# Theory Float

Up to index of Isabelle/HOL/HOL-Multivariate_Analysis/HOL-Probability/Girth_Chromatic

theory Float
imports Lattice_Algebras
`(*  Title:      HOL/Library/Float.thy    Author:     Johannes Hölzl, Fabian Immler    Copyright   2012  TU München*)header {* Floating-Point Numbers *}theory Floatimports Complex_Main "~~/src/HOL/Library/Lattice_Algebras"begindefinition "float = {m * 2 powr e | (m :: int) (e :: int). True}"typedef float = float  morphisms real_of_float float_of  unfolding float_def by autodefs (overloaded)  real_of_float_def[code_unfold]: "real ≡ real_of_float"lemma type_definition_float': "type_definition real float_of float"  using type_definition_float unfolding real_of_float_def .setup_lifting (no_code) type_definition_float'lemmas float_of_inject[simp]declare [[coercion "real :: float => real"]]lemma real_of_float_eq:  fixes f1 f2 :: float shows "f1 = f2 <-> real f1 = real f2"  unfolding real_of_float_def real_of_float_inject ..lemma float_of_real[simp]: "float_of (real x) = x"  unfolding real_of_float_def by (rule real_of_float_inverse)lemma real_float[simp]: "x ∈ float ==> real (float_of x) = x"  unfolding real_of_float_def by (rule float_of_inverse)subsection {* Real operations preserving the representation as floating point number *}lemma floatI: fixes m e :: int shows "m * 2 powr e = x ==> x ∈ float"  by (auto simp: float_def)lemma zero_float[simp]: "0 ∈ float" by (auto simp: float_def)lemma one_float[simp]: "1 ∈ float" by (intro floatI[of 1 0]) simplemma numeral_float[simp]: "numeral i ∈ float" by (intro floatI[of "numeral i" 0]) simp  lemma neg_numeral_float[simp]: "neg_numeral i ∈ float" by (intro floatI[of "neg_numeral i" 0]) simplemma real_of_int_float[simp]: "real (x :: int) ∈ float" by (intro floatI[of x 0]) simplemma real_of_nat_float[simp]: "real (x :: nat) ∈ float" by (intro floatI[of x 0]) simplemma two_powr_int_float[simp]: "2 powr (real (i::int)) ∈ float" by (intro floatI[of 1 i]) simplemma two_powr_nat_float[simp]: "2 powr (real (i::nat)) ∈ float" by (intro floatI[of 1 i]) simplemma two_powr_minus_int_float[simp]: "2 powr - (real (i::int)) ∈ float" by (intro floatI[of 1 "-i"]) simplemma two_powr_minus_nat_float[simp]: "2 powr - (real (i::nat)) ∈ float" by (intro floatI[of 1 "-i"]) simplemma two_powr_numeral_float[simp]: "2 powr numeral i ∈ float" by (intro floatI[of 1 "numeral i"]) simplemma two_powr_neg_numeral_float[simp]: "2 powr neg_numeral i ∈ float" by (intro floatI[of 1 "neg_numeral i"]) simplemma two_pow_float[simp]: "2 ^ n ∈ float" by (intro floatI[of 1 "n"]) (simp add: powr_realpow)lemma real_of_float_float[simp]: "real (f::float) ∈ float" by (cases f) simplemma plus_float[simp]: "r ∈ float ==> p ∈ float ==> r + p ∈ float"  unfolding float_defproof (safe, simp)  fix e1 m1 e2 m2 :: int  { fix e1 m1 e2 m2 :: int assume "e1 ≤ e2"    then have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"      by (simp add: powr_realpow[symmetric] powr_divide2[symmetric] field_simps)    then have "∃(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"      by blast }  note * = this  show "∃(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"  proof (cases e1 e2 rule: linorder_le_cases)    assume "e2 ≤ e1" from *[OF this, of m2 m1] show ?thesis by (simp add: ac_simps)  qed (rule *)qedlemma uminus_float[simp]: "x ∈ float ==> -x ∈ float"  apply (auto simp: float_def)  apply (rule_tac x="-x" in exI)  apply (rule_tac x="xa" in exI)  apply (simp add: field_simps)  donelemma times_float[simp]: "x ∈ float ==> y ∈ float ==> x * y ∈ float"  apply (auto simp: float_def)  apply (rule_tac x="x * xa" in exI)  apply (rule_tac x="xb + xc" in exI)  apply (simp add: powr_add)  donelemma minus_float[simp]: "x ∈ float ==> y ∈ float ==> x - y ∈ float"  unfolding ab_diff_minus by (intro uminus_float plus_float)lemma abs_float[simp]: "x ∈ float ==> abs x ∈ float"  by (cases x rule: linorder_cases[of 0]) autolemma sgn_of_float[simp]: "x ∈ float ==> sgn x ∈ float"  by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)lemma div_power_2_float[simp]: "x ∈ float ==> x / 2^d ∈ float"  apply (auto simp add: float_def)  apply (rule_tac x="x" in exI)  apply (rule_tac x="xa - d" in exI)  apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])  donelemma div_power_2_int_float[simp]: "x ∈ float ==> x / (2::int)^d ∈ float"  apply (auto simp add: float_def)  apply (rule_tac x="x" in exI)  apply (rule_tac x="xa - d" in exI)  apply (simp add: powr_realpow[symmetric] field_simps powr_add[symmetric])  donelemma div_numeral_Bit0_float[simp]:  assumes x: "x / numeral n ∈ float" shows "x / (numeral (Num.Bit0 n)) ∈ float"proof -  have "(x / numeral n) / 2^1 ∈ float"    by (intro x div_power_2_float)  also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"    by (induct n) auto  finally show ?thesis .qedlemma div_neg_numeral_Bit0_float[simp]:  assumes x: "x / numeral n ∈ float" shows "x / (neg_numeral (Num.Bit0 n)) ∈ float"proof -  have "- (x / numeral (Num.Bit0 n)) ∈ float" using x by simp  also have "- (x / numeral (Num.Bit0 n)) = x / neg_numeral (Num.Bit0 n)"    unfolding neg_numeral_def by (simp del: minus_numeral)  finally show ?thesis .qedlift_definition Float :: "int => int => float" is "λ(m::int) (e::int). m * 2 powr e" by simpdeclare Float.rep_eq[simp]lemma compute_real_of_float[code]:  "real_of_float (Float m e) = (if e ≥ 0 then m * 2 ^ nat e else m / 2 ^ (nat (-e)))"by (simp add: real_of_float_def[symmetric] powr_int)code_datatype Floatsubsection {* Arithmetic operations on floating point numbers *}instantiation float :: "{ring_1, linorder, linordered_ring, linordered_idom, numeral, equal}"beginlift_definition zero_float :: float is 0 by simpdeclare zero_float.rep_eq[simp]lift_definition one_float :: float is 1 by simpdeclare one_float.rep_eq[simp]lift_definition plus_float :: "float => float => float" is "op +" by simpdeclare plus_float.rep_eq[simp]lift_definition times_float :: "float => float => float" is "op *" by simpdeclare times_float.rep_eq[simp]lift_definition minus_float :: "float => float => float" is "op -" by simpdeclare minus_float.rep_eq[simp]lift_definition uminus_float :: "float => float" is "uminus" by simpdeclare uminus_float.rep_eq[simp]lift_definition abs_float :: "float => float" is abs by simpdeclare abs_float.rep_eq[simp]lift_definition sgn_float :: "float => float" is sgn by simpdeclare sgn_float.rep_eq[simp]lift_definition equal_float :: "float => float => bool" is "op = :: real => real => bool" ..lift_definition less_eq_float :: "float => float => bool" is "op ≤" ..declare less_eq_float.rep_eq[simp]lift_definition less_float :: "float => float => bool" is "op <" ..declare less_float.rep_eq[simp]instance  proof qed (transfer, fastforce simp add: field_simps intro: mult_left_mono mult_right_mono)+endlemma real_of_float_power[simp]: fixes f::float shows "real (f^n) = real f^n"  by (induct n) simp_alllemma fixes x y::float   shows real_of_float_min: "real (min x y) = min (real x) (real y)"    and real_of_float_max: "real (max x y) = max (real x) (real y)"  by (simp_all add: min_def max_def)instance float :: dense_linorderproof  fix a b :: float  show "∃c. a < c"    apply (intro exI[of _ "a + 1"])    apply transfer    apply simp    done  show "∃c. c < a"    apply (intro exI[of _ "a - 1"])    apply transfer    apply simp    done  assume "a < b"  then show "∃c. a < c ∧ c < b"    apply (intro exI[of _ "(a + b) * Float 1 -1"])    apply transfer    apply (simp add: powr_neg_numeral)     doneqedinstantiation float :: lattice_ab_group_addbegindefinition inf_float::"float=>float=>float"where "inf_float a b = min a b"definition sup_float::"float=>float=>float"where "sup_float a b = max a b"instance  by default     (transfer, simp_all add: inf_float_def sup_float_def real_of_float_min real_of_float_max)+endlemma float_numeral[simp]: "real (numeral x :: float) = numeral x"  apply (induct x)  apply simp  apply (simp_all only: numeral_Bit0 numeral_Bit1 real_of_float_eq real_float                  plus_float.rep_eq one_float.rep_eq plus_float numeral_float one_float)  donelemma transfer_numeral [transfer_rule]:   "fun_rel (op =) pcr_float (numeral :: _ => real) (numeral :: _ => float)"  unfolding fun_rel_def float.pcr_cr_eq  cr_float_def by simplemma float_neg_numeral[simp]: "real (neg_numeral x :: float) = neg_numeral x"  by (simp add: minus_numeral[symmetric] del: minus_numeral)lemma transfer_neg_numeral [transfer_rule]:   "fun_rel (op =) pcr_float (neg_numeral :: _ => real) (neg_numeral :: _ => float)"  unfolding fun_rel_def float.pcr_cr_eq cr_float_def by simplemma  shows float_of_numeral[simp]: "numeral k = float_of (numeral k)"    and float_of_neg_numeral[simp]: "neg_numeral k = float_of (neg_numeral k)"  unfolding real_of_float_eq by simp_allsubsection {* Represent floats as unique mantissa and exponent *}lemma int_induct_abs[case_names less]:  fixes j :: int  assumes H: "!!n. (!!i. ¦i¦ < ¦n¦ ==> P i) ==> P n"  shows "P j"proof (induct "nat ¦j¦" arbitrary: j rule: less_induct)  case less show ?case by (rule H[OF less]) simpqedlemma int_cancel_factors:  fixes n :: int assumes "1 < r" shows "n = 0 ∨ (∃k i. n = k * r ^ i ∧ ¬ r dvd k)"proof (induct n rule: int_induct_abs)  case (less n)  { fix m assume n: "n ≠ 0" "n = m * r"    then have "¦m ¦ < ¦n¦"      by (metis abs_dvd_iff abs_ge_self assms comm_semiring_1_class.normalizing_semiring_rules(7)                dvd_imp_le_int dvd_refl dvd_triv_right linorder_neq_iff linorder_not_le                mult_eq_0_iff zdvd_mult_cancel1)    from less[OF this] n have "∃k i. n = k * r ^ Suc i ∧ ¬ r dvd k" by auto }  then show ?case    by (metis comm_semiring_1_class.normalizing_semiring_rules(12,7) dvdE power_0)qedlemma mult_powr_eq_mult_powr_iff_asym:  fixes m1 m2 e1 e2 :: int  assumes m1: "¬ 2 dvd m1" and "e1 ≤ e2"  shows "m1 * 2 powr e1 = m2 * 2 powr e2 <-> m1 = m2 ∧ e1 = e2"proof  have "m1 ≠ 0" using m1 unfolding dvd_def by auto  assume eq: "m1 * 2 powr e1 = m2 * 2 powr e2"  with `e1 ≤ e2` have "m1 = m2 * 2 powr nat (e2 - e1)"    by (simp add: powr_divide2[symmetric] field_simps)  also have "… = m2 * 2^nat (e2 - e1)"    by (simp add: powr_realpow)  finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"    unfolding real_of_int_inject .  with m1 have "m1 = m2"    by (cases "nat (e2 - e1)") (auto simp add: dvd_def)  then show "m1 = m2 ∧ e1 = e2"    using eq `m1 ≠ 0` by (simp add: powr_inj)qed simplemma mult_powr_eq_mult_powr_iff:  fixes m1 m2 e1 e2 :: int  shows "¬ 2 dvd m1 ==> ¬ 2 dvd m2 ==> m1 * 2 powr e1 = m2 * 2 powr e2 <-> m1 = m2 ∧ e1 = e2"  using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]  using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]  by (cases e1 e2 rule: linorder_le_cases) autolemma floatE_normed:  assumes x: "x ∈ float"  obtains (zero) "x = 0"   | (powr) m e :: int where "x = m * 2 powr e" "¬ 2 dvd m" "x ≠ 0"proof atomize_elim  { assume "x ≠ 0"    from x obtain m e :: int where x: "x = m * 2 powr e" by (auto simp: float_def)    with `x ≠ 0` int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "¬ 2 dvd k"      by auto    with `¬ 2 dvd k` x have "∃(m::int) (e::int). x = m * 2 powr e ∧ ¬ (2::int) dvd m"      by (rule_tac exI[of _ "k"], rule_tac exI[of _ "e + int i"])         (simp add: powr_add powr_realpow) }  then show "x = 0 ∨ (∃(m::int) (e::int). x = m * 2 powr e ∧ ¬ (2::int) dvd m ∧ x ≠ 0)"    by blastqedlemma float_normed_cases:  fixes f :: float  obtains (zero) "f = 0"   | (powr) m e :: int where "real f = m * 2 powr e" "¬ 2 dvd m" "f ≠ 0"proof (atomize_elim, induct f)  case (float_of y) then show ?case    by (cases rule: floatE_normed) (auto simp: zero_float_def)qeddefinition mantissa :: "float => int" where  "mantissa f = fst (SOME p::int × int. (f = 0 ∧ fst p = 0 ∧ snd p = 0)   ∨ (f ≠ 0 ∧ real f = real (fst p) * 2 powr real (snd p) ∧ ¬ 2 dvd fst p))"definition exponent :: "float => int" where  "exponent f = snd (SOME