isabelle: comparison src/HOL/Library/Float.thy

equal deleted inserted replaced

-:d20bdee675dc
+:400b158f1589
-(*  Title:      HOL/Library/Float.thy
-Author:     Steven Obua 2008
-Author:     Johannes Hoelzl, TU Muenchen <hoelzl@in.tum.de> 2008 / 2009
-*)
 header {* Floating-Point Numbers *}
 theory Float
-imports Complex_Main Lattice_Algebras
+imports Complex_Main "~~/src/HOL/Library/Lattice_Algebras"
 begin
-definition pow2 :: "int \<Rightarrow> real" where
+typedef float = "{m * 2 powr e | (m :: int) (e :: int). True }"
-[simp]: "pow2 a = (if (0 <= a) then (2^(nat a)) else (inverse (2^(nat (-a)))))"
+morphisms real_of_float float_of
+by auto
-datatype float = Float int int
+declare [[coercion "real::float\<Rightarrow>real"]]
-primrec of_float :: "float \<Rightarrow> real" where
-"of_float (Float a b) = real a * pow2 b"
+lemmas float_of_inject[simp]
+lemmas float_of_cases2 = float_of_cases[case_product float_of_cases]
+lemmas float_of_cases3 = float_of_cases2[case_product float_of_cases]
 defs (overloaded)
-real_of_float_def [code_unfold]: "real == of_float"
+real_of_float_def[code_unfold]: "real == real_of_float"
-declare [[coercion "% x . Float x 0"]]
+lemma real_of_float_eq[simp]:
-declare [[coercion "real::float\<Rightarrow>real"]]
+fixes f1 f2 :: float shows "real f1 = real f2 \<longleftrightarrow> f1 = f2"
+unfolding real_of_float_def real_of_float_inject ..
-primrec mantissa :: "float \<Rightarrow> int" where
-"mantissa (Float a b) = a"
+lemma float_of_real[simp]: "float_of (real x) = x"
+unfolding real_of_float_def by (rule real_of_float_inverse)
-primrec scale :: "float \<Rightarrow> int" where
-"scale (Float a b) = b"
+lemma real_float[simp]: "x \<in> float \<Longrightarrow> real (float_of x) = x"
+unfolding real_of_float_def by (rule float_of_inverse)
-instantiation float :: zero
+subsection {* Real operations preserving the representation as floating point number *}
+lemma floatI: fixes m e :: int shows "m * 2 powr e = x \<Longrightarrow> x \<in> float"
+by (auto simp: float_def)
+lemma zero_float[simp]: "0 \<in> float" by (auto simp: float_def)
+lemma one_float[simp]: "1 \<in> float" by (intro floatI[of 1 0]) simp
+lemma numeral_float[simp]: "numeral i \<in> float" by (intro floatI[of "numeral i" 0]) simp
+lemma neg_numeral_float[simp]: "neg_numeral i \<in> float" by (intro floatI[of "neg_numeral i" 0]) simp
+lemma real_of_int_float[simp]: "real (x :: int) \<in> float" by (intro floatI[of x 0]) simp
+lemma real_of_nat_float[simp]: "real (x ::nat) \<in> float" by (intro floatI[of x 0]) simp
+lemma two_powr_int_float[simp]: "2 powr (real (i::int)) \<in> float" by (intro floatI[of 1 i]) simp
+lemma two_powr_nat_float[simp]: "2 powr (real (i::nat)) \<in> float" by (intro floatI[of 1 i]) simp
+lemma two_powr_minus_int_float[simp]: "2 powr - (real (i::int)) \<in> float" by (intro floatI[of 1 "-i"]) simp
+lemma two_powr_minus_nat_float[simp]: "2 powr - (real (i::nat)) \<in> float" by (intro floatI[of 1 "-i"]) simp
+lemma two_powr_numeral_float[simp]: "2 powr numeral i \<in> float" by (intro floatI[of 1 "numeral i"]) simp
+lemma two_powr_neg_numeral_float[simp]: "2 powr neg_numeral i \<in> float" by (intro floatI[of 1 "neg_numeral i"]) simp
+lemma two_pow_float[simp]: "2 ^ n \<in> float" by (intro floatI[of 1 "n"]) (simp add: powr_realpow)
+lemma real_of_float_float[simp]: "real (f::float) \<in> float" by (cases f) simp
+lemma plus_float[simp]: "r \<in> float \<Longrightarrow> p \<in> float \<Longrightarrow> r + p \<in> float"
+unfolding float_def
+proof (safe, simp)
+fix e1 m1 e2 m2 :: int
+{ fix e1 m1 e2 m2 :: int assume "e1 \<le> e2"
+then have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"
+by (simp add: powr_realpow[symmetric] powr_divide2[symmetric] field_simps)
+then have "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
+by blast }
+note * = this
+show "\<exists>(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
+proof (cases e1 e2 rule: linorder_le_cases)
+assume "e2 \<le> e1" from *[OF this, of m2 m1] show ?thesis by (simp add: ac_simps)
+qed (rule *)
+qed
+lemma uminus_float[simp]: "x \<in> float \<Longrightarrow> -x \<in> float"
+apply (auto simp: float_def)
+apply (rule_tac x="-x" in exI)
+apply (rule_tac x="xa" in exI)
+apply (simp add: field_simps)
+done
+lemma times_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x * y \<in> float"
+apply (auto simp: float_def)
+apply (rule_tac x="x * xa" in exI)
+apply (rule_tac x="xb + xc" in exI)
+apply (simp add: powr_add)
+done
+lemma minus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> x - y \<in> float"
+unfolding ab_diff_minus by (intro uminus_float plus_float)
+lemma abs_float[simp]: "x \<in> float \<Longrightarrow> abs x \<in> float"
+by (cases x rule: linorder_cases[of 0]) auto
+lemma sgn_of_float[simp]: "x \<in> float \<Longrightarrow> sgn x \<in> float"
+by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)
+lemma div_power_2_float[simp]: "x \<in> float \<Longrightarrow> x / 2^d \<in> float"
+apply (auto simp add: float_def)
+apply (rule_tac x="x" in exI)
+apply (rule_tac x="xa - d" in exI)
+apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
+done
+lemma div_power_2_int_float[simp]: "x \<in> float \<Longrightarrow> x / (2::int)^d \<in> float"
+apply (auto simp add: float_def)
+apply (rule_tac x="x" in exI)
+apply (rule_tac x="xa - d" in exI)
+apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])
+done
+lemma div_numeral_Bit0_float[simp]:
+assumes x: "x / numeral n \<in> float" shows "x / (numeral (Num.Bit0 n)) \<in> float"
+proof -
+have "(x / numeral n) / 2^1 \<in> float"
+by (intro x div_power_2_float)
+also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"
+by (induct n) auto
+finally show ?thesis .
+qed
+lemma div_neg_numeral_Bit0_float[simp]:
+assumes x: "x / numeral n \<in> float" shows "x / (neg_numeral (Num.Bit0 n)) \<in> float"
+proof -
+have "- (x / numeral (Num.Bit0 n)) \<in> float" using x by simp
+also have "- (x / numeral (Num.Bit0 n)) = x / neg_numeral (Num.Bit0 n)"
+unfolding neg_numeral_def by (simp del: minus_numeral)
+finally show ?thesis .
+qed
+subsection {* Arithmetic operations on floating point numbers *}
+instantiation float :: ring_1
 begin
-definition zero_float where "0 = Float 0 0"
-instance ..
+definition [simp]: "(0::float) = float_of 0"
+definition [simp]: "(1::float) = float_of 1"
+definition "(x + y::float) = float_of (real x + real y)"
+lemma float_plus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> float_of x + float_of y = float_of (x + y)"
+by (simp add: plus_float_def)
+definition "(-x::float) = float_of (- real x)"
+lemma uminus_of_float[simp]: "x \<in> float \<Longrightarrow> - float_of x = float_of (- x)"
+by (simp add: uminus_float_def)
+definition "(x - y::float) = float_of (real x - real y)"
+lemma float_minus_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> float_of x - float_of y = float_of (x - y)"
+by (simp add: minus_float_def)
+definition "(x * y::float) = float_of (real x * real y)"
+lemma float_times_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> float_of x * float_of y = float_of (x * y)"
+by (simp add: times_float_def)
+instance
+proof
+fix a b c :: float
+show "0 + a = a"
+by (cases a rule: float_of_cases) simp
+show "1 * a = a"
+by (cases a rule: float_of_cases) simp
+show "a * 1 = a"
+by (cases a rule: float_of_cases) simp
+show "-a + a = 0"
+by (cases a rule: float_of_cases) simp
+show "a + b = b + a"
+by (cases a b rule: float_of_cases2) (simp add: ac_simps)
+show "a - b = a + -b"
+by (cases a b rule: float_of_cases2) (simp add: field_simps)
+show "a + b + c = a + (b + c)"
+by (cases a b c rule: float_of_cases3) (simp add: ac_simps)
+show "a * b * c = a * (b * c)"
+by (cases a b c rule: float_of_cases3) (simp add: ac_simps)
+show "(a + b) * c = a * c + b * c"
+by (cases a b c rule: float_of_cases3) (simp add: field_simps)
+show "a * (b + c) = a * b + a * c"
+by (cases a b c rule: float_of_cases3) (simp add: field_simps)
+show "0 \<noteq> (1::float)" by simp
+qed
 end
-instantiation float :: one
+lemma real_of_float_uminus[simp]:
+fixes f g::float shows "real (- g) = - real g"
+by (simp add: uminus_float_def)
+lemma real_of_float_plus[simp]:
+fixes f g::float shows "real (f + g) = real f + real g"
+by (simp add: plus_float_def)
+lemma real_of_float_minus[simp]:
+fixes f g::float shows "real (f - g) = real f - real g"
+by (simp add: minus_float_def)
+lemma real_of_float_times[simp]:
+fixes f g::float shows "real (f * g) = real f * real g"
+by (simp add: times_float_def)
+lemma real_of_float_zero[simp]: "real (0::float) = 0" by simp
+lemma real_of_float_one[simp]: "real (1::float) = 1" by simp
+lemma real_of_float_power[simp]: fixes f::float shows "real (f^n) = real f^n"
+by (induct n) simp_all
+instantiation float :: linorder
 begin
-definition one_float where "1 = Float 1 0"
-instance ..
+definition "x \<le> (y::float) \<longleftrightarrow> real x \<le> real y"
+lemma float_le_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> float_of x \<le> float_of y \<longleftrightarrow> x \<le> y"
+by (simp add: less_eq_float_def)
+definition "x < (y::float) \<longleftrightarrow> real x < real y"
+lemma float_less_float[simp]: "x \<in> float \<Longrightarrow> y \<in> float \<Longrightarrow> float_of x < float_of y \<longleftrightarrow> x < y"
+by (simp add: less_float_def)
+instance
+proof
+fix a b c :: float
+show "a \<le> a"
+by (cases a rule: float_of_cases) simp
+show "a < b \<longleftrightarrow> a \<le> b \<and> \<not> b \<le> a"
+by (cases a b rule: float_of_cases2) auto
+show "a \<le> b \<or> b \<le> a"
+by (cases a b rule: float_of_cases2) auto
+{ assume "a \<le> b" "b \<le> a" then show "a = b"
+by (cases a b rule: float_of_cases2) auto }
+{ assume "a \<le> b" "b \<le> c" then show "a \<le> c"
+by (cases a b c rule: float_of_cases3) auto }
+qed
 end
-lemma real_of_float_simp[simp]: "real (Float a b) = real a * pow2 b"
+lemma real_of_float_min: fixes a b::float shows "real (min a b) = min (real a) (real b)"
-unfolding real_of_float_def using of_float.simps .
+by (simp add: min_def less_eq_float_def)
-lemma real_of_float_neg_exp: "e < 0 \<Longrightarrow> real (Float m e) = real m * inverse (2^nat (-e))" by auto
+lemma real_of_float_max: fixes a b::float shows "real (max a b) = max (real a) (real b)"
-lemma real_of_float_nge0_exp: "\<not> 0 \<le> e \<Longrightarrow> real (Float m e) = real m * inverse (2^nat (-e))" by auto
+by (simp add: max_def less_eq_float_def)
-lemma real_of_float_ge0_exp: "0 \<le> e \<Longrightarrow> real (Float m e) = real m * (2^nat e)" by auto
+instantiation float :: linordered_ring
-lemma Float_num[simp]: shows
+begin
-"real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
-"real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
+definition "(abs x :: float) = float_of (abs (real x))"
-"real (Float -1 0) = -1" and "real (Float (numeral n) 0) = numeral n"
-by auto
+lemma float_abs[simp]: "x \<in> float \<Longrightarrow> abs (float_of x) = float_of (abs x)"
+by (simp add: abs_float_def)
-lemma float_number_of_int[simp]: "real (Float n 0) = real n"
+instance
+proof
+fix a b c :: float
+show "\<bar>a\<bar> = (if a < 0 then - a else a)"
+by (cases a rule: float_of_cases) simp
+assume "a \<le> b"
+then show "c + a \<le> c + b"
+by (cases a b c rule: float_of_cases3) simp
+assume "0 \<le> c"
+with `a \<le> b` show "c * a \<le> c * b"
+by (cases a b c rule: float_of_cases3) (auto intro: mult_left_mono)
+from `0 \<le> c` `a \<le> b` show "a * c \<le> b * c"
+by (cases a b c rule: float_of_cases3) (auto intro: mult_right_mono)
+qed
+end
+lemma real_of_abs_float[simp]: fixes f::float shows "real (abs f) = abs (real f)"
+unfolding abs_float_def by simp
+instance float :: dense_linorder
+proof
+fix a b :: float
+show "\<exists>c. a < c"
+apply (intro exI[of _ "a + 1"])
+apply (cases a rule: float_of_cases)
+apply simp
+done
+show "\<exists>c. c < a"
+apply (intro exI[of _ "a - 1"])
+apply (cases a rule: float_of_cases)
+apply simp
+done
+assume "a < b"
+then show "\<exists>c. a < c \<and> c < b"
+apply (intro exI[of _ "(b + a) * float_of (1/2)"])
+apply (cases a b rule: float_of_cases2)
+apply simp
+done
+qed
+instantiation float :: linordered_idom
+begin
+definition "sgn x = float_of (sgn (real x))"
+lemma sgn_float[simp]: "x \<in> float \<Longrightarrow> sgn (float_of x) = float_of (sgn x)"
+by (simp add: sgn_float_def)
+instance
+proof
+fix a b c :: float
+show "sgn a = (if a = 0 then 0 else if 0 < a then 1 else - 1)"
+by (cases a rule: float_of_cases) simp
+show "a * b = b * a"
+by (cases a b rule: float_of_cases2) (simp add: field_simps)
+show "1 * a = a" "(a + b) * c = a * c + b * c"
+by (simp_all add: field_simps del: one_float_def)
+assume "a < b" "0 < c" then show "c * a < c * b"
+by (cases a b c rule: float_of_cases3) (simp add: field_simps)
+qed
+end
+definition Float :: "int \<Rightarrow> int \<Rightarrow> float" where
+[simp, code del]: "Float m e = float_of (m * 2 powr e)"
+lemma real_of_float_Float[code]: "real_of_float (Float m e) =
+(if e \<ge> 0 then m * 2 ^ nat e else m * inverse (2 ^ nat (- e)))"
+by (auto simp add: powr_realpow[symmetric] powr_minus real_of_float_def[symmetric])
+code_datatype Float
+lemma real_Float: "real (Float m e) = m * 2 powr e" by simp
+definition normfloat :: "float \<Rightarrow> float" where
+[simp]: "normfloat x = x"
+lemma compute_normfloat[code]: "normfloat (Float m e) =
+(if m mod 2 = 0 \<and> m \<noteq> 0 then normfloat (Float (m div 2) (e + 1))
+else if m = 0 then 0 else Float m e)"
+by (simp del: real_of_int_add split: prod.split)
+(auto simp add: powr_add zmod_eq_0_iff)
+lemma compute_zero[code_unfold, code]: "0 = Float 0 0"
 by simp
-lemma pow2_0[simp]: "pow2 0 = 1" by simp
+lemma compute_one[code_unfold, code]: "1 = Float 1 0"
-lemma pow2_1[simp]: "pow2 1 = 2" by simp
+by simp
-lemma pow2_neg: "pow2 x = inverse (pow2 (-x))" by simp
+instance float :: numeral ..
