src/HOL/Library/Float.thy
author hoelzl
Mon Aug 25 14:24:05 2014 +0200 (2014-08-25)
changeset 58042 ffa9e39763e3
parent 57862 8f074e6e22fc
child 58410 6d46ad54a2ab
permissions -rw-r--r--
introduce real_of typeclass for real :: 'a => real
     1 (*  Title:      HOL/Library/Float.thy
     2     Author:     Johannes Hölzl, Fabian Immler
     3     Copyright   2012  TU München
     4 *)
     5 
     6 header {* Floating-Point Numbers *}
     7 
     8 theory Float
     9 imports Complex_Main Lattice_Algebras
    10 begin
    11 
    12 definition "float = {m * 2 powr e | (m :: int) (e :: int). True}"
    13 
    14 typedef float = float
    15   morphisms real_of_float float_of
    16   unfolding float_def by auto
    17 
    18 instantiation float :: real_of
    19 begin
    20 
    21 definition real_float :: "float \<Rightarrow> real" where
    22   real_of_float_def[code_unfold]: "real \<equiv> real_of_float"
    23 
    24 instance ..
    25 end
    26 
    27 lemma type_definition_float': "type_definition real float_of float"
    28   using type_definition_float unfolding real_of_float_def .
    29 
    30 setup_lifting (no_code) type_definition_float'
    31 
    32 lemmas float_of_inject[simp]
    33 
    34 declare [[coercion "real :: float \<Rightarrow> real"]]
    35 
    36 lemma real_of_float_eq:
    37   fixes f1 f2 :: float shows "f1 = f2 \<longleftrightarrow> real f1 = real f2"
    38   unfolding real_of_float_def real_of_float_inject ..
    39 
    40 lemma float_of_real[simp]: "float_of (real x) = x"
    41   unfolding real_of_float_def by (rule real_of_float_inverse)
    42 
    43 lemma real_float[simp]: "x \<in> float \<Longrightarrow> real (float_of x) = x"
    44   unfolding real_of_float_def by (rule float_of_inverse)
    45 
    46 subsection {* Real operations preserving the representation as floating point number *}
    47 
    48 lemma floatI: fixes m e :: int shows "m * 2 powr e = x \<Longrightarrow> x \<in> float"
    49   by (auto simp: float_def)
    50 
    51 lemma zero_float[simp]: "0 \<in> float" by (auto simp: float_def)
    52 lemma one_float[simp]: "1 \<in> float" by (intro floatI[of 1 0]) simp
    53 lemma numeral_float[simp]: "numeral i \<in> float" by (intro floatI[of "numeral i" 0]) simp
    54 lemma neg_numeral_float[simp]: "- numeral i \<in> float" by (intro floatI[of "- numeral i" 0]) simp
    55 lemma real_of_int_float[simp]: "real (x :: int) \<in> float" by (intro floatI[of x 0]) simp
    56 lemma real_of_nat_float[simp]: "real (x :: nat) \<in> float" by (intro floatI[of x 0]) simp
    57 lemma two_powr_int_float[simp]: "2 powr (real (i::int)) \<in> float" by (intro floatI[of 1 i]) simp
    58 lemma two_powr_nat_float[simp]: "2 powr (real (i::nat)) \<in> float" by (intro floatI[of 1 i]) simp
    59 lemma two_powr_minus_int_float[simp]: "2 powr - (real (i::int)) \<in> float" by (intro floatI[of 1 "-i"]) simp
    60 lemma two_powr_minus_nat_float[simp]: "2 powr - (real (i::nat)) \<in> float" by (intro floatI[of 1 "-i"]) simp
    61 lemma two_powr_numeral_float[simp]: "2 powr numeral i \<in> float" by (intro floatI[of 1 "numeral i"]) simp
    62 lemma two_powr_neg_numeral_float[simp]: "2 powr - numeral i \<in> float" by (intro floatI[of 1 "- numeral i"]) simp
    63 lemma two_pow_float[simp]: "2 ^ n \<in> float" by (intro floatI[of 1 "n"]) (simp add: powr_realpow)
    64 lemma real_of_float_float[simp]: "real (f::float) \<in> float" by (cases f) simp
    65 
    66 lemma plus_float[simp]: "r \<in> float \<Longrightarrow> p \<in> float \<Longrightarrow> r + p \<in> float"
    67   unfolding float_def
    68 proof (safe, simp)
    69   fix e1 m1 e2 m2 :: int
    70   { fix e1 m1 e2 m2 :: int assume "e1 \<le> e2"
    71     then have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"
    72       by (simp add: powr_realpow[symmetric] powr_divide2[symmetric] field_simps)
    73     then have "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
    74       by blast }
    75   note * = this
    76   show "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
    77   proof (cases e1 e2 rule: linorder_le_cases)
    78     assume "e2 \<le> e1" from *[OF this, of m2 m1] show ?thesis by (simp add: ac_simps)
    79   qed (rule *)
    80 qed
    81 
    82 lemma uminus_float[simp]: "x \<in> float \<Longrightarrow> -x \<in> float"
    83   apply (auto simp: float_def)
    84   apply hypsubst_thin
    85   apply (rule_tac x="-x" in exI)
    86   apply (rule_tac x="xa" in exI)
    87   apply (simp add: field_simps)
    88   done
    89 
    90 lemma times_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x * y \<in> float"
    91   apply (auto simp: float_def)
    92   apply hypsubst_thin
    93   apply (rule_tac x="x * xa" in exI)
    94   apply (rule_tac x="xb + xc" in exI)
    95   apply (simp add: powr_add)
    96   done
    97 
    98 lemma minus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x - y \<in> float"
    99   using plus_float [of x "- y"] by simp
   100 
   101 lemma abs_float[simp]: "x \<in> float \<Longrightarrow> abs x \<in> float"
   102   by (cases x rule: linorder_cases[of 0]) auto
   103 
   104 lemma sgn_of_float[simp]: "x \<in> float \<Longrightarrow> sgn x \<in> float"
   105   by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)
   106 
   107 lemma div_power_2_float[simp]: "x \<in> float \<Longrightarrow> x / 2^d \<in> float"
   108   apply (auto simp add: float_def)
   109   apply hypsubst_thin
   110   apply (rule_tac x="x" in exI)
   111   apply (rule_tac x="xa - d" in exI)
   112   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
   113   done
   114 
   115 lemma div_power_2_int_float[simp]: "x \<in> float \<Longrightarrow> x / (2::int)^d \<in> float"
   116   apply (auto simp add: float_def)
   117   apply hypsubst_thin
   118   apply (rule_tac x="x" in exI)
   119   apply (rule_tac x="xa - d" in exI)
   120   apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
   121   done
   122 
   123 lemma div_numeral_Bit0_float[simp]:
   124   assumes x: "x / numeral n \<in> float" shows "x / (numeral (Num.Bit0 n)) \<in> float"
   125 proof -
   126   have "(x / numeral n) / 2^1 \<in> float"
   127     by (intro x div_power_2_float)
   128   also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"
   129     by (induct n) auto
   130   finally show ?thesis .
   131 qed
   132 
   133 lemma div_neg_numeral_Bit0_float[simp]:
   134   assumes x: "x / numeral n \<in> float" shows "x / (- numeral (Num.Bit0 n)) \<in> float"
   135 proof -
   136   have "- (x / numeral (Num.Bit0 n)) \<in> float" using x by simp
   137   also have "- (x / numeral (Num.Bit0 n)) = x / - numeral (Num.Bit0 n)"
   138     by simp
   139   finally show ?thesis .
   140 qed
   141 
   142 lift_definition Float :: "int \<Rightarrow> int \<Rightarrow> float" is "\<lambda>(m::int) (e::int). m * 2 powr e" by simp
   143 declare Float.rep_eq[simp]
   144 
   145 lemma compute_real_of_float[code]:
   146   "real_of_float (Float m e) = (if e \<ge> 0 then m * 2 ^ nat e else m / 2 ^ (nat (-e)))"
   147 by (simp add: real_of_float_def[symmetric] powr_int)
   148 
   149 code_datatype Float
   150 
   151 subsection {* Arithmetic operations on floating point numbers *}
   152 
   153 instantiation float :: "{ring_1, linorder, linordered_ring, linordered_idom, numeral, equal}"
   154 begin
   155 
   156 lift_definition zero_float :: float is 0 by simp
   157 declare zero_float.rep_eq[simp]
   158 lift_definition one_float :: float is 1 by simp
   159 declare one_float.rep_eq[simp]
   160 lift_definition plus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op +" by simp
   161 declare plus_float.rep_eq[simp]
   162 lift_definition times_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op *" by simp
   163 declare times_float.rep_eq[simp]
   164 lift_definition minus_float :: "float \<Rightarrow> float \<Rightarrow> float" is "op -" by simp
   165 declare minus_float.rep_eq[simp]
   166 lift_definition uminus_float :: "float \<Rightarrow> float" is "uminus" by simp
   167 declare uminus_float.rep_eq[simp]
   168 
   169 lift_definition abs_float :: "float \<Rightarrow> float" is abs by simp
   170 declare abs_float.rep_eq[simp]
   171 lift_definition sgn_float :: "float \<Rightarrow> float" is sgn by simp
   172 declare sgn_float.rep_eq[simp]
   173 
   174 lift_definition equal_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op = :: real \<Rightarrow> real \<Rightarrow> bool" .
   175 
   176 lift_definition less_eq_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op \<le>" .
   177 declare less_eq_float.rep_eq[simp]
   178 lift_definition less_float :: "float \<Rightarrow> float \<Rightarrow> bool" is "op <" .
