_le[symmetric, of _ 0])
   536 hide_fact (open) compute_is_float_pos
   537 
   538 lemma compute_float_less[code]: "a < b \<longleftrightarrow> is_float_pos (b - a)"
   539   by transfer (simp add: field_simps)
   540 hide_fact (open) compute_float_less
   541 
   542 lift_definition is_float_nonneg :: "float \<Rightarrow> bool" is "op \<le> 0 :: real \<Rightarrow> bool" .
   543 
   544 lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) \<longleftrightarrow> 0 \<le> m"
   545   by transfer (auto simp add: zero_le_mult_iff not_less[symmetric, of _ 0])
   546 hide_fact (open) compute_is_float_nonneg
   547 
   548 lemma compute_float_le[code]: "a \<le> b \<longleftrightarrow> is_float_nonneg (b - a)"
   549   by transfer (simp add: field_simps)
   550 hide_fact (open) compute_float_le
   551 
   552 lift_definition is_float_zero :: "float \<Rightarrow> bool"  is "op = 0 :: real \<Rightarrow> bool" .
   553 
   554 lemma compute_is_float_zero[code]: "is_float_zero (Float m e) \<longleftrightarrow> 0 = m"
   555   by transfer (auto simp add: is_float_zero_def)
   556 hide_fact (open) compute_is_float_zero
   557 
   558 lemma compute_float_abs[code]: "abs (Float m e) = Float (abs m) e"
   559   by transfer (simp add: abs_mult)
   560 hide_fact (open) compute_float_abs
   561 
   562 lemma compute_float_eq[code]: "equal_class.equal f g = is_float_zero (f - g)"
   563   by transfer simp
   564 hide_fact (open) compute_float_eq
   565 
   566 
   567 subsection {* Lemmas for types @{typ real}, @{typ nat}, @{typ int}*}
   568 
   569 lemmas real_of_ints =
   570   real_of_int_zero
   571   real_of_one
   572   real_of_int_add
   573   real_of_int_minus
   574   real_of_int_diff
   575   real_of_int_mult
   576   real_of_int_power
   577   real_numeral
   578 lemmas real_of_nats =
   579   real_of_nat_zero
   580   real_of_nat_one
   581   real_of_nat_1
   582   real_of_nat_add
   583   real_of_nat_mult
   584   real_of_nat_power
   585   real_of_nat_numeral
   586 
   587 lemmas int_of_reals = real_of_ints[symmetric]
   588 lemmas nat_of_reals = real_of_nats[symmetric]
   589 
   590 
   591 subsection {* Rounding Real Numbers *}
   592 
   593 definition round_down :: "int \<Rightarrow> real \<Rightarrow> real" where
   594   "round_down prec x = floor (x * 2 powr prec) * 2 powr -prec"
   595 
   596 definition round_up :: "int \<Rightarrow> real \<Rightarrow> real" where
   597   "round_up prec x = ceiling (x * 2 powr prec) * 2 powr -prec"
   598 
   599 lemma round_down_float[simp]: "round_down prec x \<in> float"
   600   unfolding round_down_def
   601   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
   602 
   603 lemma round_up_float[simp]: "round_up prec x \<in> float"
   604   unfolding round_up_def
   605   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
   606 
   607 lemma round_up: "x \<le> round_up prec x"
   608   by (simp add: powr_minus_divide le_divide_eq round_up_def)
   609 
   610 lemma round_down: "round_down prec x \<le> x"
   611   by (simp add: powr_minus_divide divide_le_eq round_down_def)
   612 
   613 lemma round_up_0[simp]: "round_up p 0 = 0"
   614   unfolding round_up_def by simp
   615 
   616 lemma round_down_0[simp]: "round_down p 0 = 0"
   617   unfolding round_down_def by simp
   618 
   619 lemma round_up_diff_round_down:
   620   "round_up prec x - round_down prec x \<le> 2 powr -prec"
   621 proof -
   622   have "round_up prec x - round_down prec x =
   623     (ceiling (x * 2 powr prec) - floor (x * 2 powr prec)) * 2 powr -prec"
   624     by (simp add: round_up_def round_down_def field_simps)
   625   also have "\<dots> \<le> 1 * 2 powr -prec"
   626     by (rule mult_mono)
   627        (auto simp del: real_of_int_diff
   628              simp: real_of_int_diff[symmetric] real_of_int_le_one_cancel_iff ceiling_diff_floor_le_1)
   629   finally show ?thesis by simp
   630 qed
   631 
   632 lemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"
   633   unfolding round_down_def
   634   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
   635     (simp add: powr_add[symmetric])
   636 
   637 lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"
   638   unfolding round_up_def
   639   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
   640     (simp add: powr_add[symmetric])
   641 
   642 lemma round_up_uminus_eq: "round_up p (-x) = - round_down p x"
   643   and round_down_uminus_eq: "round_down p (-x) = - round_up p x"
   644   by (auto simp: round_up_def round_down_def ceiling_def)
   645 
   646 lemma round_up_mono: "x \<le> y \<Longrightarrow> round_up p x \<le> round_up p y"
   647   by (auto intro!: ceiling_mono simp: round_up_def)
   648 
   649 lemma round_up_le1:
   650   assumes "x \<le> 1" "prec \<ge> 0"
   651   shows "round_up prec x \<le> 1"
   652 proof -
   653   have "real \<lceil>x * 2 powr prec\<rceil> \<le> real \<lceil>2 powr real prec\<rceil>"
   654     using assms by (auto intro!: ceiling_mono)
   655   also have "\<dots> = 2 powr prec" using assms by (auto simp: powr_int intro!: exI[where x="2^nat prec"])
   656   finally show ?thesis
   657     by (simp add: round_up_def) (simp add: powr_minus inverse_eq_divide)
   658 qed
   659 
   660 lemma round_up_less1:
   661   assumes "x < 1 / 2" "p > 0"
   662   shows "round_up p x < 1"
   663 proof -
   664   have "x * 2 powr p < 1 / 2 * 2 powr p"
   665     using assms by simp
   666   also have "\<dots> \<le> 2 powr p - 1" using `p > 0`
   667     by (auto simp: powr_divide2[symmetric] powr_int field_simps self_le_power)
   668   finally show ?thesis using `p > 0`
   669     by (simp add: round_up_def field_simps powr_minus powr_int ceiling_less_eq)
   670 qed
   671 
   672 lemma round_down_ge1:
   673   assumes x: "x \<ge> 1"
   674   assumes prec: "p \<ge> - log 2 x"
   675   shows "1 \<le> round_down p x"
   676 proof cases
   677   assume nonneg: "0 \<le> p"
   678   have "2 powr p = real \<lfloor>2 powr real p\<rfloor>"
   679     using nonneg by (auto simp: powr_int)
   680   also have "\<dots> \<le> real \<lfloor>x * 2 powr p\<rfloor>"
   681     using assms by (auto intro!: floor_mono)
   682   finally show ?thesis
   683     by (simp add: round_down_def) (simp add: powr_minus inverse_eq_divide)
   684 next
   685   assume neg: "\<not> 0 \<le> p"
   686   have "x = 2 powr (log 2 x)"
   687     using x by simp
   688   also have "2 powr (log 2 x) \<ge> 2 powr - p"
   689     using prec by auto
   690   finally have x_le: "x \<ge> 2 powr -p" .
   691 
   692   from neg have "2 powr real p \<le> 2 powr 0"
   693     by (intro powr_mono) auto
   694   also have "\<dots> \<le> \<lfloor>2 powr 0::real\<rfloor>" by simp
   695   also have "... \<le> \<lfloor>x * 2 powr (real p)\<rfloor>" 
   696     unfolding real_of_int_le_iff
   697     using x x_le by (intro floor_mono) (simp add: powr_minus_divide field_simps)
   698   finally show ?thesis
   699     using prec x
   700     by (simp add: round_down_def powr_minus_divide pos_le_divide_eq)
   701 qed
   702 
   703 lemma round_up_le0: "x \<le> 0 \<Longrightarrow> round_up p x \<le> 0"
   704   unfolding round_up_def
   705   by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)
   706 
   707 
   708 subsection {* Rounding Floats *}
   709 
   710 definition div_twopow::"int \<Rightarrow> nat \<Rightarrow> int" where [simp]: "div_twopow x n = x div (2 ^ n)"
   711 
   712 definition mod_twopow::"int \<Rightarrow> nat \<Rightarrow> int" where [simp]: "mod_twopow x n = x mod (2 ^ n)"
   713 
   714 lemma compute_div_twopow[code]:
   715   "div_twopow x n = (if x = 0 \<or> x = -1 \<or> n = 0 then x else div_twopow (x div 2) (n - 1))"
   716   by (cases n) (auto simp: zdiv_zmult2_eq div_eq_minus1)
   717 
   718 lemma compute_mod_twopow[code]:
   719   "mod_twopow x n = (if n = 0 then 0 else x mod 2 + 2 * mod_twopow (x div 2) (n - 1))"
   720   by (cases n) (auto simp: zmod_zmult2_eq)
   721 
   722 lift_definition float_up :: "int \<Rightarrow> float \<Rightarrow> float" is round_up by simp
   723 declare float_up.rep_eq[simp]
   724 
   725 lemma round_up_correct:
   726   shows "round_up e f - f \<in> {0..2 powr -e}"
   727 unfolding atLeastAtMost_iff
   728 proof
   729   have "round_up e f - f \<le> round_up e f - round_down e f" using round_down by simp
   730   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
   731   finally show "round_up e f - f \<le> 2 powr - (real e)"
   732     by simp
   733 qed (simp add: algebra_simps round_up)
   734 
   735 lemma float_up_correct:
   736   shows "real (float_up e f) - real f \<in> {0..2 powr -e}"
   737   by transfer (rule round_up_correct)
   738 
   739 lift_definition float_down :: "int \<Rightarrow> float \<Rightarrow> float" is round_down by simp
   740 declare float_down.rep_eq[simp]
   741 
   742 lemma round_down_correct:
   743   shows "f - (round_down e f) \<in> {0..2 powr -e}"
   744 unfolding atLeastAtMost_iff
   745 proof
   746   have "f - round_down e f \<le> round_up e f - round_down e f" using round_up by simp
   747   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
   748   finally show "f - round_down e f \<le> 2 powr - (real e)"
   749     by simp
   750 qed (simp add: algebra_simps round_down)
   751 
   752 lemma float_down_correct:
   753   shows "real f - real (float_down e f) \<in> {0..2 powr -e}"
   754   by transfer (rule round_down_correct)
   755 
   756 lemma compute_float_down[code]:
   757   "float_down p (Float m e) =
   758     (if p + e < 0 then Float (div_twopow m (nat (-(p + e)))) (-p) else Float m e)"
   759 proof cases
   760   assume "p + e < 0"
   761   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
   762     using powr_realpow[of 2 "nat (-(p + e))"] by simp
   763   also have "... = 1 / 2 powr p / 2 powr e"
   764     unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
   765   finally show ?thesis
   766     using `p + e < 0`
   767     by transfer (simp add: ac_simps round_down_def floor_divide_eq_div[symmetric])
   768 next
   769   assume "\<not> p + e < 0"
   770   then have r: "real e + real p = real (nat (e + p))" by simp
   771   have r: "\<lfloor>(m * 2 powr e) * 2 powr real p\<rfloor> = (m * 2 powr e) * 2 powr real p"
   772     by (auto intro: exI[where x="m*2^nat (e+p)"]
   773              simp add: ac_simps powr_add[symmetric] r powr_realpow)
   774   with `\<not> p + e < 0` show ?thesis
   775     by transfer (auto simp add: round_down_def field_simps powr_add powr_minus)
   776 qed
   777 hide_fact (open) compute_float_down
   778 
   779 lemma abs_round_down_le: "\<bar>f - (round_down e f)\<bar> \<le> 2 powr -e"
   780   using round_down_correct[of f e] by simp
   781 
   782 lemma abs_round_up_le: "\<bar>f - (round_up e f)\<bar> \<le> 2 powr -e"
   783   using round_up_correct[of e f] by simp
   784 
   785 lemma round_down_nonneg: "0 \<le> s \<Longrightarrow> 0 \<le> round_down p s"
   786   by (auto simp: round_down_def)
   787 
   788 lemma ceil_divide_floor_conv:
   789 assumes "b \<noteq> 0"
   790 shows "\<lceil>real a / real b\<rceil> = (if b dvd a then a div b else \<lfloor>real a / real b\<rfloor> + 1)"
   791 proof cases
   792   assume "\<not> b dvd a"
   793   hence "a mod b \<noteq> 0" by auto
   794   hence ne: "real (a mod b) / real b \<noteq> 0" using `b \<noteq> 0` by auto
   795   have "\<lceil>real a / real b\<rceil> = \<lfloor>real a / real b\<rfloor> + 1"
   796   apply (rule ceiling_eq) apply (auto simp: floor_divide_eq_div[symmetric])
   797   proof -
   798     have "real \<lfloor>real a / real b\<rfloor> \<le> real a / real b" by simp
   799     moreover have "real \<lfloor>real a / real b\<rfloor> \<noteq> real a / real b"
   800     apply (subst (2) real_of_int_div_aux) unfolding floor_divide_eq_div using ne `b \<noteq> 0` by auto
   801     ultimately show "real \<lfloor>real a / real b\<rfloor> < real a / real b" by arith
   802   qed
   803   thus ?thesis using `\<not> b dvd a` by simp
   804 qed (simp add: ceiling_def real_of_int_minus[symmetric] divide_minus_left[symmetric]
   805   floor_divide_eq_div dvd_neg_div del: divide_minus_left real_of_int_minus)
   806 
   807 lemma compute_float_up[code]:
   808   "float_up p x = - float_down p (-x)"
   809   by transfer (simp add: round_down_uminus_eq)
   810 hide_fact (open) compute_float_up
   811 
   812 
   813 subsection {* Compute bitlen of integers *}
   814 
   815 definition bitlen :: "int \<Rightarrow> int" where
   816   "bitlen a = (if a > 0 then \<lfloor>log 2 a\<rfloor> + 1 else 0)"
   817 
   818 lemma bitlen_nonneg: "0 \<le> bitlen x"
   819 proof -
   820   {
   821     assume "0 > x"
   822     have "-1 = log 2 (inverse 2)" by (subst log_inverse) simp_all
   823     also have "... < log 2 (-x)" using `0 > x` by auto
   824     finally have "-1 < log 2 (-x)" .