-lemma pow2_powr: "pow2 a = 2 powr a"
-by (simp add: powr_realpow[symmetric] powr_minus)
+lemma float_of_numeral[simp]: "numeral k = float_of (numeral k)"
+by (induct k)
-declare pow2_def[simp del]
+(simp_all only: numeral.simps one_float_def float_plus_float numeral_float one_float plus_float)
-lemma pow2_add: "pow2 (a+b) = (pow2 a) * (pow2 b)"
+lemma float_of_neg_numeral[simp]: "neg_numeral k = float_of (neg_numeral k)"
-by (simp add: pow2_powr powr_add)
+by (simp add: minus_numeral[symmetric] del: minus_numeral)
-lemma pow2_diff: "pow2 (a - b) = pow2 a / pow2 b"
+lemma
-by (simp add: pow2_powr powr_divide2)
+shows float_numeral[simp]: "real (numeral x :: float) = numeral x"
+and float_neg_numeral[simp]: "real (neg_numeral x :: float) = neg_numeral x"
-lemma pow2_add1: "pow2 (1 + a) = 2 * (pow2 a)"
+by simp_all
-by (simp add: pow2_add)
+subsection {* Represent floats as unique mantissa and exponent *}
-lemma float_components[simp]: "Float (mantissa f) (scale f) = f" by (cases f) auto
-lemma float_split: "\<exists> a b. x = Float a b" by (cases x) auto
+lemma int_induct_abs[case_names less]:
+fixes j :: int
-lemma float_split2: "(\<forall> a b. x \<noteq> Float a b) = False" by (auto simp add: float_split)
+assumes H: "\<And>n. (\<And>i. \<bar>i\<bar> < \<bar>n\<bar> \<Longrightarrow> P i) \<Longrightarrow> P n"
+shows "P j"
-lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
+proof (induct "nat \<bar>j\<bar>" arbitrary: j rule: less_induct)
+case less show ?case by (rule H[OF less]) simp
-lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
+qed
-by arith
+lemma int_cancel_factors:
-function normfloat :: "float \<Rightarrow> float" where
+fixes n :: int assumes "1 < r" shows "n = 0 \<or> (\<exists>k i. n = k * r ^ i \<and> \<not> r dvd k)"
-"normfloat (Float a b) =
+proof (induct n rule: int_induct_abs)
-(if a \<noteq> 0 \<and> even a then normfloat (Float (a div 2) (b+1))
+case (less n)
-else if a=0 then Float 0 0 else Float a b)"
+{ fix m assume n: "n \<noteq> 0" "n = m * r"
-by pat_completeness auto
+then have "\<bar>m \<bar> < \<bar>n\<bar>"
-termination by (relation "measure (nat o abs o mantissa)") (auto intro: abs_div_2_less)
+by (metis abs_dvd_iff abs_ge_self assms comm_semiring_1_class.normalizing_semiring_rules(7)
-declare normfloat.simps[simp del]
+dvd_imp_le_int dvd_refl dvd_triv_right linorder_neq_iff linorder_not_le
+mult_eq_0_iff zdvd_mult_cancel1)
-theorem normfloat[symmetric, simp]: "real f = real (normfloat f)"
+from less[OF this] n have "\<exists>k i. n = k * r ^ Suc i \<and> \<not> r dvd k" by auto }
-proof (induct f rule: normfloat.induct)
+then show ?case
-case (1 a b)
+by (metis comm_semiring_1_class.normalizing_semiring_rules(12,7) dvdE power_0)
-have real2: "2 = real (2::int)"
+qed
-by auto
-show ?case
+lemma mult_powr_eq_mult_powr_iff_asym:
-apply (subst normfloat.simps)
+fixes m1 m2 e1 e2 :: int
-apply auto
+assumes m1: "\<not> 2 dvd m1" and "e1 \<le> e2"
-apply (subst 1[symmetric])
+shows "m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
-apply (auto simp add: pow2_add even_def)
+proof
-done
+have "m1 \<noteq> 0" using m1 unfolding dvd_def by auto
-qed
+assume eq: "m1 * 2 powr e1 = m2 * 2 powr e2"
+with `e1 \<le> e2` have "m1 = m2 * 2 powr nat (e2 - e1)"
-lemma pow2_neq_zero[simp]: "pow2 x \<noteq> 0"
+by (simp add: powr_divide2[symmetric] field_simps)
-by (auto simp add: pow2_def)
+also have "\<dots> = m2 * 2^nat (e2 - e1)"
+by (simp add: powr_realpow)
-lemma pow2_int: "pow2 (int c) = 2^c"
+finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"
-by (simp add: pow2_def)
+unfolding real_of_int_inject .
+with m1 have "m1 = m2"
-lemma zero_less_pow2[simp]: "0 < pow2 x"
+by (cases "nat (e2 - e1)") (auto simp add: dvd_def)
-by (simp add: pow2_powr)
+then show "m1 = m2 \<and> e1 = e2"
+using eq `m1 \<noteq> 0` by (simp add: powr_inj)
-lemma normfloat_imp_odd_or_zero:
+qed simp
-"normfloat f = Float a b \<Longrightarrow> odd a \<or> (a = 0 \<and> b = 0)"
-proof (induct f rule: normfloat.induct)
+lemma mult_powr_eq_mult_powr_iff:
-case (1 u v)
+fixes m1 m2 e1 e2 :: int
-from 1 have ab: "normfloat (Float u v) = Float a b" by auto
+shows "\<not> 2 dvd m1 \<Longrightarrow> \<not> 2 dvd m2 \<Longrightarrow> m1 * 2 powr e1 = m2 * 2 powr e2 \<longleftrightarrow> m1 = m2 \<and> e1 = e2"
-{
+using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]
-assume eu: "even u"
+using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]
-assume z: "u \<noteq> 0"
+by (cases e1 e2 rule: linorder_le_cases) auto
-have "normfloat (Float u v) = normfloat (Float (u div 2) (v + 1))"
-apply (subst normfloat.simps)
+lemma floatE_normed:
-by (simp add: eu z)
+assumes x: "x \<in> float"
-with ab have "normfloat (Float (u div 2) (v + 1)) = Float a b" by simp
+obtains (zero) "x = 0"
-with 1 eu z have ?case by auto
+| (powr) m e :: int where "x = m * 2 powr e" "\<not> 2 dvd m" "x \<noteq> 0"
-}
+proof atomize_elim
-note case1 = this
+{ assume "x \<noteq> 0"
-{
+from x obtain m e :: int where x: "x = m * 2 powr e" by (auto simp: float_def)
-assume "odd u \<or> u = 0"
+with `x \<noteq> 0` int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "\<not> 2 dvd k"
-then have ou: "\<not> (u \<noteq> 0 \<and> even u)" by auto
+by auto
-have "normfloat (Float u v) = (if u = 0 then Float 0 0 else Float u v)"
+with `\<not> 2 dvd k` x have "\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m"
-apply (subst normfloat.simps)
+by (rule_tac exI[of _ "k"], rule_tac exI[of _ "e + int i"])
-apply (simp add: ou)
+(simp add: powr_add powr_realpow) }
+then show "x = 0 \<or> (\<exists>(m::int) (e::int). x = m * 2 powr e \<and> \<not> (2::int) dvd m \<and> x \<noteq> 0)"
+by blast
+qed
+lemma float_normed_cases:
+fixes f :: float
+obtains (zero) "f = 0"
+| (powr) m e :: int where "real f = m * 2 powr e" "\<not> 2 dvd m" "f \<noteq> 0"
+proof (atomize_elim, induct f)
+case (float_of y) then show ?case
+by (cases rule: floatE_normed) auto
+qed
+definition mantissa :: "float \<Rightarrow> int" where
+"mantissa f = fst (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
+\<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
+definition exponent :: "float \<Rightarrow> int" where
+"exponent f = snd (SOME p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
+\<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p))"
+lemma
+shows exponent_0[simp]: "exponent (float_of 0) = 0" (is ?E)
+and mantissa_0[simp]: "mantissa (float_of 0) = 0" (is ?M)
+proof -
+have "\<And>p::int \<times> int. fst p = 0 \<and> snd p = 0 \<longleftrightarrow> p = (0, 0)" by auto
+then show ?E ?M
+by (auto simp add: mantissa_def exponent_def)
+qed
+lemma
+shows mantissa_exponent: "real f = mantissa f * 2 powr exponent f" (is ?E)
+and mantissa_not_dvd: "f \<noteq> (float_of 0) \<Longrightarrow> \<not> 2 dvd mantissa f" (is "_ \<Longrightarrow> ?D")
+proof cases
+assume [simp]: "f \<noteq> (float_of 0)"
+have "f = mantissa f * 2 powr exponent f \<and> \<not> 2 dvd mantissa f"
+proof (cases f rule: float_normed_cases)
+case (powr m e)
+then have "\<exists>p::int \<times> int. (f = 0 \<and> fst p = 0 \<and> snd p = 0)
+\<or> (f \<noteq> 0 \<and> real f = real (fst p) * 2 powr real (snd p) \<and> \<not> 2 dvd fst p)"
+by auto
+then show ?thesis
+unfolding exponent_def mantissa_def
+by (rule someI2_ex) simp
+qed simp
+then show ?E ?D by auto
+qed simp
+lemma mantissa_noteq_0: "f \<noteq> float_of 0 \<Longrightarrow> mantissa f \<noteq> 0"
+using mantissa_not_dvd[of f] by auto
+lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"
+unfolding real_of_float_eq[symmetric] mantissa_exponent[of f] by simp
+lemma Float_cases[case_names Float, cases type: float]:
+fixes f :: float
+obtains (Float) m e :: int where "f = Float m e"
+using Float_mantissa_exponent[symmetric]
+by (atomize_elim) auto
+lemma
+fixes m e :: int
+defines "f \<equiv> float_of (m * 2 powr e)"
+assumes dvd: "\<not> 2 dvd m"
+shows mantissa_float: "mantissa f = m" (is "?M")
+and exponent_float: "m \<noteq> 0 \<Longrightarrow> exponent f = e" (is "_ \<Longrightarrow> ?E")
+proof cases
+assume "m = 0" with dvd show "mantissa f = m" by auto
+next
+assume "m \<noteq> 0"
+then have f_not_0: "f \<noteq> float_of 0" by (simp add: f_def)
+from mantissa_exponent[of f]
+have "m * 2 powr e = mantissa f * 2 powr exponent f"
+by (auto simp add: f_def)
+then show "?M" "?E"
+using mantissa_not_dvd[OF f_not_0] dvd
+by (auto simp: mult_powr_eq_mult_powr_iff)
+qed
+lemma denormalize_shift:
+assumes f_def: "f \<equiv> Float m e" and not_0: "f \<noteq> float_of 0"
+obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"
+proof
+from mantissa_exponent[of f] f_def
+have "m * 2 powr e = mantissa f * 2 powr exponent f"
+by simp
+then have eq: "m = mantissa f * 2 powr (exponent f - e)"
+by (simp add: powr_divide2[symmetric] field_simps)
+moreover
+have "e \<le> exponent f"
+proof (rule ccontr)
+assume "\<not> e \<le> exponent f"
+then have pos: "exponent f < e" by simp
+then have "2 powr (exponent f - e) = 2 powr - real (e - exponent f)"
+by simp
+also have "\<dots> = 1 / 2^nat (e - exponent f)"
+using pos by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])
+finally have "m * 2^nat (e - exponent f) = real (mantissa f)"
+using eq by simp
+then have "mantissa f = m * 2^nat (e - exponent f)"
+unfolding real_of_int_inject by simp
+with `exponent f < e` have "2 dvd mantissa f"
+apply (intro dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])
+apply (cases "nat (e - exponent f)")
+apply auto
 done
-with ab have "Float a b = (if u = 0 then Float 0 0 else Float u v)" by auto
+then show False using mantissa_not_dvd[OF not_0] by simp
-then have ?case
+qed
-apply (case_tac "u=0")
+ultimately have "real m = mantissa f * 2^nat (exponent f - e)"
-apply (auto)
+by (simp add: powr_realpow[symmetric])
-by (insert ou, auto)
+with `e \<le> exponent f`
-}
+show "m = mantissa f * 2 ^ nat (exponent f - e)" "e = exponent f - nat (exponent f - e)"
-note case2 = this
+unfolding real_of_int_inject by auto
-show ?case
+qed
-apply (case_tac "odd u \<or> u = 0")
-apply (rule case2)
+subsection {* Compute arithmetic operations *}
-apply simp
-apply (rule case1)
+lemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"
-apply auto
+by simp
-done
-qed
+lemma compute_float_neg_numeral[code_abbrev]: "Float (neg_numeral k) 0 = neg_numeral k"
+by simp
-lemma float_eq_odd_helper:
-assumes odd: "odd a'"
+lemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"
-and floateq: "real (Float a b) = real (Float a' b')"
+by simp
-shows "b \<le> b'"
-proof -
+lemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"
-from odd have "a' \<noteq> 0" by auto
+by (simp add: field_simps powr_add)
-with floateq have a': "real a' = real a * pow2 (b - b')"
-by (simp add: pow2_diff field_simps)
+lemma compute_float_plus[code]: "Float m1 e1 + Float m2 e2 =
+(if e1 \<le> e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1
-{
+else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"
-assume bcmp: "b > b'"
+by (simp add: field_simps)
-then obtain c :: nat where "b - b' = int c + 1"
+(simp add: powr_realpow[symmetric] powr_divide2[symmetric])
-by atomize_elim arith
-with a' have "real a' = real (a * 2^c * 2)"
+lemma compute_float_minus[code]: fixes f g::float shows "f - g = f + (-g)" by simp
-by (simp add: pow2_def nat_add_distrib)
-with odd have False
+lemma compute_float_sgn[code]: "sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"
-unfolding real_of_int_inject by simp
+by (simp add: sgn_times)
-}
-then show ?thesis by arith
+definition is_float_pos :: "float \<Rightarrow> bool" where
-qed
+"is_float_pos f \<longleftrightarrow> 0 < f"
-lemma float_eq_odd:
+lemma compute_is_float_pos[code]: "is_float_pos (Float m e) \<longleftrightarrow> 0 < m"
-assumes odd1: "odd a"
+by (auto simp add: is_float_pos_def zero_less_mult_iff) (simp add: not_le[symmetric])
-and odd2: "odd a'"
-and floateq: "real (Float a b) = real (Float a' b')"
+lemma compute_float_less[code]: "a < b \<longleftrightarrow> is_float_pos (b - a)"
-shows "a = a' \<and> b = b'"
+by (simp add: is_float_pos_def field_simps del: zero_float_def)
-proof -
-from
+definition is_float_nonneg :: "float \<Rightarrow> bool" where
-float_eq_odd_helper[OF odd2 floateq]
+"is_float_nonneg f \<longleftrightarrow> 0 \<le> f"
-float_eq_odd_helper[OF odd1 floateq[symmetric]]
-have beq: "b = b'" by arith
+lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) \<longleftrightarrow> 0 \<le> m"
-with floateq show ?thesis by auto
+by (auto simp add: is_float_nonneg_def zero_le_mult_iff) (simp add: not_less[symmetric])
-qed
+lemma compute_float_le[code]: "a \<le> b \<longleftrightarrow> is_float_nonneg (b - a)"
-theorem normfloat_unique:
+by (simp add: is_float_nonneg_def field_simps del: zero_float_def)
-assumes real_of_float_eq: "real f = real g"
-shows "normfloat f = normfloat g"
+definition is_float_zero :: "float \<Rightarrow> bool" where
-proof -
+"is_float_zero f \<longleftrightarrow> 0 = f"
-from float_split[of "normfloat f"] obtain a b where normf:"normfloat f = Float a b" by auto
-from float_split[of "normfloat g"] obtain a' b' where normg:"normfloat g = Float a' b'" by auto
+lemma compute_is_float_zero[code]: "is_float_zero (Float m e) \<longleftrightarrow> 0 = m"
-have "real (normfloat f) = real (normfloat g)"
+by (auto simp add: is_float_zero_def)
-by (simp add: real_of_float_eq)
-then have float_eq: "real (Float a b) = real (Float a' b')"
+lemma compute_float_abs[code]: "abs (Float m e) = Float (abs m) e" by (simp add: abs_mult)
-by (simp add: normf normg)
-have ab: "odd a \<or> (a = 0 \<and> b = 0)" by (rule normfloat_imp_odd_or_zero[OF normf])
+instantiation float :: equal
-have ab': "odd a' \<or> (a' = 0 \<and> b' = 0)" by (rule normfloat_imp_odd_or_zero[OF normg])
-{
-assume odd: "odd a"
-then have "a \<noteq> 0" by (simp add: even_def) arith
-with float_eq have "a' \<noteq> 0" by auto
-with ab' have "odd a'" by simp
-from odd this float_eq have "a = a' \<and> b = b'" by (rule float_eq_odd)
-}
-note odd_case = this
-{
-assume even: "even a"
-with ab have a0: "a = 0" by simp
-with float_eq have a0': "a' = 0" by auto
-from a0 a0' ab ab' have "a = a' \<and> b = b'" by auto
-}
-note even_case = this
-from odd_case even_case show ?thesis
-apply (simp add: normf normg)
-apply (case_tac "even a")
-apply auto
-done
-qed
-instantiation float :: plus
 begin
-fun plus_float where
-[simp del]: "(Float a_m a_e) + (Float b_m b_e) =
+definition "equal_float (f1 :: float) f2 \<longleftrightarrow> is_float_zero (f1 - f2)"
-(if a_e \<le> b_e then Float (a_m + b_m * 2^(nat(b_e - a_e))) a_e
-else Float (a_m * 2^(nat (a_e - b_e)) + b_m) b_e)"
+instance proof qed (auto simp: equal_float_def is_float_zero_def simp del: zero_float_def)
-instance ..
 end
-instantiation float :: uminus
+subsection {* Rounding Real numbers *}
-begin
-primrec uminus_float where [simp del]: "uminus_float (Float m e) = Float (-m) e"
+definition round_down :: "int \<Rightarrow> real \<Rightarrow> real" where
-instance ..
