src/HOL/Library/Float.thy
author hoelzl
Wed Apr 18 14:29:22 2012 +0200 (2012-04-18)
changeset 47600 e12289b5796b
parent 47599 400b158f1589
child 47601 050718fe6eee
permissions -rw-r--r--
use lifting to introduce floating point numbers
     1 header {* Floating-Point Numbers *}
     2 
     3 theory Float
     4 imports Complex_Main "~~/src/HOL/Library/Lattice_Algebras"
     5 begin
     6 
     7 typedef float = "{m * 2 powr e | (m :: int) (e :: int). True }"
     8   morphisms real_of_float float_of
     9   by auto
    10 
    11 setup_lifting type_definition_float
    12 
    13 lemmas float_of_inject[simp]
    14 
    15 defs (overloaded)
    16   real_of_float_def[code_unfold]: "real \<equiv> real_of_float"
    17 
    18 declare [[coercion "real :: float \<Rightarrow> real"]]
    19 
    20 lemma real_of_float_eq:
    21   fixes f1 f2 :: float shows "f1 = f2 \<longleftrightarrow> real f1 = real f2"
    22   unfolding real_of_float_def real_of_float_inject ..
    23 
    24 lemma float_of_real[simp]: "float_of (real x) = x"
    25   unfolding real_of_float_def by (rule real_of_float_inverse)
    26 
    27 lemma real_float[simp]: "x \<in> float \<Longrightarrow> real (float_of x) = x"
    28   unfolding real_of_float_def by (rule float_of_inverse)
    29 
    30 lemma transfer_real_of_float [transfer_rule]:
    31   "(fun_rel cr_float op =) (\<lambda>x. x) real"
    32   unfolding fun_rel_def cr_float_def by (simp add: real_of_float_def)
    33 
    34 subsection {* Real operations preserving the representation as floating point number *}
    35 
    36 lemma floatI: fixes m e :: int shows "m * 2 powr e = x \<Longrightarrow> x \<in> float"
    37   by (auto simp: float_def)
    38 
    39 lemma zero_float[simp]: "0 \<in> float" by (auto simp: float_def)
    40 lemma one_float[simp]: "1 \<in> float" by (intro floatI[of 1 0]) simp
    41 lemma numeral_float[simp]: "numeral i \<in> float" by (intro floatI[of "numeral i" 0]) simp  
    42 lemma neg_numeral_float[simp]: "neg_numeral i \<in> float" by (intro floatI[of "neg_numeral i" 0]) simp
    43 lemma real_of_int_float[simp]: "real (x :: int) \<in> float" by (intro floatI[of x 0]) simp
    44 lemma real_of_nat_float[simp]: "real (x :: nat) \<in> float" by (intro floatI[of x 0]) simp
    45 lemma two_powr_int_float[simp]: "2 powr (real (i::int)) \<in> float" by (intro floatI[of 1 i]) simp
    46 lemma two_powr_nat_float[simp]: "2 powr (real (i::nat)) \<in> float" by (intro floatI[of 1 i]) simp
    47 lemma two_powr_minus_int_float[simp]: "2 powr - (real (i::int)) \<in> float" by (intro floatI[of 1 "-i"]) simp
    48 lemma two_powr_minus_nat_float[simp]: "2 powr - (real (i::nat)) \<in> float" by (intro floatI[of 1 "-i"]) simp
    49 lemma two_powr_numeral_float[simp]: "2 powr numeral i \<in> float" by (intro floatI[of 1 "numeral i"]) simp
    50 lemma two_powr_neg_numeral_float[simp]: "2 powr neg_numeral i \<in> float" by (intro floatI[of 1 "neg_numeral i"]) simp
    51 lemma two_pow_float[simp]: "2 ^ n \<in> float" by (intro floatI[of 1 "n"]) (simp add: powr_realpow)
    52 lemma real_of_float_float[simp]: "real (f::float) \<in> float" by (cases f) simp
    53 
    54 lemma plus_float[simp]: "r \<in> float \<Longrightarrow> p \<in> float \<Longrightarrow> r + p \<in> float"
    55   unfolding float_def
    56 proof (safe, simp)
    57   fix e1 m1 e2 m2 :: int
    58   { fix e1 m1 e2 m2 :: int assume "e1 \<le> e2"
    59     then have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"
    60       by (simp add: powr_realpow[symmetric] powr_divide2[symmetric] field_simps)
    61     then have "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
    62       by blast }
    63   note * = this
    64   show "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
    65   proof (cases e1 e2 rule: linorder_le_cases)
    66     assume "e2 \<le> e1" from *[OF this, of m2 m1] show ?thesis by (simp add: ac_simps)
    67   qed (rule *)
    68 qed
    69 
    70 lemma uminus_float[simp]: "x \<in> float \<Longrightarrow> -x \<in> float"
    71   apply (auto simp: float_def)
    72   apply (rule_tac x="-x" in exI)
    73   apply (rule_tac x="xa" in exI)
    74   apply (simp add: field_simps)
    75   done
    76 
    77 lemma times_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x * y \<in> float"
    78   apply (auto simp: float_def)
    79   apply (rule_tac x="x * xa" in exI)
    80   apply (rule_tac x="xb + xc" in exI)
    81   apply (simp add: powr_add)
    82   done
    83 
    84 lemma minus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x - y \<in> float"
    85   unfolding ab_diff_minus by (intro uminus_float plus_float)
    86 
    87 lemma abs_float[simp]: "x \<in> float \<Longrightarrow> abs x \<in> float"
    88   by (cases x rule: linorder_cases[of 0]) auto
    89 
    90 lemma sgn_of_float[simp]: "x \<in> float \<Longrightarrow> sgn x \<in> float"
    91   by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)
    92 
    93 lemma div_power_2_float[simp]: "x \<in> float \<Longrightarrow> x / 2^d \<in> float"
    94   apply (auto simp add: float_def)
    95   apply (rule_tac x="x" in exI)
    96   apply (rule_tac x="xa - d" in exI)
    97   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
    98   done
    99 
   100 lemma div_power_2_int_float[simp]: "x \<in> float \<Longrightarrow> x / (2::int)^d \<in> float"
   101   apply (auto simp add: float_def)
   102   apply (rule_tac x="x" in exI)
   103   apply (rule_tac x="xa - d" in exI)
   104   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
   105   done
   106 
   107 lemma div_numeral_Bit0_float[simp]:
   108   assumes x: "x / numeral n \<in> float" shows "x / (numeral (Num.Bit0 n)) \<in> float"
   109 proof -
   110   have "(x / numeral n) / 2^1 \<in> float"
   111     by (intro x div_power_2_float)
   112   also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"
   113     by (induct n) auto
   114   finally show ?thesis .
   115 qed
   116 
   117 lemma div_neg_numeral_Bit0_float[simp]:
   118   assumes x: "x / numeral n \<in> float" shows "x / (neg_numeral (Num.Bit0 n)) \<in> float"
   119 proof -
   120   have "- (x / numeral (Num.Bit0 n)) \<in> float" using x by simp
   121   also have "- (x / numeral (Num.Bit0 n)) = x / neg_numeral (Num.Bit0 n)"
   122     unfolding neg_numeral_def by (simp del: minus_numeral)
   123   finally show ?thesis .
   124 qed
   125 
   126 lift_definition Float :: "int \<Rightarrow> int \<Rightarrow> float" is "\<lambda>(m::int) (e::int). m * 2 powr e" by simp
   127 
   128 subsection {* Arithmetic operations on floating point numbers *}
   129 
   130 instantiation float :: "{ring_1, linorder, linordered_ring, linordered_idom, numeral, equal}"
   131 begin
   132 
   133 lift_definition zero_float :: float is 0 by simp
   134 lift_definition one_float :: float is 1 by simp
   135 lift_definition plus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op +" by simp
   136 lift_definition times_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op *" by simp
   137 lift_definition minus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op -" by simp
   138 lift_definition uminus_float :: "float \<Rightarrow> float" is "uminus" by simp
   139 
   140 lift_definition abs_float :: "float \<Rightarrow> float" is abs by simp
   141 lift_definition sgn_float :: "float \<Rightarrow> float" is sgn by simp
   142 
   143 lift_definition equal_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op = :: real \<Rightarrow> real \<Rightarrow> bool" ..
   144 
   145 lift_definition less_eq_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op \<le>" ..
   146 lift_definition less_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op <" ..