   825   } thus "0 \<le> bitlen x" unfolding bitlen_def by (auto intro!: add_nonneg_nonneg)
   826 qed
   827 
   828 lemma bitlen_bounds:
   829   assumes "x > 0"
   830   shows "2 ^ nat (bitlen x - 1) \<le> x \<and> x < 2 ^ nat (bitlen x)"
   831 proof
   832   have "(2::real) ^ nat \<lfloor>log 2 (real x)\<rfloor> = 2 powr real (floor (log 2 (real x)))"
   833     using powr_realpow[symmetric, of 2 "nat \<lfloor>log 2 (real x)\<rfloor>"] `x > 0`
   834     using real_nat_eq_real[of "floor (log 2 (real x))"]
   835     by simp
   836   also have "... \<le> 2 powr log 2 (real x)"
   837     by simp
   838   also have "... = real x"
   839     using `0 < x` by simp
   840   finally have "2 ^ nat \<lfloor>log 2 (real x)\<rfloor> \<le> real x" by simp
   841   thus "2 ^ nat (bitlen x - 1) \<le> x" using `x > 0`
   842     by (simp add: bitlen_def)
   843 next
   844   have "x \<le> 2 powr (log 2 x)" using `x > 0` by simp
   845   also have "... < 2 ^ nat (\<lfloor>log 2 (real x)\<rfloor> + 1)"
   846     apply (simp add: powr_realpow[symmetric])
   847     using `x > 0` by simp
   848   finally show "x < 2 ^ nat (bitlen x)" using `x > 0`
   849     by (simp add: bitlen_def ac_simps)
   850 qed
   851 
   852 lemma bitlen_pow2[simp]:
   853   assumes "b > 0"
   854   shows "bitlen (b * 2 ^ c) = bitlen b + c"
   855 proof -
   856   from assms have "b * 2 ^ c > 0" by auto
   857   thus ?thesis
   858     using floor_add[of "log 2 b" c] assms
   859     by (auto simp add: log_mult log_nat_power bitlen_def)
   860 qed
   861 
   862 lemma bitlen_Float:
   863   fixes m e
   864   defines "f \<equiv> Float m e"
   865   shows "bitlen (\<bar>mantissa f\<bar>) + exponent f = (if m = 0 then 0 else bitlen \<bar>m\<bar> + e)"
   866 proof (cases "m = 0")
   867   case True
   868   then show ?thesis by (simp add: f_def bitlen_def Float_def)
   869 next
   870   case False
   871   hence "f \<noteq> float_of 0"
   872     unfolding real_of_float_eq by (simp add: f_def)
   873   hence "mantissa f \<noteq> 0"
   874     by (simp add: mantissa_noteq_0)
   875   moreover
   876   obtain i where "m = mantissa f * 2 ^ i" "e = exponent f - int i"
   877     by (rule f_def[THEN denormalize_shift, OF `f \<noteq> float_of 0`])
   878   ultimately show ?thesis by (simp add: abs_mult)
   879 qed
   880 
   881 lemma compute_bitlen[code]:
   882   shows "bitlen x = (if x > 0 then bitlen (x div 2) + 1 else 0)"
   883 proof -
   884   { assume "2 \<le> x"
   885     then have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 (x - x mod 2)\<rfloor>"
   886       by (simp add: log_mult zmod_zdiv_equality')
   887     also have "\<dots> = \<lfloor>log 2 (real x)\<rfloor>"
   888     proof cases
   889       assume "x mod 2 = 0" then show ?thesis by simp
   890     next
   891       def n \<equiv> "\<lfloor>log 2 (real x)\<rfloor>"
   892       then have "0 \<le> n"
   893         using `2 \<le> x` by simp
   894       assume "x mod 2 \<noteq> 0"
   895       with `2 \<le> x` have "x mod 2 = 1" "\<not> 2 dvd x" by (auto simp add: dvd_eq_mod_eq_0)
   896       with `2 \<le> x` have "x \<noteq> 2^nat n" by (cases "nat n") auto
   897       moreover
   898       { have "real (2^nat n :: int) = 2 powr (nat n)"
   899           by (simp add: powr_realpow)
   900         also have "\<dots> \<le> 2 powr (log 2 x)"
   901           using `2 \<le> x` by (simp add: n_def del: powr_log_cancel)
   902         finally have "2^nat n \<le> x" using `2 \<le> x` by simp }
   903       ultimately have "2^nat n \<le> x - 1" by simp
   904       then have "2^nat n \<le> real (x - 1)"
   905         unfolding real_of_int_le_iff[symmetric] by simp
   906       { have "n = \<lfloor>log 2 (2^nat n)\<rfloor>"
   907           using `0 \<le> n` by (simp add: log_nat_power)
   908         also have "\<dots> \<le> \<lfloor>log 2 (x - 1)\<rfloor>"
   909           using `2^nat n \<le> real (x - 1)` `0 \<le> n` `2 \<le> x` by (auto intro: floor_mono)
   910         finally have "n \<le> \<lfloor>log 2 (x - 1)\<rfloor>" . }
   911       moreover have "\<lfloor>log 2 (x - 1)\<rfloor> \<le> n"
   912         using `2 \<le> x` by (auto simp add: n_def intro!: floor_mono)
   913       ultimately show "\<lfloor>log 2 (x - x mod 2)\<rfloor> = \<lfloor>log 2 x\<rfloor>"
   914         unfolding n_def `x mod 2 = 1` by auto
   915     qed
   916     finally have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 x\<rfloor>" . }
   917   moreover
   918   { assume "x < 2" "0 < x"
   919     then have "x = 1" by simp
   920     then have "\<lfloor>log 2 (real x)\<rfloor> = 0" by simp }
   921   ultimately show ?thesis
   922     unfolding bitlen_def
   923     by (auto simp: pos_imp_zdiv_pos_iff not_le)
   924 qed
   925 hide_fact (open) compute_bitlen
   926 
   927 lemma float_gt1_scale: assumes "1 \<le> Float m e"
   928   shows "0 \<le> e + (bitlen m - 1)"
   929 proof -
   930   have "0 < Float m e" using assms by auto
   931   hence "0 < m" using powr_gt_zero[of 2 e]  
   932     apply (auto simp: zero_less_mult_iff)
   933     using not_le powr_ge_pzero by blast
   934   hence "m \<noteq> 0" by auto
   935   show ?thesis
   936   proof (cases "0 \<le> e")
   937     case True thus ?thesis using `0 < m`  by (simp add: bitlen_def)
   938   next
   939     have "(1::int) < 2" by simp
   940     case False let ?S = "2^(nat (-e))"
   941     have "inverse (2 ^ nat (- e)) = 2 powr e" using assms False powr_realpow[of 2 "nat (-e)"]
   942       by (auto simp: powr_minus field_simps)
   943     hence "1 \<le> real m * inverse ?S" using assms False powr_realpow[of 2 "nat (-e)"]
   944       by (auto simp: powr_minus)
   945     hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
   946     hence "?S \<le> real m" unfolding mult.assoc by auto
   947     hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
   948     from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
   949     have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric]
   950       by (rule order_le_less_trans)
   951     hence "-e < bitlen m" using False by auto
   952     thus ?thesis by auto
   953   qed
   954 qed
   955 
   956 lemma bitlen_div:
   957   assumes "0 < m"
   958   shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
   959 proof -
   960   let ?B = "2^nat(bitlen m - 1)"
   961 
   962   have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
   963   hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
   964   thus "1 \<le> real m / ?B" by auto
   965 
   966   have "m \<noteq> 0" using assms by auto
   967   have "0 \<le> bitlen m - 1" using `0 < m` by (auto simp: bitlen_def)
   968 
   969   have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
   970   also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using `0 < m` by (auto simp: bitlen_def)
   971   also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
   972   finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
   973   hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
   974   thus "real m / ?B < 2" by auto
   975 qed
   976 
   977 subsection {* Truncating Real Numbers*}
   978 
   979 definition truncate_down::"nat \<Rightarrow> real \<Rightarrow> real" where
   980   "truncate_down prec x = round_down (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x"
   981 
   982 lemma truncate_down: "truncate_down prec x \<le> x"
   983   using round_down by (simp add: truncate_down_def)
   984 
   985 lemma truncate_down_le: "x \<le> y \<Longrightarrow> truncate_down prec x \<le> y"
   986   by (rule order_trans[OF truncate_down])
   987 
   988 lemma truncate_down_zero[simp]: "truncate_down prec 0 = 0"
   989   by (simp add: truncate_down_def)
   990 
   991 lemma truncate_down_float[simp]: "truncate_down p x \<in> float"
   992   by (auto simp: truncate_down_def)
   993 
   994 definition truncate_up::"nat \<Rightarrow> real \<Rightarrow> real" where
   995   "truncate_up prec x = round_up (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x"
   996 
   997 lemma truncate_up: "x \<le> truncate_up prec x"
   998   using round_up by (simp add: truncate_up_def)
   999 
  1000 lemma truncate_up_le: "x \<le> y \<Longrightarrow> x \<le> truncate_up prec y"
  1001   by (rule order_trans[OF _ truncate_up])
  1002 
  1003 lemma truncate_up_zero[simp]: "truncate_up prec 0 = 0"
  1004   by (simp add: truncate_up_def)
  1005 
  1006 lemma truncate_up_uminus_eq: "truncate_up prec (-x) = - truncate_down prec x"
  1007   and truncate_down_uminus_eq: "truncate_down prec (-x) = - truncate_up prec x"
  1008   by (auto simp: truncate_up_def round_up_def truncate_down_def round_down_def ceiling_def)
  1009 
  1010 lemma truncate_up_float[simp]: "truncate_up p x \<in> float"
  1011   by (auto simp: truncate_up_def)
  1012 
  1013 lemma mult_powr_eq: "0 < b \<Longrightarrow> b \<noteq> 1 \<Longrightarrow> 0 < x \<Longrightarrow> x * b powr y = b powr (y + log b x)"
  1014   by (simp_all add: powr_add)
  1015 
  1016 lemma truncate_down_pos:
  1017   assumes "x > 0" "p > 0"
  1018   shows "truncate_down p x > 0"
  1019 proof -
  1020   have "0 \<le> log 2 x - real \<lfloor>log 2 x\<rfloor>"
  1021     by (simp add: algebra_simps)
  1022   from this assms
  1023   show ?thesis
  1024     by (auto simp: truncate_down_def round_down_def mult_powr_eq
  1025       intro!: ge_one_powr_ge_zero mult_pos_pos)
  1026 qed
  1027 
  1028 lemma truncate_down_nonneg: "0 \<le> y \<Longrightarrow> 0 \<le> truncate_down prec y"