+"round_down prec x = floor (x * 2 powr prec) * 2 powr -prec"
-end
+definition round_up :: "int \<Rightarrow> real \<Rightarrow> real" where
-instantiation float :: minus
+"round_up prec x = ceiling (x * 2 powr prec) * 2 powr -prec"
-begin
-definition minus_float where "(z::float) - w = z + (- w)"
+lemma round_down_float[simp]: "round_down prec x \<in> float"
-instance ..
+unfolding round_down_def
-end
+by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
-instantiation float :: times
+lemma round_up_float[simp]: "round_up prec x \<in> float"
-begin
+unfolding round_up_def
-fun times_float where [simp del]: "(Float a_m a_e) * (Float b_m b_e) = Float (a_m * b_m) (a_e + b_e)"
+by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)
-instance ..
-end
+lemma round_up: "x \<le> round_up prec x"
+by (simp add: powr_minus_divide le_divide_eq round_up_def)
-primrec float_pprt :: "float \<Rightarrow> float" where
-"float_pprt (Float a e) = (if 0 <= a then (Float a e) else 0)"
+lemma round_down: "round_down prec x \<le> x"
+by (simp add: powr_minus_divide divide_le_eq round_down_def)
-primrec float_nprt :: "float \<Rightarrow> float" where
-"float_nprt (Float a e) = (if 0 <= a then 0 else (Float a e))"
+lemma round_up_0[simp]: "round_up p 0 = 0"
+unfolding round_up_def by simp
-instantiation float :: ord
-begin
+lemma round_down_0[simp]: "round_down p 0 = 0"
-definition le_float_def: "z \<le> (w :: float) \<equiv> real z \<le> real w"
+unfolding round_down_def by simp
-definition less_float_def: "z < (w :: float) \<equiv> real z < real w"
-instance ..
+lemma round_up_diff_round_down:
-end
+"round_up prec x - round_down prec x \<le> 2 powr -prec"
+proof -
-lemma real_of_float_add[simp]: "real (a + b) = real a + real (b :: float)"
+have "round_up prec x - round_down prec x =
-by (cases a, cases b) (simp add: algebra_simps plus_float.simps,
+(ceiling (x * 2 powr prec) - floor (x * 2 powr prec)) * 2 powr -prec"
-auto simp add: pow2_int[symmetric] pow2_add[symmetric])
+by (simp add: round_up_def round_down_def field_simps)
+also have "\<dots> \<le> 1 * 2 powr -prec"
-lemma real_of_float_minus[simp]: "real (- a) = - real (a :: float)"
+by (rule mult_mono)
-by (cases a) simp
+(auto simp del: real_of_int_diff
+simp: real_of_int_diff[symmetric] real_of_int_le_one_cancel_iff ceiling_diff_floor_le_1)
-lemma real_of_float_sub[simp]: "real (a - b) = real a - real (b :: float)"
+finally show ?thesis by simp
-by (cases a, cases b) (simp add: minus_float_def)
+qed
-lemma real_of_float_mult[simp]: "real (a*b) = real a * real (b :: float)"
+lemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"
-by (cases a, cases b) (simp add: times_float.simps pow2_add)
+unfolding round_down_def
+by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
-lemma real_of_float_0[simp]: "real (0 :: float) = 0"
+(simp add: powr_add[symmetric])
-by (auto simp add: zero_float_def)
+lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"
-lemma real_of_float_1[simp]: "real (1 :: float) = 1"
+unfolding round_up_def
-by (auto simp add: one_float_def)
+by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])
+(simp add: powr_add[symmetric])
-lemma zero_le_float:
-"(0 <= real (Float a b)) = (0 <= a)"
+subsection {* Rounding Floats *}
-apply auto
-apply (auto simp add: zero_le_mult_iff)
+definition float_up :: "int \<Rightarrow> float \<Rightarrow> float" where
-apply (insert zero_less_pow2[of b])
+"float_up prec x = float_of (round_up prec (real x))"
-apply (simp_all)
-done
+lemma float_up_float:
+"x \<in> float \<Longrightarrow> float_up prec (float_of x) = float_of (round_up prec x)"
-lemma float_le_zero:
+unfolding float_up_def by simp
-"(real (Float a b) <= 0) = (a <= 0)"
-apply auto
+lemma float_up_correct:
-apply (auto simp add: mult_le_0_iff)
+shows "real (float_up e f) - real f \<in> {0..2 powr -e}"
-apply (insert zero_less_pow2[of b])
+unfolding atLeastAtMost_iff
-apply auto
+proof
-done
+have "round_up e f - f \<le> round_up e f - round_down e f" using round_down by simp
+also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
-lemma zero_less_float:
+finally show "real (float_up e f) - real f \<le> 2 powr real (- e)"
-"(0 < real (Float a b)) = (0 < a)"
+by (simp add: float_up_def)
-apply auto
+qed (simp add: algebra_simps float_up_def round_up)
-apply (auto simp add: zero_less_mult_iff)
-apply (insert zero_less_pow2[of b])
+definition float_down :: "int \<Rightarrow> float \<Rightarrow> float" where
-apply (simp_all)
+"float_down prec x = float_of (round_down prec (real x))"
-done
+lemma float_down_float:
-lemma float_less_zero:
+"x \<in> float \<Longrightarrow> float_down prec (float_of x) = float_of (round_down prec x)"
-"(real (Float a b) < 0) = (a < 0)"
+unfolding float_down_def by simp
-apply auto
-apply (auto simp add: mult_less_0_iff)
+lemma float_down_correct:
-apply (insert zero_less_pow2[of b])
+shows "real f - real (float_down e f) \<in> {0..2 powr -e}"
-apply (simp_all)
+unfolding atLeastAtMost_iff
-done
+proof
+have "f - round_down e f \<le> round_up e f - round_down e f" using round_up by simp
-declare real_of_float_simp[simp del]
+also have "\<dots> \<le> 2 powr -e" using round_up_diff_round_down by simp
+finally show "real f - real (float_down e f) \<le> 2 powr real (- e)"
-lemma real_of_float_pprt[simp]: "real (float_pprt a) = pprt (real a)"
+by (simp add: float_down_def)
-by (cases a) (auto simp add: zero_le_float float_le_zero)
+qed (simp add: algebra_simps float_down_def round_down)
-lemma real_of_float_nprt[simp]: "real (float_nprt a) = nprt (real a)"
+lemma round_down_Float_id:
-by (cases a) (auto simp add: zero_le_float float_le_zero)
+assumes "p + e \<ge> 0"
+shows "round_down p (Float m e) = Float m e"
-instance float :: ab_semigroup_add
+proof -
-proof (intro_classes)
+from assms have r: "real e + real p = real (nat (e + p))" by simp
-fix a b c :: float
+have r: "\<lfloor>real (Float m e) * 2 powr real p\<rfloor> = real (Float m e) * 2 powr real p"
-show "a + b + c = a + (b + c)"
+by (auto intro: exI[where x="m*2^nat (e+p)"]
-by (cases a, cases b, cases c)
+simp add: ac_simps powr_add[symmetric] r powr_realpow)
-(auto simp add: algebra_simps power_add[symmetric] plus_float.simps)
+show ?thesis using assms
+unfolding round_down_def floor_divide_eq_div r
+by (simp add: ac_simps powr_add[symmetric])
+qed
+lemma compute_float_down[code]:
+"float_down p (Float m e) =
+(if p + e < 0 then Float (m div 2^nat (-(p + e))) (-p) else Float m e)"
+proof cases
+assume "p + e < 0"
+hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
+using powr_realpow[of 2 "nat (-(p + e))"] by simp
+also have "... = 1 / 2 powr p / 2 powr e"
+unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
+finally show ?thesis
+unfolding float_down_def round_down_def floor_divide_eq_div[symmetric]
+using `p + e < 0` by (simp add: ac_simps)
 next
-fix a b :: float
+assume "\<not> p + e < 0" with round_down_Float_id show ?thesis by (simp add: float_down_def)
-show "a + b = b + a"
+qed
-by (cases a, cases b) (simp add: plus_float.simps)
-qed
+lemma ceil_divide_floor_conv:
+assumes "b \<noteq> 0"
-instance float :: numeral ..
+shows "\<lceil>real a / real b\<rceil> = (if b dvd a then a div b else \<lfloor>real a / real b\<rfloor> + 1)"
+proof cases
-lemma Float_add_same_scale: "Float x e + Float y e = Float (x + y) e"
+assume "\<not> b dvd a"
-by (simp add: plus_float.simps)
+hence "a mod b \<noteq> 0" by auto
+hence ne: "real (a mod b) / real b \<noteq> 0" using `b \<noteq> 0` by auto
-(* FIXME: define other constant for code_unfold_post *)
+have "\<lceil>real a / real b\<rceil> = \<lfloor>real a / real b\<rfloor> + 1"
-lemma numeral_float_Float (*[code_unfold_post]*):
+apply (rule ceiling_eq) apply (auto simp: floor_divide_eq_div[symmetric])
-"numeral k = Float (numeral k) 0"
+proof -
-by (induct k, simp_all only: numeral.simps one_float_def
+have "real \<lfloor>real a / real b\<rfloor> \<le> real a / real b" by simp
-Float_add_same_scale)
+moreover have "real \<lfloor>real a / real b\<rfloor> \<noteq> real a / real b"
+apply (subst (2) real_of_int_div_aux) unfolding floor_divide_eq_div using ne `b \<noteq> 0` by auto
-lemma float_number_of[simp]: "real (numeral x :: float) = numeral x"
+ultimately show "real \<lfloor>real a / real b\<rfloor> < real a / real b" by arith
-by (simp only: numeral_float_Float Float_num)
-instance float :: comm_monoid_mult
-proof (intro_classes)
-fix a b c :: float
-show "a * b * c = a * (b * c)"
-by (cases a, cases b, cases c) (simp add: times_float.simps)
-next
-fix a b :: float
-show "a * b = b * a"
-by (cases a, cases b) (simp add: times_float.simps)
-next
-fix a :: float
-show "1 * a = a"
-by (cases a) (simp add: times_float.simps one_float_def)
-qed
-(* Floats do NOT form a cancel_semigroup_add: *)
-lemma "0 + Float 0 1 = 0 + Float 0 2"
-by (simp add: plus_float.simps zero_float_def)
-instance float :: comm_semiring
-proof (intro_classes)
-fix a b c :: float
-show "(a + b) * c = a * c + b * c"
-by (cases a, cases b, cases c) (simp add: plus_float.simps times_float.simps algebra_simps)
-qed
-(* Floats do NOT form an order, because "(x < y) = (x <= y & x <> y)" does NOT hold *)
-instance float :: zero_neq_one
-proof (intro_classes)
-show "(0::float) \<noteq> 1"
-by (simp add: zero_float_def one_float_def)
-qed
-lemma float_le_simp: "((x::float) \<le> y) = (0 \<le> y - x)"
-by (auto simp add: le_float_def)
-lemma float_less_simp: "((x::float) < y) = (0 < y - x)"
-by (auto simp add: less_float_def)
-lemma real_of_float_min: "real (min x y :: float) = min (real x) (real y)" unfolding min_def le_float_def by auto
-lemma real_of_float_max: "real (max a b :: float) = max (real a) (real b)" unfolding max_def le_float_def by auto
-lemma float_power: "real (x ^ n :: float) = real x ^ n"
-by (induct n) simp_all
-lemma zero_le_pow2[simp]: "0 \<le> pow2 s"
-apply (subgoal_tac "0 < pow2 s")
-apply (auto simp only:)
-apply auto
-done
-lemma pow2_less_0_eq_False[simp]: "(pow2 s < 0) = False"
-apply auto
-apply (subgoal_tac "0 \<le> pow2 s")
-apply simp
-apply simp
-done
-lemma pow2_le_0_eq_False[simp]: "(pow2 s \<le> 0) = False"
-apply auto
-apply (subgoal_tac "0 < pow2 s")
-apply simp
-apply simp
-done
-lemma float_pos_m_pos: "0 < Float m e \<Longrightarrow> 0 < m"
-unfolding less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff
-by auto
-lemma float_pos_less1_e_neg: assumes "0 < Float m e" and "Float m e < 1" shows "e < 0"
-proof -
-have "0 < m" using float_pos_m_pos `0 < Float m e` by auto
-hence "0 \<le> real m" and "1 \<le> real m" by auto
-show "e < 0"
-proof (rule ccontr)
-assume "\<not> e < 0" hence "0 \<le> e" by auto
-hence "1 \<le> pow2 e" unfolding pow2_def by auto
-from mult_mono[OF `1 \<le> real m` this `0 \<le> real m`]
-have "1 \<le> Float m e" by (simp add: le_float_def real_of_float_simp)
-thus False using `Float m e < 1` unfolding less_float_def le_float_def by auto
 qed
-qed
+thus ?thesis using `\<not> b dvd a` by simp
+qed (simp add: ceiling_def real_of_int_minus[symmetric] divide_minus_left[symmetric]
-lemma float_less1_mantissa_bound: assumes "0 < Float m e" "Float m e < 1" shows "m < 2^(nat (-e))"
+floor_divide_eq_div dvd_neg_div del: divide_minus_left real_of_int_minus)
-proof -
-have "e < 0" using float_pos_less1_e_neg assms by auto
+lemma round_up_Float_id:
-have "\<And>x. (0::real) < 2^x" by auto
+assumes "p + e \<ge> 0"
-have "real m < 2^(nat (-e))" using `Float m e < 1`
+shows "round_up p (Float m e) = Float m e"
-unfolding less_float_def real_of_float_neg_exp[OF `e < 0`] real_of_float_1
+proof -
-real_mult_less_iff1[of _ _ 1, OF `0 < 2^(nat (-e))`, symmetric]
+from assms have r1: "real e + real p = real (nat (e + p))" by simp
-mult_assoc by auto
+have r: "\<lceil>real (Float m e) * 2 powr real p\<rceil> = real (Float m e) * 2 powr real p"
-thus ?thesis unfolding real_of_int_less_iff[symmetric] by auto
+by (auto simp add: ac_simps powr_add[symmetric] r1 powr_realpow
-qed
+intro: exI[where x="m*2^nat (e+p)"])
+show ?thesis using assms
-function bitlen :: "int \<Rightarrow> int" where
+unfolding float_up_def round_up_def floor_divide_eq_div Let_def r
-"bitlen 0 = 0" |
+by (simp add: ac_simps powr_add[symmetric])
-"bitlen -1 = 1" |
+qed
-"0 < x \<Longrightarrow> bitlen x = 1 + (bitlen (x div 2))" |
-"x < -1 \<Longrightarrow> bitlen x = 1 + (bitlen (x div 2))"
+lemma compute_float_up[code]:
-apply (case_tac "x = 0 \<or> x = -1 \<or> x < -1 \<or> x > 0")
+"float_up p (Float m e) =
-apply auto
+(let P = 2^nat (-(p + e)); r = m mod P in
-done
+if p + e < 0 then Float (m div P + (if r = 0 then 0 else 1)) (-p) else Float m e)"
-termination by (relation "measure (nat o abs)", auto)
+proof cases
+assume "p + e < 0"
-lemma bitlen_ge0: "0 \<le> bitlen x" by (induct x rule: bitlen.induct, auto)
+hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
-lemma bitlen_ge1: "x \<noteq> 0 \<Longrightarrow> 1 \<le> bitlen x" by (induct x rule: bitlen.induct, auto simp add: bitlen_ge0)
+using powr_realpow[of 2 "nat (-(p + e))"] by simp
+also have "... = 1 / 2 powr p / 2 powr e"
-lemma bitlen_bounds': assumes "0 < x" shows "2^nat (bitlen x - 1) \<le> x \<and> x + 1 \<le> 2^nat (bitlen x)" (is "?P x")
+unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)
-using `0 < x`
+finally have twopow_rewrite:
-proof (induct x rule: bitlen.induct)
+"real ((2::int) ^ nat (- (p + e))) = 1 / 2 powr real p / 2 powr real e" .