   179 declare less_float.rep_eq[simp]
   180 
   181 instance
   182   proof qed (transfer, fastforce simp add: field_simps intro: mult_left_mono mult_right_mono)+
   183 end
   184 
   185 lemma real_of_float_power[simp]: fixes f::float shows "real (f^n) = real f^n"
   186   by (induct n) simp_all
   187 
   188 lemma fixes x y::float
   189   shows real_of_float_min: "real (min x y) = min (real x) (real y)"
   190     and real_of_float_max: "real (max x y) = max (real x) (real y)"
   191   by (simp_all add: min_def max_def)
   192 
   193 instance float :: unbounded_dense_linorder
   194 proof
   195   fix a b :: float
   196   show "\<exists>c. a < c"
   197     apply (intro exI[of _ "a + 1"])
   198     apply transfer
   199     apply simp
   200     done
   201   show "\<exists>c. c < a"
   202     apply (intro exI[of _ "a - 1"])
   203     apply transfer
   204     apply simp
   205     done
   206   assume "a < b"
   207   then show "\<exists>c. a < c \<and> c < b"
   208     apply (intro exI[of _ "(a + b) * Float 1 -1"])
   209     apply transfer
   210     apply (simp add: powr_minus)
   211     done
   212 qed
   213 
   214 instantiation float :: lattice_ab_group_add
   215 begin
   216 
   217 definition inf_float::"float\<Rightarrow>float\<Rightarrow>float"
   218 where "inf_float a b = min a b"
   219 
   220 definition sup_float::"float\<Rightarrow>float\<Rightarrow>float"
   221 where "sup_float a b = max a b"
   222 
   223 instance
   224   by default
   225      (transfer, simp_all add: inf_float_def sup_float_def real_of_float_min real_of_float_max)+
   226 end
   227 
   228 lemma float_numeral[simp]: "real (numeral x :: float) = numeral x"
   229   apply (induct x)
   230   apply simp
   231   apply (simp_all only: numeral_Bit0 numeral_Bit1 real_of_float_eq real_float
   232                   plus_float.rep_eq one_float.rep_eq plus_float numeral_float one_float)
   233   done
   234 
   235 lemma transfer_numeral [transfer_rule]:
   236   "rel_fun (op =) pcr_float (numeral :: _ \<Rightarrow> real) (numeral :: _ \<Rightarrow> float)"
   237   unfolding rel_fun_def float.pcr_cr_eq  cr_float_def by simp
   238 
   239 lemma float_neg_numeral[simp]: "real (- numeral x :: float) = - numeral x"
   240   by simp
   241 
   242 lemma transfer_neg_numeral [transfer_rule]:
   243   "rel_fun (op =) pcr_float (- numeral :: _ \<Rightarrow> real) (- numeral :: _ \<Rightarrow> float)"
   244   unfolding rel_fun_def float.pcr_cr_eq cr_float_def by simp
   245 
   246 lemma
   247   shows float_of_numeral[simp]: "numeral k = float_of (numeral k)"
   248     and float_of_neg_numeral[simp]: "- numeral k = float_of (- numeral k)"
   249   unfolding real_of_float_eq by simp_all
   250 
   251 subsection {* Represent floats as unique mantissa and exponent *}
   252 
   253 lemma int_induct_abs[case_names less]:
   254   fixes j :: int
   255   assumes H: "\<And>n. (\<And>i. \<bar>i\<bar> < \<bar>n\<bar> \<Longrightarrow> P i) \<Longrightarrow> P n"
   256   shows "P j"
   257 proof (induct "nat \<bar>j\<bar>" arbitrary: j rule: less_induct)
   258   case less show ?case by (rule H[OF less]) simp
   259 qed
   260 
   261 lemma int_cancel_factors:
   262   fixes n :: int assumes "1 < r" shows "n = 0 \<or> (\<exists>k i. n = k * r ^ i \<and> \<not> r dvd k)"
   263 proof (induct n rule: int_induct_abs)
   264   case (less n)
   265   { fix m assume n: "n \<noteq> 0" "n = m * r"
   266     then have "\<bar>m \<bar> < \<bar>n\<bar>"
   267       by (metis abs_dvd_iff abs_ge_self assms comm_semiring_1_class.normalizing_semiring_rules(7)
   268                 dvd_imp_le_int dvd_refl dvd_triv_right linorder_neq_iff linorder_not_le
   269                 mult_eq_0_iff zdvd_mult_cancel1)
   270     from less[OF this] n have "\<exists>k i. n = k * r ^ Suc i \<and> \<not> r dvd k" by auto }
   271   then show ?case
   272     by (metis comm_semiring_1_class.normalizing_semiring_rules(12,7) dvdE power_0)
   273 qed
   274 
   275 lemma mult_powr_eq_mult_powr_iff_asym:
   276   fixes m1 m2 e1 e2 :: int
   277   assumes m1: "\<not> 2 dvd m1" and "e1 \<le> e2"
   278   shows "m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
   279 proof
   280   have "m1 \<noteq> 0" using m1 unfolding dvd_def by auto
   281   assume eq: "m1 * 2 powr e1 = m2 * 2 powr e2"
   282   with `e1 \<le> e2` have "m1 = m2 * 2 powr nat (e2 - e1)"
   283     by (simp add: powr_divide2[symmetric] field_simps)
   284   also have "\<dots> = m2 * 2^nat (e2 - e1)"
   285     by (simp add: powr_realpow)
   286   finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"
   287     unfolding real_of_int_inject .
   288   with m1 have "m1 = m2"
   289     by (cases "nat (e2 - e1)") (auto simp add: dvd_def)
   290   then show "m1 = m2 \<and> e1 = e2"
   291     using eq `m1 \<noteq> 0` by (simp add: powr_inj)
   292 qed simp
   293 
   294 lemma mult_powr_eq_mult_powr_iff:
   295   fixes m1 m2 e1 e2 :: int
   296   shows "\<not> 2 dvd m1 \<Longrightarrow> \<not> 2 dvd m2 \<Longrightarrow> m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
   297   using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]
   298   using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]
   299   by (cases e1 e2 rule: linorder_le_cases) auto
   300 
   301 lemma floatE_normed:
   302   assumes x: "x \<in> float"
   303   obtains (zero) "x = 0"
   304    | (powr) m e :: int where "x = m * 2 powr e" "\<not> 2 dvd m" "x \<noteq> 0"
   305 proof atomize_elim
   306   { assume "x \<noteq> 0"
   307     from x obtain m e :: int where x: "x = m * 2 powr e" by (auto simp: float_def)
   308     with `x \<noteq> 0` int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "\<not> 2 dvd k"
   309       by auto
   310     with `\<not> 2 dvd k` x have "\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m"
   311       by (rule_tac exI[of _ "k"], rule_tac exI[of _ "e + int i"])
   312          (simp add: powr_add powr_realpow) }
   313   then show "x = 0 \<or> (\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m \<and> x \<noteq> 0)"
   314     by blast
   315 qed
   316 
   317 lemma float_normed_cases:
   318   fixes f :: float
   319   obtains (zero) "f = 0"
   320    | (powr) m e :: int where "real f = m * 2 powr e" "\<not> 2 dvd m" "f \<noteq> 0"
   321 proof (atomize_elim, induct f)
   322   case (float_of y) then show ?case
   323     by (cases rule: floatE_normed) (auto simp: zero_float_def)
   324 qed
   325 
   326 definition mantissa :: "float \<Rightarrow> int" where
   327   "mantissa f = fst (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   328    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
   329 
   330 definition exponent :: "float \<Rightarrow> int" where
   331   "exponent f = snd (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   332    \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
   333 
   334 lemma
   335   shows exponent_0[simp]: "exponent (float_of 0) = 0" (is ?E)
   336     and mantissa_0[simp]: "mantissa (float_of 0) = 0" (is ?M)
   337 proof -
   338   have "\<And>p::int \<times> int. fst p = 0 \<and> snd p = 0 \<longleftrightarrow> p = (0, 0)" by auto
   339   then show ?E ?M
   340     by (auto simp add: mantissa_def exponent_def zero_float_def)
   341 qed
   342 
   343 lemma
   344   shows mantissa_exponent: "real f = mantissa f * 2 powr exponent f" (is ?E)
   345     and mantissa_not_dvd: "f \<noteq> (float_of 0) \<Longrightarrow> \<not> 2 dvd mantissa f" (is "_ \<Longrightarrow> ?D")
   346 proof cases
   347   assume [simp]: "f \<noteq> (float_of 0)"
   348   have "f = mantissa f * 2 powr exponent f \<and> \<not> 2 dvd mantissa f"
   349   proof (cases f rule: float_normed_cases)
   350     case (powr m e)
   351     then have "\<exists>p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
   352      \<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p)"
   353       by auto
   354     then show ?thesis
   355       unfolding exponent_def mantissa_def
   356       by (rule someI2_ex) (simp add: zero_float_def)
   357   qed (simp add: zero_float_def)
   358   then show ?E ?D by auto
   359 qed simp
   360 
   361 lemma mantissa_noteq_0: "f \<noteq> float_of 0 \<Longrightarrow> mantissa f \<noteq> 0"
   362   using mantissa_not_dvd[of f] by auto
   363 
   364 lemma
   365   fixes m e :: int
   366   defines "f \<equiv> float_of (m * 2 powr e)"
   367   assumes dvd: "\<not> 2 dvd m"
   368   shows mantissa_float: "mantissa f = m" (is "?M")
   369     and exponent_float: "m \<noteq> 0 \<Longrightarrow> exponent f = e" (is "_ \<Longrightarrow> ?E")
   370 proof cases
   371   assume "m = 0" with dvd show "mantissa f = m" by auto
   372 next
   373   assume "m \<noteq> 0"
   374   then have f_not_0: "f \<noteq> float_of 0" by (simp add: f_def)
   375   from mantissa_exponent[of f]
   376   have "m * 2 powr e = mantissa f * 2 powr exponent f"
   377     by (auto simp add: f_def)
   378   then show "?M" "?E"
   379     using mantissa_not_dvd[OF f_not_0] dvd
   380     by (auto simp: mult_powr_eq_mult_powr_iff)
   381 qed
   382 
   383 subsection {* Compute arithmetic operations *}
   384 
   385 lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"
   386   unfolding real_of_float_eq mantissa_exponent[of f] by simp
   387 
   388 lemma Float_cases[case_names Float, cases type: float]:
   389   fixes f :: float
   390   obtains (Float) m e :: int where "f = Float m e"
   391   using Float_mantissa_exponent[symmetric]
   392   by (atomize_elim) auto
   393 
   394 lemma denormalize_shift:
   395   assumes f_def: "f \<equiv> Float m e" and not_0: "f \<noteq> float_of 0"
   396   obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"
   397 proof
   398   from mantissa_exponent[of f] f_def
   399   have "m * 2 powr e = mantissa f * 2 powr exponent f"
   400     by simp
   401   then have eq: "m = mantissa f * 2 powr (exponent f - e)"
   402     by (simp add: powr_divide2[symmetric] field_simps)
   403   moreover
   404   have "e \<le> exponent f"
   405   proof (rule ccontr)
   406     assume "\<not> e \<le> exponent f"
   407     then have pos: "exponent f < e" by simp
   408     then have "2 powr (exponent f - e) = 2 powr - real (e - exponent f)"
   409       by simp
   410     also have "\<dots> = 1 / 2^nat (e - exponent f)"
   411       using pos by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])
   412     finally have "m * 2^nat (e - exponent f) = real (mantissa f)"
   413       using eq by simp
   414     then have "mantissa f = m * 2^nat (e - exponent f)"
   415       unfolding real_of_int_inject by simp
   416     with `exponent f < e` have "2 dvd mantissa f"
   417       apply (intro dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])
   418       apply (cases "nat (e - exponent f)")
   419       apply auto
   420       done
   421     then show False using mantissa_not_dvd[OF not_0] by simp
   422   qed
   423   ultimately have "real m = mantissa f * 2^nat (exponent f - e)"
   424     by (simp add: powr_realpow[symmetric])
   425   with `e \<le> exponent f`
   426   show "m = mantissa f * 2 ^ nat (exponent f - e)" "e = exponent f - nat (exponent f - e)"
   427     unfolding real_of_int_inject by auto
   428 qed
   429 
   430 lemma compute_float_zero[code_unfold, code]: "0 = Float 0 0"
   431   by transfer simp
   432 hide_fact (open) compute_float_zero
   433 
   434 lemma compute_float_one[code_unfold, code]: "1 = Float 1 0"
   435   by transfer simp
   436 hide_fact (open) compute_float_one
   437 
   438 definition normfloat :: "float \<Rightarrow> float" where
   439   [simp]: "normfloat x = x"
   440 
   441 lemma compute_normfloat[code]: "normfloat (Float m e) =
   442   (if m mod 2 = 0 \<and> m \<noteq> 0 then normfloat (Float (m div 2) (e + 1))
   443                            else if m = 0 then 0 else Float m e)"
   444   unfolding normfloat_def
   445   by transfer (auto simp add: powr_add zmod_eq_0_iff)
   446 hide_fact (open) compute_normfloat
   447 
   448 lemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"
   449   by transfer simp
   450 hide_fact (open) compute_float_numeral
   451 
   452 lemma compute_float_neg_numeral[code_abbrev]: "Float (- numeral k) 0 = - numeral k"
   453   by transfer simp
   454 hide_fact (open) compute_float_neg_numeral
   455 
   456 lemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"
   457   by transfer simp
   458 hide_fact (open) compute_float_uminus
   459 
   460 lemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"
   461   by transfer (simp add: field_simps powr_add)
   462 hide_fact (open) compute_float_times
   463 
   464 lemma compute_float_plus[code]: "Float m1 e1 + Float m2 e2 =
   465   (if m1 = 0 then Float m2 e2 else if m2 = 0 then Float m1 e1 else
   466   if e1 \<le> e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1
   467               else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"
   468   by transfer (simp add: field_simps powr_realpow[symmetric] powr_divide2[symmetric])
   469 hide_fact (open) compute_float_plus
   470 
   471 lemma compute_float_minus[code]: fixes f g::float shows "f - g = f + (-g)"
   472   by simp
   473 hide_fact (open) compute_float_minus
   474 
   475 lemma compute_float_sgn[code]: "sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"
   476   by transfer (simp add: sgn_times)
   477 hide_fact (open) compute_float_sgn
   478 
   479 lift_definition is_float_pos :: "float \<Rightarrow> bool" is "op < 0 :: real \<Rightarrow> bool" .