  1029   by (auto simp: truncate_down_def round_down_def)
  1030 
  1031 lemma truncate_down_ge1: "1 \<le> x \<Longrightarrow> 1 \<le> p \<Longrightarrow> 1 \<le> truncate_down p x"
  1032   by (auto simp: truncate_down_def algebra_simps intro!: round_down_ge1 add_mono)
  1033 
  1034 lemma truncate_up_nonpos: "x \<le> 0 \<Longrightarrow> truncate_up prec x \<le> 0"
  1035   by (auto simp: truncate_up_def round_up_def intro!: mult_nonpos_nonneg)
  1036 
  1037 lemma truncate_up_le1:
  1038   assumes "x \<le> 1" "1 \<le> p" shows "truncate_up p x \<le> 1"
  1039 proof -
  1040   {
  1041     assume "x \<le> 0"
  1042     with truncate_up_nonpos[OF this, of p] have ?thesis by simp
  1043   } moreover {
  1044     assume "x > 0"
  1045     hence le: "\<lfloor>log 2 \<bar>x\<bar>\<rfloor> \<le> 0"
  1046       using assms by (auto simp: log_less_iff)
  1047     from assms have "1 \<le> int p" by simp
  1048     from add_mono[OF this le]
  1049     have ?thesis using assms
  1050       by (simp add: truncate_up_def round_up_le1 add_mono)
  1051   } ultimately show ?thesis by arith
  1052 qed
  1053 
  1054 subsection {* Truncating Floats*}
  1055 
  1056 lift_definition float_round_up :: "nat \<Rightarrow> float \<Rightarrow> float" is truncate_up
  1057   by (simp add: truncate_up_def)
  1058 
  1059 lemma float_round_up: "real x \<le> real (float_round_up prec x)"
  1060   using truncate_up by transfer simp
  1061 
  1062 lemma float_round_up_zero[simp]: "float_round_up prec 0 = 0"
  1063   by transfer simp
  1064 
  1065 lift_definition float_round_down :: "nat \<Rightarrow> float \<Rightarrow> float" is truncate_down
  1066   by (simp add: truncate_down_def)
  1067 
  1068 lemma float_round_down: "real (float_round_down prec x) \<le> real x"
  1069   using truncate_down by transfer simp
  1070 
  1071 lemma float_round_down_zero[simp]: "float_round_down prec 0 = 0"
  1072   by transfer simp
  1073 
  1074 lemmas float_round_up_le = order_trans[OF _ float_round_up]
  1075   and float_round_down_le = order_trans[OF float_round_down]
  1076 
  1077 lemma minus_float_round_up_eq: "- float_round_up prec x = float_round_down prec (- x)"
  1078   and minus_float_round_down_eq: "- float_round_down prec x = float_round_up prec (- x)"
  1079   by (transfer, simp add: truncate_down_uminus_eq truncate_up_uminus_eq)+
  1080 
  1081 lemma compute_float_round_down[code]:
  1082   "float_round_down prec (Float m e) = (let d = bitlen (abs m) - int prec in
  1083     if 0 < d then Float (div_twopow m (nat d)) (e + d)
  1084              else Float m e)"
  1085   using Float.compute_float_down[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
  1086   by transfer (simp add: field_simps abs_mult log_mult bitlen_def truncate_down_def
  1087     cong del: if_weak_cong)
  1088 hide_fact (open) compute_float_round_down
  1089 
  1090 lemma compute_float_round_up[code]:
  1091   "float_round_up prec x = - float_round_down prec (-x)"
  1092   by transfer (simp add: truncate_down_uminus_eq)
  1093 hide_fact (open) compute_float_round_up
  1094 
  1095 
  1096 subsection {* Approximation of positive rationals *}
  1097 
  1098 lemma div_mult_twopow_eq: fixes a b::nat shows "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)"
  1099   by (cases "b=0") (simp_all add: div_mult2_eq[symmetric] ac_simps)
  1100 
  1101 lemma real_div_nat_eq_floor_of_divide:
  1102   fixes a b :: nat
  1103   shows "a div b = real \<lfloor>a / b\<rfloor>"
  1104   by (simp add: floor_divide_of_nat_eq [of a b] real_eq_of_nat)
  1105 
  1106 definition "rat_precision prec x y = int prec - (bitlen x - bitlen y)"
  1107 
  1108 lift_definition lapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
  1109   is "\<lambda>prec (x::nat) (y::nat). round_down (rat_precision prec x y) (x / y)" by simp
  1110 
  1111 lemma compute_lapprox_posrat[code]:
  1112   fixes prec x y
  1113   shows "lapprox_posrat prec x y =
  1114    (let
  1115        l = rat_precision prec x y;
  1116        d = if 0 \<le> l then x * 2^nat l div y else x div 2^nat (- l) div y
  1117     in normfloat (Float d (- l)))"
  1118     unfolding div_mult_twopow_eq
  1119     by transfer
  1120        (simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide field_simps Let_def
  1121              del: two_powr_minus_int_float)
  1122 hide_fact (open) compute_lapprox_posrat
  1123 
  1124 lift_definition rapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
  1125   is "\<lambda>prec (x::nat) (y::nat). round_up (rat_precision prec x y) (x / y)" by simp
  1126 
  1127 lemma compute_rapprox_posrat[code]:
  1128   fixes prec x y
  1129   notes divmod_int_mod_div[simp]
  1130   defines "l \<equiv> rat_precision prec x y"
  1131   shows "rapprox_posrat prec x y = (let
  1132      l = l ;
  1133      X = if 0 \<le> l then (x * 2^nat l, y) else (x, y * 2^nat(-l)) ;
  1134      (d, m) = divmod_int (fst X) (snd X)
  1135    in normfloat (Float (d + (if m = 0 \<or> y = 0 then 0 else 1)) (- l)))"
  1136 proof (cases "y = 0")
  1137   assume "y = 0" thus ?thesis by transfer simp
  1138 next
  1139   assume "y \<noteq> 0"
  1140   show ?thesis
  1141   proof (cases "0 \<le> l")
  1142     assume "0 \<le> l"
  1143     def x' \<equiv> "x * 2 ^ nat l"
  1144     have "int x * 2 ^ nat l = x'" by (simp add: x'_def int_mult int_power)
  1145     moreover have "real x * 2 powr real l = real x'"
  1146       by (simp add: powr_realpow[symmetric] `0 \<le> l` x'_def)
  1147     ultimately show ?thesis
  1148       using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] `0 \<le> l` `y \<noteq> 0`
  1149         l_def[symmetric, THEN meta_eq_to_obj_eq]
  1150       by transfer (auto simp add: floor_divide_eq_div [symmetric] round_up_def)
  1151    next
  1152     assume "\<not> 0 \<le> l"
  1153     def y' \<equiv> "y * 2 ^ nat (- l)"
  1154     from `y \<noteq> 0` have "y' \<noteq> 0" by (simp add: y'_def)
  1155     have "int y * 2 ^ nat (- l) = y'" by (simp add: y'_def int_mult int_power)
  1156     moreover have "real x * real (2::int) powr real l / real y = x / real y'"
  1157       using `\<not> 0 \<le> l`
  1158       by (simp add: powr_realpow[symmetric] powr_minus y'_def field_simps)
  1159     ultimately show ?thesis
  1160       using ceil_divide_floor_conv[of y' x] `\<not> 0 \<le> l` `y' \<noteq> 0` `y \<noteq> 0`
  1161         l_def[symmetric, THEN meta_eq_to_obj_eq]
  1162       by transfer
  1163          (auto simp add: round_up_def ceil_divide_floor_conv floor_divide_eq_div [symmetric])
  1164   qed
  1165 qed
  1166 hide_fact (open) compute_rapprox_posrat
  1167 
  1168 lemma rat_precision_pos:
  1169   assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
  1170   shows "rat_precision n (int x) (int y) > 0"
  1171 proof -
  1172   { assume "0 < x" hence "log 2 x + 1 = log 2 (2 * x)" by (simp add: log_mult) }
  1173   hence "bitlen (int x) < bitlen (int y)" using assms
  1174     by (simp add: bitlen_def del: floor_add_one)
  1175       (auto intro!: floor_mono simp add: floor_add_one[symmetric] simp del: floor_add floor_add_one)
  1176   thus ?thesis
  1177     using assms by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)
  1178 qed
  1179 
  1180 lemma rapprox_posrat_less1:
  1181   shows "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> 2 * x < y \<Longrightarrow> 0 < n \<Longrightarrow> real (rapprox_posrat n x y) < 1"
  1182   by transfer (simp add: rat_precision_pos round_up_less1)
  1183 
  1184 lift_definition lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
  1185   "\<lambda>prec (x::int) (y::int). round_down (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
  1186 
  1187 lemma compute_lapprox_rat[code]:
  1188   "lapprox_rat prec x y =
  1189     (if y = 0 then 0
  1190     else if 0 \<le> x then
  1191       (if 0 < y then lapprox_posrat prec (nat x) (nat y)
  1192       else - (rapprox_posrat prec (nat x) (nat (-y))))
  1193       else (if 0 < y
  1194         then - (rapprox_posrat prec (nat (-x)) (nat y))
  1195         else lapprox_posrat prec (nat (-x)) (nat (-y))))"
  1196   by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)
  1197 hide_fact (open) compute_lapprox_rat
  1198 
  1199 lift_definition rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
  1200   "\<lambda>prec (x::int) (y::int). round_up (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
  1201 
  1202 lemma "rapprox_rat = rapprox_posrat"
  1203   by transfer auto
  1204 
  1205 lemma "lapprox_rat = lapprox_posrat"
  1206   by transfer auto
  1207 
  1208 lemma compute_rapprox_rat[code]:
  1209   "rapprox_rat prec x y = - lapprox_rat prec (-x) y"
  1210   by transfer (simp add: round_down_uminus_eq)
  1211 hide_fact (open) compute_rapprox_rat
  1212 
  1213 subsection {* Division *}
  1214 
  1215 definition "real_divl prec a b = round_down (int prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)"
  1216 
  1217 definition "real_divr prec a b = round_up (int prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)"
  1218 
  1219 lift_definition float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is real_divl
  1220   by (simp add: real_divl_def)
  1221 
  1222 lemma compute_float_divl[code]:
  1223   "float_divl prec (Float m1 s1) (Float m2 s2) = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
  1224 proof cases
  1225   let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
  1226   let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