-fix x
+with `p + e < 0` have powr_rewrite:
-assume "0 < x" and hyp: "0 < x div 2 \<Longrightarrow> ?P (x div 2)" hence "0 \<le> x" and "x \<noteq> 0" by auto
+"2 powr real e * 2 powr real p = 1 / real ((2::int) ^ nat (- (p + e)))"
-{ fix x have "0 \<le> 1 + bitlen x" using bitlen_ge0[of x] by auto } note gt0_pls1 = this
+unfolding powr_divide2 by simp
+show ?thesis
-have "0 < (2::int)" by auto
+proof cases
+assume "2^nat (-(p + e)) dvd m"
-show "?P x"
+with `p + e < 0` twopow_rewrite show ?thesis
-proof (cases "x = 1")
+by (auto simp: ac_simps float_up_def round_up_def floor_divide_eq_div dvd_eq_mod_eq_0)
-case True show "?P x" unfolding True by auto
 next
-case False hence "2 \<le> x" using `0 < x` `x \<noteq> 1` by auto
+assume ndvd: "\<not> 2 ^ nat (- (p + e)) dvd m"
-hence "2 div 2 \<le> x div 2" by (rule zdiv_mono1, auto)
+have one_div: "real m * (1 / real ((2::int) ^ nat (- (p + e)))) =
-hence "0 < x div 2" and "x div 2 \<noteq> 0" by auto
+real m / real ((2::int) ^ nat (- (p + e)))"
-hence bitlen_s1_ge0: "0 \<le> bitlen (x div 2) - 1" using bitlen_ge1[OF `x div 2 \<noteq> 0`] by auto
+by (simp add: field_simps)
+have "real \<lceil>real m * (2 powr real e * 2 powr real p)\<rceil> =
-{ from hyp[OF `0 < x div 2`]
+real \<lfloor>real m * (2 powr real e * 2 powr real p)\<rfloor> + 1"
-have "2 ^ nat (bitlen (x div 2) - 1) \<le> x div 2" by auto
+using ndvd unfolding powr_rewrite one_div
-hence "2 ^ nat (bitlen (x div 2) - 1) * 2 \<le> x div 2 * 2" by (rule mult_right_mono, auto)
+by (subst ceil_divide_floor_conv) (auto simp: field_simps)
-also have "\<dots> \<le> x" using `0 < x` by auto
+thus ?thesis using `p + e < 0` twopow_rewrite
-finally have "2^nat (1 + bitlen (x div 2) - 1) \<le> x" unfolding power_Suc2[symmetric] Suc_nat_eq_nat_zadd1[OF bitlen_s1_ge0] by auto
+by (auto simp: ac_simps Let_def float_up_def round_up_def floor_divide_eq_div[symmetric])
-} moreover
-{ have "x + 1 \<le> x - x mod 2 + 2"
-proof -
-have "x mod 2 < 2" using `0 < x` by auto
-hence "x < x - x mod 2 +  2" unfolding algebra_simps by auto
-thus ?thesis by auto
-qed
-also have "x - x mod 2 + 2 = (x div 2 + 1) * 2" unfolding algebra_simps using `0 < x` div_mod_equality[of x 2 0] by auto
-also have "\<dots> \<le> 2^nat (bitlen (x div 2)) * 2" using hyp[OF `0 < x div 2`, THEN conjunct2] by (rule mult_right_mono, auto)
-also have "\<dots> = 2^(1 + nat (bitlen (x div 2)))" unfolding power_Suc2[symmetric] by auto
-finally have "x + 1 \<le> 2^(1 + nat (bitlen (x div 2)))" .
-}
-ultimately show ?thesis
-unfolding bitlen.simps(3)[OF `0 < x`] nat_add_distrib[OF zero_le_one bitlen_ge0]
-unfolding add_commute nat_add_distrib[OF zero_le_one gt0_pls1]
-by auto
 qed
 next
-fix x :: int assume "x < -1" and "0 < x" hence False by auto
+assume "\<not> p + e < 0" with round_up_Float_id show ?thesis by (simp add: float_up_def)
-thus "?P x" by auto
+qed
-qed auto
+lemmas real_of_ints =
-lemma bitlen_bounds: assumes "0 < x" shows "2^nat (bitlen x - 1) \<le> x \<and> x < 2^nat (bitlen x)"
+real_of_int_zero
-using bitlen_bounds'[OF `0<x`] by auto
+real_of_one
+real_of_int_add
+real_of_int_minus
+real_of_int_diff
+real_of_int_mult
+real_of_int_power
+real_numeral
+lemmas real_of_nats =
+real_of_nat_zero
+real_of_nat_one
+real_of_nat_1
+real_of_nat_add
+real_of_nat_mult
+real_of_nat_power
+lemmas int_of_reals = real_of_ints[symmetric]
+lemmas nat_of_reals = real_of_nats[symmetric]
+lemma two_real_int: "(2::real) = real (2::int)" by simp
+lemma two_real_nat: "(2::real) = real (2::nat)" by simp
+lemma mult_cong: "a = c ==> b = d ==> a*b = c*d" by simp
+subsection {* Compute bitlen of integers *}
+definition bitlen::"int => int"
+where "bitlen a = (if a > 0 then \<lfloor>log 2 a\<rfloor> + 1 else 0)"
+lemma bitlen_nonneg: "0 \<le> bitlen x"
+proof -
+{
+assume "0 > x"
+have "-1 = log 2 (inverse 2)" by (subst log_inverse) simp_all
+also have "... < log 2 (-x)" using `0 > x` by auto
+finally have "-1 < log 2 (-x)" .
+} thus "0 \<le> bitlen x" unfolding bitlen_def by (auto intro!: add_nonneg_nonneg)
+qed
+lemma bitlen_bounds:
+assumes "x > 0"
+shows "2 ^ nat (bitlen x - 1) \<le> x \<and> x < 2 ^ nat (bitlen x)"
+proof
+have "(2::real) ^ nat \<lfloor>log 2 (real x)\<rfloor> = 2 powr real (floor (log 2 (real x)))"
+using powr_realpow[symmetric, of 2 "nat \<lfloor>log 2 (real x)\<rfloor>"] `x > 0`
+using real_nat_eq_real[of "floor (log 2 (real x))"]
+by simp
+also have "... \<le> 2 powr log 2 (real x)"
+by simp
+also have "... = real x"
+using `0 < x` by simp
+finally have "2 ^ nat \<lfloor>log 2 (real x)\<rfloor> \<le> real x" by simp
+thus "2 ^ nat (bitlen x - 1) \<le> x" using `x > 0`
+by (simp add: bitlen_def)
+next
+have "x \<le> 2 powr (log 2 x)" using `x > 0` by simp
+also have "... < 2 ^ nat (\<lfloor>log 2 (real x)\<rfloor> + 1)"
+apply (simp add: powr_realpow[symmetric])
+using `x > 0` by simp
+finally show "x < 2 ^ nat (bitlen x)" using `x > 0`
+by (simp add: bitlen_def ac_simps int_of_reals del: real_of_ints)
+qed
+lemma bitlen_pow2[simp]:
+assumes "b > 0"
+shows "bitlen (b * 2 ^ c) = bitlen b + c"
+proof -
+from assms have "b * 2 ^ c > 0" by (auto intro: mult_pos_pos)
+thus ?thesis
+using floor_add[of "log 2 b" c] assms
+by (auto simp add: log_mult log_nat_power bitlen_def)
+qed
+lemma bitlen_Float:
+fixes m e
+defines "f \<equiv> Float m e"
+shows "bitlen (\<bar>mantissa f\<bar>) + exponent f = (if m = 0 then 0 else bitlen \<bar>m\<bar> + e)"
+proof cases
+assume "m \<noteq> 0" hence "f \<noteq> float_of 0" by (simp add: f_def) hence "mantissa f \<noteq> 0"
+by (simp add: mantissa_noteq_0)
+moreover
+from f_def[THEN denormalize_shift, OF `f \<noteq> float_of 0`] guess i .
+ultimately show ?thesis by (simp add: abs_mult)
+qed (simp add: f_def bitlen_def)
+lemma compute_bitlen[code]:
+shows "bitlen x = (if x > 0 then bitlen (x div 2) + 1 else 0)"
+proof -
+{ assume "2 \<le> x"
+then have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 (x - x mod 2)\<rfloor>"
+by (simp add: log_mult zmod_zdiv_equality')
+also have "\<dots> = \<lfloor>log 2 (real x)\<rfloor>"
+proof cases
+assume "x mod 2 = 0" then show ?thesis by simp
+next
+def n \<equiv> "\<lfloor>log 2 (real x)\<rfloor>"
+then have "0 \<le> n"
+using `2 \<le> x` by simp
+assume "x mod 2 \<noteq> 0"
+with `2 \<le> x` have "x mod 2 = 1" "\<not> 2 dvd x" by (auto simp add: dvd_eq_mod_eq_0)
+with `2 \<le> x` have "x \<noteq> 2^nat n" by (cases "nat n") auto
+moreover
+{ have "real (2^nat n :: int) = 2 powr (nat n)"
+by (simp add: powr_realpow)
+also have "\<dots> \<le> 2 powr (log 2 x)"
+using `2 \<le> x` by (simp add: n_def del: powr_log_cancel)
+finally have "2^nat n \<le> x" using `2 \<le> x` by simp }
+ultimately have "2^nat n \<le> x - 1" by simp
+then have "2^nat n \<le> real (x - 1)"
+unfolding real_of_int_le_iff[symmetric] by simp
+{ have "n = \<lfloor>log 2 (2^nat n)\<rfloor>"
+using `0 \<le> n` by (simp add: log_nat_power)
+also have "\<dots> \<le> \<lfloor>log 2 (x - 1)\<rfloor>"
+using `2^nat n \<le> real (x - 1)` `0 \<le> n` `2 \<le> x` by (auto intro: floor_mono)
+finally have "n \<le> \<lfloor>log 2 (x - 1)\<rfloor>" . }
+moreover have "\<lfloor>log 2 (x - 1)\<rfloor> \<le> n"
+using `2 \<le> x` by (auto simp add: n_def intro!: floor_mono)
+ultimately show "\<lfloor>log 2 (x - x mod 2)\<rfloor> = \<lfloor>log 2 x\<rfloor>"
+unfolding n_def `x mod 2 = 1` by auto
+qed
+finally have "\<lfloor>log 2 (x div 2)\<rfloor> + 1 = \<lfloor>log 2 x\<rfloor>" . }
+moreover
+{ assume "x < 2" "0 < x"
+then have "x = 1" by simp
+then have "\<lfloor>log 2 (real x)\<rfloor> = 0" by simp }
+ultimately show ?thesis
+unfolding bitlen_def
+by (auto simp: pos_imp_zdiv_pos_iff not_le)
+qed
+lemma float_gt1_scale: assumes "1 \<le> Float m e"
+shows "0 \<le> e + (bitlen m - 1)"
+proof -
+have "0 < Float m e" using assms by auto
+hence "0 < m" using powr_gt_zero[of 2 e]
+by (auto simp: less_float_def less_eq_float_def zero_less_mult_iff)
+hence "m \<noteq> 0" by auto
+show ?thesis
+proof (cases "0 \<le> e")
+case True thus ?thesis using `0 < m`  by (simp add: bitlen_def)
+next
+have "(1::int) < 2" by simp
+case False let ?S = "2^(nat (-e))"
+have "inverse (2 ^ nat (- e)) = 2 powr e" using assms False powr_realpow[of 2 "nat (-e)"]
+by (auto simp: powr_minus field_simps inverse_eq_divide)
+hence "1 \<le> real m * inverse ?S" using assms False powr_realpow[of 2 "nat (-e)"]
+by (auto simp: powr_minus)
+hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
+hence "?S \<le> real m" unfolding mult_assoc by auto
+hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
+from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
+have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
+hence "-e < bitlen m" using False by auto
+thus ?thesis by auto
+qed
+qed
 lemma bitlen_div: assumes "0 < m" shows "1 \<le> real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"
 proof -
 let ?B = "2^nat(bitlen m - 1)"
 have "?B \<le> m" using bitlen_bounds[OF `0 <m`] ..
 hence "1 * ?B \<le> real m" unfolding real_of_int_le_iff[symmetric] by auto
 thus "1 \<le> real m / ?B" by auto
 have "m \<noteq> 0" using assms by auto
-have "0 \<le> bitlen m - 1" using bitlen_ge1[OF `m \<noteq> 0`] by auto
+have "0 \<le> bitlen m - 1" using `0 < m` by (auto simp: bitlen_def)
 have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..
-also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using bitlen_ge1[OF `m \<noteq> 0`] by auto
+also have "\<dots> = 2^nat(bitlen m - 1 + 1)" using `0 < m` by (auto simp: bitlen_def)
 also have "\<dots> = ?B * 2" unfolding nat_add_distrib[OF `0 \<le> bitlen m - 1` zero_le_one] by auto
 finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto
 hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)
 thus "real m / ?B < 2" by auto
 qed
-lemma float_gt1_scale: assumes "1 \<le> Float m e"
+subsection {* Approximation of positive rationals *}
-shows "0 \<le> e + (bitlen m - 1)"
-proof (cases "0 \<le> e")
+lemma zdiv_zmult_twopow_eq: fixes a b::int shows "a div b div (2 ^ n) = a div (b * 2 ^ n)"
-have "0 < Float m e" using assms unfolding less_float_def le_float_def by auto
+by (simp add: zdiv_zmult2_eq)
-hence "0 < m" using float_pos_m_pos by auto
-hence "m \<noteq> 0" by auto
+lemma div_mult_twopow_eq: fixes a b::nat shows "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)"
-case True with bitlen_ge1[OF `m \<noteq> 0`] show ?thesis by auto
+by (cases "b=0") (simp_all add: div_mult2_eq[symmetric] ac_simps)
+lemma real_div_nat_eq_floor_of_divide:
+fixes a b::nat
+shows "a div b = real (floor (a/b))"
+by (metis floor_divide_eq_div real_of_int_of_nat_eq zdiv_int)
+definition "rat_precision prec x y = int prec - (bitlen x - bitlen y)"
+definition lapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float" where
+"lapprox_posrat prec x y = float_of (round_down (rat_precision prec x y) (x / y))"
+lemma compute_lapprox_posrat[code]:
+fixes prec x y
+shows "lapprox_posrat prec x y =
+(let
+l = rat_precision prec x y;
+d = if 0 \<le> l then x * 2^nat l div y else x div 2^nat (- l) div y
+in normfloat (Float d (- l)))"
+unfolding lapprox_posrat_def div_mult_twopow_eq
+by (simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide
+field_simps Let_def
+del: two_powr_minus_int_float)
+definition rapprox_posrat :: "nat \<Rightarrow> nat \<Rightarrow> nat \<Rightarrow> float" where
+"rapprox_posrat prec x y = float_of (round_up (rat_precision prec x y) (x / y))"
+(* TODO: optimize using zmod_zmult2_eq, pdivmod ? *)
+lemma compute_rapprox_posrat[code]:
+fixes prec x y
+defines "l \<equiv> rat_precision prec x y"
+shows "rapprox_posrat prec x y = (let
+l = l ;
+X = if 0 \<le> l then (x * 2^nat l, y) else (x, y * 2^nat(-l)) ;
+d = fst X div snd X ;
+m = fst X mod snd X
+in normfloat (Float (d + (if m = 0 \<or> y = 0 then 0 else 1)) (- l)))"
+proof (cases "y = 0")
+assume "y = 0" thus ?thesis by (simp add: rapprox_posrat_def Let_def)
 next
-have "0 < Float m e" using assms unfolding less_float_def le_float_def by auto
+assume "y \<noteq> 0"
-hence "0 < m" using float_pos_m_pos by auto
-hence "m \<noteq> 0" and "1 < (2::int)" by auto
-case False let ?S = "2^(nat (-e))"
-have "1 \<le> real m * inverse ?S" using assms unfolding le_float_def real_of_float_nge0_exp[OF False] by auto
-hence "1 * ?S \<le> real m * inverse ?S * ?S" by (rule mult_right_mono, auto)
-hence "?S \<le> real m" unfolding mult_assoc by auto
-hence "?S \<le> m" unfolding real_of_int_le_iff[symmetric] by auto
-from this bitlen_bounds[OF `0 < m`, THEN conjunct2]
-have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)
-hence "-e < bitlen m" using False bitlen_ge0 by auto
-thus ?thesis by auto
-qed
-lemma normalized_float: assumes "m \<noteq> 0" shows "real (Float m (- (bitlen m - 1))) = real m / 2^nat (bitlen m - 1)"
-proof (cases "- (bitlen m - 1) = 0")
-case True show ?thesis unfolding real_of_float_simp pow2_def using True by auto
-next
-case False hence P: "\<not> 0 \<le> - (bitlen m - 1)" using bitlen_ge1[OF `m \<noteq> 0`] by auto
-show ?thesis unfolding real_of_float_nge0_exp[OF P] divide_inverse by auto
-qed
-(* BROKEN
-lemma bitlen_Pls: "bitlen (Int.Pls) = Int.Pls" by (subst Pls_def, subst Pls_def, simp)
-lemma bitlen_Min: "bitlen (Int.Min) = Int.Bit1 Int.Pls" by (subst Min_def, simp add: Bit1_def)
-lemma bitlen_B0: "bitlen (Int.Bit0 b) = (if iszero b then Int.Pls else Int.succ (bitlen b))"
-apply (auto simp add: iszero_def succ_def)
-apply (simp add: Bit0_def Pls_def)
-apply (subst Bit0_def)
-apply simp
-apply (subgoal_tac "0 < 2 * b \<or> 2 * b < -1")
-apply auto
-done
-lemma bitlen_B1: "bitlen (Int.Bit1 b) = (if iszero (Int.succ b) then Int.Bit1 Int.Pls else Int.succ (bitlen b))"
-proof -
-have h: "! x. (2*x + 1) div 2 = (x::int)"
-by arith
 show ?thesis
-apply (auto simp add: iszero_def succ_def)
+proof (cases "0 \<le> l")
-apply (subst Bit1_def)+
+assume "0 \<le> l"
-apply simp
+def x' == "x * 2 ^ nat l"
-apply (subgoal_tac "2 * b + 1 = -1")
+have "int x * 2 ^ nat l = x'" by (simp add: x'_def int_mult int_power)
-apply (simp only:)
+moreover have "real x * 2 powr real l = real x'"
-apply simp_all
+by (simp add: powr_realpow[symmetric] `0 \<le> l` x'_def)
-apply (subst Bit1_def)
+ultimately show ?thesis
-apply simp
+unfolding rapprox_posrat_def round_up_def l_def[symmetric]
-apply (subgoal_tac "0 < 2 * b + 1 \<or> 2 * b + 1 < -1")
+using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] `0 \<le> l` `y \<noteq> 0`
-apply (auto simp add: h)
+by (simp add: Let_def floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0 int_of_reals
-done
+del: real_of_ints)
-qed
+next
+assume "\<not> 0 \<le> l"
-lemma bitlen_number_of: "bitlen (number_of w) = number_of (bitlen w)"
+def y' == "y * 2 ^ nat (- l)"
-by (simp add: number_of_is_id)
+from `y \<noteq> 0` have "y' \<noteq> 0" by (simp add: y'_def)
-BH *)
+have "int y * 2 ^ nat (- l) = y'" by (simp add: y'_def int_mult int_power)
+moreover have "real x * real (2::int) powr real l / real y = x / real y'"
-lemma [code]: "bitlen x =
+using `\<not> 0 \<le> l`
-(if x = 0  then 0
+by (simp add: powr_realpow[symmetric] powr_minus y'_def field_simps inverse_eq_divide)
-else if x = -1 then 1
+ultimately show ?thesis
-else (1 + (bitlen (x div 2))))"
+using ceil_divide_floor_conv[of y' x] `\<not> 0 \<le> l` `y' \<noteq> 0` `y \<noteq> 0`
-by (cases "x = 0 \<or> x = -1 \<or> 0 < x") auto
+by (simp add: rapprox_posrat_def l_def round_up_def ceil_divide_floor_conv
+floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0 int_of_reals
-definition lapprox_posrat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
+del: real_of_ints)
-where
-"lapprox_posrat prec x y =
-(let
-l = nat (int prec + bitlen y - bitlen x) ;
-d = (x * 2^l) div y
-in normfloat (Float d (- (int l))))"
-lemma pow2_minus: "pow2 (-x) = inverse (pow2 x)"
-unfolding pow2_neg[of "-x"] by auto
-lemma lapprox_posrat:
-assumes x: "0 \<le> x"
-and y: "0 < y"
-shows "real (lapprox_posrat prec x y) \<le> real x / real y"
-proof -
-let ?l = "nat (int prec + bitlen y - bitlen x)"
-have "real (x * 2^?l div y) * inverse (2^?l) \<le> (real (x * 2^?l) / real y) * inverse (2^?l)"
-by (rule mult_right_mono, fact real_of_int_div4, simp)
-also have "\<dots> \<le> (real x / real y) * 2^?l * inverse (2^?l)" by auto
-finally have "real (x * 2^?l div y) * inverse (2^?l) \<le> real x / real y" unfolding mult_assoc by auto
-thus ?thesis unfolding lapprox_posrat_def Let_def normfloat real_of_float_simp
-unfolding pow2_minus pow2_int minus_minus .