   480 
   481 lemma compute_is_float_pos[code]: "is_float_pos (Float m e) \<longleftrightarrow> 0 < m"
   482   by transfer (auto simp add: zero_less_mult_iff not_le[symmetric, of _ 0])
   483 hide_fact (open) compute_is_float_pos
   484 
   485 lemma compute_float_less[code]: "a < b \<longleftrightarrow> is_float_pos (b - a)"
   486   by transfer (simp add: field_simps)
   487 hide_fact (open) compute_float_less
   488 
   489 lift_definition is_float_nonneg :: "float \<Rightarrow> bool" is "op \<le> 0 :: real \<Rightarrow> bool" .
   490 
   491 lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) \<longleftrightarrow> 0 \<le> m"
   492   by transfer (auto simp add: zero_le_mult_iff not_less[symmetric, of _ 0])
   493 hide_fact (open) compute_is_float_nonneg
   494 
   495 lemma compute_float_le[code]: "a \<le> b \<longleftrightarrow> is_float_nonneg (b - a)"
   496   by transfer (simp add: field_simps)
   497 hide_fact (open) compute_float_le
   498 
   499 lift_definition is_float_zero :: "float \<Rightarrow> bool"  is "op = 0 :: real \<Rightarrow> bool" .
   500 
   501 lemma compute_is_float_zero[code]: "is_float_zero (Float m e) \<longleftrightarrow> 0 = m"
   502   by transfer (auto simp add: is_float_zero_def)
   503 hide_fact (open) compute_is_float_zero
   504 
   505 lemma compute_float_abs[code]: "abs (Float m e) = Float (abs m) e"
   506   by transfer (simp add: abs_mult)
   507 hide_fact (open) compute_float_abs
   508 
   509 lemma compute_float_eq[code]: "equal_class.equal f g = is_float_zero (f - g)"
   510   by transfer simp
   511 hide_fact (open) compute_float_eq
   512 
   513 subsection {* Rounding Real numbers *}
   514 
   515 definition round_down :: "int \<Rightarrow> real \<Rightarrow> real" where
   516   "round_down prec x = floor (x * 2 powr prec) * 2 powr -prec"
   517 
   518 definition round_up :: "int \<Rightarrow> real \<Rightarrow> real" where
   519   "round_up prec x = ceiling (x * 2 powr prec) * 2 powr -prec"
   520 
   521 lemma round_down_float[simp]: "round_down prec x \<in> float"
   522   unfolding round_down_def
   523   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
   524 
   525 lemma round_up_float[simp]: "round_up prec x \<in> float"
   526   unfolding round_up_def
   527   by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
   528 
   529 lemma round_up: "x \<le> round_up prec x"
   530   by (simp add: powr_minus_divide le_divide_eq round_up_def)
   531 
   532 lemma round_down: "round_down prec x \<le> x"
   533   by (simp add: powr_minus_divide divide_le_eq round_down_def)
   534 
   535 lemma round_up_0[simp]: "round_up p 0 = 0"
   536   unfolding round_up_def by simp
   537 
   538 lemma round_down_0[simp]: "round_down p 0 = 0"
   539   unfolding round_down_def by simp
   540 
   541 lemma round_up_diff_round_down:
   542   "round_up prec x - round_down prec x \<le> 2 powr -prec"
   543 proof -
   544   have "round_up prec x - round_down prec x =
   545     (ceiling (x * 2 powr prec) - floor (x * 2 powr prec)) * 2 powr -prec"
   546     by (simp add: round_up_def round_down_def field_simps)
   547   also have "\<dots> \<le> 1 * 2 powr -prec"
   548     by (rule mult_mono)
   549        (auto simp del: real_of_int_diff
   550              simp: real_of_int_diff[symmetric] real_of_int_le_one_cancel_iff ceiling_diff_floor_le_1)
   551   finally show ?thesis by simp
   552 qed
   553 
   554 lemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"
   555   unfolding round_down_def
   556   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
   557     (simp add: powr_add[symmetric])
   558 
   559 lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"
   560   unfolding round_up_def
   561   by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
   562     (simp add: powr_add[symmetric])
   563 
   564 subsection {* Rounding Floats *}
   565 
   566 lift_definition float_up :: "int \<Rightarrow> float \<Rightarrow> float" is round_up by simp
   567 declare float_up.rep_eq[simp]
   568 
   569 lemma round_up_correct:
   570   shows "round_up e f - f \<in> {0..2 powr -e}"
   571 unfolding atLeastAtMost_iff
   572 proof
   573   have "round_up e f - f \<le> round_up e f - round_down e f" using round_down by simp
   574   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
   575   finally show "round_up e f - f \<le> 2 powr real (- e)"
   576     by simp
   577 qed (simp add: algebra_simps round_up)
   578 
   579 lemma float_up_correct:
   580   shows "real (float_up e f) - real f \<in> {0..2 powr -e}"
   581   by transfer (rule round_up_correct)
   582 
   583 lift_definition float_down :: "int \<Rightarrow> float \<Rightarrow> float" is round_down by simp
   584 declare float_down.rep_eq[simp]
   585 
   586 lemma round_down_correct:
   587   shows "f - (round_down e f) \<in> {0..2 powr -e}"
   588 unfolding atLeastAtMost_iff
   589 proof
   590   have "f - round_down e f \<le> round_up e f - round_down e f" using round_up by simp
   591   also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
   592   finally show "f - round_down e f \<le> 2 powr real (- e)"
   593     by simp
   594 qed (simp add: algebra_simps round_down)
   595 
   596 lemma float_down_correct:
   597   shows "real f - real (float_down e f) \<in> {0..2 powr -e}"
   598   by transfer (rule round_down_correct)
   599 
   600 lemma compute_float_down[code]:
   601   "float_down p (Float m e) =
   602     (if p + e < 0 then Float (m div 2^nat (-(p + e))) (-p) else Float m e)"
   603 proof cases
   604   assume "p + e < 0"
   605   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
   606     using powr_realpow[of 2 "nat (-(p + e))"] by simp
   607   also have "... = 1 / 2 powr p / 2 powr e"
   608     unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
   609   finally show ?thesis
   610     using `p + e < 0`
   611     by transfer (simp add: ac_simps round_down_def floor_divide_eq_div[symmetric])
   612 next
   613   assume "\<not> p + e < 0"
   614   then have r: "real e + real p = real (nat (e + p))" by simp
   615   have r: "\<lfloor>(m * 2 powr e) * 2 powr real p\<rfloor> = (m * 2 powr e) * 2 powr real p"
   616     by (auto intro: exI[where x="m*2^nat (e+p)"]
   617              simp add: ac_simps powr_add[symmetric] r powr_realpow)
   618   with `\<not> p + e < 0` show ?thesis
   619     by transfer (auto simp add: round_down_def field_simps powr_add powr_minus)
   620 qed
   621 hide_fact (open) compute_float_down
   622 
   623 lemma abs_round_down_le: "\<bar>f - (round_down e f)\<bar> \<le> 2 powr -e"
   624   using round_down_correct[of f e] by simp
   625 
   626 lemma abs_round_up_le: "\<bar>f - (round_up e f)\<bar> \<le> 2 powr -e"
   627   using round_up_correct[of e f] by simp
   628 
   629 lemma round_down_nonneg: "0 \<le> s \<Longrightarrow> 0 \<le> round_down p s"
   630   by (auto simp: round_down_def)
   631 
   632 lemma ceil_divide_floor_conv:
   633 assumes "b \<noteq> 0"
   634 shows "\<lceil>real a / real b\<rceil> = (if b dvd a then a div b else \<lfloor>real a / real b\<rfloor> + 1)"
   635 proof cases
   636   assume "\<not> b dvd a"
   637   hence "a mod b \<noteq> 0" by auto
   638   hence ne: "real (a mod b) / real b \<noteq> 0" using `b \<noteq> 0` by auto
   639   have "\<lceil>real a / real b\<rceil> = \<lfloor>real a / real b\<rfloor> + 1"
   640   apply (rule ceiling_eq) apply (auto simp: floor_divide_eq_div[symmetric])
   641   proof -
   642     have "real \<lfloor>real a / real b\<rfloor> \<le> real a / real b" by simp
   643     moreover have "real \<lfloor>real a / real b\<rfloor> \<noteq> real a / real b"
   644     apply (subst (2) real_of_int_div_aux) unfolding floor_divide_eq_div using ne `b \<noteq> 0` by auto
   645     ultimately show "real \<lfloor>real a / real b\<rfloor> < real a / real b" by arith
   646   qed
   647   thus ?thesis using `\<not> b dvd a` by simp
   648 qed (simp add: ceiling_def real_of_int_minus[symmetric] divide_minus_left[symmetric]
   649   floor_divide_eq_div dvd_neg_div del: divide_minus_left real_of_int_minus)
   650 
   651 lemma compute_float_up[code]:
   652   "float_up p (Float m e) =
   653     (let P = 2^nat (-(p + e)); r = m mod P in
   654       if p + e < 0 then Float (m div P + (if r = 0 then 0 else 1)) (-p) else Float m e)"
   655 proof cases
   656   assume "p + e < 0"
   657   hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
   658     using powr_realpow[of 2 "nat (-(p + e))"] by simp
   659   also have "... = 1 / 2 powr p / 2 powr e"
   660   unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
   661   finally have twopow_rewrite:
   662     "real ((2::int) ^ nat (- (p + e))) = 1 / 2 powr real p / 2 powr real e" .