   147 
   148 instance
   149   proof qed (transfer, fastforce simp add: field_simps intro: mult_left_mono mult_right_mono)+
   150 end
   151 
   152 lemma
   153   fixes x y :: float
   154   shows real_of_float_uminus[simp]: "real (- x) = - real x"
   155     and real_of_float_plus[simp]: "real (y + x) = real y + real x"
   156     and real_of_float_minus[simp]: "real (y - x) = real y - real x"
   157     and real_of_float_times[simp]: "real (y * x) = real y * real x"
   158     and real_of_float_zero[simp]: "real (0::float) = 0"
   159     and real_of_float_one[simp]: "real (1::float) = 1"
   160     and real_of_float_le[simp]: "x \<le> y \<longleftrightarrow> real x \<le> real y"
   161     and real_of_float_less[simp]: "x < y \<longleftrightarrow> real x < real y"
   162     and real_of_float_abs[simp]: "real (abs x) = abs (real x)"
   163     and real_of_float_sgn[simp]: "real (sgn x) = sgn (real x)"
   164   using uminus_float.rep_eq plus_float.rep_eq minus_float.rep_eq times_float.rep_eq
   165     zero_float.rep_eq one_float.rep_eq less_eq_float.rep_eq less_float.rep_eq
   166     abs_float.rep_eq sgn_float.rep_eq
   167   by (simp_all add: real_of_float_def)
   168 
   169 lemma real_of_float_power[simp]: fixes f::float shows "real (f^n) = real f^n"
   170   by (induct n) simp_all
   171 
   172 lemma fixes x y::float 
   173   shows real_of_float_min: "real (min x y) = min (real x) (real y)"
   174     and real_of_float_max: "real (max x y) = max (real x) (real y)"
   175   by (simp_all add: min_def max_def)
   176 
   177 instance float :: dense_linorder
   178 proof
   179   fix a b :: float
   180   show "\<exists>c. a < c"
   181     apply (intro exI[of _ "a + 1"])
   182     apply transfer
   183     apply simp
   184     done
   185   show "\<exists>c. c < a"
   186     apply (intro exI[of _ "a - 1"])
   187     apply transfer
   188     apply simp
   189     done
   190   assume "a < b"
   191   then show "\<exists>c. a < c \<and> c < b"
   192     apply (intro exI[of _ "(a + b) * Float 1 -1"])
   193     apply transfer
   194     apply (simp add: powr_neg_numeral) 
   195     done
   196 qed
   197 
   198 instantiation float :: lattice_ab_group_add
   199 begin
   200 
   201 definition inf_float::"float\<Rightarrow>float\<Rightarrow>float"
   202 where "inf_float a b = min a b"
   203 
   204 definition sup_float::"float\<Rightarrow>float\<Rightarrow>float"
   205 where "sup_float a b = max a b"
   206 
   207 instance
   208   by default
   209      (transfer, simp_all add: inf_float_def sup_float_def real_of_float_min real_of_float_max)+
   210 end
   211 
   212 lemma float_numeral[simp]: "real (numeral x :: float) = numeral x"
   213   apply (induct x)
   214   apply simp
   215   apply (simp_all only: numeral_Bit0 numeral_Bit1 real_of_float_eq real_float
   216                   real_of_float_plus real_of_float_one plus_float numeral_float one_float)
   217   done
   218 
   219 lemma transfer_numeral [transfer_rule]: 
   220   "fun_rel (op =) cr_float (numeral :: _ \<Rightarrow> real) (numeral :: _ \<Rightarrow> float)"
   221   unfolding fun_rel_def cr_float_def by (simp add: real_of_float_def[symmetric])
   222 
   223 lemma float_neg_numeral[simp]: "real (neg_numeral x :: float) = neg_numeral x"
   224   by (simp add: minus_numeral[symmetric] del: minus_numeral)
   225 
   226 lemma transfer_neg_numeral [transfer_rule]: 
   227   "fun_rel (op =) cr_float (neg_numeral :: _ \<Rightarrow> real) (neg_numeral :: _ \<Rightarrow> float)"
   228   unfolding fun_rel_def cr_float_def by (simp add: real_of_float_def[symmetric])
   229 
   230 lemma
   231   shows float_of_numeral[simp]: "numeral k = float_of (numeral k)"
   232     and float_of_neg_numeral[simp]: "neg_numeral k = float_of (neg_numeral k)"
   233   unfolding real_of_float_eq by simp_all
   234 
   235 subsection {* Represent floats as unique mantissa and exponent *}
   236 
   237 lemma int_induct_abs[case_names less]:
   238   fixes j :: int
   239   assumes H: "\<And>n. (\<And>i. \<bar>i\<bar> < \<bar>n\<bar> \<Longrightarrow> P i) \<Longrightarrow> P n"
   240   shows "P j"
   241 proof (induct "nat \<bar>j\<bar>" arbitrary: j rule: less_induct)
   242   case less show ?case by (rule H[OF less]) simp
   243 qed
   244 
   245 lemma int_cancel_factors:
   246   fixes n :: int assumes "1 < r" shows "n = 0 \<or> (\<exists>k i. n = k * r ^ i \<and> \<not> r dvd k)"
   247 proof (induct n rule: int_induct_abs)
   248   case (less n)
   249   { fix m assume n: "n \<noteq> 0" "n = m * r"
   250     then have "\<bar>m \<bar> < \<bar>n\<bar>"
   251       by (metis abs_dvd_iff abs_ge_self assms comm_semiring_1_class.normalizing_semiring_rules(7)
   252                 dvd_imp_le_int dvd_refl dvd_triv_right linorder_neq_iff linorder_not_le
   253                 mult_eq_0_iff zdvd_mult_cancel1)
   254     from less[OF this] n have "\<exists>k i. n = k * r ^ Suc i \<and> \<not> r dvd k" by auto }
   255   then show ?case
   256     by (metis comm_semiring_1_class.normalizing_semiring_rules(12,7) dvdE power_0)
   257 qed
   258 
   259 lemma mult_powr_eq_mult_powr_iff_asym:
   260   fixes m1 m2 e1 e2 :: int
   261   assumes m1: "\<not> 2 dvd m1" and "e1 \<le> e2"
   262   shows "m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
   263 proof
   264   have "m1 \<noteq> 0" using m1 unfolding dvd_def by auto
   265   assume eq: "m1 * 2 powr e1 = m2 * 2 powr e2"
   266   with `e1 \<le> e2` have "m1 = m2 * 2 powr nat (e2 - e1)"
   267     by (simp add: powr_divide2[symmetric] field_simps)
   268   also have "\<dots> = m2 * 2^nat (e2 - e1)"
   269     by (simp add: powr_realpow)
   270   finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"
   271     unfolding real_of_int_inject .