-qed
-lemma real_of_int_div_mult:
-fixes x y c :: int assumes "0 < y" and "0 < c"
-shows "real (x div y) \<le> real (x * c div y) * inverse (real c)"
-proof -
-have "c * (x div y) + 0 \<le> c * x div y" unfolding zdiv_zmult1_eq[of c x y]
-by (rule add_left_mono,
-auto intro!: mult_nonneg_nonneg
-simp add: pos_imp_zdiv_nonneg_iff[OF `0 < y`] `0 < c`[THEN less_imp_le] pos_mod_sign[OF `0 < y`])
-hence "real (x div y) * real c \<le> real (x * c div y)"
-unfolding real_of_int_mult[symmetric] real_of_int_le_iff mult_commute by auto
-hence "real (x div y) * real c * inverse (real c) \<le> real (x * c div y) * inverse (real c)"
-using `0 < c` by auto
-thus ?thesis unfolding mult_assoc using `0 < c` by auto
-qed
-lemma lapprox_posrat_bottom: assumes "0 < y"
-shows "real (x div y) \<le> real (lapprox_posrat n x y)"
-proof -
-have pow: "\<And>x. (0::int) < 2^x" by auto
-show ?thesis
-unfolding lapprox_posrat_def Let_def real_of_float_add normfloat real_of_float_simp pow2_minus pow2_int
-using real_of_int_div_mult[OF `0 < y` pow] by auto
-qed
-lemma lapprox_posrat_nonneg: assumes "0 \<le> x" and "0 < y"
-shows "0 \<le> real (lapprox_posrat n x y)"
-proof -
-show ?thesis
-unfolding lapprox_posrat_def Let_def real_of_float_add normfloat real_of_float_simp pow2_minus pow2_int
-using pos_imp_zdiv_nonneg_iff[OF `0 < y`] assms by (auto intro!: mult_nonneg_nonneg)
-qed
-definition rapprox_posrat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
-where
-"rapprox_posrat prec x y = (let
-l = nat (int prec + bitlen y - bitlen x) ;
-X = x * 2^l ;
-d = X div y ;
-m = X mod y
-in normfloat (Float (d + (if m = 0 then 0 else 1)) (- (int l))))"
-lemma rapprox_posrat:
-assumes x: "0 \<le> x"
-and y: "0 < y"
-shows "real x / real y \<le> real (rapprox_posrat prec x y)"
-proof -
-let ?l = "nat (int prec + bitlen y - bitlen x)" let ?X = "x * 2^?l"
-show ?thesis
-proof (cases "?X mod y = 0")
-case True hence "y dvd ?X" using `0 < y` by auto
-from real_of_int_div[OF this]
-have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
-also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
-finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
-thus ?thesis unfolding rapprox_posrat_def Let_def normfloat if_P[OF True]
-unfolding real_of_float_simp pow2_minus pow2_int minus_minus by auto
-next
-case False
-have "0 \<le> real y" and "real y \<noteq> 0" using `0 < y` by auto
-have "0 \<le> real y * 2^?l" by (rule mult_nonneg_nonneg, rule `0 \<le> real y`, auto)
-have "?X = y * (?X div y) + ?X mod y" by auto
-also have "\<dots> \<le> y * (?X div y) + y" by (rule add_mono, auto simp add: pos_mod_bound[OF `0 < y`, THEN less_imp_le])
-also have "\<dots> = y * (?X div y + 1)" unfolding right_distrib by auto
-finally have "real ?X \<le> real y * real (?X div y + 1)" unfolding real_of_int_le_iff real_of_int_mult[symmetric] .
-hence "real ?X / (real y * 2^?l) \<le> real y * real (?X div y + 1) / (real y * 2^?l)"
-by (rule divide_right_mono, simp only: `0 \<le> real y * 2^?l`)
-also have "\<dots> = real y * real (?X div y + 1) / real y / 2^?l" by auto
-also have "\<dots> = real (?X div y + 1) * inverse (2^?l)" unfolding nonzero_mult_divide_cancel_left[OF `real y \<noteq> 0`]
-unfolding divide_inverse ..
-finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
-unfolding pow2_minus pow2_int minus_minus by auto
 qed
 qed
-lemma rapprox_posrat_le1: assumes "0 \<le> x" and "0 < y" and "x \<le> y"
-shows "real (rapprox_posrat n x y) \<le> 1"
+lemma rat_precision_pos:
-proof -
+assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
-let ?l = "nat (int n + bitlen y - bitlen x)" let ?X = "x * 2^?l"
+shows "rat_precision n (int x) (int y) > 0"
-show ?thesis
+proof -
-proof (cases "?X mod y = 0")
+{ assume "0 < x" hence "log 2 x + 1 = log 2 (2 * x)" by (simp add: log_mult) }
-case True hence "y dvd ?X" using `0 < y` by auto
+hence "bitlen (int x) < bitlen (int y)" using assms
-from real_of_int_div[OF this]
+by (simp add: bitlen_def del: floor_add_one)
-have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
+(auto intro!: floor_mono simp add: floor_add_one[symmetric] simp del: floor_add floor_add_one)
-also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
+thus ?thesis
-finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
+using assms by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)
-also have "real x / real y \<le> 1" using `0 \<le> x` and `0 < y` and `x \<le> y` by auto
+qed
-finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat if_P[OF True]
-unfolding real_of_float_simp pow2_minus pow2_int minus_minus by auto
+lemma power_aux: assumes "x > 0" shows "(2::int) ^ nat (x - 1) \<le> 2 ^ nat x - 1"
-next
+proof -
-case False
+def y \<equiv> "nat (x - 1)" moreover
-have "x \<noteq> y"
+have "(2::int) ^ y \<le> (2 ^ (y + 1)) - 1" by simp
-proof (rule ccontr)
+ultimately show ?thesis using assms by simp
-assume "\<not> x \<noteq> y" hence "x = y" by auto
-have "?X mod y = 0" unfolding `x = y` using mod_mult_self1_is_0 by auto
-thus False using False by auto
-qed
-hence "x < y" using `x \<le> y` by auto
-hence "real x / real y < 1" using `0 < y` and `0 \<le> x` by auto
-from real_of_int_div4[of "?X" y]
-have "real (?X div y) \<le> (real x / real y) * 2^?l" unfolding real_of_int_mult times_divide_eq_left real_of_int_power real_numeral .
-also have "\<dots> < 1 * 2^?l" using `real x / real y < 1` by (rule mult_strict_right_mono, auto)
-finally have "?X div y < 2^?l" unfolding real_of_int_less_iff[of _ "2^?l", symmetric] by auto
-hence "?X div y + 1 \<le> 2^?l" by auto
-hence "real (?X div y + 1) * inverse (2^?l) \<le> 2^?l * inverse (2^?l)"
-unfolding real_of_int_le_iff[of _ "2^?l", symmetric] real_of_int_power real_numeral
-by (rule mult_right_mono, auto)
-hence "real (?X div y + 1) * inverse (2^?l) \<le> 1" by auto
-thus ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
-unfolding pow2_minus pow2_int minus_minus by auto
-qed
-qed
-lemma zdiv_greater_zero: fixes a b :: int assumes "0 < a" and "a \<le> b"
-shows "0 < b div a"
-proof (rule ccontr)
-have "0 \<le> b" using assms by auto
-assume "\<not> 0 < b div a" hence "b div a = 0" using `0 \<le> b`[unfolded pos_imp_zdiv_nonneg_iff[OF `0<a`, of b, symmetric]] by auto
-have "b = a * (b div a) + b mod a" by auto
-hence "b = b mod a" unfolding `b div a = 0` by auto
-hence "b < a" using `0 < a`[THEN pos_mod_bound, of b] by auto
-thus False using `a \<le> b` by auto
 qed
 lemma rapprox_posrat_less1: assumes "0 \<le> x" and "0 < y" and "2 * x < y" and "0 < n"
 shows "real (rapprox_posrat n x y) < 1"
-proof (cases "x = 0")
+proof -
-case True thus ?thesis unfolding rapprox_posrat_def True Let_def normfloat real_of_float_simp by auto
+have powr1: "2 powr real (rat_precision n (int x) (int y)) =
+2 ^ nat (rat_precision n (int x) (int y))" using rat_precision_pos[of x y n] assms
+by (simp add: powr_realpow[symmetric])
+have "x * 2 powr real (rat_precision n (int x) (int y)) / y = (x / y) *
+2 powr real (rat_precision n (int x) (int y))" by simp
+also have "... < (1 / 2) * 2 powr real (rat_precision n (int x) (int y))"
+apply (rule mult_strict_right_mono) by (insert assms) auto
+also have "\<dots> = 2 powr real (rat_precision n (int x) (int y) - 1)"
+by (simp add: powr_add diff_def powr_neg_numeral)
+also have "\<dots> = 2 ^ nat (rat_precision n (int x) (int y) - 1)"
+using rat_precision_pos[of x y n] assms by (simp add: powr_realpow[symmetric])
+also have "\<dots> \<le> 2 ^ nat (rat_precision n (int x) (int y)) - 1"
+unfolding int_of_reals real_of_int_le_iff
+using rat_precision_pos[OF assms] by (rule power_aux)
+finally show ?thesis unfolding rapprox_posrat_def
+apply (simp add: round_up_def)
+apply (simp add: round_up_def field_simps powr_minus inverse_eq_divide)
+unfolding powr1
+unfolding int_of_reals real_of_int_less_iff
+unfolding ceiling_less_eq using rat_precision_pos[of x y n] assms apply simp done
+qed
+definition lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" where
+"lapprox_rat prec x y = float_of (round_down (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y))"
+lemma compute_lapprox_rat[code]:
+"lapprox_rat prec x y =
+(if y = 0 then 0
+else if 0 \<le> x then
+(if 0 < y then lapprox_posrat prec (nat x) (nat y)
+else - (rapprox_posrat prec (nat x) (nat (-y))))
+else (if 0 < y
+then - (rapprox_posrat prec (nat (-x)) (nat y))
+else lapprox_posrat prec (nat (-x)) (nat (-y))))"
+apply (cases "y = 0")
+apply (simp add: lapprox_posrat_def rapprox_posrat_def round_down_def lapprox_rat_def)
+apply (auto simp: lapprox_rat_def lapprox_posrat_def rapprox_posrat_def round_up_def round_down_def
+ceiling_def real_of_float_uminus[symmetric] ac_simps int_of_reals simp del: real_of_ints)
+apply (auto simp: ac_simps)
+done
+definition rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float" where
+"rapprox_rat prec x y = float_of (round_up (rat_precision prec \<bar>x\<bar> \<bar>y\<bar>) (x / y))"
+lemma compute_rapprox_rat[code]:
+"rapprox_rat prec x y =
+(if y = 0 then 0
+else if 0 \<le> x then
+(if 0 < y then rapprox_posrat prec (nat x) (nat y)
+else - (lapprox_posrat prec (nat x) (nat (-y))))
+else (if 0 < y
+then - (lapprox_posrat prec (nat (-x)) (nat y))
+else rapprox_posrat prec (nat (-x)) (nat (-y))))"
+apply (cases "y = 0", simp add: lapprox_posrat_def rapprox_posrat_def round_up_def rapprox_rat_def)
+apply (auto simp: rapprox_rat_def lapprox_posrat_def rapprox_posrat_def round_up_def round_down_def
+ceiling_def real_of_float_uminus[symmetric] ac_simps int_of_reals simp del: real_of_ints)
+apply (auto simp: ac_simps)
+done
+subsection {* Division *}
+definition div_precision
+where "div_precision prec x y =
+rat_precision prec \<bar>mantissa x\<bar> \<bar>mantissa y\<bar> - exponent x + exponent y"
+definition float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
+where "float_divl prec a b =
+float_of (round_down (div_precision prec a b) (a / b))"
+lemma compute_float_divl[code]:
+fixes m1 s1 m2 s2
+defines "f1 \<equiv> Float m1 s1" and "f2 \<equiv> Float m2 s2"
+shows "float_divl prec f1 f2 = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
+proof cases
+assume "f1 \<noteq> 0 \<and> f2 \<noteq> 0"
+then have "f1 \<noteq> float_of 0" "f2 \<noteq> float_of 0" by auto
+with mantissa_not_dvd[of f1] mantissa_not_dvd[of f2]
+have "mantissa f1 \<noteq> 0" "mantissa f2 \<noteq> 0"
+by (auto simp add: dvd_def)
+then have pos: "0 < \<bar>mantissa f1\<bar>" "0 < \<bar>mantissa f2\<bar>"
+by simp_all
+moreover from f1_def[THEN denormalize_shift, OF `f1 \<noteq> float_of 0`] guess i . note i = this
+moreover from f2_def[THEN denormalize_shift, OF `f2 \<noteq> float_of 0`] guess j . note j = this
+moreover have "(real (mantissa f1) * 2 ^ i / (real (mantissa f2) * 2 ^ j))
+= (real (mantissa f1) / real (mantissa f2)) * 2 powr (int i - int j)"
+by (simp add: powr_divide2[symmetric] powr_realpow)
+moreover have "real f1 / real f2 = real (mantissa f1) / real (mantissa f2) * 2 powr real (exponent f1 - exponent f2)"
+unfolding mantissa_exponent by (simp add: powr_divide2[symmetric])
+moreover have "rat_precision prec (\<bar>mantissa f1\<bar> * 2 ^ i) (\<bar>mantissa f2\<bar> * 2 ^ j) =
+rat_precision prec \<bar>mantissa f1\<bar> \<bar>mantissa f2\<bar> + j - i"
+using pos by (simp add: rat_precision_def)
+ultimately show ?thesis
+unfolding float_divl_def lapprox_rat_def div_precision_def
+by (simp add: abs_mult round_down_shift powr_divide2[symmetric]
+del: int_nat_eq real_of_int_diff times_divide_eq_left )
+(simp add: field_simps powr_divide2[symmetric] powr_add)
 next
-case False hence "0 < x" using `0 \<le> x` by auto
+assume "\<not> (f1 \<noteq> 0 \<and> f2 \<noteq> 0)" then show ?thesis
-hence "x < y" using assms by auto
+by (auto simp add: float_divl_def f1_def f2_def lapprox_rat_def)
+qed
-let ?l = "nat (int n + bitlen y - bitlen x)" let ?X = "x * 2^?l"
-show ?thesis
+definition float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
-proof (cases "?X mod y = 0")
+where "float_divr prec a b =
-case True hence "y dvd ?X" using `0 < y` by auto
+float_of (round_up (div_precision prec a b) (a / b))"
-from real_of_int_div[OF this]
-have "real (?X div y) * inverse (2 ^ ?l) = real ?X / real y * inverse (2 ^ ?l)" by auto
+lemma compute_float_divr[code]:
-also have "\<dots> = real x / real y * (2^?l * inverse (2^?l))" by auto
+fixes m1 s1 m2 s2
-finally have "real (?X div y) * inverse (2^?l) = real x / real y" by auto
+defines "f1 \<equiv> Float m1 s1" and "f2 \<equiv> Float m2 s2"
-also have "real x / real y < 1" using `0 \<le> x` and `0 < y` and `x < y` by auto
+shows "float_divr prec f1 f2 = rapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
-finally show ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_P[OF True]
+proof cases
-unfolding pow2_minus pow2_int minus_minus by auto
+assume "f1 \<noteq> 0 \<and> f2 \<noteq> 0"
-next
+then have "f1 \<noteq> float_of 0" "f2 \<noteq> float_of 0" by auto
-case False
+with mantissa_not_dvd[of f1] mantissa_not_dvd[of f2]
-hence "(real x / real y) < 1 / 2" using `0 < y` and `0 \<le> x` `2 * x < y` by auto
+have "mantissa f1 \<noteq> 0" "mantissa f2 \<noteq> 0"
+by (auto simp add: dvd_def)
-have "0 < ?X div y"
+then have pos: "0 < \<bar>mantissa f1\<bar>" "0 < \<bar>mantissa f2\<bar>"
-proof -
+by simp_all
-have "2^nat (bitlen x - 1) \<le> y" and "y < 2^nat (bitlen y)"