   663   with `p + e < 0` have powr_rewrite:
   664     "2 powr real e * 2 powr real p = 1 / real ((2::int) ^ nat (- (p + e)))"
   665     unfolding powr_divide2 by simp
   666   show ?thesis
   667   proof cases
   668     assume "2^nat (-(p + e)) dvd m"
   669     with `p + e < 0` twopow_rewrite show ?thesis
   670       by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div dvd_eq_mod_eq_0)
   671   next
   672     assume ndvd: "\<not> 2 ^ nat (- (p + e)) dvd m"
   673     have one_div: "real m * (1 / real ((2::int) ^ nat (- (p + e)))) =
   674       real m / real ((2::int) ^ nat (- (p + e)))"
   675       by (simp add: field_simps)
   676     have "real \<lceil>real m * (2 powr real e * 2 powr real p)\<rceil> =
   677       real \<lfloor>real m * (2 powr real e * 2 powr real p)\<rfloor> + 1"
   678       using ndvd unfolding powr_rewrite one_div
   679       by (subst ceil_divide_floor_conv) (auto simp: field_simps)
   680     thus ?thesis using `p + e < 0` twopow_rewrite
   681       by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div[symmetric])
   682   qed
   683 next
   684   assume "\<not> p + e < 0"
   685   then have r1: "real e + real p = real (nat (e + p))" by simp
   686   have r: "\<lceil>(m * 2 powr e) * 2 powr real p\<rceil> = (m * 2 powr e) * 2 powr real p"
   687     by (auto simp add: ac_simps powr_add[symmetric] r1 powr_realpow
   688       intro: exI[where x="m*2^nat (e+p)"])
   689   then show ?thesis using `\<not> p + e < 0`
   690     by transfer (simp add: round_up_def floor_divide_eq_div field_simps powr_add powr_minus)
   691 qed
   692 hide_fact (open) compute_float_up
   693 
   694 lemmas real_of_ints =
   695   real_of_int_zero
   696   real_of_one
   697   real_of_int_add
   698   real_of_int_minus
   699   real_of_int_diff
   700   real_of_int_mult
   701   real_of_int_power
   702   real_numeral
   703 lemmas real_of_nats =
   704   real_of_nat_zero
   705   real_of_nat_one
   706   real_of_nat_1
   707   real_of_nat_add
   708   real_of_nat_mult
   709   real_of_nat_power
   710 
   711 lemmas int_of_reals = real_of_ints[symmetric]
   712 lemmas nat_of_reals = real_of_nats[symmetric]
   713 
   714 lemma two_real_int: "(2::real) = real (2::int)" by simp
   715 lemma two_real_nat: "(2::real) = real (2::nat)" by simp
   716 
   717 lemma mult_cong: "a = c ==> b = d ==> a*b = c*d" by simp
   718 
   719 subsection {* Compute bitlen of integers *}
   720 
   721 definition bitlen :: "int \<Rightarrow> int" where
   722   "bitlen a = (if a > 0 then \<lfloor>log 2 a\<rfloor> + 1 else 0)"
   723 
   724 lemma bitlen_nonneg: "0 \<le> bitlen x"
   725 proof -
   726   {
   727     assume "0 > x"
   728     have "-1 = log 2 (inverse 2)" by (subst log_inverse) simp_all
   729     also have "... < log 2 (-x)" using `0 > x` by auto
   730     finally have "-1 < log 2 (-x)" .
   731   } thus "0 \<le> bitlen x" unfolding bitlen_def by (auto intro!: add_nonneg_nonneg)
   732 qed
   733 
   734 lemma bitlen_bounds:
   735   assumes "x > 0"
   736   shows "2 ^ nat (bitlen x - 1) \<le> x \<and> x < 2 ^ nat (bitlen x)"
   737 proof
   738   have "(2::real) ^ nat \<lfloor>log 2 (real x)\<rfloor> = 2 powr real (floor (log 2 (real x)))"
   739     using powr_realpow[symmetric, of 2 "nat \<lfloor>log 2 (real x)\<rfloor>"] `x > 0`
   740     using real_nat_eq_real[of "floor (log 2 (real x))"]
   741     by simp
   742   also have "... \<le> 2 powr log 2 (real x)"
   743     by simp
   744   also have "... = real x"
   745     using `0 < x` by simp
   746   finally have "2 ^ nat \<lfloor>log 2 (real x)\<rfloor> \<le> real x" by simp
   747   thus "2 ^ nat (bitlen x - 1) \<le> x" using `x > 0`
   748     by (simp add: bitlen_def)
   749 next
   750   have "x \<le> 2 powr (log 2 x)" using `x > 0` by simp
   751   also have "... < 2 ^ nat (\<lfloor>log 2 (real x)\<rfloor> + 1)"
   752     apply (simp add: powr_realpow[symmetric])
   753     using `x > 0` by simp
   754   finally show "x < 2 ^ nat (bitlen x)" using `x > 0`
   755     by (simp add: bitlen_def ac_simps int_of_reals del: real_of_ints)
   756 qed
   757 
   758 lemma bitlen_pow2[simp]:
   759   assumes "b > 0"
   760   shows "bitlen (b * 2 ^ c) = bitlen b + c"
   761 proof -
   762   from assms have "b * 2 ^ c > 0" by auto
   763   thus ?thesis
   764     using floor_add[of "log 2 b" c] assms
   765     by (auto simp add: log_mult log_nat_power bitlen_def)
   766 qed
   767 
   768 lemma bitlen_Float:
   769   fixes m e
   770   defines "f \<equiv> Float m e"
   771   shows "bitlen (\<bar>mantissa f\<bar>) + exponent f = (if m = 0 then 0 else bitlen \<bar>m\<bar> + e)"
   772 proof (cases "m = 0")
   773   case True
   774   then show ?thesis by (simp add: f_def bitlen_def Float_def)
   775 next
   776   case False
   777   hence "f \<noteq> float_of 0"
   778     unfolding real_of_float_eq by (simp add: f_def)
   779   hence "mantissa f \<noteq> 0"
   780     by (simp add: mantissa_noteq_0)
   781   moreover
   782   obtain i where "m = mantissa f * 2 ^ i" "e = exponent f - int i"
   783     by (rule f_def[THEN denormalize_shift, OF `f \<noteq> float_of 0`])
   784   ultimately show ?thesis by (simp add: abs_mult)
   785 qed
   786 
   787 lemma compute_bitlen[code]:
   788   shows "bitlen x = (if x > 0 then bitlen (x div 2) + 1 else 0)"
   789 proof -
   790   { assume "2 \<le> x"
   791     then have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 (x - x mod 2)\<rfloor>"
   792       by (simp add: log_mult zmod_zdiv_equality')
   793     also have "\<dots> = \<lfloor>log 2 (real x)\<rfloor>"
   794     proof cases
   795       assume "x mod 2 = 0" then show ?thesis by simp
   796     next
   797       def n \<equiv> "\<lfloor>log 2 (real x)\<rfloor>"
   798       then have "0 \<le> n"
   799         using `2 \<le> x` by simp
   800       assume "x mod 2 \<noteq> 0"
   801       with `2 \<le> x` have "x mod 2 = 1" "\<not> 2 dvd x" by (auto simp add: dvd_eq_mod_eq_0)
   802       with `2 \<le> x` have "x \<noteq> 2^nat n" by (cases "nat n") auto
   803       moreover
   804       { have "real (2^nat n :: int) = 2 powr (nat n)"
   805           by (simp add: powr_realpow)
   806         also have "\<dots> \<le> 2 powr (log 2 x)"
   807           using `2 \<le> x` by (simp add: n_def del: powr_log_cancel)
   808         finally have "2^nat n \<le> x" using `2 \<le> x` by simp }
   809       ultimately have "2^nat n \<le> x - 1" by simp
   810       then have "2^nat n \<le> real (x - 1)"
   811         unfolding real_of_int_le_iff[symmetric] by simp
   812       { have "n = \<lfloor>log 2 (2^nat n)\<rfloor>"
   813           using `0 \<le> n` by (simp add: log_nat_power)
   814         also have "\<dots> \<le> \<lfloor>log 2 (x - 1)\<rfloor>"
   815           using `2^nat n \<le> real (x - 1)` `0 \<le> n` `2 \<le> x` by (auto intro: floor_mono)
   816         finally have "n \<le> \<lfloor>log 2 (x - 1)\<rfloor>" . }
   817       moreover have "\<lfloor>log 2 (x - 1)\<rfloor> \<le> n"
   818         using `2 \<le> x` by (auto simp add: n_def intro!: floor_mono)
   819       ultimately show "\<lfloor>log 2 (x - x mod 2)\<rfloor> = \<lfloor>log 2 x\<rfloor>"
   820         unfolding n_def `x mod 2 = 1` by auto
   821     qed
   822     finally have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 x\<rfloor>" . }
   823   moreover
   824   { assume "x < 2" "0 < x"
   825     then have "x = 1" by simp
   826     then have "\<lfloor>log 2 (real x)\<rfloor> = 0" by simp }
   827   ultimately show ?thesis
   828     unfolding bitlen_def
   829     by (auto simp: pos_imp_zdiv_pos_iff not_le)
   830 qed
   831 hide_fact (open) compute_bitlen
   832 
   833 lemma float_gt1_scale: assumes "1 \<le> Float m e"
   834   shows "0 \<le> e + (bitlen m - 1)"
   835 proof -
   836   have "0 < Float m e" using assms by auto
   837   hence "0 < m" using powr_gt_zero[of 2 e]
   838     by (auto simp: zero_less_mult_iff)
   839   hence "m \<noteq> 0" by auto
   840   show ?thesis
   841   proof (cases "0 \<le> e")
   842     case True thus ?thesis using `0 < m`  by (simp add: bitlen_def)
   843   next
   844     have "(1::int) < 2" by simp
   845     case False let ?S = "2^(nat (-e))"
   846     have "inverse (2 ^ nat (- e)) = 2 powr e" using assms False powr_realpow[of 2 "nat (-e)"]
   847       by (auto simp: powr_minus field_simps)
   848     hence "1 \<le> real m * inverse ?S" using assms False powr_realpow[of 2 "nat (-e)"]
   849       by (auto simp: powr_minus)
   850     hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
   851     hence "?S \<le> real m" unfolding mult.assoc by auto
   852     hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
   853     from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
   854     have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
   855     hence "-e < bitlen m" using False by auto
   856     thus ?thesis by auto
   857   qed
   858 qed
   859 
   860 lemma bitlen_div: assumes "0 < m" shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
   861 proof -
   862   let ?B = "2^nat(bitlen m - 1)"
   863 
   864   have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
   865   hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
   866   thus "1 \<le> real m / ?B" by auto
   867 