   272   with m1 have "m1 = m2"
   273     by (cases "nat (e2 - e1)") (auto simp add: dvd_def)
   274   then show "m1 = m2 \<and> e1 = e2"
   275     using eq `m1 \<noteq> 0` by (simp add: powr_inj)
   276 qed simp
   277 
   278 lemma mult_powr_eq_mult_powr_iff:
   279   fixes m1 m2 e1 e2 :: int
   280   shows "\<not> 2 dvd m1 \<Longrightarrow> \<not> 2 dvd m2 \<Longrightarrow> m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
   281   using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]
   282   using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]
   283   by (cases e1 e2 rule: linorder_le_cases) auto
   284 
   285 lemma floatE_normed:
   286   assumes x: "x \<in> float"
   287   obtains (zero) "x = 0"
   288    | (powr) m e :: int where "x = m * 2 powr e" "\<not> 2 dvd m" "x \<noteq> 0"
   289 proof atomize_elim
   290   { assume "x \<noteq> 0"
   291     from x obtain m e :: int where x: "x = m * 2 powr e" by (auto simp: float_def)
   292     with `x \<noteq> 0` int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "\<not> 2 dvd k"
   293       by auto
   294     with `\<not> 2 dvd k` x have "\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m"
   295       by (rule_tac exI[of _ "k"], rule_tac exI[of _ "e + int i"])
   296          (simp add: powr_add powr_realpow) }
   297   then show "x = 0 \<or> (\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m \<and> x \<noteq> 0)"
   298     by blast
   299 qed
   300 
   301 lemma float_normed_cases:
   302   fixes f :: float
   303   obtains (zero) "f = 0"
   304    | (powr) m e :: int where "real f = m * 2 powr e" "\<not> 2 dvd m" "f \<noteq> 0"
   305 proof (atomize_elim, induct f)
   306   case (float_of y) then show ?case
   307     by (cases rule: floatE_normed) (auto simp: zero_float_def)
   308 qed
   309 
   310 definition mantissa :: "float \<Rightarrow> int" where
   311   "mantissa f = fst (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   312    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
   313 
   314 definition exponent :: "float \<Rightarrow> int" where
   315   "exponent f = snd (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   316    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
   317 
   318 lemma 
   319   shows exponent_0[simp]: "exponent (float_of 0) = 0" (is ?E)
   320     and mantissa_0[simp]: "mantissa (float_of 0) = 0" (is ?M)
   321 proof -
   322   have "\<And>p::int \<times> int. fst p = 0 \<and> snd p = 0 \<longleftrightarrow> p = (0, 0)" by auto
   323   then show ?E ?M
   324     by (auto simp add: mantissa_def exponent_def zero_float_def)
   325 qed
   326 
   327 lemma
   328   shows mantissa_exponent: "real f = mantissa f * 2 powr exponent f" (is ?E)
   329     and mantissa_not_dvd: "f \<noteq> (float_of 0) \<Longrightarrow> \<not> 2 dvd mantissa f" (is "_ \<Longrightarrow> ?D")
   330 proof cases
   331   assume [simp]: "f \<noteq> (float_of 0)"
   332   have "f = mantissa f * 2 powr exponent f \<and> \<not> 2 dvd mantissa f"
   333   proof (cases f rule: float_normed_cases)
   334     case (powr m e)
   335     then have "\<exists>p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   336      \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p)"
   337       by auto
   338     then show ?thesis
   339       unfolding exponent_def mantissa_def
   340       by (rule someI2_ex) (simp add: zero_float_def)
   341   qed (simp add: zero_float_def)
   342   then show ?E ?D by auto
   343 qed simp
   344 
   345 lemma mantissa_noteq_0: "f \<noteq> float_of 0 \<Longrightarrow> mantissa f \<noteq> 0"
   346   using mantissa_not_dvd[of f] by auto
   347 
   348 lemma 
   349   fixes m e :: int
   350   defines "f \<equiv> float_of (m * 2 powr e)"
   351   assumes dvd: "\<not> 2 dvd m"
   352   shows mantissa_float: "mantissa f = m" (is "?M")
   353     and exponent_float: "m \<noteq> 0 \<Longrightarrow> exponent f = e" (is "_ \<Longrightarrow> ?E")
   354 proof cases
   355   assume "m = 0" with dvd show "mantissa f = m" by auto
   356 next
   357   assume "m \<noteq> 0"
   358   then have f_not_0: "f \<noteq> float_of 0" by (simp add: f_def)
   359   from mantissa_exponent[of f]
   360   have "m * 2 powr e = mantissa f * 2 powr exponent f"
   361     by (auto simp add: f_def)
   362   then show "?M" "?E"
   363     using mantissa_not_dvd[OF f_not_0] dvd
   364     by (auto simp: mult_powr_eq_mult_powr_iff)
   365 qed
   366 
   367 subsection {* Compute arithmetic operations *}
   368 
   369 lemma real_Float[simp]: "real (Float m e) = m * 2 powr e"
   370   using Float.rep_eq by (simp add: real_of_float_def)
   371 
   372 lemma real_of_float_Float[code]: "real_of_float (Float m e) =
   373   (if e \<ge> 0 then m * 2 ^ nat e else m * inverse (2 ^ nat (- e)))"
   374 by (auto simp add: powr_realpow[symmetric] powr_minus real_of_float_def[symmetric] Float_def)
   375 
   376 lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"
   377   unfolding real_of_float_eq mantissa_exponent[of f] by simp
   378 
   379 lemma Float_cases[case_names Float, cases type: float]:
   380   fixes f :: float
   381   obtains (Float) m e :: int where "f = Float m e"
   382   using Float_mantissa_exponent[symmetric]
   383   by (atomize_elim) auto
   384 
   385 lemma denormalize_shift:
   386   assumes f_def: "f \<equiv> Float m e" and not_0: "f \<noteq> float_of 0"
   387   obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"
   388 proof
   389   from mantissa_exponent[of f] f_def
   390   have "m * 2 powr e = mantissa f * 2 powr exponent f"
   391     by simp
   392   then have eq: "m = mantissa f * 2 powr (exponent f - e)"
   393     by (simp add: powr_divide2[symmetric] field_simps)
   394   moreover
   395   have "e \<le> exponent f"
   396   proof (rule ccontr)
   397     assume "\<not> e \<le> exponent f"
   398     then have pos: "exponent f < e" by simp
   399     then have "2 powr (exponent f - e) = 2 powr - real (e - exponent f)"
   400       by simp
   401     also have "\<dots> = 1 / 2^nat (e - exponent f)"
   402       using pos by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])
   403     finally have "m * 2^nat (e - exponent f) = real (mantissa f)"
   404       using eq by simp
   405     then have "mantissa f = m * 2^nat (e - exponent f)"
   406       unfolding real_of_int_inject by simp
   407     with `exponent f < e` have "2 dvd mantissa f"
   408       apply (intro dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])
   409       apply (cases "nat (e - exponent f)")
   410       apply auto
   411       done
   412     then show False using mantissa_not_dvd[OF not_0] by simp
   413   qed
   414   ultimately have "real m = mantissa f * 2^nat (exponent f - e)"
   415     by (simp add: powr_realpow[symmetric])
   416   with `e \<le> exponent f`
   417   show "m = mantissa f * 2 ^ nat (exponent f - e)" "e = exponent f - nat (exponent f - e)"
   418     unfolding real_of_int_inject by auto
   419 qed
   420 
   421 lemma compute_zero[code_unfold, code]: "0 = Float 0 0"
   422   by transfer simp
   423 
   424 lemma compute_one[code_unfold, code]: "1 = Float 1 0"
   425   by transfer simp
   426 
   427 definition normfloat :: "float \<Rightarrow> float" where
   428   [simp]: "normfloat x = x"
   429 
   430 lemma compute_normfloat[code]: "normfloat (Float m e) =
   431   (if m mod 2 = 0 \<and> m \<noteq> 0 then normfloat (Float (m div 2) (e + 1))
   432                            else if m = 0 then 0 else Float m e)"
   433   unfolding normfloat_def
   434   by transfer (auto simp add: powr_add zmod_eq_0_iff)
   435 
   436 lemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"
   437   by transfer simp
   438 
   439 lemma compute_float_neg_numeral[code_abbrev]: "Float (neg_numeral k) 0 = neg_numeral k"
   440   by transfer simp
   441 
   442 lemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"
   443   by transfer simp
   444 
   445 lemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"
   446   by transfer (simp add: field_simps powr_add)
   447 
   448 lemma compute_float_plus[code]: "Float m1 e1 + Float m2 e2 =
   449   (if e1 \<le> e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1
   450               else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"
   451   by transfer (simp add: field_simps powr_realpow[symmetric] powr_divide2[symmetric])
   452 
   453 lemma compute_float_minus[code]: fixes f g::float shows "f - g = f + (-g)"
   454   by simp
   455 
   456 lemma compute_float_sgn[code]: "sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"
   457   by transfer (simp add: sgn_times)
   458 
   459 lift_definition is_float_pos :: "float \<Rightarrow> bool" is "op < 0 :: real \<Rightarrow> bool" ..
   460 
   461 lemma compute_is_float_pos[code]: "is_float_pos (Float m e) \<longleftrightarrow> 0 < m"
   462   by transfer (auto simp add: zero_less_mult_iff not_le[symmetric, of _ 0])
   463 
   464 lemma compute_float_less[code]: "a < b \<longleftrightarrow> is_float_pos (b - a)"
   465   by transfer (simp add: field_simps)
   466 
   467 lift_definition is_float_nonneg :: "float \<Rightarrow> bool" is "op \<le> 0 :: real \<Rightarrow> bool" ..