+moreover from f1_def[THEN denormalize_shift, OF `f1 \<noteq> float_of 0`] guess i . note i = this
-using bitlen_bounds[OF `0 < x`, THEN conjunct1] bitlen_bounds[OF `0 < y`, THEN conjunct2] `x < y` by auto
+moreover from f2_def[THEN denormalize_shift, OF `f2 \<noteq> float_of 0`] guess j . note j = this
-hence "(2::int)^nat (bitlen x - 1) < 2^nat (bitlen y)" by (rule order_le_less_trans)
+moreover have "(real (mantissa f1) * 2 ^ i / (real (mantissa f2) * 2 ^ j))
-hence "bitlen x \<le> bitlen y" by auto
+= (real (mantissa f1) / real (mantissa f2)) * 2 powr (int i - int j)"
-hence len_less: "nat (bitlen x - 1) \<le> nat (int (n - 1) + bitlen y)" by auto
+by (simp add: powr_divide2[symmetric] powr_realpow)
+moreover have "real f1 / real f2 = real (mantissa f1) / real (mantissa f2) * 2 powr real (exponent f1 - exponent f2)"
-have "x \<noteq> 0" and "y \<noteq> 0" using `0 < x` `0 < y` by auto
+unfolding mantissa_exponent by (simp add: powr_divide2[symmetric])
+moreover have "rat_precision prec (\<bar>mantissa f1\<bar> * 2 ^ i) (\<bar>mantissa f2\<bar> * 2 ^ j) =
-have exp_eq: "nat (int (n - 1) + bitlen y) - nat (bitlen x - 1) = ?l"
+rat_precision prec \<bar>mantissa f1\<bar> \<bar>mantissa f2\<bar> + j - i"
-using `bitlen x \<le> bitlen y` bitlen_ge1[OF `x \<noteq> 0`] bitlen_ge1[OF `y \<noteq> 0`] `0 < n` by auto
+using pos by (simp add: rat_precision_def)
+ultimately show ?thesis
-have "y * 2^nat (bitlen x - 1) \<le> y * x"
+unfolding float_divr_def rapprox_rat_def div_precision_def
-using bitlen_bounds[OF `0 < x`, THEN conjunct1] `0 < y`[THEN less_imp_le] by (rule mult_left_mono)
+by (simp add: abs_mult round_up_shift powr_divide2[symmetric]
-also have "\<dots> \<le> 2^nat (bitlen y) * x" using bitlen_bounds[OF `0 < y`, THEN conjunct2, THEN less_imp_le] `0 \<le> x` by (rule mult_right_mono)
+del: int_nat_eq real_of_int_diff times_divide_eq_left)
-also have "\<dots> \<le> x * 2^nat (int (n - 1) + bitlen y)" unfolding mult_commute[of x] by (rule mult_right_mono, auto simp add: `0 \<le> x`)
+(simp add: field_simps powr_divide2[symmetric] powr_add)
-finally have "real y * 2^nat (bitlen x - 1) * inverse (2^nat (bitlen x - 1)) \<le> real x * 2^nat (int (n - 1) + bitlen y) * inverse (2^nat (bitlen x - 1))"
+next
-unfolding real_of_int_le_iff[symmetric] by auto
+assume "\<not> (f1 \<noteq> 0 \<and> f2 \<noteq> 0)" then show ?thesis
-hence "real y \<le> real x * (2^nat (int (n - 1) + bitlen y) / (2^nat (bitlen x - 1)))"
+by (auto simp add: float_divr_def f1_def f2_def rapprox_rat_def)
-unfolding mult_assoc divide_inverse by auto
+qed
-also have "\<dots> = real x * (2^(nat (int (n - 1) + bitlen y) - nat (bitlen x - 1)))" using power_diff[of "2::real", OF _ len_less] by auto
-finally have "y \<le> x * 2^?l" unfolding exp_eq unfolding real_of_int_le_iff[symmetric] by auto
+subsection {* Lemmas needed by Approximate *}
-thus ?thesis using zdiv_greater_zero[OF `0 < y`] by auto
-qed
+declare one_float_def[simp del] zero_float_def[simp del]
-from real_of_int_div4[of "?X" y]
+lemma Float_num[simp]: shows
-have "real (?X div y) \<le> (real x / real y) * 2^?l" unfolding real_of_int_mult times_divide_eq_left real_of_int_power real_numeral .
+"real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and
-also have "\<dots> < 1/2 * 2^?l" using `real x / real y < 1/2` by (rule mult_strict_right_mono, auto)
+"real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and
-finally have "?X div y * 2 < 2^?l" unfolding real_of_int_less_iff[of _ "2^?l", symmetric] by auto
+"real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"
-hence "?X div y + 1 < 2^?l" using `0 < ?X div y` by auto
+using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"] two_powr_int_float[of "-3"]
-hence "real (?X div y + 1) * inverse (2^?l) < 2^?l * inverse (2^?l)"
+using powr_realpow[of 2 2] powr_realpow[of 2 3]
-unfolding real_of_int_less_iff[of _ "2^?l", symmetric] real_of_int_power real_numeral
+using powr_minus[of 2 1] powr_minus[of 2 2] powr_minus[of 2 3]
-by (rule mult_strict_right_mono, auto)
+by auto
-hence "real (?X div y + 1) * inverse (2^?l) < 1" by auto
-thus ?thesis unfolding rapprox_posrat_def Let_def normfloat real_of_float_simp if_not_P[OF False]
+lemma real_of_Float_int[simp]: "real (Float n 0) = real n" by simp
-unfolding pow2_minus pow2_int minus_minus by auto
-qed
+lemma float_zero[simp]: "real (Float 0 e) = 0" by simp
-qed
+lemma abs_div_2_less: "a \<noteq> 0 \<Longrightarrow> a \<noteq> -1 \<Longrightarrow> abs((a::int) div 2) < abs a"
-lemma approx_rat_pattern: fixes P and ps :: "nat * int * int"
+by arith
-assumes Y: "\<And>y prec x. \<lbrakk>y = 0; ps = (prec, x, 0)\<rbrakk> \<Longrightarrow> P"
-and A: "\<And>x y prec. \<lbrakk>0 \<le> x; 0 < y; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
+lemma lapprox_rat:
-and B: "\<And>x y prec. \<lbrakk>x < 0; 0 < y; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
+shows "real (lapprox_rat prec x y) \<le> real x / real y"
-and C: "\<And>x y prec. \<lbrakk>x < 0; y < 0; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
+using round_down by (simp add: lapprox_rat_def)
-and D: "\<And>x y prec. \<lbrakk>0 \<le> x; y < 0; ps = (prec, x, y)\<rbrakk> \<Longrightarrow> P"
-shows P
+lemma mult_div_le: fixes a b:: int assumes "b > 0" shows "a \<ge> b * (a div b)"
 proof -
-obtain prec x y where [simp]: "ps = (prec, x, y)" by (cases ps) auto
+from zmod_zdiv_equality'[of a b]
-from Y have "y = 0 \<Longrightarrow> P" by auto
+have "a = b * (a div b) + a mod b" by simp
-moreover {
+also have "... \<ge> b * (a div b) + 0" apply (rule add_left_mono) apply (rule pos_mod_sign)
-assume "0 < y"
+using assms by simp
-have P
+finally show ?thesis by simp
-proof (cases "0 \<le> x")
+qed
-case True
-with A and `0 < y` show P by auto
+lemma lapprox_rat_nonneg:
-next
+fixes n x y
-case False
+defines "p == int n - ((bitlen \<bar>x\<bar>) - (bitlen \<bar>y\<bar>))"
-with B and `0 < y` show P by auto
+assumes "0 \<le> x" "0 < y"
-qed
+shows "0 \<le> real (lapprox_rat n x y)"
-}
+using assms unfolding lapprox_rat_def p_def[symmetric] round_down_def real_of_int_minus[symmetric]
-moreover {
+powr_int[of 2, simplified]
-assume "y < 0"
+by (auto simp add: inverse_eq_divide intro!: mult_nonneg_nonneg divide_nonneg_pos mult_pos_pos)
-have P
-proof (cases "0 \<le> x")
+lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
-case True
+using round_up by (simp add: rapprox_rat_def)
-with D and `y < 0` show P by auto
-next
+lemma rapprox_rat_le1:
-case False
+fixes n x y
-with C and `y < 0` show P by auto
+assumes xy: "0 \<le> x" "0 < y" "x \<le> y"
-qed
+shows "real (rapprox_rat n x y) \<le> 1"
-}
+proof -
-ultimately show P by (cases "y = 0 \<or> 0 < y \<or> y < 0") auto
+have "bitlen \<bar>x\<bar> \<le> bitlen \<bar>y\<bar>"
-qed
+using xy unfolding bitlen_def by (auto intro!: floor_mono)
+then have "0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>" by (simp add: rat_precision_def)
-function lapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
+have "real \<lceil>real x / real y * 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>
-where
+\<le> real \<lceil>2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)\<rceil>"
-"y = 0 \<Longrightarrow> lapprox_rat prec x y = 0"
+using xy by (auto intro!: ceiling_mono simp: field_simps)
-| "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> lapprox_rat prec x y = lapprox_posrat prec x y"
+also have "\<dots> = 2 powr real (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"
-| "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> lapprox_rat prec x y = - (rapprox_posrat prec (-x) y)"
+using `0 \<le> rat_precision n \<bar>x\<bar> \<bar>y\<bar>`
-| "x < 0 \<Longrightarrow> y < 0 \<Longrightarrow> lapprox_rat prec x y = lapprox_posrat prec (-x) (-y)"
+by (auto intro!: exI[of _ "2^nat (rat_precision n \<bar>x\<bar> \<bar>y\<bar>)"] simp: powr_int)
-| "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> lapprox_rat prec x y = - (rapprox_posrat prec x (-y))"
+finally show ?thesis
-apply simp_all by (rule approx_rat_pattern)
+by (simp add: rapprox_rat_def round_up_def)
-termination by lexicographic_order
+(simp add: powr_minus inverse_eq_divide)
+qed
-lemma compute_lapprox_rat[code]:
-"lapprox_rat prec x y = (if y = 0 then 0 else if 0 \<le> x then (if 0 < y then lapprox_posrat prec x y else - (rapprox_posrat prec x (-y)))
+lemma rapprox_rat_nonneg_neg:
-else (if 0 < y then - (rapprox_posrat prec (-x) y) else lapprox_posrat prec (-x) (-y)))"
+"0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
-by auto
+unfolding rapprox_rat_def round_up_def
+by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)
-lemma lapprox_rat: "real (lapprox_rat prec x y) \<le> real x / real y"
-proof -
+lemma rapprox_rat_neg:
-have h[rule_format]: "! a b b'. b' \<le> b \<longrightarrow> a \<le> b' \<longrightarrow> a \<le> (b::real)" by auto
+"x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
-show ?thesis
+unfolding rapprox_rat_def round_up_def
-apply (case_tac "y = 0")
+by (auto simp: field_simps mult_le_0_iff)
+lemma rapprox_rat_nonpos_pos:
+"x \<le> 0 \<Longrightarrow> 0 < y \<Longrightarrow> real (rapprox_rat n x y) \<le> 0"
+unfolding rapprox_rat_def round_up_def
+by (auto simp: field_simps mult_le_0_iff)
+lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
+using round_down by (simp add: float_divl_def)
+lemma float_divl_lower_bound:
+fixes x y prec
+defines "p == rat_precision prec \<bar>mantissa x\<bar> \<bar>mantissa y\<bar> - exponent x + exponent y"
+assumes xy: "0 \<le> x" "0 < y" shows "0 \<le> real (float_divl prec x y)"
+using xy unfolding float_divl_def p_def[symmetric] round_down_def
+by (simp add: zero_le_mult_iff zero_le_divide_iff less_eq_float_def less_float_def)
+lemma exponent_1: "exponent 1 = 0"
+using exponent_float[of 1 0] by (simp add: one_float_def)
+lemma mantissa_1: "mantissa 1 = 1"
+using mantissa_float[of 1 0] by (simp add: one_float_def)
+lemma bitlen_1: "bitlen 1 = 1"
+by (simp add: bitlen_def)
+lemma mantissa_eq_zero_iff: "mantissa x = 0 \<longleftrightarrow> x = 0"
+proof
+assume "mantissa x = 0" hence z: "0 = real x" using mantissa_exponent by simp
+show "x = 0" by (simp add: zero_float_def z)
+qed (simp add: zero_float_def)
+lemma float_upper_bound: "x \<le> 2 powr (bitlen \<bar>mantissa x\<bar> + exponent x)"
+proof (cases "x = 0", simp)
+assume "x \<noteq> 0" hence "mantissa x \<noteq> 0" using mantissa_eq_zero_iff by auto
+have "x = mantissa x * 2 powr (exponent x)" by (rule mantissa_exponent)
+also have "mantissa x \<le> \<bar>mantissa x\<bar>" by simp
+also have "... \<le> 2 powr (bitlen \<bar>mantissa x\<bar>)"
+using bitlen_bounds[of "\<bar>mantissa x\<bar>"] bitlen_nonneg `mantissa x \<noteq> 0`
+by (simp add: powr_int) (simp only: two_real_int int_of_reals real_of_int_abs[symmetric]
+real_of_int_le_iff less_imp_le)
+finally show ?thesis by (simp add: powr_add)
+qed
+lemma float_divl_pos_less1_bound:
+assumes "0 < real x" and "real x < 1" and "prec \<ge> 1"
+shows "1 \<le> real (float_divl prec 1 x)"
+proof cases
+assume nonneg: "div_precision prec 1 x \<ge> 0"
+hence "2 powr real (div_precision prec 1 x) =
+floor (real ((2::int) ^ nat (div_precision prec 1 x))) * floor (1::real)"
+by (simp add: powr_int del: real_of_int_power) simp
+also have "floor (1::real) \<le> floor (1 / x)" using assms by simp
+also have "floor (real ((2::int) ^ nat (div_precision prec 1 x))) * floor (1 / x) \<le>
+floor (real ((2::int) ^ nat (div_precision prec 1 x)) * (1 / x))"
+by (rule le_mult_floor) (auto simp: assms less_imp_le)
+finally have "2 powr real (div_precision prec 1 x) <=
+floor (2 powr nat (div_precision prec 1 x) / x)" by (simp add: powr_realpow)
+thus ?thesis
+using assms nonneg
+unfolding float_divl_def round_down_def
+by simp (simp add: powr_minus inverse_eq_divide)
+next
+assume neg: "\<not> 0 \<le> div_precision prec 1 x"
+have "1 \<le> 1 * 2 powr (prec - 1)" using assms by (simp add: powr_realpow)
+also have "... \<le> 2 powr (bitlen \<bar>mantissa x\<bar> + exponent x) / x * 2 powr (prec - 1)"
+apply (rule mult_mono) using assms float_upper_bound
+by (auto intro!: divide_nonneg_pos)
+also have "2 powr (bitlen \<bar>mantissa x\<bar> + exponent x) / x * 2 powr (prec - 1) =
+2 powr real (div_precision prec 1 x) / real x"
+using assms
+apply (simp add: div_precision_def rat_precision_def diff_diff_eq2
+mantissa_1 exponent_1 bitlen_1 powr_add powr_minus real_of_nat_diff)
+apply (simp only: diff_def powr_add)
 apply simp
-apply (case_tac "0 \<le> x \<and> 0 < y")
-apply (simp add: lapprox_posrat)
-apply (case_tac "x < 0 \<and> 0 < y")
-apply simp
-apply (subst minus_le_iff)
-apply (rule h[OF rapprox_posrat])
-apply (simp_all)
-apply (case_tac "x < 0 \<and> y < 0")
-apply simp
-apply (rule h[OF _ lapprox_posrat])
-apply (simp_all)
-apply (case_tac "0 \<le> x \<and> y < 0")
-apply (simp)
-apply (subst minus_le_iff)
-apply (rule h[OF rapprox_posrat])
-apply simp_all
-apply arith
 done
-qed
+finally have "1 \<le> \<lfloor>2 powr real (div_precision prec 1 x) / real x\<rfloor>"
+using floor_mono[of "1::real"] by simp thm mult_mono
-lemma lapprox_rat_bottom: assumes "0 \<le> x" and "0 < y"
+hence "1 \<le> real \<lfloor>2 powr real (div_precision prec 1 x) / real x\<rfloor>"
-shows "real (x div y) \<le> real (lapprox_rat n x y)"
+by (metis floor_real_of_int one_le_floor)
-unfolding lapprox_rat.simps(2)[OF assms]  using lapprox_posrat_bottom[OF `0<y`] .