   868   have "m \<noteq> 0" using assms by auto
   869   have "0 \<le> bitlen m - 1" using `0 < m` by (auto simp: bitlen_def)
   870 
   871   have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
   872   also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using `0 < m` by (auto simp: bitlen_def)
   873   also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
   874   finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
   875   hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
   876   thus "real m / ?B < 2" by auto
   877 qed
   878 
   879 subsection {* Approximation of positive rationals *}
   880 
   881 lemma zdiv_zmult_twopow_eq: fixes a b::int shows "a div b div (2 ^ n) = a div (b * 2 ^ n)"
   882 by (simp add: zdiv_zmult2_eq)
   883 
   884 lemma div_mult_twopow_eq: fixes a b::nat shows "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)"
   885   by (cases "b=0") (simp_all add: div_mult2_eq[symmetric] ac_simps)
   886 
   887 lemma real_div_nat_eq_floor_of_divide:
   888   fixes a b::nat
   889   shows "a div b = real (floor (a/b))"
   890 by (metis floor_divide_eq_div real_of_int_of_nat_eq zdiv_int)
   891 
   892 definition "rat_precision prec x y = int prec - (bitlen x - bitlen y)"
   893 
   894 lift_definition lapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
   895   is "\<lambda>prec (x::nat) (y::nat). round_down (rat_precision prec x y) (x / y)" by simp
   896 
   897 lemma compute_lapprox_posrat[code]:
   898   fixes prec x y
   899   shows "lapprox_posrat prec x y =
   900    (let
   901        l = rat_precision prec x y;
   902        d = if 0 \<le> l then x * 2^nat l div y else x div 2^nat (- l) div y
   903     in normfloat (Float d (- l)))"
   904     unfolding div_mult_twopow_eq normfloat_def
   905     by transfer
   906        (simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide field_simps Let_def
   907              del: two_powr_minus_int_float)
   908 hide_fact (open) compute_lapprox_posrat
   909 
   910 lift_definition rapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float"
   911   is "\<lambda>prec (x::nat) (y::nat). round_up (rat_precision prec x y) (x / y)" by simp
   912 
   913 (* TODO: optimize using zmod_zmult2_eq, pdivmod ? *)
   914 lemma compute_rapprox_posrat[code]:
   915   fixes prec x y
   916   defines "l \<equiv> rat_precision prec x y"
   917   shows "rapprox_posrat prec x y = (let
   918      l = l ;
   919      X = if 0 \<le> l then (x * 2^nat l, y) else (x, y * 2^nat(-l)) ;
   920      d = fst X div snd X ;
   921      m = fst X mod snd X
   922    in normfloat (Float (d + (if m = 0 \<or> y = 0 then 0 else 1)) (- l)))"
   923 proof (cases "y = 0")
   924   assume "y = 0" thus ?thesis unfolding normfloat_def by transfer simp
   925 next
   926   assume "y \<noteq> 0"
   927   show ?thesis
   928   proof (cases "0 \<le> l")
   929     assume "0 \<le> l"
   930     def x' \<equiv> "x * 2 ^ nat l"
   931     have "int x * 2 ^ nat l = x'" by (simp add: x'_def int_mult int_power)
   932     moreover have "real x * 2 powr real l = real x'"
   933       by (simp add: powr_realpow[symmetric] `0 \<le> l` x'_def)
   934     ultimately show ?thesis
   935       unfolding normfloat_def
   936       using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] `0 \<le> l` `y \<noteq> 0`
   937         l_def[symmetric, THEN meta_eq_to_obj_eq]
   938       by transfer
   939          (simp add: floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0 round_up_def)
   940    next
   941     assume "\<not> 0 \<le> l"
   942     def y' \<equiv> "y * 2 ^ nat (- l)"
   943     from `y \<noteq> 0` have "y' \<noteq> 0" by (simp add: y'_def)
   944     have "int y * 2 ^ nat (- l) = y'" by (simp add: y'_def int_mult int_power)
   945     moreover have "real x * real (2::int) powr real l / real y = x / real y'"
   946       using `\<not> 0 \<le> l`
   947       by (simp add: powr_realpow[symmetric] powr_minus y'_def field_simps)
   948     ultimately show ?thesis
   949       unfolding normfloat_def
   950       using ceil_divide_floor_conv[of y' x] `\<not> 0 \<le> l` `y' \<noteq> 0` `y \<noteq> 0`
   951         l_def[symmetric, THEN meta_eq_to_obj_eq]
   952       by transfer
   953          (simp add: round_up_def ceil_divide_floor_conv floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0)
   954   qed
   955 qed
   956 hide_fact (open) compute_rapprox_posrat
   957 
   958 lemma rat_precision_pos:
   959   assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
   960   shows "rat_precision n (int x) (int y) > 0"
   961 proof -
   962   { assume "0 < x" hence "log 2 x + 1 = log 2 (2 * x)" by (simp add: log_mult) }
   963   hence "bitlen (int x) < bitlen (int y)" using assms
   964     by (simp add: bitlen_def del: floor_add_one)
   965       (auto intro!: floor_mono simp add: floor_add_one[symmetric] simp del: floor_add floor_add_one)
   966   thus ?thesis
   967     using assms by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)
   968 qed
   969 
   970 lemma power_aux:
   971   assumes "x > 0"
   972   shows "(2::int) ^ nat (x - 1) \<le> 2 ^ nat x - 1"
   973 proof -
   974   def y \<equiv> "nat (x - 1)"
   975   moreover
   976   have "(2::int) ^ y \<le> (2 ^ (y + 1)) - 1" by simp
   977   ultimately show ?thesis using assms by simp
   978 qed
   979 
   980 lemma rapprox_posrat_less1:
   981   assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
   982   shows "real (rapprox_posrat n x y) < 1"
   983 proof -
   984   have powr1: "2 powr real (rat_precision n (int x) (int y)) =
   985     2 ^ nat (rat_precision n (int x) (int y))" using rat_precision_pos[of x y n] assms
   986     by (simp add: powr_realpow[symmetric])
   987   have "x * 2 powr real (rat_precision n (int x) (int y)) / y = (x / y) *
   988      2 powr real (rat_precision n (int x) (int y))" by simp
   989   also have "... < (1 / 2) * 2 powr real (rat_precision n (int x) (int y))"
   990     apply (rule mult_strict_right_mono) by (insert assms) auto
   991   also have "\<dots> = 2 powr real (rat_precision n (int x) (int y) - 1)"
   992     using powr_add [of 2 _ "- 1", simplified add_uminus_conv_diff] by (simp add: powr_minus)
   993   also have "\<dots> = 2 ^ nat (rat_precision n (int x) (int y) - 1)"
   994     using rat_precision_pos[of x y n] assms by (simp add: powr_realpow[symmetric])
   995   also have "\<dots> \<le> 2 ^ nat (rat_precision n (int x) (int y)) - 1"
   996     unfolding int_of_reals real_of_int_le_iff
   997     using rat_precision_pos[OF assms] by (rule power_aux)
   998   finally show ?thesis
   999     apply (transfer fixing: n x y)
  1000     apply (simp add: round_up_def field_simps powr_minus powr1)
  1001     unfolding int_of_reals real_of_int_less_iff
  1002     apply (simp add: ceiling_less_eq)
  1003     done
  1004 qed
  1005 
  1006 lift_definition lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
  1007   "\<lambda>prec (x::int) (y::int). round_down (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
  1008 
  1009 lemma compute_lapprox_rat[code]:
  1010   "lapprox_rat prec x y =
  1011     (if y = 0 then 0
  1012     else if 0 \<le> x then
  1013       (if 0 < y then lapprox_posrat prec (nat x) (nat y)
  1014       else - (rapprox_posrat prec (nat x) (nat (-y))))
  1015       else (if 0 < y
  1016         then - (rapprox_posrat prec (nat (-x)) (nat y))
  1017         else lapprox_posrat prec (nat (-x)) (nat (-y))))"
  1018   by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)
  1019 hide_fact (open) compute_lapprox_rat
  1020 
  1021 lift_definition rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" is
  1022   "\<lambda>prec (x::int) (y::int). round_up (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y)" by simp
  1023 
  1024 lemma compute_rapprox_rat[code]:
  1025   "rapprox_rat prec x y =
  1026     (if y = 0 then 0
  1027     else if 0 \<le> x then
  1028       (if 0 < y then rapprox_posrat prec (nat x) (nat y)
  1029       else - (lapprox_posrat prec (nat x) (nat (-y))))
  1030       else (if 0 < y
  1031         then - (lapprox_posrat prec (nat (-x)) (nat y))
  1032         else rapprox_posrat prec (nat (-x)) (nat (-y))))"
  1033   by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)
  1034 hide_fact (open) compute_rapprox_rat
  1035 
  1036 subsection {* Division *}
  1037 
  1038 definition "real_divl prec a b = round_down (int prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)"
  1039 
  1040 definition "real_divr prec a b = round_up (int prec + \<lfloor> log 2 \<bar>b\<bar> \<rfloor> - \<lfloor> log 2 \<bar>a\<bar> \<rfloor>) (a / b)"
  1041 
  1042 lift_definition float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is real_divl
  1043   by (simp add: real_divl_def)
  1044 
  1045 lemma compute_float_divl[code]:
  1046   "float_divl prec (Float m1 s1) (Float m2 s2) = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
  1047 proof cases
  1048   let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
  1049   let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
  1050   assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1051   then have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) = rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