  1227   assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1228   then have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) = rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
  1229     by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
  1230   have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
  1231     by (simp add: field_simps powr_divide2[symmetric])
  1232 
  1233   show ?thesis
  1234     using not_0
  1235     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_down_shift real_divl_def,
  1236       simp add: field_simps)
  1237 qed (transfer, auto simp: real_divl_def)
  1238 hide_fact (open) compute_float_divl
  1239 
  1240 lift_definition float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is real_divr
  1241   by (simp add: real_divr_def)
  1242 
  1243 lemma compute_float_divr[code]:
  1244   "float_divr prec x y = - float_divl prec (-x) y"
  1245   by transfer (simp add: real_divr_def real_divl_def round_down_uminus_eq)
  1246 hide_fact (open) compute_float_divr
  1247 
  1248 
  1249 subsection {* Approximate Power *}
  1250 
  1251 lemma div2_less_self[termination_simp]: fixes n::nat shows "odd n \<Longrightarrow> n div 2 < n"
  1252   by (simp add: odd_pos)
  1253 
  1254 fun power_down :: "nat \<Rightarrow> real \<Rightarrow> nat \<Rightarrow> real" where
  1255   "power_down p x 0 = 1"
  1256 | "power_down p x (Suc n) =
  1257     (if odd n then truncate_down (Suc p) ((power_down p x (Suc n div 2))\<^sup>2) else truncate_down (Suc p) (x * power_down p x n))"
  1258 
  1259 fun power_up :: "nat \<Rightarrow> real \<Rightarrow> nat \<Rightarrow> real" where
  1260   "power_up p x 0 = 1"
  1261 | "power_up p x (Suc n) =
  1262     (if odd n then truncate_up p ((power_up p x (Suc n div 2))\<^sup>2) else truncate_up p (x * power_up p x n))"
  1263 
  1264 lift_definition power_up_fl :: "nat \<Rightarrow> float \<Rightarrow> nat \<Rightarrow> float" is power_up
  1265   by (induct_tac rule: power_up.induct) simp_all
  1266 
  1267 lift_definition power_down_fl :: "nat \<Rightarrow> float \<Rightarrow> nat \<Rightarrow> float" is power_down
  1268   by (induct_tac rule: power_down.induct) simp_all
  1269 
  1270 lemma power_float_transfer[transfer_rule]:
  1271   "(rel_fun pcr_float (rel_fun op = pcr_float)) op ^ op ^"
  1272   unfolding power_def
  1273   by transfer_prover
  1274 
  1275 lemma compute_power_up_fl[code]:
  1276   "power_up_fl p x 0 = 1"
  1277   "power_up_fl p x (Suc n) =
  1278     (if odd n then float_round_up p ((power_up_fl p x (Suc n div 2))\<^sup>2) else float_round_up p (x * power_up_fl p x n))"
  1279   and compute_power_down_fl[code]:
  1280   "power_down_fl p x 0 = 1"
  1281   "power_down_fl p x (Suc n) =
  1282     (if odd n then float_round_down (Suc p) ((power_down_fl p x (Suc n div 2))\<^sup>2) else float_round_down (Suc p) (x * power_down_fl p x n))"
  1283   unfolding atomize_conj
  1284   by transfer simp
  1285 
  1286 lemma power_down_pos: "0 < x \<Longrightarrow> 0 < power_down p x n"
  1287   by (induct p x n rule: power_down.induct)
  1288     (auto simp del: odd_Suc_div_two intro!: truncate_down_pos)
  1289 
  1290 lemma power_down_nonneg: "0 \<le> x \<Longrightarrow> 0 \<le> power_down p x n"
  1291   by (induct p x n rule: power_down.induct)
  1292     (auto simp del: odd_Suc_div_two intro!: truncate_down_nonneg mult_nonneg_nonneg)
  1293 
  1294 lemma power_down: "0 \<le> x \<Longrightarrow> power_down p x n \<le> x ^ n"
  1295 proof (induct p x n rule: power_down.induct)
  1296   case (2 p x n)
  1297   {
  1298     assume "odd n"
  1299     hence "(power_down p x (Suc n div 2)) ^ 2 \<le> (x ^ (Suc n div 2)) ^ 2"
  1300       using 2
  1301       by (auto intro: power_mono power_down_nonneg simp del: odd_Suc_div_two)
  1302     also have "\<dots> = x ^ (Suc n div 2 * 2)"
  1303       by (simp add: power_mult[symmetric])
  1304     also have "Suc n div 2 * 2 = Suc n"
  1305       using `odd n` by presburger
  1306     finally have ?case
  1307       using `odd n`
  1308       by (auto intro!: truncate_down_le simp del: odd_Suc_div_two)
  1309   } thus ?case
  1310     by (auto intro!: truncate_down_le mult_left_mono 2 mult_nonneg_nonneg power_down_nonneg)
  1311 qed simp
  1312 
  1313 lemma power_up: "0 \<le> x \<Longrightarrow> x ^ n \<le> power_up p x n"
  1314 proof (induct p x n rule: power_up.induct)
  1315   case (2 p x n)
  1316   {
  1317     assume "odd n"
  1318     hence "Suc n = Suc n div 2 * 2"
  1319       using `odd n` even_Suc by presburger
  1320     hence "x ^ Suc n \<le> (x ^ (Suc n div 2))\<^sup>2"
  1321       by (simp add: power_mult[symmetric])
  1322     also have "\<dots> \<le> (power_up p x (Suc n div 2))\<^sup>2"
  1323       using 2 `odd n`
  1324       by (auto intro: power_mono simp del: odd_Suc_div_two )
  1325     finally have ?case
  1326       using `odd n`
  1327       by (auto intro!: truncate_up_le simp del: odd_Suc_div_two )
  1328   } thus ?case
  1329     by (auto intro!: truncate_up_le mult_left_mono 2)
  1330 qed simp
  1331 
  1332 lemmas power_up_le = order_trans[OF _ power_up]
  1333   and power_up_less = less_le_trans[OF _ power_up]
  1334   and power_down_le = order_trans[OF power_down]
  1335 
  1336 lemma power_down_fl: "0 \<le> x \<Longrightarrow> power_down_fl p x n \<le> x ^ n"
  1337   by transfer (rule power_down)
  1338 
  1339 lemma power_up_fl: "0 \<le> x \<Longrightarrow> x ^ n \<le> power_up_fl p x n"
  1340   by transfer (rule power_up)
  1341 
  1342 lemma real_power_up_fl: "real (power_up_fl p x n) = power_up p x n"
  1343   by transfer simp
  1344 
  1345 lemma real_power_down_fl: "real (power_down_fl p x n) = power_down p x n"
  1346   by transfer simp
  1347 
  1348 
  1349 subsection {* Approximate Addition *}
  1350 
  1351 definition "plus_down prec x y = truncate_down prec (x + y)"
  1352 
  1353 definition "plus_up prec x y = truncate_up prec (x + y)"
  1354 
  1355 lemma float_plus_down_float[intro, simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> plus_down p x y \<in> float"
  1356   by (simp add: plus_down_def)
  1357 
  1358 lemma float_plus_up_float[intro, simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> plus_up p x y \<in> float"
  1359   by (simp add: plus_up_def)
  1360 
  1361 lift_definition float_plus_down::"nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is plus_down ..
  1362 
  1363 lift_definition float_plus_up::"nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is plus_up ..
  1364 
  1365 lemma plus_down: "plus_down prec x y \<le> x + y"
  1366   and plus_up: "x + y \<le> plus_up prec x y"
  1367   by (auto simp: plus_down_def truncate_down plus_up_def truncate_up)
  1368 
  1369 lemma float_plus_down: "real (float_plus_down prec x y) \<le> x + y"
  1370   and float_plus_up: "x + y \<le> real (float_plus_up prec x y)"
  1371   by (transfer, rule plus_down plus_up)+
  1372 
  1373 lemmas plus_down_le = order_trans[OF plus_down]
  1374   and plus_up_le = order_trans[OF _ plus_up]
  1375   and float_plus_down_le = order_trans[OF float_plus_down]
  1376   and float_plus_up_le = order_trans[OF _ float_plus_up]
  1377 
  1378 lemma compute_plus_up[code]: "plus_up p x y = - plus_down p (-x) (-y)"
  1379   using truncate_down_uminus_eq[of p "x + y"]
  1380   by (auto simp: plus_down_def plus_up_def)
  1381 
  1382 lemma
  1383   truncate_down_log2_eqI:
  1384   assumes "\<lfloor>log 2 \<bar>x\<bar>\<rfloor> = \<lfloor>log 2 \<bar>y\<bar>\<rfloor>"
  1385   assumes "\<lfloor>x * 2 powr (p - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1)\<rfloor> = \<lfloor>y * 2 powr (p - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1)\<rfloor>"
  1386   shows "truncate_down p x = truncate_down p y"
  1387   using assms by (auto simp: truncate_down_def round_down_def)
  1388 
  1389 lemma bitlen_eq_zero_iff: "bitlen x = 0 \<longleftrightarrow> x \<le> 0"
  1390   by (clarsimp simp add: bitlen_def)
  1391     (metis Float.compute_bitlen add.commute bitlen_def bitlen_nonneg less_add_same_cancel2 not_less
  1392       zero_less_one)
  1393 
  1394 lemma
  1395   sum_neq_zeroI:
  1396   fixes a k::real
  1397   shows "abs a \<ge> k \<Longrightarrow> abs b < k \<Longrightarrow> a + b \<noteq> 0"
  1398     and "abs a > k \<Longrightarrow> abs b \<le> k \<Longrightarrow> a + b \<noteq> 0"
  1399   by auto
  1400 
  1401 lemma
  1402   abs_real_le_2_powr_bitlen[simp]:
  1403   "\<bar>real m2\<bar> < 2 powr real (bitlen \<bar>m2\<bar>)"
  1404 proof cases
  1405   assume "m2 \<noteq> 0"
  1406   hence "\<bar>m2\<bar> < 2 ^ nat (bitlen \<bar>m2\<bar>)"
  1407     using bitlen_bounds[of "\<bar>m2\<bar>"]
  1408     by (auto simp: powr_add bitlen_nonneg)
  1409   thus ?thesis
  1410     by (simp add: powr_int bitlen_nonneg real_of_int_less_iff[symmetric])
  1411 qed simp
  1412 
  1413 lemma floor_sum_times_2_powr_sgn_eq:
  1414   fixes ai p q::int
  1415   and a b::real
  1416   assumes "a * 2 powr p = ai"
  1417   assumes b_le_1: "abs (b * 2 powr (p + 1)) \<le> 1"
  1418   assumes leqp: "q \<le> p"
  1419   shows "\<lfloor>(a + b) * 2 powr q\<rfloor> = \<lfloor>(2 * ai + sgn b) * 2 powr (q - p - 1)\<rfloor>"
  1420 proof -
  1421   {
  1422     assume "b = 0"
  1423     hence ?thesis
  1424       by (simp add: assms(1)[symmetric] powr_add[symmetric] algebra_simps powr_mult_base)
  1425   } moreover {
  1426     assume "b > 0"
  1427     hence "b * 2 powr p < abs (b * 2 powr (p + 1))" by simp
  1428     also note b_le_1
  1429     finally have b_less_1: "b * 2 powr real p < 1" .