p::int × int. (f = 0 ∧ fst p = 0 ∧ snd p = 0)   ∨ (f ≠ 0 ∧ real f = real (fst p) * 2 powr real (snd p) ∧ ¬ 2 dvd fst p))"lemma   shows exponent_0[simp]: "exponent (float_of 0) = 0" (is ?E)    and mantissa_0[simp]: "mantissa (float_of 0) = 0" (is ?M)proof -  have "!!p::int × int. fst p = 0 ∧ snd p = 0 <-> p = (0, 0)" by auto  then show ?E ?M    by (auto simp add: mantissa_def exponent_def zero_float_def)qedlemma  shows mantissa_exponent: "real f = mantissa f * 2 powr exponent f" (is ?E)    and mantissa_not_dvd: "f ≠ (float_of 0) ==> ¬ 2 dvd mantissa f" (is "_ ==> ?D")proof cases  assume [simp]: "f ≠ (float_of 0)"  have "f = mantissa f * 2 powr exponent f ∧ ¬ 2 dvd mantissa f"  proof (cases f rule: float_normed_cases)    case (powr m e)    then have "∃p::int × int. (f = 0 ∧ fst p = 0 ∧ snd p = 0)     ∨ (f ≠ 0 ∧ real f = real (fst p) * 2 powr real (snd p) ∧ ¬ 2 dvd fst p)"      by auto    then show ?thesis      unfolding exponent_def mantissa_def      by (rule someI2_ex) (simp add: zero_float_def)  qed (simp add: zero_float_def)  then show ?E ?D by autoqed simplemma mantissa_noteq_0: "f ≠ float_of 0 ==> mantissa f ≠ 0"  using mantissa_not_dvd[of f] by autolemma   fixes m e :: int  defines "f ≡ float_of (m * 2 powr e)"  assumes dvd: "¬ 2 dvd m"  shows mantissa_float: "mantissa f = m" (is "?M")    and exponent_float: "m ≠ 0 ==> exponent f = e" (is "_ ==> ?E")proof cases  assume "m = 0" with dvd show "mantissa f = m" by autonext  assume "m ≠ 0"  then have f_not_0: "f ≠ float_of 0" by (simp add: f_def)  from mantissa_exponent[of f]  have "m * 2 powr e = mantissa f * 2 powr exponent f"    by (auto simp add: f_def)  then show "?M" "?E"    using mantissa_not_dvd[OF f_not_0] dvd    by (auto simp: mult_powr_eq_mult_powr_iff)qedsubsection {* Compute arithmetic operations *}lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"  unfolding real_of_float_eq mantissa_exponent[of f] by simplemma Float_cases[case_names Float, cases type: float]:  fixes f :: float  obtains (Float) m e :: int where "f = Float m e"  using Float_mantissa_exponent[symmetric]  by (atomize_elim) autolemma denormalize_shift:  assumes f_def: "f ≡ Float m e" and not_0: "f ≠ float_of 0"  obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"proof  from mantissa_exponent[of f] f_def  have "m * 2 powr e = mantissa f * 2 powr exponent f"    by simp  then have eq: "m = mantissa f * 2 powr (exponent f - e)"    by (simp add: powr_divide2[symmetric] field_simps)  moreover  have "e ≤ exponent f"  proof (rule ccontr)    assume "¬ e ≤ exponent f"    then have pos: "exponent f < e" by simp    then have "2 powr (exponent f - e) = 2 powr - real (e - exponent f)"      by simp    also have "… = 1 / 2^nat (e - exponent f)"      using pos by (simp add: powr_realpow[symmetric] powr_divide2[symmetric])    finally have "m * 2^nat (e - exponent f) = real (mantissa f)"      using eq by simp    then have "mantissa f = m * 2^nat (e - exponent f)"      unfolding real_of_int_inject by simp    with `exponent f < e` have "2 dvd mantissa f"      apply (intro dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])      apply (cases "nat (e - exponent f)")      apply auto      done    then show False using mantissa_not_dvd[OF not_0] by simp  qed  ultimately have "real m = mantissa f * 2^nat (exponent f - e)"    by (simp add: powr_realpow[symmetric])  with `e ≤ exponent f`  show "m = mantissa f * 2 ^ nat (exponent f - e)" "e = exponent f - nat (exponent f - e)"    unfolding real_of_int_inject by autoqedlemma compute_float_zero[code_unfold, code]: "0 = Float 0 0"  by transfer simphide_fact (open) compute_float_zerolemma compute_float_one[code_unfold, code]: "1 = Float 1 0"  by transfer simphide_fact (open) compute_float_onedefinition normfloat :: "float => float" where  [simp]: "normfloat x = x"lemma compute_normfloat[code]: "normfloat (Float m e) =  (if m mod 2 = 0 ∧ m ≠ 0 then normfloat (Float (m div 2) (e + 1))                           else if m = 0 then 0 else Float m e)"  unfolding normfloat_def  by transfer (auto simp add: powr_add zmod_eq_0_iff)hide_fact (open) compute_normfloatlemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"  by transfer simphide_fact (open) compute_float_numerallemma compute_float_neg_numeral[code_abbrev]: "Float (neg_numeral k) 0 = neg_numeral k"  by transfer simphide_fact (open) compute_float_neg_numerallemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"  by transfer simphide_fact (open) compute_float_uminuslemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"  by transfer (simp add: field_simps powr_add)hide_fact (open) compute_float_timeslemma compute_float_plus[code]: "Float m1 e1 + Float m2 e2 =  (if e1 ≤ e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1              else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"  by transfer (simp add: field_simps powr_realpow[symmetric] powr_divide2[symmetric])hide_fact (open) compute_float_pluslemma compute_float_minus[code]: fixes f g::float shows "f - g = f + (-g)"  by simphide_fact (open) compute_float_minuslemma compute_float_sgn[code]: "sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"  by transfer (simp add: sgn_times)hide_fact (open) compute_float_sgnlift_definition is_float_pos :: "float => bool" is "op < 0 :: real => bool" ..lemma compute_is_float_pos[code]: "is_float_pos (Float m e) <-> 0 < m"  by transfer (auto simp add: zero_less_mult_iff not_le[symmetric, of _ 0])hide_fact (open) compute_is_float_poslemma compute_float_less[code]: "a < b <-> is_float_pos (b - a)"  by transfer (simp add: field_simps)hide_fact (open) compute_float_lesslift_definition is_float_nonneg :: "float => bool" is "op ≤ 0 :: real => bool" ..lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) <-> 0 ≤ m"  by transfer (auto simp add: zero_le_mult_iff not_less[symmetric, of _ 0])hide_fact (open) compute_is_float_nonneglemma compute_float_le[code]: "a ≤ b <-> is_float_nonneg (b - a)"  by transfer (simp