  1052     by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
  1053   have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
  1054     by (simp add: field_simps powr_divide2[symmetric])
  1055 
  1056   show ?thesis
  1057     using not_0
  1058     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_down_shift real_divl_def,
  1059       simp add: field_simps)
  1060 qed (transfer, auto simp: real_divl_def)
  1061 hide_fact (open) compute_float_divl
  1062 
  1063 lift_definition float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" is real_divr
  1064   by (simp add: real_divr_def)
  1065 
  1066 lemma compute_float_divr[code]:
  1067   "float_divr prec (Float m1 s1) (Float m2 s2) = rapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
  1068 proof cases
  1069   let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"
  1070   let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"
  1071   assume not_0: "m1 \<noteq> 0 \<and> m2 \<noteq> 0"
  1072   then have eq2: "(int prec + \<lfloor>log 2 \<bar>?f2\<bar>\<rfloor> - \<lfloor>log 2 \<bar>?f1\<bar>\<rfloor>) = rat_precision prec \<bar>m1\<bar> \<bar>m2\<bar> + (s2 - s1)"
  1073     by (simp add: abs_mult log_mult rat_precision_def bitlen_def)
  1074   have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"
  1075     by (simp add: field_simps powr_divide2[symmetric])
  1076 
  1077   show ?thesis
  1078     using not_0
  1079     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_up_shift real_divr_def,
  1080       simp add: field_simps)
  1081 qed (transfer, auto simp: real_divr_def)
  1082 hide_fact (open) compute_float_divr
  1083 
  1084 subsection {* Lemmas needed by Approximate *}
  1085 
  1086 lemma Float_num[simp]: shows
  1087    "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
  1088    "real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
  1089    "real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"
  1090 using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"] two_powr_int_float[of "-3"]
  1091 using powr_realpow[of 2 2] powr_realpow[of 2 3]
  1092 using powr_minus[of 2 1] powr_minus[of 2 2] powr_minus[of 2 3]
  1093 by auto
  1094 
  1095 lemma real_of_Float_int[simp]: "real (Float n 0) = real n" by simp
  1096 
  1097 lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
  1098 
  1099 lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
  1100 by arith
  1101 
  1102 lemma lapprox_rat:
  1103   shows "real (lapprox_rat prec x y) \<le> real x / real y"
  1104   using round_down by (simp add: lapprox_rat_def)
  1105 
  1106 lemma mult_div_le: fixes a b:: int assumes "b > 0" shows "a \<ge> b * (a div b)"
  1107 proof -
  1108   from zmod_zdiv_equality'[of a b]
  1109   have "a = b * (a div b) + a mod b" by simp
  1110   also have "... \<ge> b * (a div b) + 0" apply (rule add_left_mono) apply (rule pos_mod_sign)
  1111   using assms by simp
  1112   finally show ?thesis by simp
  1113 qed
  1114 
  1115 lemma lapprox_rat_nonneg:
  1116   fixes n x y
  1117   defines "p \<equiv> int n - ((bitlen \<bar>x\<bar>) - (bitlen \<bar>y\<bar>))"
  1118   assumes "0 \<le> x" and "0 < y"
  1119   shows "0 \<le> real (lapprox_rat n x y)"
  1120 using assms unfolding lapprox_rat_def p_def[symmetric] round_down_def real_of_int_minus[symmetric]
  1121    powr_int[of 2, simplified]
  1122   by auto
  1123 
  1124 lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
  1125   using round_up by (simp add: rapprox_rat_def)
  1126 
  1127 lemma rapprox_rat_le1:
  1128   fixes n x y
  1129   assumes xy: "0 \<le> x" "0 < y" "x \<le> y"
  1130   shows "real (rapprox_rat n x y) \<le> 1"
  1131 proof -
  1132   have "bitlen \<bar>x\<bar> \<le> bitlen \<bar>y\<bar>"
  1133     using xy unfolding bitlen_def by (auto intro!: floor_mono)
  1134   then have "0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>" by (simp add: rat_precision_def)
  1135   have "real \<lceil>real x / real y * 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>
  1136       \<le> real \<lceil>2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>"
  1137     using xy by (auto intro!: ceiling_mono simp: field_simps)
  1138   also have "\<dots> = 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"
  1139     using `0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>`
  1140     by (auto intro!: exI[of _ "2^nat (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"] simp: powr_int)
  1141   finally show ?thesis
  1142     by (simp add: rapprox_rat_def round_up_def)
  1143        (simp add: powr_minus inverse_eq_divide)
  1144 qed
  1145 
  1146 lemma rapprox_rat_nonneg_neg:
  1147   "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1148   unfolding rapprox_rat_def round_up_def
  1149   by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)
  1150 
  1151 lemma rapprox_rat_neg:
  1152   "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1153   unfolding rapprox_rat_def round_up_def
  1154   by (auto simp: field_simps mult_le_0_iff)
  1155 
  1156 lemma rapprox_rat_nonpos_pos:
  1157   "x \<le> 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
  1158   unfolding rapprox_rat_def round_up_def
  1159   by (auto simp: field_simps mult_le_0_iff)
  1160 
  1161 lemma real_divl: "real_divl prec x y \<le> x / y"
  1162   by (simp add: real_divl_def round_down)
  1163 
  1164 lemma real_divr: "x / y \<le> real_divr prec x y"
  1165   using round_up by (simp add: real_divr_def)
  1166 
  1167 lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
  1168   by transfer (rule real_divl)
  1169 
  1170 lemma real_divl_lower_bound:
  1171   "0 \<le> x \<Longrightarrow> 0 \<le> y \<Longrightarrow> 0 \<le> real_divl prec x y"
  1172   by (simp add: real_divl_def round_down_def zero_le_mult_iff zero_le_divide_iff)
  1173 
  1174 lemma float_divl_lower_bound:
  1175   "0 \<le> x \<Longrightarrow> 0 \<le> y \<Longrightarrow> 0 \<le> real (float_divl prec x y)"
  1176   by transfer (rule real_divl_lower_bound)
  1177 
  1178 lemma exponent_1: "exponent 1 = 0"
  1179   using exponent_float[of 1 0] by (simp add: one_float_def)
  1180 
  1181 lemma mantissa_1: "mantissa 1 = 1"
  1182   using mantissa_float[of 1 0] by (simp add: one_float_def)
  1183 
  1184 lemma bitlen_1: "bitlen 1 = 1"
  1185   by (simp add: bitlen_def)
  1186 
  1187 lemma mantissa_eq_zero_iff: "mantissa x = 0 \<longleftrightarrow> x = 0"
  1188 proof
  1189   assume "mantissa x = 0" hence z: "0 = real x" using mantissa_exponent by simp
  1190   show "x = 0" by (simp add: zero_float_def z)
  1191 qed (simp add: zero_float_def)
  1192 
  1193 lemma float_upper_bound: "x \<le> 2 powr (bitlen \<bar>mantissa x\<bar> + exponent x)"
  1194 proof (cases "x = 0", simp)
  1195   assume "x \<noteq> 0" hence "mantissa x \<noteq> 0" using mantissa_eq_zero_iff by auto
  1196   have "x = mantissa x * 2 powr (exponent x)" by (rule mantissa_exponent)
  1197   also have "mantissa x \<le> \<bar>mantissa x\<bar>" by simp
  1198   also have "... \<le> 2 powr (bitlen \<bar>mantissa x\<bar>)"
  1199     using bitlen_bounds[of "\<bar>mantissa x\<bar>"] bitlen_nonneg `mantissa x \<noteq> 0`
  1200     by (simp add: powr_int) (simp only: two_real_int int_of_reals real_of_int_abs[symmetric]
  1201       real_of_int_le_iff less_imp_le)
  1202   finally show ?thesis by (simp add: powr_add)
  1203 qed
  1204 
  1205 lemma real_divl_pos_less1_bound:
  1206   "0 < x \<Longrightarrow> x < 1 \<Longrightarrow> prec \<ge> 1 \<Longrightarrow> 1 \<le> real_divl prec 1 x"
  1207 proof (unfold real_divl_def)
  1208   fix prec :: nat and x :: real assume x: "0 < x" "x < 1" and prec: "1 \<le> prec"
  1209   def p \<equiv> "int prec + \<lfloor>log 2 \<bar>x\<bar>\<rfloor>"
  1210   show "1 \<le> round_down (int prec + \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - \<lfloor>log 2 \<bar>1\<bar>\<rfloor>) (1 / x) "
  1211   proof cases
  1212     assume nonneg: "0 \<le> p"
  1213     hence "2 powr real (p) = floor (real ((2::int) ^ nat p)) * floor (1::real)"
  1214       by (simp add: powr_int del: real_of_int_power) simp
  1215     also have "floor (1::real) \<le> floor (1 / x)" using x prec by simp
  1216     also have "floor (real ((2::int) ^ nat p)) * floor (1 / x) \<le>
  1217       floor (real ((2::int) ^ nat p) * (1 / x))"
  1218       by (rule le_mult_floor) (auto simp: x prec less_imp_le)
  1219     finally have "2 powr real p \<le> floor (2 powr nat p / x)" by (simp add: powr_realpow)
  1220     thus ?thesis unfolding p_def[symmetric]
  1221       using x prec nonneg by (simp add: powr_minus inverse_eq_divide round_down_def)
  1222   next
  1223     assume neg: "\<not> 0 \<le> p"
  1224 
  1225     have "x = 2 powr (log 2 x)"
  1226       using x by simp
  1227     also have "2 powr (log 2 x) \<le> 2 powr p"
  1228     proof (rule powr_mono)
  1229       have "log 2 x \<le> \<lceil>log 2 x\<rceil>"
  1230         by simp
  1231       also have "\<dots> \<le> \<lfloor>log 2 x\<rfloor> + 1"
  1232         using ceiling_diff_floor_le_1[of "log 2 x"] by simp
  1233       also have "\<dots> \<le> \<lfloor>log 2 x\<rfloor> + prec"
  1234         using prec by simp
  1235       finally show "log 2 x \<le> real p"
  1236         using x by (simp add: p_def)
  1237     qed simp
  1238     finally have x_le: "x \<le> 2 powr p" .