   468 
   469 lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) \<longleftrightarrow> 0 \<le> m"
   470   by transfer (auto simp add: zero_le_mult_iff not_less[symmetric, of _ 0])
   471 
   472 lemma compute_float_le[code]: "a \<le> b \<longleftrightarrow> is_float_nonneg (b - a)"
   473   by transfer (simp add: field_simps)
   474 
   475 lift_definition is_float_zero :: "float \<Rightarrow> bool"  is "op = 0 :: real \<Rightarrow> bool" by simp
   476 
   477 lemma compute_is_float_zero[code]: "is_float_zero (Float m e) \<longleftrightarrow> 0 = m"
   478   by transfer (auto simp add: is_float_zero_def)
   479 
   480 lemma compute_float_abs[code]: "abs (Float m e) = Float (abs m) e"
   481   by transfer (simp add: abs_mult)
   482 
   483 lemma compute_float_eq[code]: "equal_class.equal f g = is_float_zero (f - g)"
   484   by transfer simp
   485 
   486 subsection {* Rounding Real numbers *}
   487 
   488 definition round_down :: "int \<Rightarrow> real \<Rightarrow> real" where
   489   "round_down prec x = floor (x * 2 powr prec) * 2 powr -prec"
   490 
   491 definition round_up :: "int \<Rightarrow> real \<Rightarrow> real" where
   492   "round_up prec x = ceiling (x * 2 powr prec) * 2 powr -prec"
   493 
   494 lemma round_down_float[simp]: "round_down prec x \<in> float"
   495   unfolding round_down_def
   496   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
   497 
   498 lemma round_up_float[simp]: "round_up prec x \<in> float"
   499   unfolding round_up_def
   500   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
   501 
   502 lemma round_up: "x \<le> round_up prec x"
   503   by (simp add: powr_minus_divide le_divide_eq round_up_def)
   504 
   505 lemma round_down: "round_down prec x \<le> x"
   506   by (simp add: powr_minus_divide divide_le_eq round_down_def)
   507 
   508 lemma round_up_0[simp]: "round_up p 0 = 0"
   509   unfolding round_up_def by simp
   510 
   511 lemma round_down_0[simp]: "round_down p 0 = 0"
   512   unfolding round_down_def by simp
   513 
   514 lemma round_up_diff_round_down:
   515   "round_up prec x - round_down prec x \<le> 2 powr -prec"
   516 proof -
   517   have "round_up prec x - round_down prec x =
   518     (ceiling (x * 2 powr prec) - floor (x * 2 powr prec)) * 2 powr -prec"
   519     by (simp add: round_up_def round_down_def field_simps)
   520   also have "\<dots> \<le> 1 * 2 powr -prec"
   521     by (rule mult_mono)
   522        (auto simp del: real_of_int_diff
   523              simp: real_of_int_diff[symmetric] real_of_int_le_one_cancel_iff ceiling_diff_floor_le_1)
   524   finally show ?thesis by simp
   525 qed
   526 
   527 lemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"
   528   unfolding round_down_def
   529   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
   530     (simp add: powr_add[symmetric])
   531 
   532 lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"
   533   unfolding round_up_def
   534   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
   535     (simp add: powr_add[symmetric])
   536 
   537 subsection {* Rounding Floats *}
   538 
   539 lift_definition float_up :: "int \<Rightarrow> float \<Rightarrow> float" is round_up by simp
   540 
   541 lemma real_of_float_float_up[simp]: "real (float_up e f) = round_up e (real f)"
   542   using float_up.rep_eq by (simp add: real_of_float_def)
   543 
   544 lemma float_up_correct:
   545   shows "real (float_up e f) - real f \<in> {0..2 powr -e}"
   546 unfolding atLeastAtMost_iff
   547 proof
   548   have "round_up e f - f \<le> round_up e f - round_down e f" using round_down by simp
   549   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
   550   finally show "real (float_up e f) - real f \<le> 2 powr real (- e)"
   551     by simp
   552 qed (simp add: algebra_simps round_up)
   553 
   554 lift_definition float_down :: "int \<Rightarrow> float \<Rightarrow> float" is round_down by simp
   555 
   556 lemma real_of_float_float_down[simp]: "real (float_down e f) = round_down e (real f)"
   557   using float_down.rep_eq by (simp add: real_of_float_def)
   558 
   559 lemma float_down_correct:
   560   shows "real f - real (float_down e f) \<in> {0..2 powr -e}"
   561 unfolding atLeastAtMost_iff
   562 proof
   563   have "f - round_down e f \<le> round_up e f - round_down e f" using round_up by simp
   564   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
   565   finally show "real f - real (float_down e f) \<le> 2 powr real (- e)"
   566     by simp
   567 qed (simp add: algebra_simps round_down)
   568 
   569 lemma compute_float_down[code]:
   570   "float_down p (Float m e) =
   571     (if p + e < 0 then Float (m div 2^nat (-(p + e))) (-p) else Float m e)"
   572 proof cases
   573   assume "p + e < 0"
   574   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
   575     using powr_realpow[of 2 "nat (-(p + e))"] by simp
   576   also have "... = 1 / 2 powr p / 2 powr e"
   577     unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
   578   finally show ?thesis
   579     using `p + e < 0`
   580     by transfer (simp add: ac_simps round_down_def floor_divide_eq_div[symmetric])
   581 next
   582   assume "\<not> p + e < 0"
   583   then have r: "real e + real p = real (nat (e + p))" by simp
   584   have r: "\<lfloor>(m * 2 powr e) * 2 powr real p\<rfloor> = (m * 2 powr e) * 2 powr real p"
   585     by (auto intro: exI[where x="m*2^nat (e+p)"]
   586              simp add: ac_simps powr_add[symmetric] r powr_realpow)
   587   with `\<not> p + e < 0` show ?thesis
   588     by transfer
   589        (auto simp add: round_down_def field_simps powr_add powr_minus inverse_eq_divide)
   590 qed
   591 
   592 lemma ceil_divide_floor_conv:
   593 assumes "b \<noteq> 0"
   594 shows "\<lceil>real a / real b\<rceil> = (if b dvd a then a div b else \<lfloor>real a / real b\<rfloor> + 1)"
   595 proof cases
   596   assume "\<not> b dvd a"
   597   hence "a mod b \<noteq> 0" by auto
   598   hence ne: "real (a mod b) / real b \<noteq> 0" using `b \<noteq> 0` by auto
   599   have "\<lceil>real a / real b\<rceil> = \<lfloor>real a / real b\<rfloor> + 1"
   600   apply (rule ceiling_eq) apply (auto simp: floor_divide_eq_div[symmetric])
   601   proof -
   602     have "real \<lfloor>real a / real b\<rfloor> \<le> real a / real b" by simp
   603     moreover have "real \<lfloor>real a / real b\<rfloor> \<noteq> real a / real b"
   604     apply (subst (2) real_of_int_div_aux) unfolding floor_divide_eq_div using ne `b \<noteq> 0` by auto
   605     ultimately show "real \<lfloor>real a / real b\<rfloor> < real a / real b" by arith
   606   qed
   607   thus ?thesis using `\<not> b dvd a` by simp
   608 qed (simp add: ceiling_def real_of_int_minus[symmetric] divide_minus_left[symmetric]
   609   floor_divide_eq_div dvd_neg_div del: divide_minus_left real_of_int_minus)
   610 
   611 lemma compute_float_up[code]:
   612   "float_up p (Float m e) =
   613     (let P = 2^nat (-(p + e)); r = m mod P in
   614       if p + e < 0 then Float (m div P + (if r = 0 then 0 else 1)) (-p) else Float m e)"
   615 proof cases
   616   assume "p + e < 0"
   617   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
   618     using powr_realpow[of 2 "nat (-(p + e))"] by simp
   619   also have "... = 1 / 2 powr p / 2 powr e"
   620   unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
   621   finally have twopow_rewrite:
   622     "real ((2::int) ^ nat (- (p + e))) = 1 / 2 powr real p / 2 powr real e" .
   623   with `p + e < 0` have powr_rewrite:
   624     "2 powr real e * 2 powr real p = 1 / real ((2::int) ^ nat (- (p + e)))"
   625     unfolding powr_divide2 by simp
   626   show ?thesis
   627   proof cases
   628     assume "2^nat (-(p + e)) dvd m"
   629     with `p + e < 0` twopow_rewrite show ?thesis unfolding Let_def
   630       by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div dvd_eq_mod_eq_0)
   631   next
   632     assume ndvd: "\<not> 2 ^ nat (- (p + e)) dvd m"
   633     have one_div: "real m * (1 / real ((2::int) ^ nat (- (p + e)))) =
   634       real m / real ((2::int) ^ nat (- (p + e)))"
   635       by (simp add: field_simps)
   636     have "real \<lceil>real m * (2 powr real e * 2 powr real p)\<rceil> =
   637       real \<lfloor>real m * (2 powr real e * 2 powr real p)\<rfloor> + 1"
   638       using ndvd unfolding powr_rewrite one_div
   639       by (subst ceil_divide_floor_conv) (auto simp: field_simps)
   640     thus ?thesis using `p + e < 0` twopow_rewrite
   641       unfolding Let_def
   642       by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div[symmetric])
   643   qed
   644 next
   645   assume "\<not> p + e < 0"
   646   then have r1: "real e + real p = real (nat (e + p))" by simp
   647   have r: "\<lceil>(m * 2 powr e) * 2 powr real p\<rceil> = (m * 2 powr e) * 2 powr real p"
   648     by (auto simp add: ac_simps powr_add[symmetric] r1 powr_realpow
   649       intro: exI[where x="m*2^nat (e+p)"])
   650   then show ?thesis using `\<not> p + e < 0`
   651     unfolding Let_def
   652     by transfer
   653        (simp add: round_up_def floor_divide_eq_div field_simps powr_add powr_minus inverse_eq_divide)
   654 qed
   655 
   656 lemmas real_of_ints =
   657   real_of_int_zero
   658   real_of_one
   659   real_of_int_add
   660   real_of_int_minus
   661   real_of_int_diff
   662   real_of_int_mult
   663   real_of_int_power
   664   real_numeral
   665 lemmas real_of_nats =
   666   real_of_nat_zero
   667   real_of_nat_one
   668   real_of_nat_1
   669   real_of_nat_add
   670   real_of_nat_mult
   671   real_of_nat_power
   672 
   673 lemmas int_of_reals = real_of_ints[symmetric]
   674 lemmas nat_of_reals = real_of_nats[symmetric]
   675 
   676 lemma two_real_int: "(2::real) = real (2::int)" by simp
   677 lemma two_real_nat: "(2::real) = real (2::nat)" by simp
   678 
   679 lemma mult_cong: "a = c ==> b = d ==> a*b = c*d" by simp
   680 
   681 subsection {* Compute bitlen of integers *}
   682 
   683 definition bitlen :: "int \<Rightarrow> int" where
   684   "bitlen a = (if a > 0 then \<lfloor>log 2 a\<rfloor> + 1 else 0)"
   685 
   686 lemma bitlen_nonneg: "0 \<le> bitlen x"
   687 proof -
   688   {
   689     assume "0 > x"
   690     have "-1 = log 2 (inverse 2)" by (subst log_inverse) simp_all
   691     also have "... < log 2 (-x)" using `0 > x` by auto
   692     finally have "-1 < log 2 (-x)" .