  1430 
  1431     from b_less_1 `b > 0` have floor_eq: "\<lfloor>b * 2 powr real p\<rfloor> = 0" "\<lfloor>sgn b / 2\<rfloor> = 0"
  1432       by (simp_all add: floor_eq_iff)
  1433 
  1434     have "\<lfloor>(a + b) * 2 powr q\<rfloor> = \<lfloor>(a + b) * 2 powr p * 2 powr (q - p)\<rfloor>"
  1435       by (simp add: algebra_simps powr_realpow[symmetric] powr_add[symmetric])
  1436     also have "\<dots> = \<lfloor>(ai + b * 2 powr p) * 2 powr (q - p)\<rfloor>"
  1437       by (simp add: assms algebra_simps)
  1438     also have "\<dots> = \<lfloor>(ai + b * 2 powr p) / real ((2::int) ^ nat (p - q))\<rfloor>"
  1439       using assms
  1440       by (simp add: algebra_simps powr_realpow[symmetric] divide_powr_uminus powr_add[symmetric])
  1441     also have "\<dots> = \<lfloor>ai / real ((2::int) ^ nat (p - q))\<rfloor>"
  1442       by (simp del: real_of_int_power add: floor_divide_real_eq_div floor_eq)
  1443     finally have "\<lfloor>(a + b) * 2 powr real q\<rfloor> = \<lfloor>real ai / real ((2::int) ^ nat (p - q))\<rfloor>" .
  1444     moreover
  1445     {
  1446       have "\<lfloor>(2 * ai + sgn b) * 2 powr (real (q - p) - 1)\<rfloor> = \<lfloor>(ai + sgn b / 2) * 2 powr (q - p)\<rfloor>"
  1447         by (subst powr_divide2[symmetric]) (simp add: field_simps)
  1448       also have "\<dots> = \<lfloor>(ai + sgn b / 2) / real ((2::int) ^ nat (p - q))\<rfloor>"
  1449         using leqp by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])
  1450       also have "\<dots> = \<lfloor>ai / real ((2::int) ^ nat (p - q))\<rfloor>"
  1451         by (simp del: real_of_int_power add: floor_divide_real_eq_div floor_eq)
  1452       finally
  1453       have "\<lfloor>(2 * ai + (sgn b)) * 2 powr (real (q - p) - 1)\<rfloor> =
  1454           \<lfloor>real ai / real ((2::int) ^ nat (p - q))\<rfloor>"
  1455         .
  1456     } ultimately have ?thesis by simp
  1457   } moreover {
  1458     assume "\<not> 0 \<le> b"
  1459     hence "0 > b" by simp
  1460     hence floor_eq: "\<lfloor>b * 2 powr (real p + 1)\<rfloor> = -1"
  1461       using b_le_1
  1462       by (auto simp: floor_eq_iff algebra_simps pos_divide_le_eq[symmetric] abs_if divide_powr_uminus
  1463         intro!: mult_neg_pos split: split_if_asm)
  1464     have "\<lfloor>(a + b) * 2 powr q\<rfloor> = \<lfloor>(2*a + 2*b) * 2 powr p * 2 powr (q - p - 1)\<rfloor>"
  1465       by (simp add: algebra_simps powr_realpow[symmetric] powr_add[symmetric] powr_mult_base)
  1466     also have "\<dots> = \<lfloor>(2 * (a * 2 powr p) + 2 * b * 2 powr p) * 2 powr (q - p - 1)\<rfloor>"
  1467       by (simp add: algebra_simps)
  1468     also have "\<dots> = \<lfloor>(2 * ai + b * 2 powr (p + 1)) / 2 powr (1 - q + p)\<rfloor>"
  1469       using assms by (simp add: algebra_simps powr_mult_base divide_powr_uminus)
  1470     also have "\<dots> = \<lfloor>(2 * ai + b * 2 powr (p + 1)) / real ((2::int) ^ nat (p - q + 1))\<rfloor>"
  1471       using assms by (simp add: algebra_simps powr_realpow[symmetric])
  1472     also have "\<dots> = \<lfloor>(2 * ai - 1) / real ((2::int) ^ nat (p - q + 1))\<rfloor>"
  1473       using `b < 0` assms
  1474       by (simp add: floor_divide_eq_div floor_eq floor_divide_real_eq_div
  1475         del: real_of_int_mult real_of_int_power real_of_int_diff)
  1476     also have "\<dots> = \<lfloor>(2 * ai - 1) * 2 powr (q - p - 1)\<rfloor>"
  1477       using assms by (simp add: algebra_simps divide_powr_uminus powr_realpow[symmetric])
  1478     finally have ?thesis using `b < 0` by simp
  1479   } ultimately show ?thesis by arith
  1480 qed
  1481 
  1482 lemma
  1483   log2_abs_int_add_less_half_sgn_eq:
  1484   fixes ai::int and b::real
  1485   assumes "abs b \<le> 1/2" "ai \<noteq> 0"
  1486   shows "\<lfloor>log 2 \<bar>real ai + b\<bar>\<rfloor> = \<lfloor>log 2 \<bar>ai + sgn b / 2\<bar>\<rfloor>"
  1487 proof cases
  1488   assume "b = 0" thus ?thesis by simp
  1489 next
  1490   assume "b \<noteq> 0"
  1491   def k \<equiv> "\<lfloor>log 2 \<bar>ai\<bar>\<rfloor>"
  1492   hence "\<lfloor>log 2 \<bar>ai\<bar>\<rfloor> = k" by simp
  1493   hence k: "2 powr k \<le> \<bar>ai\<bar>" "\<bar>ai\<bar> < 2 powr (k + 1)"
  1494     by (simp_all add: floor_log_eq_powr_iff `ai \<noteq> 0`)
  1495   have "k \<ge> 0"
  1496     using assms by (auto simp: k_def)
  1497   def r \<equiv> "\<bar>ai\<bar> - 2 ^ nat k"
  1498   have r: "0 \<le> r" "r < 2 powr k"
  1499     using `k \<ge> 0` k
  1500     by (auto simp: r_def k_def algebra_simps powr_add abs_if powr_int)
  1501   hence "r \<le> (2::int) ^ nat k - 1"
  1502     using `k \<ge> 0` by (auto simp: powr_int)
  1503   from this[simplified real_of_int_le_iff[symmetric]] `0 \<le> k`
  1504   have r_le: "r \<le> 2 powr k - 1"
  1505     by (auto simp: algebra_simps powr_int simp del: real_of_int_le_iff)
  1506 
  1507   have "\<bar>ai\<bar> = 2 powr k + r"
  1508     using `k \<ge> 0` by (auto simp: k_def r_def powr_realpow[symmetric])
  1509 
  1510   have pos: "\<And>b::real. abs b < 1 \<Longrightarrow> 0 < 2 powr k + (r + b)"
  1511     using `0 \<le> k` `ai \<noteq> 0`
  1512     by (auto simp add: r_def powr_realpow[symmetric] abs_if sgn_if algebra_simps
  1513       split: split_if_asm)
  1514   have less: "\<bar>sgn ai * b\<bar> < 1"
  1515     and less': "\<bar>sgn (sgn ai * b) / 2\<bar> < 1"
  1516     using `abs b \<le> _` by (auto simp: abs_if sgn_if split: split_if_asm)
  1517 
  1518   have floor_eq: "\<And>b::real. abs b \<le> 1 / 2 \<Longrightarrow>
  1519       \<lfloor>log 2 (1 + (r + b) / 2 powr k)\<rfloor> = (if r = 0 \<and> b < 0 then -1 else 0)"
  1520     using `k \<ge> 0` r r_le
  1521     by (auto simp: floor_log_eq_powr_iff powr_minus_divide field_simps sgn_if)
  1522 
  1523   from `real \<bar>ai\<bar> = _` have "\<bar>ai + b\<bar> = 2 powr k + (r + sgn ai * b)"
  1524     using `abs b <= _` `0 \<le> k` r
  1525     by (auto simp add: sgn_if abs_if)
  1526   also have "\<lfloor>log 2 \<dots>\<rfloor> = \<lfloor>log 2 (2 powr k + r + sgn (sgn ai * b) / 2)\<rfloor>"
  1527   proof -
  1528     have "2 powr k + (r + (sgn ai) * b) = 2 powr k * (1 + (r + sgn ai * b) / 2 powr k)"
  1529       by (simp add: field_simps)
  1530     also have "\<lfloor>log 2 \<dots>\<rfloor> = k + \<lfloor>log 2 (1 + (r + sgn ai * b) / 2 powr k)\<rfloor>"
  1531       using pos[OF less]
  1532       by (subst log_mult) (simp_all add: log_mult powr_mult field_simps)
  1533     also
  1534     let ?if = "if r = 0 \<and> sgn ai * b < 0 then -1 else 0"
  1535     have "\<lfloor>log 2 (1 + (r + sgn ai * b) / 2 powr k)\<rfloor> = ?if"
  1536       using `abs b <= _`
  1537       by (intro floor_eq) (auto simp: abs_mult sgn_if)
  1538     also
  1539     have "\<dots> = \<lfloor>log 2 (1 + (r + sgn (sgn ai * b) / 2) / 2 powr k)\<rfloor>"
  1540       by (subst floor_eq) (auto simp: sgn_if)
  1541     also have "k + \<dots> = \<lfloor>log 2 (2 powr k * (1 + (r + sgn (sgn ai * b) / 2) / 2 powr k))\<rfloor>"
  1542       unfolding floor_add2[symmetric]
  1543       using pos[OF less'] `abs b \<le> _`
  1544       by (simp add: field_simps add_log_eq_powr)
  1545     also have "2 powr k * (1 + (r + sgn (sgn ai * b) / 2) / 2 powr k) =
  1546         2 powr k + r + sgn (sgn ai * b) / 2"
  1547       by (simp add: sgn_if field_simps)
  1548     finally show ?thesis .
  1549   qed
  1550   also have "2 powr k + r + sgn (sgn ai * b) / 2 = \<bar>ai + sgn b / 2\<bar>"
  1551     unfolding `real \<bar>ai\<bar> = _`[symmetric] using `ai \<noteq> 0`
  1552     by (auto simp: abs_if sgn_if algebra_simps)
  1553   finally show ?thesis .