  1239 
  1240     from neg have "2 powr real p \<le> 2 powr 0"
  1241       by (intro powr_mono) auto
  1242     also have "\<dots> \<le> \<lfloor>2 powr 0\<rfloor>" by simp
  1243     also have "\<dots> \<le> \<lfloor>2 powr real p / x\<rfloor>" unfolding real_of_int_le_iff
  1244       using x x_le by (intro floor_mono) (simp add:  pos_le_divide_eq)
  1245     finally show ?thesis
  1246       using prec x unfolding p_def[symmetric]
  1247       by (simp add: round_down_def powr_minus_divide pos_le_divide_eq)
  1248   qed
  1249 qed
  1250 
  1251 lemma float_divl_pos_less1_bound:
  1252   "0 < real x \<Longrightarrow> real x < 1 \<Longrightarrow> prec \<ge> 1 \<Longrightarrow> 1 \<le> real (float_divl prec 1 x)"
  1253   by (transfer, rule real_divl_pos_less1_bound)
  1254 
  1255 lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
  1256   by transfer (rule real_divr)
  1257 
  1258 lemma real_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 \<le> real_divr prec 1 x"
  1259 proof -
  1260   have "1 \<le> 1 / x" using `0 < x` and `x < 1` by auto
  1261   also have "\<dots> \<le> real_divr prec 1 x" using real_divr[where x=1 and y=x] by auto
  1262   finally show ?thesis by auto
  1263 qed
  1264 
  1265 lemma float_divr_pos_less1_lower_bound: "0 < x \<Longrightarrow> x < 1 \<Longrightarrow> 1 \<le> float_divr prec 1 x"
  1266   by transfer (rule real_divr_pos_less1_lower_bound)
  1267 
  1268 lemma real_divr_nonpos_pos_upper_bound:
  1269   "x \<le> 0 \<Longrightarrow> 0 < y \<Longrightarrow> real_divr prec x y \<le> 0"
  1270   by (auto simp: field_simps mult_le_0_iff divide_le_0_iff round_up_def real_divr_def)
  1271 
  1272 lemma float_divr_nonpos_pos_upper_bound:
  1273   "real x \<le> 0 \<Longrightarrow> 0 < real y \<Longrightarrow> real (float_divr prec x y) \<le> 0"
  1274   by transfer (rule real_divr_nonpos_pos_upper_bound)
  1275 
  1276 lemma real_divr_nonneg_neg_upper_bound:
  1277   "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> real_divr prec x y \<le> 0"
  1278   by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff divide_le_0_iff round_up_def real_divr_def)
  1279 
  1280 lemma float_divr_nonneg_neg_upper_bound:
  1281   "0 \<le> real x \<Longrightarrow> real y < 0 \<Longrightarrow> real (float_divr prec x y) \<le> 0"
  1282   by transfer (rule real_divr_nonneg_neg_upper_bound)
  1283 
  1284 definition truncate_down::"nat \<Rightarrow> real \<Rightarrow> real" where
  1285   "truncate_down prec x = round_down (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x"
  1286 
  1287 lemma truncate_down: "truncate_down prec x \<le> x"
  1288   using round_down by (simp add: truncate_down_def)
  1289 
  1290 lemma truncate_down_le: "x \<le> y \<Longrightarrow> truncate_down prec x \<le> y"
  1291   by (rule order_trans[OF truncate_down])
  1292 
  1293 definition truncate_up::"nat \<Rightarrow> real \<Rightarrow> real" where
  1294   "truncate_up prec x = round_up (prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) x"
  1295 
  1296 lemma truncate_up: "x \<le> truncate_up prec x"
  1297   using round_up by (simp add: truncate_up_def)
  1298 
  1299 lemma truncate_up_le: "x \<le> y \<Longrightarrow> x \<le> truncate_up prec y"
  1300   by (rule order_trans[OF _ truncate_up])
  1301 
  1302 lemma truncate_up_zero[simp]: "truncate_up prec 0 = 0"
  1303   by (simp add: truncate_up_def)
  1304 
  1305 lift_definition float_round_up :: "nat \<Rightarrow> float \<Rightarrow> float" is truncate_up
  1306   by (simp add: truncate_up_def)
  1307 
  1308 lemma float_round_up: "real x \<le> real (float_round_up prec x)"
  1309   using truncate_up by transfer simp
  1310 
  1311 lift_definition float_round_down :: "nat \<Rightarrow> float \<Rightarrow> float" is truncate_down
  1312   by (simp add: truncate_down_def)
  1313 
  1314 lemma float_round_down: "real (float_round_down prec x) \<le> real x"
  1315   using truncate_down by transfer simp
  1316 
  1317 lemma floor_add2[simp]: "\<lfloor> real i + x \<rfloor> = i + \<lfloor> x \<rfloor>"
  1318   using floor_add[of x i] by (simp del: floor_add add: ac_simps)
  1319 
  1320 lemma compute_float_round_down[code]:
  1321   "float_round_down prec (Float m e) = (let d = bitlen (abs m) - int prec in
  1322     if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)
  1323              else Float m e)"
  1324   using Float.compute_float_down[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
  1325   by transfer (simp add: field_simps abs_mult log_mult bitlen_def truncate_down_def
  1326     cong del: if_weak_cong)
  1327 hide_fact (open) compute_float_round_down
  1328 
  1329 lemma compute_float_round_up[code]:
  1330   "float_round_up prec (Float m e) = (let d = (bitlen (abs m) - int prec) in
  1331      if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P
  1332                    in Float (n + (if r = 0 then 0 else 1)) (e + d)
  1333               else Float m e)"
  1334   using Float.compute_float_up[of "prec - bitlen \<bar>m\<bar> - e" m e, symmetric]
  1335   unfolding Let_def
  1336   by transfer (simp add: field_simps abs_mult log_mult bitlen_def truncate_up_def
  1337     cong del: if_weak_cong)
  1338 hide_fact (open) compute_float_round_up
  1339 
  1340 lemma round_up_mono: "x \<le> y \<Longrightarrow> round_up p x \<le> round_up p y"
  1341   by (auto intro!: ceiling_mono simp: round_up_def)
  1342 
  1343 lemma truncate_up_nonneg_mono:
  1344   assumes "0 \<le> x" "x \<le> y"
  1345   shows "truncate_up prec x \<le> truncate_up prec y"
  1346 proof -
  1347   {
  1348     assume "\<lfloor>log 2 x\<rfloor> = \<lfloor>log 2 y\<rfloor>"
  1349     hence ?thesis
  1350       using assms
  1351       by (auto simp: truncate_up_def round_up_def intro!: ceiling_mono)
  1352   } moreover {
  1353     assume "0 < x"
  1354     hence "log 2 x \<le> log 2 y" using assms by auto
  1355     moreover
  1356     assume "\<lfloor>log 2 x\<rfloor> \<noteq> \<lfloor>log 2 y\<rfloor>"
  1357     ultimately have logless: "log 2 x < log 2 y" and flogless: "\<lfloor>log 2 x\<rfloor> < \<lfloor>log 2 y\<rfloor>"
  1358       unfolding atomize_conj
  1359       by (metis floor_less_cancel linorder_cases not_le)
  1360     have "truncate_up prec x =
  1361       real \<lceil>x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1)\<rceil> * 2 powr - real (int prec - \<lfloor>log 2 x\<rfloor> - 1)"
  1362       using assms by (simp add: truncate_up_def round_up_def)
  1363     also have "\<lceil>x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1)\<rceil> \<le> (2 ^ prec)"
  1364     proof (unfold ceiling_le_eq)
  1365       have "x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1) \<le> x * (2 powr real prec / (2 powr log 2 x))"
  1366         using real_of_int_floor_add_one_ge[of "log 2 x"] assms
  1367         by (auto simp add: algebra_simps powr_divide2 intro!: mult_left_mono)
  1368       thus "x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1) \<le> real ((2::int) ^ prec)"
  1369         using `0 < x` by (simp add: powr_realpow)
  1370     qed
  1371     hence "real \<lceil>x * 2 powr real (int prec - \<lfloor>log 2 x\<rfloor> - 1)\<rceil> \<le> 2 powr int prec"
  1372       by (auto simp: powr_realpow)
  1373     also
  1374     have "2 powr - real (int prec - \<lfloor>log 2 x\<rfloor> - 1) \<le> 2 powr - real (int prec - \<lfloor>log 2 y\<rfloor>)"
  1375       using logless flogless by (auto intro!: floor_mono)
  1376     also have "2 powr real (int prec) \<le> 2 powr (log 2 y + real (int prec - \<lfloor>log 2 y\<rfloor>))"
  1377       using assms `0 < x`
  1378       by (auto simp: algebra_simps)
  1379     finally have "truncate_up prec x \<le> 2 powr (log 2 y + real (int prec - \<lfloor>log 2 y\<rfloor>)) * 2 powr - real (int prec - \<lfloor>log 2 y\<rfloor>)"
  1380       by simp
  1381     also have "\<dots> = 2 powr (log 2 y + real (int prec - \<lfloor>log 2 y\<rfloor>) - real (int prec - \<lfloor>log 2 y\<rfloor>))"
  1382       by (subst powr_add[symmetric]) simp
  1383     also have "\<dots> = y"
  1384       using `0 < x` assms
  1385       by (simp add: powr_add)
  1386     also have "\<dots> \<le> truncate_up prec y"
  1387       by (rule truncate_up)
  1388     finally have ?thesis .
  1389   } moreover {
  1390     assume "~ 0 < x"
  1391     hence ?thesis
  1392       using assms
  1393       by (auto intro!: truncate_up_le)
  1394   } ultimately show ?thesis
  1395     by blast
  1396 qed
  1397 
  1398 lemma truncate_up_nonpos: "x \<le> 0 \<Longrightarrow> truncate_up prec x \<le> 0"
  1399   by (auto simp: truncate_up_def round_up_def intro!: mult_nonpos_nonneg)
  1400 
  1401 lemma truncate_down_nonpos: "x \<le> 0 \<Longrightarrow> truncate_down prec x \<le> 0"
  1402   by (auto simp: truncate_down_def round_down_def intro!: mult_nonpos_nonneg
  1403     order_le_less_trans[of _ 0, OF mult_nonpos_nonneg])
  1404 
  1405 lemma truncate_up_switch_sign_mono:
  1406   assumes "x \<le> 0" "0 \<le> y"
  1407   shows "truncate_up prec x \<le> truncate_up prec y"
  1408 proof -
  1409   note truncate_up_nonpos[OF `x \<le> 0`]
  1410   also note truncate_up_le[OF `0 \<le> y`]
  1411   finally show ?thesis .