   693   } thus "0 \<le> bitlen x" unfolding bitlen_def by (auto intro!: add_nonneg_nonneg)
   694 qed
   695 
   696 lemma bitlen_bounds:
   697   assumes "x > 0"
   698   shows "2 ^ nat (bitlen x - 1) \<le> x \<and> x < 2 ^ nat (bitlen x)"
   699 proof
   700   have "(2::real) ^ nat \<lfloor>log 2 (real x)\<rfloor> = 2 powr real (floor (log 2 (real x)))"
   701     using powr_realpow[symmetric, of 2 "nat \<lfloor>log 2 (real x)\<rfloor>"] `x > 0`
   702     using real_nat_eq_real[of "floor (log 2 (real x))"]
   703     by simp
   704   also have "... \<le> 2 powr log 2 (real x)"
   705     by simp
   706   also have "... = real x"
   707     using `0 < x` by simp
   708   finally have "2 ^ nat \<lfloor>log 2 (real x)\<rfloor> \<le> real x" by simp
   709   thus "2 ^ nat (bitlen x - 1) \<le> x" using `x > 0`
   710     by (simp add: bitlen_def)
   711 next
   712   have "x \<le> 2 powr (log 2 x)" using `x > 0` by simp
   713   also have "... < 2 ^ nat (\<lfloor>log 2 (real x)\<rfloor> + 1)"
   714     apply (simp add: powr_realpow[symmetric])
   715     using `x > 0` by simp
   716   finally show "x < 2 ^ nat (bitlen x)" using `x > 0`
   717     by (simp add: bitlen_def ac_simps int_of_reals del: real_of_ints)
   718 qed
   719 
   720 lemma bitlen_pow2[simp]:
   721   assumes "b > 0"
   722   shows "bitlen (b * 2 ^ c) = bitlen b + c"
   723 proof -
   724   from assms have "b * 2 ^ c > 0" by (auto intro: mult_pos_pos)
   725   thus ?thesis
   726     using floor_add[of "log 2 b" c] assms
   727     by (auto simp add: log_mult log_nat_power bitlen_def)
   728 qed
   729 
   730 lemma bitlen_Float:
   731 fixes m e
   732 defines "f \<equiv> Float m e"
   733 shows "bitlen (\<bar>mantissa f\<bar>) + exponent f = (if m = 0 then 0 else bitlen \<bar>m\<bar> + e)"
   734 proof cases
   735   assume "m \<noteq> 0"
   736   hence "f \<noteq> float_of 0"
   737     unfolding real_of_float_eq by (simp add: f_def)
   738   hence "mantissa f \<noteq> 0"
   739     by (simp add: mantissa_noteq_0)
   740   moreover
   741   from f_def[THEN denormalize_shift, OF `f \<noteq> float_of 0`] guess i .
   742   ultimately show ?thesis by (simp add: abs_mult)
   743 qed (simp add: f_def bitlen_def Float_def)
   744 
   745 lemma compute_bitlen[code]:
   746   shows "bitlen x = (if x > 0 then bitlen (x div 2) + 1 else 0)"
   747 proof -
   748   { assume "2 \<le> x"
   749     then have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 (x - x mod 2)\<rfloor>"
   750       by (simp add: log_mult zmod_zdiv_equality')
   751     also have "\<dots> = \<lfloor>log 2 (real x)\<rfloor>"
   752     proof cases
   753       assume "x mod 2 = 0" then show ?thesis by simp
   754     next
   755       def n \<equiv> "\<lfloor>log 2 (real x)\<rfloor>"
   756       then have "0 \<le> n"
   757         using `2 \<le> x` by simp
   758       assume "x mod 2 \<noteq> 0"
   759       with `2 \<le> x` have "x mod 2 = 1" "\<not> 2 dvd x" by (auto simp add: dvd_eq_mod_eq_0)
   760       with `2 \<le> x` have "x \<noteq> 2^nat n" by (cases "nat n") auto
   761       moreover
   762       { have "real (2^nat n :: int) = 2 powr (nat n)"
   763           by (simp add: powr_realpow)
   764         also have "\<dots> \<le> 2 powr (log 2 x)"
   765           using `2 \<le> x` by (simp add: n_def del: powr_log_cancel)
   766         finally have "2^nat n \<le> x" using `2 \<le> x` by simp }
   767       ultimately have "2^nat n \<le> x - 1" by simp
   768       then have "2^nat n \<le> real (x - 1)"
   769         unfolding real_of_int_le_iff[symmetric] by simp
   770       { have "n = \<lfloor>log 2 (2^nat n)\<rfloor>"
   771           using `0 \<le> n` by (simp add: log_nat_power)
   772         also have "\<dots> \<le> \<lfloor>log 2 (x - 1)\<rfloor>"
   773           using `2^nat n \<le> real (x - 1)` `0 \<le> n` `2 \<le> x` by (auto intro: floor_mono)
   774         finally have "n \<le> \<lfloor>log 2 (x - 1)\<rfloor>" . }
   775       moreover have "\<lfloor>log 2 (x - 1)\<rfloor> \<le> n"
   776         using `2 \<le> x` by (auto simp add: n_def intro!: floor_mono)
   777       ultimately show "\<lfloor>log 2 (x - x mod 2)\<rfloor> = \<lfloor>log 2 x\<rfloor>"
   778         unfolding n_def `x mod 2 = 1` by auto
   779     qed
   780     finally have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 x\<rfloor>" . }
   781   moreover
   782   { assume "x < 2" "0 < x"
   783     then have "x = 1" by simp
   784     then have "\<lfloor>log 2 (real x)\<rfloor> = 0" by simp }
   785   ultimately show ?thesis
   786     unfolding bitlen_def
   787     by (auto simp: pos_imp_zdiv_pos_iff not_le)
   788 qed
   789 
   790 lemma float_gt1_scale: assumes "1 \<le> Float m e"
   791   shows "0 \<le> e + (bitlen m - 1)"
   792 proof -
   793   have "0 < Float m e" using assms by auto
   794   hence "0 < m" using powr_gt_zero[of 2 e]
   795     by (auto simp: zero_less_mult_iff)
   796   hence "m \<noteq> 0" by auto
   797   show ?thesis
   798   proof (cases "0 \<le> e")
   799     case True thus ?thesis using `0 < m`  by (simp add: bitlen_def)
   800   next
   801     have "(1::int) < 2" by simp
   802     case False let ?S = "2^(nat (-e))"
   803     have "inverse (2 ^ nat (- e)) = 2 powr e" using assms False powr_realpow[of 2 "nat (-e)"]
   804       by (auto simp: powr_minus field_simps inverse_eq_divide)
   805     hence "1 \<le> real m * inverse ?S" using assms False powr_realpow[of 2 "nat (-e)"]
   806       by (auto simp: powr_minus)
   807     hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
   808     hence "?S \<le> real m" unfolding mult_assoc by auto
   809     hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
   810     from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
   811     have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
   812     hence "-e < bitlen m" using False by auto
   813     thus ?thesis by auto
   814   qed
   815 qed
   816 
   817 lemma bitlen_div: assumes "0 < m" shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
   818 proof -
   819   let ?B = "2^nat(bitlen m - 1)"
   820 
   821   have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
   822   hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
   823   thus "1 \<le> real m / ?B" by auto
   824 
   825   have "m \<noteq> 0" using assms by auto
   826   have "0 \<le> bitlen m - 1" using `0 < m` by (auto simp: bitlen_def)
   827 
   828   have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
   829   also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using `0 < m` by (auto simp: bitlen_def)
   830   also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
   831   finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
   832   hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
   833   thus "real m / ?B < 2" by auto
   834 qed
   835 
   836 subsection {* Approximation of positive rationals *}
   837 
   838 lemma zdiv_zmult_twopow_eq: fixes a b::int shows "a div b div (2 ^ n) = a div (b * 2 ^ n)"
   839 by (simp add: zdiv_zmult2_eq)
   840 
   841 lemma div_mult_twopow_eq: fixes a b::nat shows "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)"
   842   by (cases "b=0") (simp_all add: div_mult2_eq[symmetric] ac_simps)
   843 
   844 lemma real_div_nat_eq_floor_of_divide:
   845   fixes a b::nat
   846   shows "a div b = real (floor (a/b))"
   847 by (metis floor_divide_eq_div real_of_int_of_nat_eq zdiv_int)
   848 
   849 definition "rat_precision prec x y = int prec - (bitlen x - bitlen y)"
   850 
   851 lift_definition lapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
   852   is "\<lambda>prec (x::nat) (y::nat). round_down (rat_precision prec x y) (x / y)" by simp
   853 
   854 lemma compute_lapprox_posrat[code]:
   855   fixes prec x y 
   856   shows "lapprox_posrat prec x y = 
   857    (let 
   858        l = rat_precision prec x y;
   859        d = if 0 \<le> l then x * 2^nat l div y else x div 2^nat (- l) div y
   860     in normfloat (Float d (- l)))"
   861     unfolding div_mult_twopow_eq Let_def normfloat_def
   862     by transfer
   863        (simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide field_simps
   864              del: two_powr_minus_int_float)
   865 
   866 lift_definition rapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
   867   is "\<lambda>prec (x::nat) (y::nat). round_up (rat_precision prec x y) (x / y)" by simp