  1554 qed
  1555 
  1556 lemma compute_far_float_plus_down:
  1557   fixes m1 e1 m2 e2::int and p::nat
  1558   defines "k1 \<equiv> p - nat (bitlen \<bar>m1\<bar>)"
  1559   assumes H: "bitlen \<bar>m2\<bar> \<le> e1 - e2 - k1 - 2" "m1 \<noteq> 0" "m2 \<noteq> 0" "e1 \<ge> e2"
  1560   shows "float_plus_down p (Float m1 e1) (Float m2 e2) =
  1561     float_round_down p (Float (m1 * 2 ^ (Suc (Suc k1)) + sgn m2) (e1 - int k1 - 2))"
  1562 proof -
  1563   let ?a = "real (Float m1 e1)"
  1564   let ?b = "real (Float m2 e2)"
  1565   let ?sum = "?a + ?b"
  1566   let ?shift = "real e2 - real e1 + real k1 + 1"
  1567   let ?m1 = "m1 * 2 ^ Suc k1"
  1568   let ?m2 = "m2 * 2 powr ?shift"
  1569   let ?m2' = "sgn m2 / 2"
  1570   let ?e = "e1 - int k1 - 1"
  1571 
  1572   have sum_eq: "?sum = (?m1 + ?m2) * 2 powr ?e"
  1573     by (auto simp: powr_add[symmetric] powr_mult[symmetric] algebra_simps
  1574       powr_realpow[symmetric] powr_mult_base)
  1575 
  1576   have "\<bar>?m2\<bar> * 2 < 2 powr (bitlen \<bar>m2\<bar> + ?shift + 1)"
  1577     by (auto simp: field_simps powr_add powr_mult_base powr_numeral powr_divide2[symmetric] abs_mult)
  1578   also have "\<dots> \<le> 2 powr 0"
  1579     using H by (intro powr_mono) auto
  1580   finally have abs_m2_less_half: "\<bar>?m2\<bar> < 1 / 2"
  1581     by simp
  1582 
  1583   hence "\<bar>real m2\<bar> < 2 powr -(?shift + 1)"
  1584     unfolding powr_minus_divide by (auto simp: bitlen_def field_simps powr_mult_base abs_mult)
  1585   also have "\<dots> \<le> 2 powr real (e1 - e2 - 2)"
  1586     by simp
  1587   finally have b_less_quarter: "\<bar>?b\<bar> < 1/4 * 2 powr real e1"
  1588     by (simp add: powr_add field_simps powr_divide2[symmetric] powr_numeral abs_mult)
  1589   also have "1/4 < \<bar>real m1\<bar> / 2" using `m1 \<noteq> 0` by simp
  1590   finally have b_less_half_a: "\<bar>?b\<bar> < 1/2 * \<bar>?a\<bar>"
  1591     by (simp add: algebra_simps powr_mult_base abs_mult)
  1592   hence a_half_less_sum: "\<bar>?a\<bar> / 2 < \<bar>?sum\<bar>"
  1593     by (auto simp: field_simps abs_if split: split_if_asm)
  1594 
  1595   from b_less_half_a have "\<bar>?b\<bar> < \<bar>?a\<bar>" "\<bar>?b\<bar> \<le> \<bar>?a\<bar>"
  1596     by simp_all
  1597 
  1598   have "\<bar>real (Float m1 e1)\<bar> \<ge> 1/4 * 2 powr real e1"
  1599     using `m1 \<noteq> 0`
  1600     by (auto simp: powr_add powr_int bitlen_nonneg divide_right_mono abs_mult)
  1601   hence "?sum \<noteq> 0" using b_less_quarter
  1602     by (rule sum_neq_zeroI)
  1603   hence "?m1 + ?m2 \<noteq> 0"
  1604     unfolding sum_eq by (simp add: abs_mult zero_less_mult_iff)
  1605 
  1606   have "\<bar>real ?m1\<bar> \<ge> 2 ^ Suc k1" "\<bar>?m2'\<bar> < 2 ^ Suc k1"
  1607     using `m1 \<noteq> 0` `m2 \<noteq> 0` by (auto simp: sgn_if less_1_mult abs_mult simp del: power.simps)
  1608   hence sum'_nz: "?m1 + ?m2' \<noteq> 0"
  1609     by (intro sum_neq_zeroI)
  1610 
  1611   have "\<lfloor>log 2 \<bar>real (Float m1 e1) + real (Float m2 e2)\<bar>\<rfloor> = \<lfloor>log 2 \<bar>?m1 + ?m2\<bar>\<rfloor> + ?e"
  1612     using `?m1 + ?m2 \<noteq> 0`
  1613     unfolding floor_add[symmetric] sum_eq
  1614     by (simp add: abs_mult log_mult)
  1615   also have "\<lfloor>log 2 \<bar>?m1 + ?m2\<bar>\<rfloor> = \<lfloor>log 2 \<bar>?m1 + sgn (real m2 * 2 powr ?shift) / 2\<bar>\<rfloor>"
  1616     using abs_m2_less_half `m1 \<noteq> 0`
  1617     by (intro log2_abs_int_add_less_half_sgn_eq) (auto simp: abs_mult)
  1618   also have "sgn (real m2 * 2 powr ?shift) = sgn m2"
  1619     by (auto simp: sgn_if zero_less_mult_iff less_not_sym)
  1620   also
  1621   have "\<bar>?m1 + ?m2'\<bar> * 2 powr ?e = \<bar>?m1 * 2 + sgn m2\<bar> * 2 powr (?e - 1)"
  1622     by (auto simp: field_simps powr_minus[symmetric] powr_divide2[symmetric] powr_mult_base)
  1623   hence "\<lfloor>log 2 \<bar>?m1 + ?m2'\<bar>\<rfloor> + ?e = \<lfloor>log 2 \<bar>real (Float (?m1 * 2 + sgn m2) (?e - 1))\<bar>\<rfloor>"
  1624     using `?m1 + ?m2' \<noteq> 0`
  1625     unfolding floor_add[symmetric]
  1626     by (simp add: log_add_eq_powr abs_mult_pos)
  1627   finally
  1628   have "\<lfloor>log 2 \<bar>?sum\<bar>\<rfloor> = \<lfloor>log 2 \<bar>real (Float (?m1*2 + sgn m2) (?e - 1))\<bar>\<rfloor>" .
  1629   hence "plus_down p (Float m1 e1) (Float m2 e2) =
  1630       truncate_down p (Float (?m1*2 + sgn m2) (?e - 1))"
  1631     unfolding plus_down_def
  1632   proof (rule truncate_down_log2_eqI)
  1633     let ?f = "(int p - \<lfloor>log 2 \<bar>real (Float m1 e1) + real (Float m2 e2)\<bar>\<rfloor> - 1)"
  1634     let ?ai = "m1 * 2 ^ (Suc k1)"
  1635     have "\<lfloor>(?a + ?b) * 2 powr real ?f\<rfloor> = \<lfloor>(real (2 * ?ai) + sgn ?b) * 2 powr real (?f - - ?e - 1)\<rfloor>"
  1636     proof (rule floor_sum_times_2_powr_sgn_eq)
  1637       show "?a * 2 powr real (-?e) = real ?ai"
  1638         by (simp add: powr_add powr_realpow[symmetric] powr_divide2[symmetric])
  1639       show "\<bar>?b * 2 powr real (-?e + 1)\<bar> \<le> 1"
  1640         using abs_m2_less_half
  1641         by (simp add: abs_mult powr_add[symmetric] algebra_simps powr_mult_base)
  1642     next
  1643       have "e1 + \<lfloor>log 2 \<bar>real m1\<bar>\<rfloor> - 1 = \<lfloor>log 2 \<bar>?a\<bar>\<rfloor> - 1"
  1644         using `m1 \<noteq> 0`
  1645         by (simp add: floor_add2[symmetric] algebra_simps log_mult abs_mult del: floor_add2)
  1646       also have "\<dots> \<le> \<lfloor>log 2 \<bar>?a + ?b\<bar>\<rfloor>"
  1647         using a_half_less_sum `m1 \<noteq> 0` `?sum \<noteq> 0`
  1648         unfolding floor_subtract[symmetric]
  1649         by (auto simp add: log_minus_eq_powr powr_minus_divide
  1650           intro!: floor_mono)
  1651       finally
  1652       have "int p - \<lfloor>log 2 \<bar>?a + ?b\<bar>\<rfloor> \<le> p - (bitlen \<bar>m1\<bar>) - e1 + 2"
  1653         by (auto simp: algebra_simps bitlen_def `m1 \<noteq> 0`)
  1654       also have "\<dots> \<le> 1 - ?e"
  1655         using bitlen_nonneg[of "\<bar>m1\<bar>"] by (simp add: k1_def)
  1656       finally show "?f \<le> - ?e" by simp
  1657     qed
  1658     also have "sgn ?b = sgn m2"
  1659       using powr_gt_zero[of 2 e2]
  1660       by (auto simp add: sgn_if zero_less_mult_iff simp del: powr_gt_zero)
  1661     also have "\<lfloor>(real (2 * ?m1) + real (sgn m2)) * 2 powr real (?f - - ?e - 1)\<rfloor> =
  1662         \<lfloor>Float (?m1 * 2 + sgn m2) (?e - 1) * 2 powr ?f\<rfloor>"
  1663       by (simp add: powr_add[symmetric] algebra_simps powr_realpow[symmetric])
  1664     finally
  1665     show "\<lfloor>(?a + ?b) * 2 powr ?f\<rfloor> = \<lfloor>real (Float (?m1 * 2 + sgn m2) (?e - 1)) * 2 powr ?f\<rfloor>" .