add: field_simps)hide_fact (open) compute_float_lelift_definition is_float_zero :: "float => bool"  is "op = 0 :: real => bool" by simplemma compute_is_float_zero[code]: "is_float_zero (Float m e) <-> 0 = m"  by transfer (auto simp add: is_float_zero_def)hide_fact (open) compute_is_float_zerolemma compute_float_abs[code]: "abs (Float m e) = Float (abs m) e"  by transfer (simp add: abs_mult)hide_fact (open) compute_float_abslemma compute_float_eq[code]: "equal_class.equal f g = is_float_zero (f - g)"  by transfer simphide_fact (open) compute_float_eqsubsection {* Rounding Real numbers *}definition round_down :: "int => real => real" where  "round_down prec x = floor (x * 2 powr prec) * 2 powr -prec"definition round_up :: "int => real => real" where  "round_up prec x = ceiling (x * 2 powr prec) * 2 powr -prec"lemma round_down_float[simp]: "round_down prec x ∈ float"  unfolding round_down_def  by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)lemma round_up_float[simp]: "round_up prec x ∈ float"  unfolding round_up_def  by (auto intro!: times_float simp: real_of_int_minus[symmetric] simp del: real_of_int_minus)lemma round_up: "x ≤ round_up prec x"  by (simp add: powr_minus_divide le_divide_eq round_up_def)lemma round_down: "round_down prec x ≤ x"  by (simp add: powr_minus_divide divide_le_eq round_down_def)lemma round_up_0[simp]: "round_up p 0 = 0"  unfolding round_up_def by simplemma round_down_0[simp]: "round_down p 0 = 0"  unfolding round_down_def by simplemma round_up_diff_round_down:  "round_up prec x - round_down prec x ≤ 2 powr -prec"proof -  have "round_up prec x - round_down prec x =    (ceiling (x * 2 powr prec) - floor (x * 2 powr prec)) * 2 powr -prec"    by (simp add: round_up_def round_down_def field_simps)  also have "… ≤ 1 * 2 powr -prec"    by (rule mult_mono)       (auto simp del: real_of_int_diff             simp: real_of_int_diff[symmetric] real_of_int_le_one_cancel_iff ceiling_diff_floor_le_1)  finally show ?thesis by simpqedlemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"  unfolding round_down_def  by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])    (simp add: powr_add[symmetric])lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"  unfolding round_up_def  by (simp add: powr_add powr_mult field_simps powr_divide2[symmetric])    (simp add: powr_add[symmetric])subsection {* Rounding Floats *}lift_definition float_up :: "int => float => float" is round_up by simpdeclare float_up.rep_eq[simp]lemma float_up_correct:  shows "real (float_up e f) - real f ∈ {0..2 powr -e}"unfolding atLeastAtMost_iffproof  have "round_up e f - f ≤ round_up e f - round_down e f" using round_down by simp  also have "… ≤ 2 powr -e" using round_up_diff_round_down by simp  finally show "real (float_up e f) - real f ≤ 2 powr real (- e)"    by simpqed (simp add: algebra_simps round_up)lift_definition float_down :: "int => float => float" is round_down by simpdeclare float_down.rep_eq[simp]lemma float_down_correct:  shows "real f - real (float_down e f) ∈ {0..2 powr -e}"unfolding atLeastAtMost_iffproof  have "f - round_down e f ≤ round_up e f - round_down e f" using round_up by simp  also have "… ≤ 2 powr -e" using round_up_diff_round_down by simp  finally show "real f - real (float_down e f) ≤ 2 powr real (- e)"    by simpqed (simp add: algebra_simps round_down)lemma compute_float_down[code]:  "float_down p (Float m e) =    (if p + e < 0 then Float (m div 2^nat (-(p + e))) (-p) else Float m e)"proof cases  assume "p + e < 0"  hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"    using powr_realpow[of 2 "nat (-(p + e))"] by simp  also have "... = 1 / 2 powr p / 2 powr e"    unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)  finally show ?thesis    using `p + e < 0`    by transfer (simp add: ac_simps round_down_def floor_divide_eq_div[symmetric])next  assume "¬ p + e < 0"  then have r: "real e + real p = real (nat (e + p))" by simp  have r: "⌊(m * 2 powr e) * 2 powr real p⌋ = (m * 2 powr e) * 2 powr real p"    by (auto intro: exI[where x="m*2^nat (e+p)"]             simp add: ac_simps powr_add[symmetric] r powr_realpow)  with `¬ p + e < 0` show ?thesis    by transfer       (auto simp add: round_down_def field_simps powr_add powr_minus inverse_eq_divide)qedhide_fact (open) compute_float_downlemma ceil_divide_floor_conv:assumes "b ≠ 0"shows "⌈real a / real b⌉ = (if b dvd a then a div b else ⌊real a / real b⌋ + 1)"proof cases  assume "¬ b dvd a"  hence "a mod b ≠ 0" by auto  hence ne: "real (a mod b) / real b ≠ 0" using `b ≠ 0` by auto  have "⌈real a / real b⌉ = ⌊real a / real b⌋ + 1"  apply (rule ceiling_eq) apply (auto simp: floor_divide_eq_div[symmetric])  proof -    have "real ⌊real a / real b⌋ ≤ real a / real b" by simp    moreover have "real ⌊real a / real b⌋ ≠ real a / real b"    apply (subst (2) real_of_int_div_aux) unfolding floor_divide_eq_div using ne `b ≠ 0` by auto    ultimately show "real ⌊real a / real b⌋ < real a / real b" by arith  qed  thus ?thesis using `¬ b dvd a` by simpqed (simp add: ceiling_def real_of_int_minus[symmetric] divide_minus_left[symmetric]  floor_divide_eq_div dvd_neg_div del: divide_minus_left real_of_int_minus)lemma compute_float_up[code]:  "float_up p (Float m e) =    (let P = 2^nat (-(p + e)); r = m mod P in      if p + e < 0 then Float (m div P + (if r = 0 then 0 else 1)) (-p) else Float m e)"proof cases  assume "p + e < 0"  hence "real ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"    using powr_realpow[of 2 "nat (-(p + e))"] by simp  also have "... = 1 / 2 powr p / 2 powr e"  unfolding powr_minus_divide real_of_int_minus by (simp add: powr_add)  finally have twopow_rewrite:    "real ((2::int) ^ nat (- (p + e))) = 1 / 2 powr real p / 2 powr real e" .  