   868 
   869 (* TODO: optimize using zmod_zmult2_eq, pdivmod ? *)
   870 lemma compute_rapprox_posrat[code]:
   871   fixes prec x y
   872   defines "l \<equiv> rat_precision prec x y"
   873   shows "rapprox_posrat prec x y = (let
   874      l = l ;
   875      X = if 0 \<le> l then (x * 2^nat l, y) else (x, y * 2^nat(-l)) ;
   876      d = fst X div snd X ;
   877      m = fst X mod snd X
   878    in normfloat (Float (d + (if m = 0 \<or> y = 0 then 0 else 1)) (- l)))"
   879 proof (cases "y = 0")
   880   assume "y = 0" thus ?thesis unfolding Let_def normfloat_def by transfer simp
   881 next
   882   assume "y \<noteq> 0"
   883   show ?thesis
   884   proof (cases "0 \<le> l")
   885     assume "0 \<le> l"
   886     def x' == "x * 2 ^ nat l"
   887     have "int x * 2 ^ nat l = x'" by (simp add: x'_def int_mult int_power)
   888     moreover have "real x * 2 powr real l = real x'"
   889       by (simp add: powr_realpow[symmetric] `0 \<le> l` x'_def)
   890     ultimately show ?thesis
   891       unfolding Let_def normfloat_def
   892       using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] `0 \<le> l` `y \<noteq> 0`
   893         l_def[symmetric, THEN meta_eq_to_obj_eq]
   894       by transfer
   895          (simp add: floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0 round_up_def)
   896    next
   897     assume "\<not> 0 \<le> l"
   898     def y' == "y * 2 ^ nat (- l)"
   899     from `y \<noteq> 0` have "y' \<noteq> 0" by (simp add: y'_def)
   900     have "int y * 2 ^ nat (- l) = y'" by (simp add: y'_def int_mult int_power)
   901     moreover have "real x * real (2::int) powr real l / real y = x / real y'"
   902       using `\<not> 0 \<le> l`
   903       by (simp add: powr_realpow[symmetric] powr_minus y'_def field_simps inverse_eq_divide)
   904     ultimately show ?thesis
   905       unfolding Let_def normfloat_def
   906       using ceil_divide_floor_conv[of y' x] `\<not> 0 \<le> l` `y' \<noteq> 0` `y \<noteq> 0`
   907         l_def[symmetric, THEN meta_eq_to_obj_eq]
   908       by transfer
   909          (simp add: round_up_def ceil_divide_floor_conv floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0)
   910   qed
   911 qed
   912 
   913 lemma rat_precision_pos:
   914   assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
   915   shows "rat_precision n (int x) (int y) > 0"
   916 proof -
   917   { assume "0 < x" hence "log 2 x + 1 = log 2 (2 * x)" by (simp add: log_mult) }
   918   hence "bitlen (int x) < bitlen (int y)" using assms
   919     by (simp add: bitlen_def del: floor_add_one)
   920       (auto intro!: floor_mono simp add: floor_add_one[symmetric] simp del: floor_add floor_add_one)
   921   thus ?thesis
   922     using assms by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)
   923 qed
   924 
   925 lemma power_aux: assumes "x > 0" shows "(2::int) ^ nat (x - 1) \<le> 2 ^ nat x - 1"
   926 proof -
   927   def y \<equiv> "nat (x - 1)" moreover
   928   have "(2::int) ^ y \<le> (2 ^ (y + 1)) - 1" by simp
   929   ultimately show ?thesis using assms by simp
   930 qed
   931 
   932 lemma rapprox_posrat_less1: assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
   933   shows "real (rapprox_posrat n x y) < 1"
   934 proof -
   935   have powr1: "2 powr real (rat_precision n (int x) (int y)) = 
   936     2 ^ nat (rat_precision n (int x) (int y))" using rat_precision_pos[of x y n] assms
   937     by (simp add: powr_realpow[symmetric])
   938   have "x * 2 powr real (rat_precision n (int x) (int y)) / y = (x / y) *
   939      2 powr real (rat_precision n (int x) (int y))" by simp
   940   also have "... < (1 / 2) * 2 powr real (rat_precision n (int x) (int y))"
   941     apply (rule mult_strict_right_mono) by (insert assms) auto
   942   also have "\<dots> = 2 powr real (rat_precision n (int x) (int y) - 1)"
   943     by (simp add: powr_add diff_def powr_neg_numeral)
   944   also have "\<dots> = 2 ^ nat (rat_precision n (int x) (int y) - 1)"
   945     using rat_precision_pos[of x y n] assms by (simp add: powr_realpow[symmetric])
   946   also have "\<dots> \<le> 2 ^ nat (rat_precision n (int x) (int y)) - 1"
   947     unfolding int_of_reals real_of_int_le_iff
   948     using rat_precision_pos[OF assms] by (rule power_aux)
   949   finally show ?thesis
   950     unfolding rapprox_posrat_def
   951     apply (simp add: round_up_def)
   952     apply (simp add: field_simps powr_minus inverse_eq_divide)
   953     unfolding powr1
   954     unfolding int_of_reals real_of_int_less_iff
   955     unfolding ceiling_less_eq
   956     using rat_precision_pos[of x y n] assms
   957     apply simp
   958     done
   959 qed
   960 
   961 lift_definition lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
   962   "\<lambda>prec (x::int) (y::int). round_down (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
   963 
   964 lemma compute_lapprox_rat[code]:
   965   "lapprox_rat prec x y =
   966     (if y = 0 then 0
   967     else if 0 \<le> x then
   968       (if 0 < y then lapprox_posrat prec (nat x) (nat y)
   969       else - (rapprox_posrat prec (nat x) (nat (-y)))) 
   970       else (if 0 < y
   971         then - (rapprox_posrat prec (nat (-x)) (nat y))
   972         else lapprox_posrat prec (nat (-x)) (nat (-y))))"
   973   apply transfer
   974   apply (cases "y = 0")
   975   apply (auto simp: round_up_def round_down_def ceiling_def real_of_float_uminus[symmetric] ac_simps
   976                     int_of_reals simp del: real_of_ints)
   977   apply (auto simp: ac_simps)
   978   done
   979 
   980 lift_definition rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
   981   "\<lambda>prec (x::int) (y::int). round_up (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
   982 
   983 lemma compute_rapprox_rat[code]:
   984   "rapprox_rat prec x y =
   985     (if y = 0 then 0
   986     else if 0 \<le> x then
   987       (if 0 < y then rapprox_posrat prec (nat x) (nat y)
   988       else - (lapprox_posrat prec (nat x) (nat (-y)))) 
   989       else (if 0 < y
   990         then - (lapprox_posrat prec (nat (-x)) (nat y))
   991         else rapprox_posrat prec (nat (-x)) (nat (-y))))"
   992   apply transfer
   993   apply (cases "y = 0")
   994   apply (auto simp: round_up_def round_down_def ceiling_def real_of_float_uminus[symmetric] ac_simps
   995                     int_of_reals simp del: real_of_ints)
   996   apply (auto simp: ac_simps)
   997   done
   998 
   999 subsection {* Division *}
  1000 
  1001 lift_definition float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is
  1002   "\<lambda>(prec::nat) a b. round_down (prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)" by simp
  1003 
  1004 lemma compute_float_divl[code]:
  1005   "float_divl prec (Float m1 s1) (Float m2 s2) = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
  1006 proof cases
  1007   assume "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1008   then show ?thesis
  1009   proof transfer
  1010     fix prec :: nat and m1 s1 m2 s2 :: int assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1011     let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
  1012     let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
  1013 
  1014     have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
  1015       by (simp add: field_simps powr_divide2[symmetric])
  1016     have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) =
  1017         rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
  1018       using not_0 by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
  1019     
  1020     show "round_down (int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) (?f1 / ?f2) =
  1021       round_down (rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar>) ?m * (real (1::int) * ?s)"
  1022       using not_0 unfolding eq1 eq2 round_down_shift by (simp add: field_simps)
  1023   qed
  1024 qed (transfer, auto)
  1025 
  1026 lift_definition float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is
  1027   "\<lambda>(prec::nat) a b. round_up (prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)" by simp
  1028 
  1029 lemma compute_float_divr[code]:
  1030   "float_divr prec (Float m1 s1) (Float m2 s2) = rapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
  1031 proof cases