  1666   qed
  1667   thus ?thesis
  1668     by transfer (simp add: plus_down_def ac_simps Let_def)
  1669 qed
  1670 
  1671 lemma compute_float_plus_down_naive[code]: "float_plus_down p x y = float_round_down p (x + y)"
  1672   by transfer (auto simp: plus_down_def)
  1673 
  1674 lemma compute_float_plus_down[code]:
  1675   fixes p::nat and m1 e1 m2 e2::int
  1676   shows "float_plus_down p (Float m1 e1) (Float m2 e2) =
  1677     (if m1 = 0 then float_round_down p (Float m2 e2)
  1678     else if m2 = 0 then float_round_down p (Float m1 e1)
  1679     else (if e1 \<ge> e2 then
  1680       (let
  1681         k1 = p - nat (bitlen \<bar>m1\<bar>)
  1682       in
  1683         if bitlen \<bar>m2\<bar> > e1 - e2 - k1 - 2 then float_round_down p ((Float m1 e1) + (Float m2 e2))
  1684         else float_round_down p (Float (m1 * 2 ^ (Suc (Suc k1)) + sgn m2) (e1 - int k1 - 2)))
  1685     else float_plus_down p (Float m2 e2) (Float m1 e1)))"
  1686 proof -
  1687   {
  1688     assume H: "bitlen \<bar>m2\<bar> \<le> e1 - e2 - (p - nat (bitlen \<bar>m1\<bar>)) - 2" "m1 \<noteq> 0" "m2 \<noteq> 0" "e1 \<ge> e2"
  1689     note compute_far_float_plus_down[OF H]
  1690   }
  1691   thus ?thesis
  1692     by transfer (simp add: Let_def plus_down_def ac_simps)
  1693 qed
  1694 hide_fact (open) compute_far_float_plus_down
  1695 hide_fact (open) compute_float_plus_down
  1696 
  1697 lemma compute_float_plus_up[code]: "float_plus_up p x y = - float_plus_down p (-x) (-y)"
  1698   using truncate_down_uminus_eq[of p "x + y"]
  1699   by transfer (simp add: plus_down_def plus_up_def ac_simps)
  1700 hide_fact (open) compute_float_plus_up
  1701 
  1702 lemma mantissa_zero[simp]: "mantissa 0 = 0"
  1703 by (metis mantissa_0 zero_float.abs_eq)
  1704 
  1705 
  1706 subsection {* Lemmas needed by Approximate *}
  1707 
  1708 lemma Float_num[simp]: shows
  1709    "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
  1710    "real (Float 1 (- 1)) = 1/2" and "real (Float 1 (- 2)) = 1/4" and "real (Float 1 (- 3)) = 1/8" and
  1711    "real (Float (- 1) 0) = -1" and "real (Float (number_of n) 0) = number_of n"
  1712 using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"] two_powr_int_float[of "-3"]
  1713 using powr_realpow[of 2 2] powr_realpow[of 2 3]
  1714 using powr_minus[of 2 1] powr_minus[of 2 2] powr_minus[of 2 3]
  1715 by auto
  1716 
  1717 lemma real_of_Float_int[simp]: "real (Float n 0) = real n" by simp
  1718 
  1719 lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
  1720 
  1721 lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
  1722 by arith
  1723 
  1724 lemma lapprox_rat:
  1725   shows "real (lapprox_rat prec x y) \<le> real x / real y"
  1726   using round_down by (simp add: lapprox_rat_def)
  1727 
  1728 lemma mult_div_le: fixes a b:: int assumes "b > 0" shows "a \<ge> b * (a div b)"
  1729 proof -
  1730   from zmod_zdiv_equality'[of a b]
  1731   have "a = b * (a div b) + a mod b" by simp
  1732   also have "... \<ge> b * (a div b) + 0" apply (rule add_left_mono) apply (rule pos_mod_sign)
  1733   using assms by simp
  1734   finally show ?thesis by simp
  1735 qed
  1736 
  1737 lemma lapprox_rat_nonneg:
  1738   fixes n x y
  1739   assumes "0 \<le> x" and "0 \<le> y"
  1740   shows "0 \<le> real (lapprox_rat n x y)"
  1741   using assms by (auto simp: lapprox_rat_def simp: round_down_nonneg)
  1742 
  1743 lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
  1744   using round_up by (simp add: rapprox_rat_def)
  1745 
  1746 lemma rapprox_rat_le1:
  1747   fixes n x y
  1748   assumes xy: "0 \<le> x" "0 < y" "x \<le> y"
  1749   shows "real (rapprox_rat n x y) \<le> 1"
  1750 proof -
  1751   have "bitlen \<bar>x\<bar> \<le> bitlen \<bar>y\<bar>"
  1752     using xy unfolding bitlen_def by (auto intro!: floor_mono)
  1753   from this assms show ?thesis
  1754     by transfer (auto intro!: round_up_le1 simp: rat_precision_def)
  1755 qed
  1756 
  1757 lemma rapprox_rat_nonneg_nonpos:
  1758   "0 \<le> x \<Longrightarrow> y \<le> 0 \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1759   by transfer (simp add: round_up_le0 divide_nonneg_nonpos)
  1760 
  1761 lemma rapprox_rat_nonpos_nonneg:
  1762   "x \<le> 0 \<Longrightarrow> 0 \<le> y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1763   by transfer (simp add: round_up_le0 divide_nonpos_nonneg)
  1764 
  1765 lemma real_divl: "real_divl prec x y \<le> x / y"
  1766   by (simp add: real_divl_def round_down)
  1767 
  1768 lemma real_divr: "x / y \<le> real_divr prec x y"
  1769   using round_up by (simp add: real_divr_def)
  1770 
  1771 lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
  1772   by transfer (rule real_divl)
  1773 
  1774 lemma real_divl_lower_bound:
  1775   "0 \<le> x \<Longrightarrow> 0 \<le> y \<Longrightarrow> 0 \<le> real_divl prec x y"
  1776   by (simp add: real_divl_def round_down_nonneg)
  1777 
  1778 lemma float_divl_lower_bound:
  1779   "0 \<le> x \<Longrightarrow> 0 \<le> y \<Longrightarrow> 0 \<le> real (float_divl prec x y)"
  1780   by transfer (rule real_divl_lower_bound)
  1781 
  1782 lemma exponent_1: "exponent 1 = 0"
  1783   using exponent_float[of 1 0] by (simp add: one_float_def)
  1784 
  1785 lemma mantissa_1: "mantissa 1 = 1"
  1786   using mantissa_float[of 1 0] by (simp add: one_float_def)
  1787 
  1788 lemma bitlen_1: "bitlen 1 = 1"
  1789   by (simp add: bitlen_def)
  1790 
  1791 lemma mantissa_eq_zero_iff: "mantissa x = 0 \<longleftrightarrow> x = 0"
  1792 proof
  1793   assume "mantissa x = 0" hence z: "0 = real x" using mantissa_exponent by simp
  1794   show "x = 0" by (simp add: zero_float_def z)
  1795 qed (simp add: zero_float_def)
  1796 
  1797 lemma float_upper_bound: "x \<le> 2 powr (bitlen \<bar>mantissa x\<bar> + exponent x)"
  1798 proof (cases "x = 0", simp)
  1799   assume "x \<noteq> 0" hence "mantissa x \<noteq> 0" using mantissa_eq_zero_iff by auto
  1800   have "x = mantissa x * 2 powr (exponent x)" by (rule mantissa_exponent)
  1801   also have "mantissa x \<le> \<bar>mantissa x\<bar>" by simp
  1802   also have "... \<le> 2 powr (bitlen \<bar>mantissa x\<bar>)"
  1803     using bitlen_bounds[of "\<bar>mantissa x\<bar>"] bitlen_nonneg `mantissa x \<noteq> 0`
  1804     by (auto simp del: real_of_int_abs simp add: powr_int)
  1805   finally show ?thesis by (simp add: powr_add)
  1806 qed
  1807 
  1808 lemma real_divl_pos_less1_bound:
  1809   assumes "0 < x" "x \<le> 1" "prec \<ge> 1"
  1810   shows "1 \<le> real_divl prec 1 x"
  1811 proof -
  1812   have "log 2 x \<le> real prec + real \<lfloor>log 2 x\<rfloor>" using `prec \<ge> 1` by arith
  1813   from this assms show ?thesis
  1814     by (simp add: real_divl_def log_divide round_down_ge1)
  1815 qed
  1816 
  1817 lemma float_divl_pos_less1_bound:
  1818   "0 < real x \<Longrightarrow> real x \<le> 1 \<Longrightarrow> prec \<ge> 1 \<Longrightarrow> 1 \<le> real (float_divl prec 1 x)"
  1819   by (transfer, rule real_divl_pos_less1_bound)
  1820 
  1821 lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
  1822   by transfer (rule real_divr)
  1823 
  1824 lemma real_divr_pos_less1_lower_bound: assumes "0 < x" and "x \<le> 1" shows "1 \<le> real_divr prec 1 x"
  1825 proof -
  1826   have "1 \<le> 1 / x" using `0 < x` and `x <= 1` by auto
  1827   also have "\<dots> \<le> real_divr prec 1 x" using real_divr[where x=1 and y=x] by auto
  1828   finally show ?thesis by auto
  1829 qed
  1830 
  1831 lemma float_divr_pos_less1_lower_bound: "0 < x \<Longrightarrow> x \<le> 1 \<Longrightarrow> 1 \<le> float_divr prec 1 x"
  1832   by transfer (rule real_divr_pos_less1_lower_bound)
  1833 
  1834 lemma real_divr_nonpos_pos_upper_bound:
  1835   "x \<le> 0 \<Longrightarrow> 0 \<le> y \<Longrightarrow> real_divr prec x y \<le> 0"
  1836   by (simp add: real_divr_def round_up_le0 divide_le_0_iff)
  1837 
  1838 lemma float_divr_nonpos_pos_upper_bound:
  1839   "real x \<le> 0 \<Longrightarrow> 0 \<le> real y \<Longrightarrow> real (float_divr prec x y) \<le> 0"
  1840   by transfer (rule real_divr_nonpos_pos_upper_bound)
  1841 
  1842 lemma real_divr_nonneg_neg_upper_bound:
  1843   "0 \<le> x \<Longrightarrow> y \<le> 0 \<Longrightarrow> real_divr prec x y \<le> 0"
  1844   by (simp add: real_divr_def round_up_le0 divide_le_0_iff)
  1845 
  1846 lemma float_divr_nonneg_neg_upper_bound:
  1847   "0 \<le> real x \<Longrightarrow> real y \<le> 0 \<Longrightarrow> real (float_divr prec x y) \<le> 0"
  1848   by transfer (rule real_divr_nonneg_neg_upper_bound)
  1849 
  1850 lemma truncate_up_nonneg_mono:
  1851   assumes "0 \<le> x" "x \<le> y"
  1852   shows "truncate_up prec x \<le> truncate_up prec y"
  1853 proof -
  1854   {
  1855     assume "\<lfloor>log 2 x\<rfloor> = \<lfloor>log 2 y\<rfloor>"
  1856     hence ?thesis
  1857       using assms
  1858       by (auto simp: truncate_up_def round_up_def intro!: ceiling_mono)
  1859   } moreover {
  1860     assume "0 < x"
  1861     hence "log 2 x \<le> log 2 y" using assms by auto
  1862     moreover
  1863     assume "\<lfloor>log 2 x\<rfloor> \<noteq> \<lfloor>log 2 y\<rfloor>"
  1864     ultimately have logless: "log 2 x < log 2 y" and flogless: "\<lfloor>log 2 x\<rfloor> < \<lfloor>log 2 y\<rfloor>"
  1865       unfolding atomize_conj
  1866       by (metis floor_less_cancel linorder_cases not_le)
  1867     have "truncate_up prec x =
  1868       real \<lceil>x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1)\<rceil> * 2 powr - real (int prec - \<lfloor>log 2 x\<rfloor> - 1)"
  1869       using assms by (simp add: truncate_up_def round_up_def)
  1870     also have "\<lceil>x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1)\<rceil> \<le> (2 ^ prec)"
  1871     proof (unfold ceiling_le_eq)
  1872       have "x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1) \<le> x * (2 powr real prec / (2 powr log 2 x))"
  1873         using real_of_int_floor_add_one_ge[of "log 2 x"] assms
  1874         by (auto simp add: algebra_simps powr_divide2 intro!: mult_left_mono)
  1875       thus "x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1) \<le> real ((2::int) ^ prec)"
  1876         using `0 < x` by (simp add: powr_realpow)
  1877     qed
  1878     hence "real \<lceil>x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1)\<rceil> \<le> 2 powr int prec"
  1879       by (auto simp: powr_realpow)
  1880     also
  1881     have "2 powr - real (int prec - \<lfloor>log 2 x\<rfloor> - 1) \<le> 2 powr - real (int prec - \<lfloor>log 2 y\<rfloor>)"
  1882       using logless flogless by (auto intro!: floor_mono)
  1883     also have "2 powr real (int prec) \<le> 2 powr (log 2 y + real (int prec - \<lfloor>log 2 y\<rfloor>))"
  1884       using assms `0 < x`
  1885       by (auto simp: algebra_simps)
  1886     finally have "truncate_up prec x \<le> 2 powr (log 2 y + real (int prec - \<lfloor>log 2 y\<rfloor>)) * 2 powr - real (int prec - \<lfloor>log 2 y\<rfloor>)"
  1887       by simp
  1888     also have "\<dots> = 2 powr (log 2 y + real (int prec - \<lfloor>log 2 y\<rfloor>) - real (int prec - \<lfloor>log 2 y\<rfloor>))"
  1889       by (subst powr_add[symmetric]) simp
  1890     also have "\<dots> = y"
  1891       using `0 < x` assms
  1892       by (simp add: powr_add)
  1893     also have "\<dots> \<le> truncate_up prec y"
  1894       by (rule truncate_up)
  1895     finally have ?thesis .