with `p + e < 0` have powr_rewrite:    "2 powr real e * 2 powr real p = 1 / real ((2::int) ^ nat (- (p + e)))"    unfolding powr_divide2 by simp  show ?thesis  proof cases    assume "2^nat (-(p + e)) dvd m"    with `p + e < 0` twopow_rewrite show ?thesis      by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div dvd_eq_mod_eq_0)  next    assume ndvd: "¬ 2 ^ nat (- (p + e)) dvd m"    have one_div: "real m * (1 / real ((2::int) ^ nat (- (p + e)))) =      real m / real ((2::int) ^ nat (- (p + e)))"      by (simp add: field_simps)    have "real ⌈real m * (2 powr real e * 2 powr real p)⌉ =      real ⌊real m * (2 powr real e * 2 powr real p)⌋ + 1"      using ndvd unfolding powr_rewrite one_div      by (subst ceil_divide_floor_conv) (auto simp: field_simps)    thus ?thesis using `p + e < 0` twopow_rewrite      by transfer (auto simp: ac_simps round_up_def floor_divide_eq_div[symmetric])  qednext  assume "¬ p + e < 0"  then have r1: "real e + real p = real (nat (e + p))" by simp  have r: "⌈(m * 2 powr e) * 2 powr real p⌉ = (m * 2 powr e) * 2 powr real p"    by (auto simp add: ac_simps powr_add[symmetric] r1 powr_realpow      intro: exI[where x="m*2^nat (e+p)"])  then show ?thesis using `¬ p + e < 0`    by transfer       (simp add: round_up_def floor_divide_eq_div field_simps powr_add powr_minus inverse_eq_divide)qedhide_fact (open) compute_float_uplemmas real_of_ints =  real_of_int_zero  real_of_one  real_of_int_add  real_of_int_minus  real_of_int_diff  real_of_int_mult  real_of_int_power  real_numerallemmas real_of_nats =  real_of_nat_zero  real_of_nat_one  real_of_nat_1  real_of_nat_add  real_of_nat_mult  real_of_nat_powerlemmas int_of_reals = real_of_ints[symmetric]lemmas nat_of_reals = real_of_nats[symmetric]lemma two_real_int: "(2::real) = real (2::int)" by simplemma two_real_nat: "(2::real) = real (2::nat)" by simplemma mult_cong: "a = c ==> b = d ==> a*b = c*d" by simpsubsection {* Compute bitlen of integers *}definition bitlen :: "int => int" where  "bitlen a = (if a > 0 then ⌊log 2 a⌋ + 1 else 0)"lemma bitlen_nonneg: "0 ≤ bitlen x"proof -  {    assume "0 > x"    have "-1 = log 2 (inverse 2)" by (subst log_inverse) simp_all    also have "... < log 2 (-x)" using `0 > x` by auto    finally have "-1 < log 2 (-x)" .  } thus "0 ≤ bitlen x" unfolding bitlen_def by (auto intro!: add_nonneg_nonneg)qedlemma bitlen_bounds:  assumes "x > 0"  shows "2 ^ nat (bitlen x - 1) ≤ x ∧ x < 2 ^ nat (bitlen x)"proof  have "(2::real) ^ nat ⌊log 2 (real x)⌋ = 2 powr real (floor (log 2 (real x)))"    using powr_realpow[symmetric, of 2 "nat ⌊log 2 (real x)⌋"] `x > 0`    using real_nat_eq_real[of "floor (log 2 (real x))"]    by simp  also have "... ≤ 2 powr log 2 (real x)"    by simp  also have "... = real x"    using `0 < x` by simp  finally have "2 ^ nat ⌊log 2 (real x)⌋ ≤ real x" by simp  thus "2 ^ nat (bitlen x - 1) ≤ x" using `x > 0`    by (simp add: bitlen_def)next  have "x ≤ 2 powr (log 2 x)" using `x > 0` by simp  also have "... < 2 ^ nat (⌊log 2 (real x)⌋ + 1)"    apply (simp add: powr_realpow[symmetric])    using `x > 0` by simp  finally show "x < 2 ^ nat (bitlen x)" using `x > 0`    by (simp add: bitlen_def ac_simps int_of_reals del: real_of_ints)qedlemma bitlen_pow2[simp]:  assumes "b > 0"  shows "bitlen (b * 2 ^ c) = bitlen b + c"proof -  from assms have "b * 2 ^ c > 0" by (auto intro: mult_pos_pos)  thus ?thesis    using floor_add[of "log 2 b" c] assms    by (auto simp add: log_mult log_nat_power bitlen_def)qedlemma bitlen_Float:fixes m edefines "f ≡ Float m e"shows "bitlen (¦mantissa f¦) + exponent f = (if m = 0 then 0 else bitlen ¦m¦ + e)"proof cases  assume "m ≠ 0"  hence "f ≠ float_of 0"    unfolding real_of_float_eq by (simp add: f_def)  hence "mantissa f ≠ 0"    by (simp add: mantissa_noteq_0)  moreover  from f_def[THEN denormalize_shift, OF `f ≠ float_of 0`] guess i .  ultimately show ?thesis by (simp add: abs_mult)qed (simp add: f_def bitlen_def Float_def)lemma compute_bitlen[code]:  shows "bitlen x = (if x > 0 then bitlen (x div 2) + 1 else 0)"proof -  { assume "2 ≤ x"    then have "⌊log 2 (x div 2)⌋ + 1 = ⌊log 2 (x - x mod 2)⌋"      by (simp add: log_mult zmod_zdiv_equality')    also have "… = ⌊log 2 (real x)⌋"    proof cases      assume "x mod 2 = 0" then show ?thesis by simp    next      def n ≡ "⌊log 2 (real x)⌋"      then have "0 ≤ n"        using `2 ≤ x` by simp      assume "x mod 2 ≠ 0"      with `2 ≤ x` have "x mod 2 = 1" "¬ 2 dvd x" by (auto simp add: dvd_eq_mod_eq_0)      with `2 ≤ x` have "x ≠ 2^nat n" by (cases "nat n") auto      moreover      { have "real (2^nat n :: int) = 2 powr (nat n)"          by (simp add: powr_realpow)        also have "… ≤ 2 powr (log 2 x)"          using `2 ≤ x` by (simp add: n_def del: powr_log_cancel)        finally have "2^nat n ≤ x" using `2 ≤ x` by simp }      ultimately have "2^nat n ≤ x - 1" by simp      then have "2^nat n ≤ real (x - 1)"        unfolding real_of_int_le_iff[symmetric] by simp      { have "n = ⌊log 2 (2^nat n)⌋"          using `0 ≤ n` by (simp add: log_nat_power)        also have "… ≤ ⌊log 2 (x - 1)⌋"          using `2^nat n ≤ real (x - 1)` `0 ≤ n` `2 ≤ x` by (auto intro: floor_mono)        finally have "n ≤ ⌊log 2 (x - 1)⌋" . }      moreover have "⌊log 2 (x - 1)⌋ ≤ n"        using `2 ≤ x` by (auto simp add: n_def intro!: floor_mono)      ultimately show "⌊log 2 (x - x mod 2)⌋ = ⌊log 2 x⌋"        unfolding n_def `x mod 2 = 1` by auto    qed    finally have "⌊log 2 (x div 2)⌋ + 1 = ⌊log 2 x⌋" . }  moreover  { assume "x < 2" "0 < x"    then have "x = 1" by simp    then have "⌊log 2 (real x)⌋ = 0" by simp }  ultimately show ?thesis    unfolding bitlen_def    by (auto simp: pos_imp_zdiv_pos_iff not_le)qedhide_fact (open) compute_bitlenlemma float_gt1_scale: assumes "1 ≤ Float m e"  shows "0 ≤ e + (bitlen m - 1)"proof -  have "0 < Float m e" using assms by auto  hence "0 < m" using powr_gt_zero[of 2 e]    by (auto simp: zero_less_mult_iff)  hence "m ≠ 0" by auto  show ?thesis  proof (cases "0 ≤ e")    case True thus ?thesis using `0 < m`  by (simp add: bitlen_def)  next    have "(1::int) < 2" by simp    case False let ?S = "2^(nat (-e))"    have "inverse (2 ^ nat (- e)) = 2 powr e" using assms False powr_realpow[of 2 "nat (-e)"]      by (auto simp: powr_minus field_simps inverse_eq_divide)    hence "1 ≤ real m * inverse ?S" using assms False powr_realpow[of 2 "nat (-e)"]      by (auto simp: powr_minus)    hence "1 * ?S ≤ real m * inverse ?S * ?S" by (rule mult_right_mono, auto)    hence "?S ≤ real m" unfolding mult_assoc by auto    hence "?S ≤ m" unfolding real_of_int_le_iff[symmetric] by auto    from this bitlen_bounds[OF `0 < m`, THEN conjunct2]    have "nat (-e) < (nat (bitlen m))" unfolding power_strict_increasing_iff[OF `1 < 2`, symmetric] by (rule order_le_less_trans)    hence "-e < bitlen m" using False by auto    thus ?thesis by auto  qedqedlemma bitlen_div: assumes "0 < m" shows "1 ≤ real m / 2^nat (bitlen m - 1)" and "real m / 2^nat (bitlen m - 1) < 2"proof -  let ?B = "2^nat(bitlen m - 1)"  have "?B ≤ m" using bitlen_bounds[OF `0 <m`] ..  hence "1 * ?B ≤ real m" unfolding real_of_int_le_iff[symmetric] by auto  thus "1 ≤ real m / ?B" by auto  have "m ≠ 0" using assms by auto  have "0 ≤ bitlen m - 1" using `0 < m` by (auto simp: bitlen_def)  have "m < 2^nat(bitlen m)" using bitlen_bounds[OF `0 <m`] ..  also have "… = 2^nat(bitlen m - 1 + 1)" using `0 < m` by (auto simp: bitlen_def)  also have "… = ?B * 2" unfolding nat_add_distrib[OF `0 ≤ bitlen m - 1` zero_le_one] by auto  finally have "real m < 2 * ?B" unfolding real_of_int_less_iff[symmetric] by auto  hence "real m / ?B < 2 * ?B / ?B" by (rule divide_strict_right_mono, auto)  thus "real m / ?B < 2" by autoqedsubsection {* Approximation of positive rationals *}lemma zdiv_zmult_twopow_eq: fixes a b::int shows "a div b div (2 ^ n) = a div (b * 2 ^ n)"by (simp add: zdiv_zmult2_eq)lemma div_mult_twopow_eq: fixes a b::nat shows "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)"  by (cases "b=0") (simp_all add: div_mult2_eq[symmetric] ac_simps)lemma real_div_nat_eq_floor_of_divide:  fixes a b::nat  shows "a div b = real (floor (a/b))"by (metis floor_divide_eq_div real_of_int_of_nat_eq zdiv_int)definition "rat_precision prec x y = int prec - (bitlen x - bitlen y)"lift_definition lapprox_posrat :: "nat => nat => nat => float"  is "λprec (x::nat) (y::nat). round_down (rat_precision prec x y) (x / y)" by simplemma compute_lapprox_posrat[code]:  fixes prec x y   shows "lapprox_posrat prec x y =    (let        l = rat_precision prec x y;       d = if 0 ≤ l then x * 2^nat l div y else x div 2^nat (- l) div y    in normfloat (Float d (- l)))"    unfolding div_mult_twopow_eq normfloat_def    by transfer       (simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide field_simps Let_def             del: two_powr_minus_int_float)hide_fact (open) compute_lapprox_posratlift_definition rapprox_posrat :: "nat => nat => nat => float"  is "λprec (x::nat) (y::nat). round_up (rat_precision prec x y) (x / y)" by simp(* TODO: optimize using zmod_zmult2_eq, pdivmod ? *)lemma compute_rapprox_posrat[code]:  fixes prec x y  defines "l ≡ rat_precision prec x y"  shows "rapprox_posrat prec x y = (let     l = l ;     X = if 0 ≤ l then (x * 2^nat l, y) else (x, y * 2^nat(-l)) ;     d = fst X div snd X ;     m = fst X mod snd X   in normfloat (Float (d + (if m = 0 ∨ y = 0 then 0 else 1)) (- l)))"proof (cases "y = 0")  assume "y = 0" thus ?thesis unfolding normfloat_def by transfer simpnext  assume "y ≠ 0"  show ?thesis  proof (cases "0 ≤ l")    assume "0 ≤ l"    def x' == "x * 2 ^ nat l"    have "int x * 2 ^ nat l = x'" by (simp add: x'_def int_mult int_power)    moreover have "real x * 2 powr real l = real x'"      by (simp add: powr_realpow[symmetric] `0 ≤ l` x'_def)    ultimately show ?thesis      unfolding normfloat_def      using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] `0 ≤ l` `y ≠ 0`        l_def[symmetric, THEN meta_eq_to_obj_eq]      by transfer         (simp add: floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0 round_up_def)   next    assume "¬ 0 ≤ l"    def y' == "y * 2 ^ nat (- l)"    from `y ≠ 0` have "y' ≠ 0" by (simp add: y'_def)    have "int y * 2 ^ nat (- l) = y'" by (simp add: y'_def int_mult int_power)    moreover have "real x * real (2::int) powr real l / real y = x / real y'"      using `¬ 0 ≤ l`      by (simp add: powr_realpow[symmetric] powr_minus y'_def field_simps inverse_eq_divide)    ultimately show ?thesis      unfolding normfloat_def      using ceil_divide_floor_conv[of y' x] `¬ 0 ≤ l` `y' ≠ 0` `y ≠ 0`        l_def[symmetric, THEN meta_eq_to_obj_eq]      by transfer         (simp add: round_up_def ceil_divide_floor_conv floor_divide_eq_div[symmetric] dvd_eq_mod_eq_0)  qedqedhide_fact (open) compute_rapprox_posratlemma rat_precision_pos:  assumes "0 ≤ x" and "0 < y" and "2 * x < y" and "0 < n"  shows "rat_precision n (int x) (int y) > 0"proof -  { assume "0 < x" hence "log 2 x + 1 = log 2 (2 * x)" by (simp add: log_mult) }  hence "bitlen (int x) < bitlen (int y)" using assms    by (simp add: bitlen_def del: floor_add_one)      (auto intro!: floor_mono simp add: floor_add_one[symmetric] simp del: floor_add floor_add_one)  thus ?thesis    using assms by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)qedlemma power_aux: assumes "x > 0" shows "(2::int) ^ nat (x - 1) ≤ 2 ^ nat x - 1"proof -  def y ≡ "nat (x - 1)" moreover  have "(2::int) ^ y ≤ (2 ^ (y + 1)) - 1" by simp  ultimately show ?thesis using assms by simpqedlemma rapprox_posrat_less1:  assumes "0 ≤ x" and "0 < y" and "2 * x < y" and "0 < n"  shows "real (rapprox_posrat n x y) < 1"proof -  have powr1: "2 powr real (rat_precision n (int x) (int y)) =     2 ^ nat (rat_precision n (int x) (int y))" using rat_precision_pos[of x y n] assms    by (simp add: powr_realpow[symmetric])  have "x * 2 powr real (rat_precision n (int x) (int y)) / y = (x / y) *     2 powr real (rat_precision n (int x) (int y))" by simp  also have "... < (1 / 2) * 2 powr real (rat_precision n (int x) (int y))"    apply (rule mult_strict_right_mono) by (insert assms) auto  