  1032   assume "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1033   then show ?thesis
  1034   proof transfer
  1035     fix prec :: nat and m1 s1 m2 s2 :: int assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1036     let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
  1037     let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
  1038 
  1039     have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
  1040       by (simp add: field_simps powr_divide2[symmetric])
  1041     have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) =
  1042         rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
  1043       using not_0 by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
  1044     
  1045     show "round_up (int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) (?f1 / ?f2) =
  1046       round_up (rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar>) ?m * (real (1::int) * ?s)"
  1047       using not_0 unfolding eq1 eq2 round_up_shift by (simp add: field_simps)
  1048   qed
  1049 qed (transfer, auto)
  1050 
  1051 subsection {* Lemmas needed by Approximate *}
  1052 
  1053 lemma Float_num[simp]: shows
  1054    "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
  1055    "real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
  1056    "real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"
  1057 using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"] two_powr_int_float[of "-3"]
  1058 using powr_realpow[of 2 2] powr_realpow[of 2 3]
  1059 using powr_minus[of 2 1] powr_minus[of 2 2] powr_minus[of 2 3]
  1060 by auto
  1061 
  1062 lemma real_of_Float_int[simp]: "real (Float n 0) = real n" by simp
  1063 
  1064 lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
  1065 
  1066 lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
  1067 by arith
  1068 
  1069 lemma lapprox_rat:
  1070   shows "real (lapprox_rat prec x y) \<le> real x / real y"
  1071   using round_down by (simp add: lapprox_rat_def)
  1072 
  1073 lemma mult_div_le: fixes a b:: int assumes "b > 0" shows "a \<ge> b * (a div b)"
  1074 proof -
  1075   from zmod_zdiv_equality'[of a b]
  1076   have "a = b * (a div b) + a mod b" by simp
  1077   also have "... \<ge> b * (a div b) + 0" apply (rule add_left_mono) apply (rule pos_mod_sign)
  1078   using assms by simp
  1079   finally show ?thesis by simp
  1080 qed
  1081 
  1082 lemma lapprox_rat_nonneg:
  1083   fixes n x y
  1084   defines "p == int n - ((bitlen \<bar>x\<bar>) - (bitlen \<bar>y\<bar>))"
  1085   assumes "0 \<le> x" "0 < y"
  1086   shows "0 \<le> real (lapprox_rat n x y)"
  1087 using assms unfolding lapprox_rat_def p_def[symmetric] round_down_def real_of_int_minus[symmetric]
  1088    powr_int[of 2, simplified]
  1089   by (auto simp add: inverse_eq_divide intro!: mult_nonneg_nonneg divide_nonneg_pos mult_pos_pos)
  1090 
  1091 lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
  1092   using round_up by (simp add: rapprox_rat_def)
  1093 
  1094 lemma rapprox_rat_le1:
  1095   fixes n x y
  1096   assumes xy: "0 \<le> x" "0 < y" "x \<le> y"
  1097   shows "real (rapprox_rat n x y) \<le> 1"
  1098 proof -
  1099   have "bitlen \<bar>x\<bar> \<le> bitlen \<bar>y\<bar>"
  1100     using xy unfolding bitlen_def by (auto intro!: floor_mono)
  1101   then have "0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>" by (simp add: rat_precision_def)
  1102   have "real \<lceil>real x / real y * 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>
  1103       \<le> real \<lceil>2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>"
  1104     using xy by (auto intro!: ceiling_mono simp: field_simps)
  1105   also have "\<dots> = 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"
  1106     using `0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>`
  1107     by (auto intro!: exI[of _ "2^nat (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"] simp: powr_int)
  1108   finally show ?thesis
  1109     by (simp add: rapprox_rat_def round_up_def)
  1110        (simp add: powr_minus inverse_eq_divide)
  1111 qed
  1112 
  1113 lemma rapprox_rat_nonneg_neg: 
  1114   "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1115   unfolding rapprox_rat_def round_up_def
  1116   by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)
  1117 
  1118 lemma rapprox_rat_neg:
  1119   "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1120   unfolding rapprox_rat_def round_up_def
  1121   by (auto simp: field_simps mult_le_0_iff)
  1122 
  1123 lemma rapprox_rat_nonpos_pos:
  1124   "x \<le> 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1125   unfolding rapprox_rat_def round_up_def
  1126   by (auto simp: field_simps mult_le_0_iff)
  1127 
  1128 lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
  1129   by transfer (simp add: round_down)
  1130 
  1131 lemma float_divl_lower_bound:
  1132   "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> 0 \<le> real (float_divl prec x y)"
  1133   by transfer (simp add: round_down_def zero_le_mult_iff zero_le_divide_iff)
  1134 
  1135 lemma exponent_1: "exponent 1 = 0"
  1136   using exponent_float[of 1 0] by (simp add: one_float_def)
  1137 
  1138 lemma mantissa_1: "mantissa 1 = 1"
  1139   using mantissa_float[of 1 0] by (simp add: one_float_def)
  1140 
  1141 lemma bitlen_1: "bitlen 1 = 1"
  1142   by (simp add: bitlen_def)
  1143 
  1144 lemma mantissa_eq_zero_iff: "mantissa x = 0 \<longleftrightarrow> x = 0"
  1145 proof
  1146   assume "mantissa x = 0" hence z: "0 = real x" using mantissa_exponent by simp
  1147   show "x = 0" by (simp add: zero_float_def z)
  1148 qed (simp add: zero_float_def)
  1149 
  1150 lemma float_upper_bound: "x \<le> 2 powr (bitlen \<bar>mantissa x\<bar> + exponent x)"
  1151 proof (cases "x = 0", simp)
  1152   assume "x \<noteq> 0" hence "mantissa x \<noteq> 0" using mantissa_eq_zero_iff by auto
  1153   have "x = mantissa x * 2 powr (exponent x)" by (rule mantissa_exponent)
  1154   also have "mantissa x \<le> \<bar>mantissa x\<bar>" by simp
  1155   also have "... \<le> 2 powr (bitlen \<bar>mantissa x\<bar>)"
  1156     using bitlen_bounds[of "\<bar>mantissa x\<bar>"] bitlen_nonneg `mantissa x \<noteq> 0`
  1157     by (simp add: powr_int) (simp only: two_real_int int_of_reals real_of_int_abs[symmetric]
  1158       real_of_int_le_iff less_imp_le)
  1159   finally show ?thesis by (simp add: powr_add)
  1160 qed
  1161 
  1162 lemma float_divl_pos_less1_bound:
  1163   "0 < real x \<Longrightarrow> real x < 1 \<Longrightarrow> prec \<ge> 1 \<Longrightarrow> 1 \<le> real (float_divl prec 1 x)"
  1164 proof transfer
  1165   fix prec :: nat and x :: real assume x: "0 < x" "x < 1" "x \<in> float" and prec: "1 \<le> prec"
  1166   def p \<equiv> "int prec + \<lfloor>log 2 \<bar>x\<bar>\<rfloor>" 
  1167   show "1 \<le> round_down (int prec + \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - \<lfloor>log 2 \<bar>1\<bar>\<rfloor>) (1 / x) "
  1168   proof cases
  1169     assume nonneg: "0 \<le> p"
  1170     hence "2 powr real (p) = floor (real ((2::int) ^ nat p)) * floor (1::real)"
  1171       by (simp add: powr_int del: real_of_int_power) simp
  1172     also have "floor (1::real) \<le> floor (1 / x)" using x prec by simp
  1173     also have "floor (real ((2::int) ^ nat p)) * floor (1 / x) \<le>
  1174       floor (real ((2::int) ^ nat p) * (1 / x))"
  1175       by (rule le_mult_floor) (auto simp: x prec less_imp_le)
  1176     finally have "2 powr real p \<le> floor (2 powr nat p / x)" by (simp add: powr_realpow)
  1177     thus ?thesis unfolding p_def[symmetric]
  1178       using x prec nonneg by (simp add: powr_minus inverse_eq_divide round_down_def)
  1179   next
  1180     assume neg: "\<not> 0 \<le> p"
  1181 
  1182     have "x = 2 powr (log 2 x)"
  1183       using x by simp
  1184     also have "2 powr (log 2 x) \<le> 2 powr p"
  1185     proof (rule powr_mono)
  1186       have "log 2 x \<le> \<lceil>log 2 x\<rceil>"
  1187         by simp
  1188       also have "\<dots> \<le> \<lfloor>log 2 x\<rfloor> + 1"
  1189         using ceiling_diff_floor_le_1[of "log 2 x"] by simp
  1190       also have "\<dots> \<le> \<lfloor>log 2 x\<rfloor> + prec"
  1191         using prec by simp
  1192       finally show "log 2 x \<le> real p"
  1193         using x by (simp add: p_def)
  1194     qed simp
  1195     finally have x_le: "x \<le> 2 powr p" .