  1896   } moreover {
  1897     assume "~ 0 < x"
  1898     hence ?thesis
  1899       using assms
  1900       by (auto intro!: truncate_up_le)
  1901   } ultimately show ?thesis
  1902     by blast
  1903 qed
  1904 
  1905 lemma truncate_up_switch_sign_mono:
  1906   assumes "x \<le> 0" "0 \<le> y"
  1907   shows "truncate_up prec x \<le> truncate_up prec y"
  1908 proof -
  1909   note truncate_up_nonpos[OF `x \<le> 0`]
  1910   also note truncate_up_le[OF `0 \<le> y`]
  1911   finally show ?thesis .
  1912 qed
  1913 
  1914 lemma truncate_down_zeroprec_mono:
  1915   assumes "0 < x" "x \<le> y"
  1916   shows "truncate_down 0 x \<le> truncate_down 0 y"
  1917 proof -
  1918   have "x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1) = x * inverse (2 powr ((real \<lfloor>log 2 x\<rfloor> + 1)))"
  1919     by (simp add: powr_divide2[symmetric] powr_add powr_minus inverse_eq_divide)
  1920   also have "\<dots> = 2 powr (log 2 x - (real \<lfloor>log 2 x\<rfloor>) - 1)"
  1921     using `0 < x`
  1922     by (auto simp: field_simps powr_add powr_divide2[symmetric])
  1923   also have "\<dots> < 2 powr 0"
  1924     using real_of_int_floor_add_one_gt
  1925     unfolding neg_less_iff_less
  1926     by (intro powr_less_mono) (auto simp: algebra_simps)
  1927   finally have "\<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor> < 1"
  1928     unfolding less_ceiling_eq real_of_int_minus real_of_one
  1929     by simp
  1930   moreover
  1931   have "0 \<le> \<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor>"
  1932     using `x > 0` by auto
  1933   ultimately have "\<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor> \<in> {0 ..< 1}"
  1934     by simp
  1935   also have "\<dots> \<subseteq> {0}" by auto
  1936   finally have "\<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor> = 0" by simp
  1937   with assms show ?thesis
  1938     by (auto simp: truncate_down_def round_down_def)
  1939 qed
  1940 
  1941 lemma truncate_down_switch_sign_mono:
  1942   assumes "x \<le> 0" "0 \<le> y"
  1943   assumes "x \<le> y"
  1944   shows "truncate_down prec x \<le> truncate_down prec y"
  1945 proof -
  1946   note truncate_down_le[OF `x \<le> 0`]
  1947   also note truncate_down_nonneg[OF `0 \<le> y`]
  1948   finally show ?thesis .
  1949 qed
  1950 
  1951 lemma truncate_down_nonneg_mono:
  1952   assumes "0 \<le> x" "x \<le> y"
  1953   shows "truncate_down prec x \<le> truncate_down prec y"
  1954 proof -
  1955   {
  1956     assume "0 < x" "prec = 0"
  1957     with assms have ?thesis
  1958       by (simp add: truncate_down_zeroprec_mono)
  1959   } moreover {
  1960     assume "~ 0 < x"
  1961     with assms have "x = 0" "0 \<le> y" by simp_all
  1962     hence ?thesis
  1963       by (auto intro!: truncate_down_nonneg)
  1964   } moreover {
  1965     assume "\<lfloor>log 2 \<bar>x\<bar>\<rfloor> = \<lfloor>log 2 \<bar>y\<bar>\<rfloor>"
  1966     hence ?thesis
  1967       using assms
  1968       by (auto simp: truncate_down_def round_down_def intro!: floor_mono)
  1969   } moreover {
  1970     assume "0 < x"
  1971     hence "log 2 x \<le> log 2 y" "0 < y" "0 \<le> y" using assms by auto
  1972     moreover
  1973     assume "\<lfloor>log 2 \<bar>x\<bar>\<rfloor> \<noteq> \<lfloor>log 2 \<bar>y\<bar>\<rfloor>"
  1974     ultimately have logless: "log 2 x < log 2 y" and flogless: "\<lfloor>log 2 x\<rfloor> < \<lfloor>log 2 y\<rfloor>"
  1975       unfolding atomize_conj abs_of_pos[OF `0 < x`] abs_of_pos[OF `0 < y`]
  1976       by (metis floor_less_cancel linorder_cases not_le)
  1977     assume "prec \<noteq> 0" hence [simp]: "prec \<ge> Suc 0" by auto
  1978     have "2 powr (prec - 1) \<le> y * 2 powr real (prec - 1) / (2 powr log 2 y)"
  1979       using `0 < y`
  1980       by simp
  1981     also have "\<dots> \<le> y * 2 powr real prec / (2 powr (real \<lfloor>log 2 y\<rfloor> + 1))"
  1982       using `0 \<le> y` `0 \<le> x` assms(2)
  1983       by (auto intro!: powr_mono divide_left_mono
  1984         simp: real_of_nat_diff powr_add
  1985         powr_divide2[symmetric])
  1986     also have "\<dots> = y * 2 powr real prec / (2 powr real \<lfloor>log 2 y\<rfloor> * 2)"
  1987       by (auto simp: powr_add)
  1988     finally have "(2 ^ (prec - 1)) \<le> \<lfloor>y * 2 powr real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor> - 1)\<rfloor>"
  1989       using `0 \<le> y`
  1990       by (auto simp: powr_divide2[symmetric] le_floor_eq powr_realpow)
  1991     hence "(2 ^ (prec - 1)) * 2 powr - real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor> - 1) \<le> truncate_down prec y"
  1992       by (auto simp: truncate_down_def round_down_def)
  1993     moreover
  1994     {
  1995       have "x = 2 powr (log 2 \<bar>x\<bar>)" using `0 < x` by simp
  1996       also have "\<dots> \<le> (2 ^ (prec )) * 2 powr - real (int prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1)"
  1997         using real_of_int_floor_add_one_ge[of "log 2 \<bar>x\<bar>"]
  1998         by (auto simp: powr_realpow[symmetric] powr_add[symmetric] algebra_simps)
  1999       also
  2000       have "2 powr - real (int prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) \<le> 2 powr - real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor>)"
  2001         using logless flogless `x > 0` `y > 0`
  2002         by (auto intro!: floor_mono)
  2003       finally have "x \<le> (2 ^ (prec - 1)) * 2 powr - real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor> - 1)"
  2004         by (auto simp: powr_realpow[symmetric] powr_divide2[symmetric] assms real_of_nat_diff)
  2005     } ultimately have ?thesis
  2006       by (metis dual_order.trans truncate_down)
  2007   } ultimately show ?thesis by blast
  2008 qed
  2009 
  2010 lemma truncate_down_eq_truncate_up: "truncate_down p x = - truncate_up p (-x)"
  2011   and truncate_up_eq_truncate_down: "truncate_up p x = - truncate_down p (-x)"
  2012   by (auto simp: truncate_up_uminus_eq truncate_down_uminus_eq)
  2013 
  2014 lemma truncate_down_mono: "x \<le> y \<Longrightarrow> truncate_down p x \<le> truncate_down p y"
  2015   apply (cases "0 \<le> x")
  2016   apply (rule truncate_down_nonneg_mono, assumption+)
  2017   apply (simp add: truncate_down_eq_truncate_up)
  2018   apply (cases "0 \<le> y")
  2019   apply (auto intro: truncate_up_nonneg_mono truncate_up_switch_sign_mono)
  2020   done
  2021 
  2022 lemma truncate_up_mono: "x \<le> y \<Longrightarrow> truncate_up p x \<le> truncate_up p y"
  2023   by (simp add: truncate_up_eq_truncate_down truncate_down_mono)
  2024 
  2025 lemma Float_le_zero_iff: "Float a b \<le> 0 \<longleftrightarrow> a \<le> 0"
  2026  by (auto simp: zero_float_def mult_le_0_iff) (simp add: not_less [symmetric])
  2027 
  2028 lemma real_of_float_pprt[simp]: fixes a::float shows "real (pprt a) = pprt (real a)"
  2029   unfolding pprt_def sup_float_def max_def sup_real_def by auto
  2030 
  2031 lemma real_of_float_nprt[simp]: fixes a::float shows "real (nprt a) = nprt (real a)"
  2032   unfolding nprt_def inf_float_def min_def inf_real_def by auto
  2033 
  2034 lift_definition int_floor_fl :: "float \<Rightarrow> int" is floor .
  2035 
  2036 lemma compute_int_floor_fl[code]:
  2037   "int_floor_fl (Float m e) = (if 0 \<le> e then m * 2 ^ nat e else m div (2 ^ (nat (-e))))"
  2038   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
  2039 hide_fact (open) compute_int_floor_fl
  2040 
  2041 lift_definition floor_fl :: "float \<Rightarrow> float" is "\<lambda>x. real (floor x)" by simp
  2042 
  2043 lemma compute_floor_fl[code]:
  2044   "floor_fl (Float m e) = (if 0 \<le> e then Float m e else Float (m div (2 ^ (nat (-e)))) 0)"
  2045   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
  2046 hide_fact (open) compute_floor_fl
  2047 
  2048 lemma floor_fl: "real (floor_fl x) \<le> real x" by transfer simp
  2049 
  2050 lemma int_floor_fl: "real (int_floor_fl x) \<le> real x" by transfer simp
  2051 
  2052 lemma floor_pos_exp: "exponent (floor_fl x) \<ge> 0"
  2053 proof (cases "floor_fl x = float_of 0")
  2054   case True
  2055   then show ?thesis by (simp add: floor_fl_def)
  2056 next
  2057   case False
  2058   have eq: "floor_fl x = Float \<lfloor>real x\<rfloor> 0" by transfer simp
  2059   obtain i where "\<lfloor>real x\<rfloor> = mantissa (floor_fl x) * 2 ^ i" "0 = exponent (floor_fl x) - int i"
  2060     by (rule denormalize_shift[OF eq[THEN eq_reflection] False])
  2061   then show ?thesis by simp
  2062 qed
  2063 
  2064 lemma compute_mantissa[code]:
  2065   "mantissa (Float m e) = (if m = 0 then 0 else if 2 dvd m then mantissa (normfloat (Float m e)) else m)"
  2066   by (auto simp: mantissa_float Float.abs_eq)
  2067 
  2068 lemma compute_exponent[code]:
  2069   "exponent (Float m e) = (if m = 0 then 0 else if 2 dvd m then exponent (normfloat (Float m e)) else e)"
  2070   by (auto simp: exponent_float Float.abs_eq)
  2071 
  2072 end
  2073