+hence "1 * 1 \<le>
+real \<lfloor>2 powr real (div_precision prec 1 x) / real x\<rfloor> * 2 powr - real (div_precision prec 1 x)"
-function rapprox_rat :: "nat \<Rightarrow> int \<Rightarrow> int \<Rightarrow> float"
+apply (rule mult_mono)
-where
+using assms neg
-"y = 0 \<Longrightarrow> rapprox_rat prec x y = 0"
+by (auto intro: divide_nonneg_pos mult_nonneg_nonneg simp: real_of_int_minus[symmetric] powr_int simp del: real_of_int_minus) find_theorems "real (- _)"
-| "0 \<le> x \<Longrightarrow> 0 < y \<Longrightarrow> rapprox_rat prec x y = rapprox_posrat prec x y"
+thus ?thesis
-| "x < 0 \<Longrightarrow> 0 < y \<Longrightarrow> rapprox_rat prec x y = - (lapprox_posrat prec (-x) y)"
+using assms neg
-| "x < 0 \<Longrightarrow> y < 0 \<Longrightarrow> rapprox_rat prec x y = rapprox_posrat prec (-x) (-y)"
+unfolding float_divl_def round_down_def
-| "0 \<le> x \<Longrightarrow> y < 0 \<Longrightarrow> rapprox_rat prec x y = - (lapprox_posrat prec x (-y))"
+by simp
-apply simp_all by (rule approx_rat_pattern)
+qed
-termination by lexicographic_order
-lemma compute_rapprox_rat[code]:
-"rapprox_rat prec x y = (if y = 0 then 0 else if 0 \<le> x then (if 0 < y then rapprox_posrat prec x y else - (lapprox_posrat prec x (-y))) else
-(if 0 < y then - (lapprox_posrat prec (-x) y) else rapprox_posrat prec (-x) (-y)))"
-by auto
-lemma rapprox_rat: "real x / real y \<le> real (rapprox_rat prec x y)"
-proof -
-have h[rule_format]: "! a b b'. b' \<le> b \<longrightarrow> a \<le> b' \<longrightarrow> a \<le> (b::real)" by auto
-show ?thesis
-apply (case_tac "y = 0")
-apply simp
-apply (case_tac "0 \<le> x \<and> 0 < y")
-apply (simp add: rapprox_posrat)
-apply (case_tac "x < 0 \<and> 0 < y")
-apply simp
-apply (subst le_minus_iff)
-apply (rule h[OF _ lapprox_posrat])
-apply (simp_all)
-apply (case_tac "x < 0 \<and> y < 0")
-apply simp
-apply (rule h[OF rapprox_posrat])
-apply (simp_all)
-apply (case_tac "0 \<le> x \<and> y < 0")
-apply (simp)
-apply (subst le_minus_iff)
-apply (rule h[OF _ lapprox_posrat])
-apply simp_all
-apply arith
-done
-qed
-lemma rapprox_rat_le1: assumes "0 \<le> x" and "0 < y" and "x \<le> y"
-shows "real (rapprox_rat n x y) \<le> 1"
-unfolding rapprox_rat.simps(2)[OF `0 \<le> x` `0 < y`] using rapprox_posrat_le1[OF assms] .
-lemma rapprox_rat_neg: assumes "x < 0" and "0 < y"
-shows "real (rapprox_rat n x y) \<le> 0"
-unfolding rapprox_rat.simps(3)[OF assms] using lapprox_posrat_nonneg[of "-x" y n] assms by auto
-lemma rapprox_rat_nonneg_neg: assumes "0 \<le> x" and "y < 0"
-shows "real (rapprox_rat n x y) \<le> 0"
-unfolding rapprox_rat.simps(5)[OF assms] using lapprox_posrat_nonneg[of x "-y" n] assms by auto
-lemma rapprox_rat_nonpos_pos: assumes "x \<le> 0" and "0 < y"
-shows "real (rapprox_rat n x y) \<le> 0"
-proof (cases "x = 0")
-case True
-hence "0 \<le> x" by auto show ?thesis
-unfolding rapprox_rat.simps(2)[OF `0 \<le> x` `0 < y`]
-unfolding True rapprox_posrat_def Let_def
-by auto
-next
-case False
-hence "x < 0" using assms by auto
-show ?thesis using rapprox_rat_neg[OF `x < 0` `0 < y`] .
-qed
-fun float_divl :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
-where
-"float_divl prec (Float m1 s1) (Float m2 s2) =
-(let
-l = lapprox_rat prec m1 m2;
-f = Float 1 (s1 - s2)
-in
-f * l)"
-lemma float_divl: "real (float_divl prec x y) \<le> real x / real y"
-using lapprox_rat[of prec "mantissa x" "mantissa y"]
-by (cases x y rule: float.exhaust[case_product float.exhaust])
-(simp split: split_if_asm
-add: real_of_float_simp pow2_diff field_simps le_divide_eq mult_less_0_iff zero_less_mult_iff)
-lemma float_divl_lower_bound: assumes "0 \<le> x" and "0 < y" shows "0 \<le> float_divl prec x y"
-proof (cases x, cases y)
-fix xm xe ym ye :: int
-assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
-have "0 \<le> xm"
-using `0 \<le> x`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 zero_le_mult_iff]
-by auto
-have "0 < ym"
-using `0 < y`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff]
-by auto
-have "\<And>n. 0 \<le> real (Float 1 n)"
-unfolding real_of_float_simp using zero_le_pow2 by auto
-moreover have "0 \<le> real (lapprox_rat prec xm ym)"
-apply (rule order_trans[OF _ lapprox_rat_bottom[OF `0 \<le> xm` `0 < ym`]])
-apply (auto simp add: `0 \<le> xm` pos_imp_zdiv_nonneg_iff[OF `0 < ym`])
-done
-ultimately show "0 \<le> float_divl prec x y"
-unfolding x_eq y_eq float_divl.simps Let_def le_float_def real_of_float_0
-by (auto intro!: mult_nonneg_nonneg)
-qed
-lemma float_divl_pos_less1_bound:
-assumes "0 < x" and "x < 1" and "0 < prec"
-shows "1 \<le> float_divl prec 1 x"
-proof (cases x)
-case (Float m e)
-from `0 < x` `x < 1` have "0 < m" "e < 0"
-using float_pos_m_pos float_pos_less1_e_neg unfolding Float by auto
-let ?b = "nat (bitlen m)" and ?e = "nat (-e)"
-have "1 \<le> m" and "m \<noteq> 0" using `0 < m` by auto
-with bitlen_bounds[OF `0 < m`] have "m < 2^?b" and "(2::int) \<le> 2^?b" by auto
-hence "1 \<le> bitlen m" using power_le_imp_le_exp[of "2::int" 1 ?b] by auto
-hence pow_split: "nat (int prec + bitlen m - 1) = (prec - 1) + ?b" using `0 < prec` by auto
-have pow_not0: "\<And>x. (2::real)^x \<noteq> 0" by auto
-from float_less1_mantissa_bound `0 < x` `x < 1` Float
-have "m < 2^?e" by auto
-with bitlen_bounds[OF `0 < m`, THEN conjunct1] have "(2::int)^nat (bitlen m - 1) < 2^?e"
-by (rule order_le_less_trans)
-from power_less_imp_less_exp[OF _ this]
-have "bitlen m \<le> - e" by auto
-hence "(2::real)^?b \<le> 2^?e" by auto
-hence "(2::real)^?b * inverse (2^?b) \<le> 2^?e * inverse (2^?b)"
-by (rule mult_right_mono) auto
-hence "(1::real) \<le> 2^?e * inverse (2^?b)" by auto
-also
-let ?d = "real (2 ^ nat (int prec + bitlen m - 1) div m) * inverse (2 ^ nat (int prec + bitlen m - 1))"
-{
-have "2^(prec - 1) * m \<le> 2^(prec - 1) * 2^?b"
-using `m < 2^?b`[THEN less_imp_le] by (rule mult_left_mono) auto
-also have "\<dots> = 2 ^ nat (int prec + bitlen m - 1)"
-unfolding pow_split power_add by auto
-finally have "2^(prec - 1) * m div m \<le> 2 ^ nat (int prec + bitlen m - 1) div m"
-using `0 < m` by (rule zdiv_mono1)
-hence "2^(prec - 1) \<le> 2 ^ nat (int prec + bitlen m - 1) div m"
-unfolding div_mult_self2_is_id[OF `m \<noteq> 0`] .
-hence "2^(prec - 1) * inverse (2 ^ nat (int prec + bitlen m - 1)) \<le> ?d"
-unfolding real_of_int_le_iff[of "2^(prec - 1)", symmetric] by auto
-}
-from mult_left_mono[OF this [unfolded pow_split power_add inverse_mult_distrib mult_assoc[symmetric] right_inverse[OF pow_not0] mult_1_left], of "2^?e"]
-have "2^?e * inverse (2^?b) \<le> 2^?e * ?d" unfolding pow_split power_add by auto
-finally have "1 \<le> 2^?e * ?d" .
-have e_nat: "0 - e = int (nat (-e))" using `e < 0` by auto
-have "bitlen 1 = 1" using bitlen.simps by auto
-show ?thesis
-unfolding one_float_def Float float_divl.simps Let_def
-lapprox_rat.simps(2)[OF zero_le_one `0 < m`]
-lapprox_posrat_def `bitlen 1 = 1`
-unfolding le_float_def real_of_float_mult normfloat real_of_float_simp
-pow2_minus pow2_int e_nat
-using `1 \<le> 2^?e * ?d` by (auto simp add: pow2_def)
-qed
-fun float_divr :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float"
-where
-"float_divr prec (Float m1 s1) (Float m2 s2) =
-(let
-r = rapprox_rat prec m1 m2;
-f = Float 1 (s1 - s2)
-in
-f * r)"
 lemma float_divr: "real x / real y \<le> real (float_divr prec x y)"
-using rapprox_rat[of "mantissa x" "mantissa y" prec]
+using round_up by (simp add: float_divr_def)
-by (cases x y rule: float.exhaust[case_product float.exhaust])
-(simp split: split_if_asm
-add: real_of_float_simp pow2_diff field_simps divide_le_eq mult_less_0_iff zero_less_mult_iff)
 lemma float_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 \<le> float_divr prec 1 x"
 proof -
 have "1 \<le> 1 / real x" using `0 < x` and `x < 1` unfolding less_float_def by auto
 also have "\<dots> \<le> real (float_divr prec 1 x)" using float_divr[where x=1 and y=x] by auto
-finally show ?thesis unfolding le_float_def by auto
+finally show ?thesis unfolding less_eq_float_def by auto
 qed
-lemma float_divr_nonpos_pos_upper_bound: assumes "x \<le> 0" and "0 < y" shows "float_divr prec x y \<le> 0"
+lemma float_divr_nonpos_pos_upper_bound:
-proof (cases x, cases y)
+assumes "real x \<le> 0" and "0 < real y"
-fix xm xe ym ye :: int
+shows "real (float_divr prec x y) \<le> 0"
-assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
+using assms
-have "xm \<le> 0" using `x \<le> 0`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 mult_le_0_iff] by auto
+unfolding float_divr_def round_up_def
-have "0 < ym" using `0 < y`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 zero_less_mult_iff] by auto
+by (auto simp: field_simps mult_le_0_iff divide_le_0_iff)
-have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
+lemma float_divr_nonneg_neg_upper_bound:
-moreover have "real (rapprox_rat prec xm ym) \<le> 0" using rapprox_rat_nonpos_pos[OF `xm \<le> 0` `0 < ym`] .
+assumes "0 \<le> real x" and "real y < 0"
-ultimately show "float_divr prec x y \<le> 0"
+shows "real (float_divr prec x y) \<le> 0"
-unfolding x_eq y_eq float_divr.simps Let_def le_float_def real_of_float_0 real_of_float_mult by (auto intro!: mult_nonneg_nonpos)
+using assms
-qed
+unfolding float_divr_def round_up_def
+by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff divide_le_0_iff)
-lemma float_divr_nonneg_neg_upper_bound: assumes "0 \<le> x" and "y < 0" shows "float_divr prec x y \<le> 0"
-proof (cases x, cases y)
+definition "round_prec p f = int p - (bitlen \<bar>mantissa f\<bar> + exponent f)"
-fix xm xe ym ye :: int
-assume x_eq: "x = Float xm xe" and y_eq: "y = Float ym ye"
+definition float_round_down :: "nat \<Rightarrow> float \<Rightarrow> float" where
-have "0 \<le> xm" using `0 \<le> x`[unfolded x_eq le_float_def real_of_float_simp real_of_float_0 zero_le_mult_iff] by auto
+"float_round_down prec f = float_of (round_down (round_prec prec f) f)"
-have "ym < 0" using `y < 0`[unfolded y_eq less_float_def real_of_float_simp real_of_float_0 mult_less_0_iff] by auto
-hence "0 < - ym" by auto
+definition float_round_up :: "nat \<Rightarrow> float \<Rightarrow> float" where
+"float_round_up prec f = float_of (round_up (round_prec prec f) f)"
-have "\<And>n. 0 \<le> real (Float 1 n)" unfolding real_of_float_simp using zero_le_pow2 by auto
-moreover have "real (rapprox_rat prec xm ym) \<le> 0" using rapprox_rat_nonneg_neg[OF `0 \<le> xm` `ym < 0`] .
+lemma compute_float_round_down[code]:
-ultimately show "float_divr prec x y \<le> 0"
+fixes prec m e
-unfolding x_eq y_eq float_divr.simps Let_def le_float_def real_of_float_0 real_of_float_mult by (auto intro!: mult_nonneg_nonpos)
+defines "d == bitlen (abs m) - int prec"
-qed
+defines "P == 2^nat d"
+defines "f == Float m e"
-primrec round_down :: "nat \<Rightarrow> float \<Rightarrow> float" where
+shows "float_round_down prec f = (let d = d in
-"round_down prec (Float m e) = (let d = bitlen m - int prec in
+if 0 < d then let P = P ; n = m div P in Float n (e + d)
-if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)
+else f)"
-else Float m e)"
+unfolding float_round_down_def float_down_def[symmetric]
+compute_float_down f_def Let_def P_def round_prec_def d_def bitlen_Float
-primrec round_up :: "nat \<Rightarrow> float \<Rightarrow> float" where
+by (simp add: field_simps)
-"round_up prec (Float m e) = (let d = bitlen m - int prec in
-if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P in Float (n + (if r = 0 then 0 else 1)) (e + d)
+lemma compute_float_round_up[code]:
-else Float m e)"
+fixes prec m e
+defines "d == bitlen (abs m) - int prec"
-lemma round_up: "real x \<le> real (round_up prec x)"
+defines "P == 2^nat d"
-proof (cases x)
+defines "f == Float m e"
-case (Float m e)
+shows "float_round_up prec f = (let d = d in
-let ?d = "bitlen m - int prec"
+if 0 < d then let P = P ; n = m div P ; r = m mod P in Float (n + (if r = 0 then 0 else 1)) (e + d)
-let ?p = "(2::int)^nat ?d"
+else f)"
-have "0 < ?p" by auto
+unfolding float_round_up_def float_up_def[symmetric]
-show "?thesis"
+compute_float_up f_def Let_def P_def round_prec_def d_def bitlen_Float
-proof (cases "0 < ?d")
+by (simp add: field_simps)
-case True
-hence pow_d: "pow2 ?d = real ?p" using pow2_int[symmetric] by simp
+lemma float_round_up: "real x \<le> real (float_round_up prec x)"
-show ?thesis
+using round_up
-proof (cases "m mod ?p = 0")
+by (simp add: float_round_up_def)
-case True
-have m: "m = m div ?p * ?p + 0" unfolding True[symmetric] using mod_div_equality [symmetric] .
+lemma float_round_down: "real (float_round_down prec x) \<le> real x"
-have "real (Float m e) = real (Float (m div ?p) (e + ?d))" unfolding real_of_float_simp arg_cong[OF m, of real]
+using round_down
-by (auto simp add: pow2_add `0 < ?d` pow_d)
+by (simp add: float_round_down_def)
-thus ?thesis
-unfolding Float round_up.simps Let_def if_P[OF `m mod ?p = 0`] if_P[OF `0 < ?d`]
+instantiation float :: lattice_ab_group_add
-by auto
-next
-case False
-have "m = m div ?p * ?p + m mod ?p" unfolding mod_div_equality ..