also have "… = 2 powr real (rat_precision n (int x) (int y) - 1)"    by (simp add: powr_add diff_def powr_neg_numeral)  also have "… = 2 ^ nat (rat_precision n (int x) (int y) - 1)"    using rat_precision_pos[of x y n] assms by (simp add: powr_realpow[symmetric])  also have "… ≤ 2 ^ nat (rat_precision n (int x) (int y)) - 1"    unfolding int_of_reals real_of_int_le_iff    using rat_precision_pos[OF assms] by (rule power_aux)  finally show ?thesis    apply (transfer fixing: n x y)    apply (simp add: round_up_def field_simps powr_minus inverse_eq_divide powr1)    unfolding int_of_reals real_of_int_less_iff    apply (simp add: ceiling_less_eq)    doneqedlift_definition lapprox_rat :: "nat => int => int => float" is  "λprec (x::int) (y::int). round_down (rat_precision prec ¦x¦ ¦y¦) (x / y)" by simplemma compute_lapprox_rat[code]:  "lapprox_rat prec x y =    (if y = 0 then 0    else if 0 ≤ x then      (if 0 < y then lapprox_posrat prec (nat x) (nat y)      else - (rapprox_posrat prec (nat x) (nat (-y))))       else (if 0 < y        then - (rapprox_posrat prec (nat (-x)) (nat y))        else lapprox_posrat prec (nat (-x)) (nat (-y))))"  by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)hide_fact (open) compute_lapprox_ratlift_definition rapprox_rat :: "nat => int => int => float" is  "λprec (x::int) (y::int). round_up (rat_precision prec ¦x¦ ¦y¦) (x / y)" by simplemma compute_rapprox_rat[code]:  "rapprox_rat prec x y =    (if y = 0 then 0    else if 0 ≤ x then      (if 0 < y then rapprox_posrat prec (nat x) (nat y)      else - (lapprox_posrat prec (nat x) (nat (-y))))       else (if 0 < y        then - (lapprox_posrat prec (nat (-x)) (nat y))        else rapprox_posrat prec (nat (-x)) (nat (-y))))"  by transfer (auto simp: round_up_def round_down_def ceiling_def ac_simps)hide_fact (open) compute_rapprox_ratsubsection {* Division *}lift_definition float_divl :: "nat => float => float => float" is  "λ(prec::nat) a b. round_down (prec + ⌊ log 2 ¦b¦ ⌋ - ⌊ log 2 ¦a¦ ⌋) (a / b)" by simplemma compute_float_divl[code]:  "float_divl prec (Float m1 s1) (Float m2 s2) = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"proof cases  let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"  let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"  assume not_0: "m1 ≠ 0 ∧ m2 ≠ 0"  then have eq2: "(int prec + ⌊log 2 ¦?f2¦⌋ - ⌊log 2 ¦?f1¦⌋) = rat_precision prec ¦m1¦ ¦m2¦ + (s2 - s1)"    by (simp add: abs_mult log_mult rat_precision_def bitlen_def)  have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"    by (simp add: field_simps powr_divide2[symmetric])  show ?thesis    using not_0     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_down_shift, simp add: field_simps)qed (transfer, auto)hide_fact (open) compute_float_divllift_definition float_divr :: "nat => float => float => float" is  "λ(prec::nat) a b. round_up (prec + ⌊ log 2 ¦b¦ ⌋ - ⌊ log 2 ¦a¦ ⌋) (a / b)" by simplemma compute_float_divr[code]:  "float_divr prec (Float m1 s1) (Float m2 s2) = rapprox_rat prec m1 m2 * Float 1 (s1 - s2)"proof cases  let ?f1 = "real m1 * 2 powr real s1" and ?f2 = "real m2 * 2 powr real s2"  let ?m = "real m1 / real m2" and ?s = "2 powr real (s1 - s2)"  assume not_0: "m1 ≠ 0 ∧ m2 ≠ 0"  then have eq2: "(int prec + ⌊log 2 ¦?f2¦⌋ - ⌊log 2 ¦?f1¦⌋) = rat_precision prec ¦m1¦ ¦m2¦ + (s2 - s1)"    by (simp add: abs_mult log_mult rat_precision_def bitlen_def)  have eq1: "real m1 * 2 powr real s1 / (real m2 * 2 powr real s2) = ?m * ?s"    by (simp add: field_simps powr_divide2[symmetric])  show ?thesis    using not_0     by (transfer fixing: m1 s1 m2 s2 prec) (unfold eq1 eq2 round_up_shift, simp add: field_simps)qed (transfer, auto)hide_fact (open) compute_float_divrsubsection {* Lemmas needed by Approximate *}lemma Float_num[simp]: shows   "real (Float 1 0) = 1" and "real (Float 1 1) = 2" and "real (Float 1 2) = 4" and   "real (Float 1 -1) = 1/2" and "real (Float 1 -2) = 1/4" and "real (Float 1 -3) = 1/8" and   "real (Float -1 0) = -1" and "real (Float (number_of n) 0) = number_of n"using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"] two_powr_int_float[of "-3"]using powr_realpow[of 2 2] powr_realpow[of 2 3]using powr_minus[of 2 1] powr_minus[of 2 2] powr_minus[of 2 3]by autolemma real_of_Float_int[simp]: "real (Float n 0) = real n" by simplemma float_zero[simp]: "real (Float 0 e) = 0" by simplemma abs_div_2_less: "a ≠ 0 ==> a ≠ -1 ==> abs((a::int) div 2) < abs a"by arithlemma lapprox_rat:  shows "real (lapprox_rat prec x y) ≤ real x / real y"  using round_down by (simp add: lapprox_rat_def)lemma mult_div_le: fixes a b:: int assumes "b > 0" shows "a ≥ b * (a div b)"proof -  from zmod_zdiv_equality'[of a b]  have "a = b * (a div b) + a mod b" by simp  also have "... ≥ b * (a div b) + 0" apply (rule add_left_mono) apply (rule pos_mod_sign)  using assms by simp  finally show ?thesis by simpqedlemma lapprox_rat_nonneg:  fixes n x y  defines "p == int n - ((bitlen ¦x¦) - (bitlen ¦y¦))"  assumes "0 ≤ x" "0 < y"  shows "0 ≤ real (lapprox_rat n x y)"using assms unfolding lapprox_rat_def p_def[symmetric] round_down_def real_of_int_minus[symmetric]   powr_int[of 2, simplified]  by (auto simp add: inverse_eq_divide intro!: mult_nonneg_nonneg divide_nonneg_pos mult_pos_pos)lemma rapprox_rat: "real x / real y ≤ real (rapprox_rat prec x y)"  using round_up by (simp add: rapprox_rat_def)lemma rapprox_rat_le1:  fixes n x y  assumes xy: "0 ≤ x" "0 < y" "x ≤ y"  shows "real (rapprox_rat n x y) ≤ 1"proof -  have "bitlen ¦x¦ ≤ bitlen ¦y¦"    using xy unfolding bitlen_def by (auto intro!: floor_mono)  then have "0 ≤ rat_precision n ¦x¦ ¦y¦" by (simp add: rat_precision_def)  have "real ⌈real x / real y * 2 powr real (rat_precision n ¦x¦ ¦y¦)⌉      ≤ real ⌈2 powr real (rat_precision n ¦x¦ ¦y¦)⌉"    using xy by (auto intro!: ceiling_mono simp: field_simps)  also have "… = 2 powr real (rat_precision n ¦x¦ ¦y¦)"    using `0 ≤ rat_precision n ¦x¦ ¦y¦`    by (auto