  1196 
  1197     from neg have "2 powr real p \<le> 2 powr 0"
  1198       by (intro powr_mono) auto
  1199     also have "\<dots> \<le> \<lfloor>2 powr 0\<rfloor>" by simp
  1200     also have "\<dots> \<le> \<lfloor>2 powr real p / x\<rfloor>" unfolding real_of_int_le_iff
  1201       using x x_le by (intro floor_mono) (simp add:  pos_le_divide_eq mult_pos_pos)
  1202     finally show ?thesis
  1203       using prec x unfolding p_def[symmetric]
  1204       by (simp add: round_down_def powr_minus_divide pos_le_divide_eq mult_pos_pos)
  1205   qed
  1206 qed
  1207 
  1208 lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
  1209   using round_up by transfer simp
  1210 
  1211 lemma float_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 \<le> float_divr prec 1 x"
  1212 proof -
  1213   have "1 \<le> 1 / real x" using `0 < x` and `x < 1` by auto
  1214   also have "\<dots> \<le> real (float_divr prec 1 x)" using float_divr[where x=1 and y=x] by auto
  1215   finally show ?thesis by auto
  1216 qed
  1217 
  1218 lemma float_divr_nonpos_pos_upper_bound:
  1219   "real x \<le> 0 \<Longrightarrow> 0 < real y \<Longrightarrow> real (float_divr prec x y) \<le> 0"
  1220   by transfer (auto simp: field_simps mult_le_0_iff divide_le_0_iff round_up_def)
  1221 
  1222 lemma float_divr_nonneg_neg_upper_bound:
  1223   "0 \<le> real x \<Longrightarrow> real y < 0 \<Longrightarrow> real (float_divr prec x y) \<le> 0"
  1224   by transfer (auto simp: field_simps mult_le_0_iff zero_le_mult_iff divide_le_0_iff round_up_def)
  1225 
  1226 lift_definition float_round_up :: "nat \<Rightarrow> float \<Rightarrow> float" is
  1227   "\<lambda>(prec::nat) x. round_up (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x" by simp
  1228 
  1229 lemma float_round_up: "real x \<le> real (float_round_up prec x)"
  1230   using round_up by transfer simp
  1231 
  1232 lift_definition float_round_down :: "nat \<Rightarrow> float \<Rightarrow> float" is
  1233   "\<lambda>(prec::nat) x. round_down (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x" by simp
  1234 
  1235 lemma float_round_down: "real (float_round_down prec x) \<le> real x"
  1236   using round_down by transfer simp
  1237 
  1238 lemma floor_add2[simp]: "\<lfloor> real i + x \<rfloor> = i + \<lfloor> x \<rfloor>"
  1239   using floor_add[of x i] by (simp del: floor_add add: ac_simps)
  1240 
  1241 lemma compute_float_round_down[code]:
  1242   "float_round_down prec (Float m e) = (let d = bitlen (abs m) - int prec in
  1243     if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)
  1244              else Float m e)"
  1245   unfolding Let_def
  1246   using compute_float_down[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
  1247   apply (simp add: field_simps split del: split_if cong del: if_weak_cong)
  1248   apply (cases "m = 0")
  1249   apply (transfer, auto simp add: field_simps abs_mult log_mult bitlen_def)+
  1250   done
  1251 
  1252 lemma compute_float_round_up[code]:
  1253   "float_round_up prec (Float m e) = (let d = (bitlen (abs m) - int prec) in
  1254      if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P
  1255                    in Float (n + (if r = 0 then 0 else 1)) (e + d)
  1256               else Float m e)"
  1257   using compute_float_up[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
  1258   unfolding Let_def
  1259   apply (simp add: field_simps split del: split_if cong del: if_weak_cong)
  1260   apply (cases "m = 0")
  1261   apply (transfer, auto simp add: field_simps abs_mult log_mult bitlen_def)+
  1262   done
  1263 
  1264 lemma Float_le_zero_iff: "Float a b \<le> 0 \<longleftrightarrow> a \<le> 0"
  1265  apply (auto simp: zero_float_def mult_le_0_iff)
  1266  using powr_gt_zero[of 2 b] by simp
  1267 
  1268 (* TODO: how to use as code equation? -> pprt_float?! *)
  1269 lemma compute_pprt[code]: "pprt (Float a e) = (if a <= 0 then 0 else (Float a e))"
  1270 unfolding pprt_def sup_float_def max_def Float_le_zero_iff ..
  1271 
  1272 (* TODO: how to use as code equation? *)
  1273 lemma compute_nprt[code]: "nprt (Float a e) = (if a <= 0 then (Float a e) else 0)"
  1274 unfolding nprt_def inf_float_def min_def Float_le_zero_iff ..
  1275 
  1276 lemma of_float_pprt[simp]: fixes a::float shows "real (pprt a) = pprt (real a)"
  1277   unfolding pprt_def sup_float_def max_def sup_real_def by auto
  1278 
  1279 lemma of_float_nprt[simp]: fixes a::float shows "real (nprt a) = nprt (real a)"
  1280   unfolding nprt_def inf_float_def min_def inf_real_def by auto
  1281 
  1282 lift_definition int_floor_fl :: "float \<Rightarrow> int" is floor by simp
  1283 
  1284 lemma compute_int_floor_fl[code]:
  1285   shows "int_floor_fl (Float m e) = (if 0 \<le> e then m * 2 ^ nat e
  1286                                   else m div (2 ^ (nat (-e))))"
  1287   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
  1288 
  1289 lift_definition floor_fl :: "float \<Rightarrow> float" is "\<lambda>x. real (floor x)" by simp
  1290 
  1291 lemma compute_floor_fl[code]:
  1292   shows "floor_fl (Float m e) = (if 0 \<le> e then Float m e
  1293                                   else Float (m div (2 ^ (nat (-e)))) 0)"
  1294   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
  1295 
  1296 lemma floor_fl: "real (floor_fl x) \<le> real x" by transfer simp
  1297 
  1298 lemma int_floor_fl: "real (int_floor_fl x) \<le> real x" by transfer simp
  1299 
  1300 lemma floor_pos_exp: "exponent (floor_fl x) \<ge> 0"
  1301 proof cases
  1302   assume nzero: "floor_fl x \<noteq> float_of 0"
  1303   have "floor_fl x = Float \<lfloor>real x\<rfloor> 0" by transfer simp
  1304   from denormalize_shift[OF this[THEN eq_reflection] nzero] guess i . note i = this
  1305   thus ?thesis by simp
  1306 qed (simp add: floor_fl_def)
  1307 
  1308 code_datatype Float
  1309 
  1310 end
  1311