-also have "\<dots> \<le> (m div ?p + 1) * ?p" unfolding left_distrib mult_1 by (rule add_left_mono, rule pos_mod_bound[OF `0 < ?p`, THEN less_imp_le])
-finally have "real (Float m e) \<le> real (Float (m div ?p + 1) (e + ?d))" unfolding real_of_float_simp add_commute[of e]
-unfolding pow2_add mult_assoc[symmetric] real_of_int_le_iff[of m, symmetric]
-by (auto intro!: mult_mono simp add: pow2_add `0 < ?d` pow_d)
-thus ?thesis
-unfolding Float round_up.simps Let_def if_not_P[OF `\<not> m mod ?p = 0`] if_P[OF `0 < ?d`] .
-qed
-next
-case False
-show ?thesis
-unfolding Float round_up.simps Let_def if_not_P[OF False] ..
-qed
-qed
-lemma round_down: "real (round_down prec x) \<le> real x"
-proof (cases x)
-case (Float m e)
-let ?d = "bitlen m - int prec"
-let ?p = "(2::int)^nat ?d"
-have "0 < ?p" by auto
-show "?thesis"
-proof (cases "0 < ?d")
-case True
-hence pow_d: "pow2 ?d = real ?p" using pow2_int[symmetric] by simp
-have "m div ?p * ?p \<le> m div ?p * ?p + m mod ?p" by (auto simp add: pos_mod_bound[OF `0 < ?p`, THEN less_imp_le])
-also have "\<dots> \<le> m" unfolding mod_div_equality ..
-finally have "real (Float (m div ?p) (e + ?d)) \<le> real (Float m e)" unfolding real_of_float_simp add_commute[of e]
-unfolding pow2_add mult_assoc[symmetric] real_of_int_le_iff[of _ m, symmetric]
-by (auto intro!: mult_mono simp add: pow2_add `0 < ?d` pow_d)
-thus ?thesis
-unfolding Float round_down.simps Let_def if_P[OF `0 < ?d`] .
-next
-case False
-show ?thesis
-unfolding Float round_down.simps Let_def if_not_P[OF False] ..
-qed
-qed
-definition lb_mult :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
-"lb_mult prec x y =
-(case normfloat (x * y) of Float m e \<Rightarrow>
-let
-l = bitlen m - int prec
-in if l > 0 then Float (m div (2^nat l)) (e + l)
-else Float m e)"
-definition ub_mult :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
-"ub_mult prec x y =
-(case normfloat (x * y) of Float m e \<Rightarrow>
-let
-l = bitlen m - int prec
-in if l > 0 then Float (m div (2^nat l) + 1) (e + l)
-else Float m e)"
-lemma lb_mult: "real (lb_mult prec x y) \<le> real (x * y)"
-proof (cases "normfloat (x * y)")
-case (Float m e)
-hence "odd m \<or> (m = 0 \<and> e = 0)" by (rule normfloat_imp_odd_or_zero)
-let ?l = "bitlen m - int prec"
-have "real (lb_mult prec x y) \<le> real (normfloat (x * y))"
-proof (cases "?l > 0")
-case False thus ?thesis unfolding lb_mult_def Float Let_def float.cases by auto
-next
-case True
-have "real (m div 2^(nat ?l)) * pow2 ?l \<le> real m"
-proof -
-have "real (m div 2^(nat ?l)) * pow2 ?l = real (2^(nat ?l) * (m div 2^(nat ?l)))" unfolding real_of_int_mult real_of_int_power real_numeral unfolding pow2_int[symmetric]
-using `?l > 0` by auto
-also have "\<dots> \<le> real (2^(nat ?l) * (m div 2^(nat ?l)) + m mod 2^(nat ?l))" unfolding real_of_int_add by auto
-also have "\<dots> = real m" unfolding zmod_zdiv_equality[symmetric] ..
-finally show ?thesis by auto
-qed
-thus ?thesis unfolding lb_mult_def Float Let_def float.cases if_P[OF True] real_of_float_simp pow2_add mult_commute mult_assoc by auto
-qed
-also have "\<dots> = real (x * y)" unfolding normfloat ..
-finally show ?thesis .
-qed
-lemma ub_mult: "real (x * y) \<le> real (ub_mult prec x y)"
-proof (cases "normfloat (x * y)")
-case (Float m e)
-hence "odd m \<or> (m = 0 \<and> e = 0)" by (rule normfloat_imp_odd_or_zero)
-let ?l = "bitlen m - int prec"
-have "real (x * y) = real (normfloat (x * y))" unfolding normfloat ..
-also have "\<dots> \<le> real (ub_mult prec x y)"
-proof (cases "?l > 0")
-case False thus ?thesis unfolding ub_mult_def Float Let_def float.cases by auto
-next
-case True
-have "real m \<le> real (m div 2^(nat ?l) + 1) * pow2 ?l"
-proof -
-have "m mod 2^(nat ?l) < 2^(nat ?l)" by (rule pos_mod_bound) auto
-hence mod_uneq: "real (m mod 2^(nat ?l)) \<le> 1 * 2^(nat ?l)" unfolding mult_1 real_of_int_less_iff[symmetric] by auto
-have "real m = real (2^(nat ?l) * (m div 2^(nat ?l)) + m mod 2^(nat ?l))" unfolding zmod_zdiv_equality[symmetric] ..
-also have "\<dots> = real (m div 2^(nat ?l)) * 2^(nat ?l) + real (m mod 2^(nat ?l))" unfolding real_of_int_add by auto
-also have "\<dots> \<le> (real (m div 2^(nat ?l)) + 1) * 2^(nat ?l)" unfolding left_distrib using mod_uneq by auto
-finally show ?thesis unfolding pow2_int[symmetric] using True by auto
-qed
-thus ?thesis unfolding ub_mult_def Float Let_def float.cases if_P[OF True] real_of_float_simp pow2_add mult_commute mult_assoc by auto
-qed
-finally show ?thesis .
-qed
-primrec float_abs :: "float \<Rightarrow> float" where
-"float_abs (Float m e) = Float \<bar>m\<bar> e"
-instantiation float :: abs
 begin
-definition abs_float_def: "\<bar>x\<bar> = float_abs x"
-instance ..
+definition inf_float::"float\<Rightarrow>float\<Rightarrow>float"
+where "inf_float a b = min a b"
+definition sup_float::"float\<Rightarrow>float\<Rightarrow>float"
+where "sup_float a b = max a b"
+instance
+proof
+fix x y :: float show "inf x y \<le> x" unfolding inf_float_def by simp
+show "inf x y \<le> y" unfolding inf_float_def by simp
+show "x \<le> sup x y" unfolding sup_float_def by simp
+show "y \<le> sup x y" unfolding sup_float_def by simp
+fix z::float
+assume "x \<le> y" "x \<le> z" thus "x \<le> inf y z" unfolding inf_float_def by simp
+next fix x y z :: float
+assume "y \<le> x" "z \<le> x" thus "sup y z \<le> x" unfolding sup_float_def by simp
+qed
 end
-lemma real_of_float_abs: "real \<bar>x :: float\<bar> = \<bar>real x\<bar>"
+lemma Float_le_zero_iff: "Float a b \<le> 0 \<longleftrightarrow> a \<le> 0"
-proof (cases x)
+apply (auto simp: zero_float_def mult_le_0_iff)
-case (Float m e)
+using powr_gt_zero[of 2 b] by simp
-have "\<bar>real m\<bar> * pow2 e = \<bar>real m * pow2 e\<bar>" unfolding abs_mult by auto
-thus ?thesis unfolding Float abs_float_def float_abs.simps real_of_float_simp by auto
+(* TODO: how to use as code equation? -> pprt_float?! *)
-qed
+lemma compute_pprt[code]: "pprt (Float a e) = (if a <= 0 then 0 else (Float a e))"
+unfolding pprt_def sup_float_def max_def Float_le_zero_iff ..
-primrec floor_fl :: "float \<Rightarrow> float" where
-"floor_fl (Float m e) = (if 0 \<le> e then Float m e
+(* TODO: how to use as code equation? *)
+lemma compute_nprt[code]: "nprt (Float a e) = (if a <= 0 then (Float a e) else 0)"
+unfolding nprt_def inf_float_def min_def Float_le_zero_iff ..
+lemma of_float_pprt[simp]: fixes a::float shows "real (pprt a) = pprt (real a)"
+unfolding pprt_def sup_float_def max_def sup_real_def by (auto simp: less_eq_float_def)
+lemma of_float_nprt[simp]: fixes a::float shows "real (nprt a) = nprt (real a)"
+unfolding nprt_def inf_float_def min_def inf_real_def by (auto simp: less_eq_float_def)
+definition int_floor_fl :: "float \<Rightarrow> int" where
+"int_floor_fl f = floor f"
+lemma compute_int_floor_fl[code]:
+shows "int_floor_fl (Float m e) = (if 0 \<le> e then m * 2 ^ nat e
+else m div (2 ^ (nat (-e))))"
+by (simp add: int_floor_fl_def powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
+definition floor_fl :: "float \<Rightarrow> float" where
+"floor_fl f = float_of (floor f)"
+lemma compute_floor_fl[code]:
+shows "floor_fl (Float m e) = (if 0 \<le> e then Float m e
 else Float (m div (2 ^ (nat (-e)))) 0)"
+by (simp add: floor_fl_def powr_int int_of_reals floor_divide_eq_div del: real_of_ints)
-lemma floor_fl: "real (floor_fl x) \<le> real x"
-proof (cases x)
+lemma floor_fl: "real (floor_fl x) \<le> real x" by (simp add: floor_fl_def)
-case (Float m e)
+lemma int_floor_fl: "real (int_floor_fl x) \<le> real x" by (simp add: int_floor_fl_def)
-show ?thesis
-proof (cases "0 \<le> e")
+lemma floor_pos_exp: "exponent (floor_fl x) \<ge> 0"
-case False
+proof cases
-hence me_eq: "pow2 (-e) = pow2 (int (nat (-e)))" by auto
+assume nzero: "floor_fl x \<noteq> float_of 0"
-have "real (Float (m div (2 ^ (nat (-e)))) 0) = real (m div 2 ^ (nat (-e)))" unfolding real_of_float_simp by auto
+have "floor_fl x \<equiv> Float \<lfloor>real x\<rfloor> 0" by (simp add: floor_fl_def)
-also have "\<dots> \<le> real m / real ((2::int) ^ (nat (-e)))" using real_of_int_div4 .
+from denormalize_shift[OF this nzero] guess i . note i = this
-also have "\<dots> = real m * inverse (2 ^ (nat (-e)))" unfolding real_of_int_power real_numeral divide_inverse ..
+thus ?thesis by simp
-also have "\<dots> = real (Float m e)" unfolding real_of_float_simp me_eq pow2_int pow2_neg[of e] ..
+qed (simp add: floor_fl_def)
-finally show ?thesis unfolding Float floor_fl.simps if_not_P[OF `\<not> 0 \<le> e`] .
-next
+(* TODO: not used in approximation
-case True thus ?thesis unfolding Float by auto
+definition ceiling_fl :: "float_of \<Rightarrow> float" where
-qed
+"ceiling_fl f = float_of (ceiling f)"
-qed
+lemma compute_ceiling_fl:
-lemma floor_pos_exp: assumes floor: "Float m e = floor_fl x" shows "0 \<le> e"
-proof (cases x)
-case (Float mx me)
-from floor[unfolded Float floor_fl.simps] show ?thesis by (cases "0 \<le> me", auto)
-qed
-declare floor_fl.simps[simp del]
-primrec ceiling_fl :: "float \<Rightarrow> float" where
 "ceiling_fl (Float m e) = (if 0 \<le> e then Float m e
 else Float (m div (2 ^ (nat (-e))) + 1) 0)"
 lemma ceiling_fl: "real x \<le> real (ceiling_fl x)"
-proof (cases x)
-case (Float m e)
+definition lb_mod :: "nat \<Rightarrow> float_of \<Rightarrow> float_of \<Rightarrow> float_of \<Rightarrow> float" where
-show ?thesis
+"lb_mod prec x ub lb = x - ceiling_fl (float_divr prec x lb) * ub"
-proof (cases "0 \<le> e")
-case False
+definition ub_mod :: "nat \<Rightarrow> float_of \<Rightarrow> float_of \<Rightarrow> float_of \<Rightarrow> float" where
-hence me_eq: "pow2 (-e) = pow2 (int (nat (-e)))" by auto
+"ub_mod prec x ub lb = x - floor_fl (float_divl prec x ub) * lb"
-have "real (Float m e) = real m * inverse (2 ^ (nat (-e)))" unfolding real_of_float_simp me_eq pow2_int pow2_neg[of e] ..
-also have "\<dots> = real m / real ((2::int) ^ (nat (-e)))" unfolding real_of_int_power real_numeral divide_inverse ..
-also have "\<dots> \<le> 1 + real (m div 2 ^ (nat (-e)))" using real_of_int_div3[unfolded diff_le_eq] .
-also have "\<dots> = real (Float (m div (2 ^ (nat (-e))) + 1) 0)" unfolding real_of_float_simp by auto
-finally show ?thesis unfolding Float ceiling_fl.simps if_not_P[OF `\<not> 0 \<le> e`] .
-next
-case True thus ?thesis unfolding Float by auto
-qed
-qed
-declare ceiling_fl.simps[simp del]
-definition lb_mod :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
-"lb_mod prec x ub lb = x - ceiling_fl (float_divr prec x lb) * ub"
-definition ub_mod :: "nat \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float \<Rightarrow> float" where
-"ub_mod prec x ub lb = x - floor_fl (float_divl prec x ub) * lb"
 lemma lb_mod: fixes k :: int assumes "0 \<le> real x" and "real k * y \<le> real x" (is "?k * y \<le> ?x")
 assumes "0 < real lb" "real lb \<le> y" (is "?lb \<le> y") "y \<le> real ub" (is "y \<le> ?ub")
 shows "real (lb_mod prec x ub lb) \<le> ?x - ?k * y"
-proof -
-have "?lb \<le> ?ub" using assms by auto
+lemma ub_mod: fixes k :: int and x :: float_of assumes "0 \<le> real x" and "real x \<le> real k * y" (is "?x \<le> ?k * y")
-have "0 \<le> ?lb" and "?lb \<noteq> 0" using assms by auto
-have "?k * y \<le> ?x" using assms by auto
-also have "\<dots> \<le> ?x / ?lb * ?ub" by (metis mult_left_mono[OF `?lb \<le> ?ub` `0 \<le> ?x`] divide_right_mono[OF _ `0 \<le> ?lb` ] times_divide_eq_left nonzero_mult_divide_cancel_right[OF `?lb \<noteq> 0`])
-also have "\<dots> \<le> real (ceiling_fl (float_divr prec x lb)) * ?ub" by (metis mult_right_mono order_trans `0 \<le> ?lb` `?lb \<le> ?ub` float_divr ceiling_fl)
-finally show ?thesis unfolding lb_mod_def real_of_float_sub real_of_float_mult by auto
-qed
-lemma ub_mod:
-fixes k :: int and x :: float
-assumes "0 \<le> real x" and "real x \<le> real k * y" (is "?x \<le> ?k * y")
 assumes "0 < real lb" "real lb \<le> y" (is "?lb \<le> y") "y \<le> real ub" (is "y \<le> ?ub")
 shows "?x - ?k * y \<le> real (ub_mod prec x ub lb)"
-proof -
-have "?lb \<le> ?ub" using assms by auto
+*)
-hence "0 \<le> ?lb" and "0 \<le> ?ub" and "?ub \<noteq> 0" using assms by auto
-have "real (floor_fl (float_divl prec x ub)) * ?lb \<le> ?x / ?ub * ?lb" by (metis mult_right_mono order_trans `0 \<le> ?lb` `?lb \<le> ?ub` float_divl floor_fl)
-also have "\<dots> \<le> ?x" by (metis mult_left_mono[OF `?lb \<le> ?ub` `0 \<le> ?x`] divide_right_mono[OF _ `0 \<le> ?ub` ] times_divide_eq_left nonzero_mult_divide_cancel_right[OF `?ub \<noteq> 0`])
-also have "\<dots> \<le> ?k * y" using assms by auto
-finally show ?thesis unfolding ub_mod_def real_of_float_sub real_of_float_mult by auto
-qed
-lemma le_float_def'[code]: "f \<le> g = (case f - g of Float a b \<Rightarrow> a \<le> 0)"
-proof -
-have le_transfer: "(f \<le> g) = (real (f - g) \<le> 0)" by (auto simp add: le_float_def)
-from float_split[of "f - g"] obtain a b where f_diff_g: "f - g = Float a b" by auto
-with le_transfer have le_transfer': "f \<le> g = (real (Float a b) \<le> 0)" by simp
-show ?thesis by (simp add: le_transfer' f_diff_g float_le_zero)
-qed
-lemma less_float_def'[code]: "f < g = (case f - g of Float a b \<Rightarrow> a < 0)"
-proof -
-have less_transfer: "(f < g) = (real (f - g) < 0)" by (auto simp add: less_float_def)
-from float_split[of "f - g"] obtain a b where f_diff_g: "f - g = Float a b" by auto
-with less_transfer have less_transfer': "f < g = (real (Float a b) < 0)" by simp
-show ?thesis by (simp add: less_transfer' f_diff_g float_less_zero)
-qed
 end

changeset 47599	400b158f1589
parent 47230	6584098d5378
child 47600	e12289b5796b