  1412 qed
  1413 
  1414 lemma truncate_down_zeroprec_mono:
  1415   assumes "0 < x" "x \<le> y"
  1416   shows "truncate_down 0 x \<le> truncate_down 0 y"
  1417 proof -
  1418   have "x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1) = x * inverse (2 powr ((real \<lfloor>log 2 x\<rfloor> + 1)))"
  1419     by (simp add: powr_divide2[symmetric] powr_add powr_minus inverse_eq_divide)
  1420   also have "\<dots> = 2 powr (log 2 x - (real \<lfloor>log 2 x\<rfloor>) - 1)"
  1421     using `0 < x`
  1422     by (auto simp: field_simps powr_add powr_divide2[symmetric])
  1423   also have "\<dots> < 2 powr 0"
  1424     using real_of_int_floor_add_one_gt
  1425     unfolding neg_less_iff_less
  1426     by (intro powr_less_mono) (auto simp: algebra_simps)
  1427   finally have "\<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor> < 1"
  1428     unfolding less_ceiling_eq real_of_int_minus real_of_one
  1429     by simp
  1430   moreover
  1431   have "0 \<le> \<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor>"
  1432     using `x > 0` by auto
  1433   ultimately have "\<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor> \<in> {0 ..< 1}"
  1434     by simp
  1435   also have "\<dots> \<subseteq> {0}" by auto
  1436   finally have "\<lfloor>x * 2 powr (- real \<lfloor>log 2 x\<rfloor> - 1)\<rfloor> = 0" by simp
  1437   with assms show ?thesis
  1438     by (auto simp: truncate_down_def round_down_def)
  1439 qed
  1440 
  1441 lemma truncate_down_nonneg: "0 \<le> y \<Longrightarrow> 0 \<le> truncate_down prec y"
  1442   by (auto simp: truncate_down_def round_down_def)
  1443 
  1444 lemma truncate_down_zero: "truncate_down prec 0 = 0"
  1445   by (auto simp: truncate_down_def round_down_def)
  1446 
  1447 lemma truncate_down_switch_sign_mono:
  1448   assumes "x \<le> 0" "0 \<le> y"
  1449   assumes "x \<le> y"
  1450   shows "truncate_down prec x \<le> truncate_down prec y"
  1451 proof -
  1452   note truncate_down_nonpos[OF `x \<le> 0`]
  1453   also note truncate_down_nonneg[OF `0 \<le> y`]
  1454   finally show ?thesis .
  1455 qed
  1456 
  1457 lemma truncate_up_uminus_truncate_down:
  1458   "truncate_up prec x = - truncate_down prec (- x)"
  1459   "truncate_up prec (-x) = - truncate_down prec x"
  1460   by (auto simp: truncate_up_def round_up_def truncate_down_def round_down_def ceiling_def)
  1461 
  1462 lemma truncate_down_uminus_truncate_up:
  1463   "truncate_down prec x = - truncate_up prec (- x)"
  1464   "truncate_down prec (-x) = - truncate_up prec x"
  1465   by (auto simp: truncate_up_def round_up_def truncate_down_def round_down_def ceiling_def)
  1466 
  1467 lemma truncate_down_nonneg_mono:
  1468   assumes "0 \<le> x" "x \<le> y"
  1469   shows "truncate_down prec x \<le> truncate_down prec y"
  1470 proof -
  1471   {
  1472     assume "0 < x" "prec = 0"
  1473     with assms have ?thesis
  1474       by (simp add: truncate_down_zeroprec_mono)
  1475   } moreover {
  1476     assume "~ 0 < x"
  1477     with assms have "x = 0" "0 \<le> y" by simp_all
  1478     hence ?thesis
  1479       by (auto simp add: truncate_down_zero intro!: truncate_down_nonneg)
  1480   } moreover {
  1481     assume "\<lfloor>log 2 \<bar>x\<bar>\<rfloor> = \<lfloor>log 2 \<bar>y\<bar>\<rfloor>"
  1482     hence ?thesis
  1483       using assms
  1484       by (auto simp: truncate_down_def round_down_def intro!: floor_mono)
  1485   } moreover {
  1486     assume "0 < x"
  1487     hence "log 2 x \<le> log 2 y" "0 < y" "0 \<le> y" using assms by auto
  1488     moreover
  1489     assume "\<lfloor>log 2 \<bar>x\<bar>\<rfloor> \<noteq> \<lfloor>log 2 \<bar>y\<bar>\<rfloor>"
  1490     ultimately have logless: "log 2 x < log 2 y" and flogless: "\<lfloor>log 2 x\<rfloor> < \<lfloor>log 2 y\<rfloor>"
  1491       unfolding atomize_conj abs_of_pos[OF `0 < x`] abs_of_pos[OF `0 < y`]
  1492       by (metis floor_less_cancel linorder_cases not_le)
  1493     assume "prec \<noteq> 0" hence [simp]: "prec \<ge> Suc 0" by auto
  1494     have "2 powr (prec - 1) \<le> y * 2 powr real (prec - 1) / (2 powr log 2 y)"
  1495       using `0 < y`
  1496       by simp
  1497     also have "\<dots> \<le> y * 2 powr real prec / (2 powr (real \<lfloor>log 2 y\<rfloor> + 1))"
  1498       using `0 \<le> y` `0 \<le> x` assms(2)
  1499       by (auto intro!: powr_mono divide_left_mono
  1500         simp: real_of_nat_diff powr_add
  1501         powr_divide2[symmetric])
  1502     also have "\<dots> = y * 2 powr real prec / (2 powr real \<lfloor>log 2 y\<rfloor> * 2)"
  1503       by (auto simp: powr_add)
  1504     finally have "(2 ^ (prec - 1)) \<le> \<lfloor>y * 2 powr real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor> - 1)\<rfloor>"
  1505       using `0 \<le> y`
  1506       by (auto simp: powr_divide2[symmetric] le_floor_eq powr_realpow)
  1507     hence "(2 ^ (prec - 1)) * 2 powr - real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor> - 1) \<le> truncate_down prec y"
  1508       by (auto simp: truncate_down_def round_down_def)
  1509     moreover
  1510     {
  1511       have "x = 2 powr (log 2 \<bar>x\<bar>)" using `0 < x` by simp
  1512       also have "\<dots> \<le> (2 ^ (prec )) * 2 powr - real (int prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1)"
  1513         using real_of_int_floor_add_one_ge[of "log 2 \<bar>x\<bar>"]
  1514         by (auto simp: powr_realpow[symmetric] powr_add[symmetric] algebra_simps)
  1515       also
  1516       have "2 powr - real (int prec - \<lfloor>log 2 \<bar>x\<bar>\<rfloor> - 1) \<le> 2 powr - real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor>)"
  1517         using logless flogless `x > 0` `y > 0`
  1518         by (auto intro!: floor_mono)
  1519       finally have "x \<le> (2 ^ (prec - 1)) * 2 powr - real (int prec - \<lfloor>log 2 \<bar>y\<bar>\<rfloor> - 1)"
  1520         by (auto simp: powr_realpow[symmetric] powr_divide2[symmetric] assms real_of_nat_diff)
  1521     } ultimately have ?thesis
  1522       by (metis dual_order.trans truncate_down)
  1523   } ultimately show ?thesis by blast
  1524 qed
  1525 
  1526 lemma truncate_down_mono: "x \<le> y \<Longrightarrow> truncate_down p x \<le> truncate_down p y"
  1527   apply (cases "0 \<le> x")
  1528   apply (rule truncate_down_nonneg_mono, assumption+)
  1529   apply (simp add: truncate_down_uminus_truncate_up)
  1530   apply (cases "0 \<le> y")
  1531   apply (auto intro: truncate_up_nonneg_mono truncate_up_switch_sign_mono)
  1532   done
  1533 
  1534 lemma truncate_up_mono: "x \<le> y \<Longrightarrow> truncate_up p x \<le> truncate_up p y"
  1535   by (simp add: truncate_up_uminus_truncate_down truncate_down_mono)
  1536 
  1537 lemma Float_le_zero_iff: "Float a b \<le> 0 \<longleftrightarrow> a \<le> 0"
  1538  apply (auto simp: zero_float_def mult_le_0_iff)
  1539  using powr_gt_zero[of 2 b] by simp
  1540 
  1541 lemma real_of_float_pprt[simp]: fixes a::float shows "real (pprt a) = pprt (real a)"
  1542   unfolding pprt_def sup_float_def max_def sup_real_def by auto
  1543 
  1544 lemma real_of_float_nprt[simp]: fixes a::float shows "real (nprt a) = nprt (real a)"
  1545   unfolding nprt_def inf_float_def min_def inf_real_def by auto
  1546 
  1547 lift_definition int_floor_fl :: "float \<Rightarrow> int" is floor .
  1548 
  1549 lemma compute_int_floor_fl[code]:
  1550   "int_floor_fl (Float m e) = (if 0 \<le> e then m * 2 ^ nat e else m div (2 ^ (nat (-e))))"
  1551   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
  1552 hide_fact (open) compute_int_floor_fl
  1553 
  1554 lift_definition floor_fl :: "float \<Rightarrow> float" is "\<lambda>x. real (floor x)" by simp
  1555 
  1556 lemma compute_floor_fl[code]:
  1557   "floor_fl (Float m e) = (if 0 \<le> e then Float m e else Float (m div (2 ^ (nat (-e)))) 0)"
  1558   by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
  1559 hide_fact (open) compute_floor_fl
  1560 
  1561 lemma floor_fl: "real (floor_fl x) \<le> real x" by transfer simp
  1562 
  1563 lemma int_floor_fl: "real (int_floor_fl x) \<le> real x" by transfer simp
  1564 
  1565 lemma floor_pos_exp: "exponent (floor_fl x) \<ge> 0"
  1566 proof (cases "floor_fl x = float_of 0")
  1567   case True
  1568   then show ?thesis by (simp add: floor_fl_def)
  1569 next
  1570   case False
  1571   have eq: "floor_fl x = Float \<lfloor>real x\<rfloor> 0" by transfer simp
  1572   obtain i where "\<lfloor>real x\<rfloor> = mantissa (floor_fl x) * 2 ^ i" "0 = exponent (floor_fl x) - int i"
  1573     by (rule denormalize_shift[OF eq[THEN eq_reflection] False])
  1574   then show ?thesis by simp
  1575 qed
  1576 
  1577 end
  1578