intro!: exI[of _ "2^nat (rat_precision n ¦x¦ ¦y¦)"] simp: powr_int)  finally show ?thesis    by (simp add: rapprox_rat_def round_up_def)       (simp add: powr_minus inverse_eq_divide)qedlemma rapprox_rat_nonneg_neg:   "0 ≤ x ==> y < 0 ==> real (rapprox_rat n x y) ≤ 0"  unfolding rapprox_rat_def round_up_def  by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)lemma rapprox_rat_neg:  "x < 0 ==> 0 < y ==> real (rapprox_rat n x y) ≤ 0"  unfolding rapprox_rat_def round_up_def  by (auto simp: field_simps mult_le_0_iff)lemma rapprox_rat_nonpos_pos:  "x ≤ 0 ==> 0 < y ==> real (rapprox_rat n x y) ≤ 0"  unfolding rapprox_rat_def round_up_def  by (auto simp: field_simps mult_le_0_iff)lemma float_divl: "real (float_divl prec x y) ≤ real x / real y"  by transfer (simp add: round_down)lemma float_divl_lower_bound:  "0 ≤ x ==> 0 < y ==> 0 ≤ real (float_divl prec x y)"  by transfer (simp add: round_down_def zero_le_mult_iff zero_le_divide_iff)lemma exponent_1: "exponent 1 = 0"  using exponent_float[of 1 0] by (simp add: one_float_def)lemma mantissa_1: "mantissa 1 = 1"  using mantissa_float[of 1 0] by (simp add: one_float_def)lemma bitlen_1: "bitlen 1 = 1"  by (simp add: bitlen_def)lemma mantissa_eq_zero_iff: "mantissa x = 0 <-> x = 0"proof  assume "mantissa x = 0" hence z: "0 = real x" using mantissa_exponent by simp  show "x = 0" by (simp add: zero_float_def z)qed (simp add: zero_float_def)lemma float_upper_bound: "x ≤ 2 powr (bitlen ¦mantissa x¦ + exponent x)"proof (cases "x = 0", simp)  assume "x ≠ 0" hence "mantissa x ≠ 0" using mantissa_eq_zero_iff by auto  have "x = mantissa x * 2 powr (exponent x)" by (rule mantissa_exponent)  also have "mantissa x ≤ ¦mantissa x¦" by simp  also have "... ≤ 2 powr (bitlen ¦mantissa x¦)"    using bitlen_bounds[of "¦mantissa x¦"] bitlen_nonneg `mantissa x ≠ 0`    by (simp add: powr_int) (simp only: two_real_int int_of_reals real_of_int_abs[symmetric]      real_of_int_le_iff less_imp_le)  finally show ?thesis by (simp add: powr_add)qedlemma float_divl_pos_less1_bound:  "0 < real x ==> real x < 1 ==> prec ≥ 1 ==> 1 ≤ real (float_divl prec 1 x)"proof transfer  fix prec :: nat and x :: real assume x: "0 < x" "x < 1" "x ∈ float" and prec: "1 ≤ prec"  def p ≡ "int prec + ⌊log 2 ¦x¦⌋"   show "1 ≤ round_down (int prec + ⌊log 2 ¦x¦⌋ - ⌊log 2 ¦1¦⌋) (1 / x) "  proof cases    assume nonneg: "0 ≤ p"    hence "2 powr real (p) = floor (real ((2::int) ^ nat p)) * floor (1::real)"      by (simp add: powr_int del: real_of_int_power) simp    also have "floor (1::real) ≤ floor (1 / x)" using x prec by simp    also have "floor (real ((2::int) ^ nat p)) * floor (1 / x) ≤      floor (real ((2::int) ^ nat p) * (1 / x))"      by (rule le_mult_floor) (auto simp: x prec less_imp_le)    finally have "2 powr real p ≤ floor (2 powr nat p / x)" by (simp add: powr_realpow)    thus ?thesis unfolding p_def[symmetric]      using x prec nonneg by (simp add: powr_minus inverse_eq_divide round_down_def)  next    assume neg: "¬ 0 ≤ p"    have "x = 2 powr (log 2 x)"      using x by simp    also have "2 powr (log 2 x) ≤ 2 powr p"    proof (rule powr_mono)      have "log 2 x ≤ ⌈log 2 x⌉"        by simp      also have "… ≤ ⌊log 2 x⌋ + 1"        using ceiling_diff_floor_le_1[of "log 2 x"] by simp      also have "… ≤ ⌊log 2 x⌋ + prec"        using prec by simp      finally show "log 2 x ≤ real p"        using x by (simp add: p_def)    qed simp    finally have x_le: "x ≤ 2 powr p" .    from neg have "2 powr real p ≤ 2 powr 0"      by (intro powr_mono) auto    also have "… ≤ ⌊2 powr 0⌋" by simp    also have "… ≤ ⌊2 powr real p / x⌋" unfolding real_of_int_le_iff      using x x_le by (intro floor_mono) (simp add:  pos_le_divide_eq mult_pos_pos)    finally show ?thesis      using prec x unfolding p_def[symmetric]      by (simp add: round_down_def powr_minus_divide pos_le_divide_eq mult_pos_pos)  qedqedlemma float_divr: "real x / real y ≤ real (float_divr prec x y)"  using round_up by transfer simplemma float_divr_pos_less1_lower_bound: assumes "0 < x" and "x < 1" shows "1 ≤ float_divr prec 1 x"proof -  have "1 ≤ 1 / real x" using `0 < x` and `x < 1` by auto  also have "… ≤ real (float_divr prec 1 x)" using float_divr[where x=1 and y=x] by auto  finally show ?thesis by autoqedlemma float_divr_nonpos_pos_upper_bound:  "real x ≤ 0 ==> 0 < real y ==> real (float_divr prec x y) ≤ 0"  by transfer (auto simp: field_simps mult_le_0_iff divide_le_0_iff round_up_def)lemma float_divr_nonneg_neg_upper_bound:  "0 ≤ real x ==> real y < 0 ==> real (float_divr prec x y) ≤ 0"  by transfer (auto simp: field_simps mult_le_0_iff zero_le_mult_iff divide_le_0_iff round_up_def)lift_definition float_round_up :: "nat => float => float" is  "λ(prec::nat) x. round_up (prec - ⌊log 2 ¦x¦⌋ - 1) x" by simplemma float_round_up: "real x ≤ real (float_round_up prec x)"  using round_up by transfer simplift_definition float_round_down :: "nat => float => float" is  "λ(prec::nat) x. round_down (prec - ⌊log 2 ¦x¦⌋ - 1) x" by simplemma float_round_down: "real (float_round_down prec x) ≤ real x"  using round_down by transfer simplemma floor_add2[simp]: "⌊ real i + x ⌋ = i + ⌊ x ⌋"  using floor_add[of x i] by (simp del: floor_add add: ac_simps)lemma compute_float_round_down[code]:  "float_round_down prec (Float m e) = (let d = bitlen (abs m) - int prec in    if 0 < d then let P = 2^nat d ; n = m div P in Float n (e + d)             else Float m e)"  using Float.compute_float_down[of "prec - bitlen ¦m¦ - e" m e, symmetric]  by transfer (simp add: field_simps abs_mult log_mult bitlen_def cong del: if_weak_cong)hide_fact (open) compute_float_round_downlemma compute_float_round_up[code]:  "float_round_up prec (Float m e) = (let d = (bitlen (abs m) - int prec) in     if 0 < d then let P = 2^nat d ; n = m div P ; r = m mod P                   in Float (n + (if r = 0 then 0 else 1)) (e + d)              else Float m e)"  using Float.compute_float_up[of "prec - bitlen ¦m¦ - e" m e, symmetric]  unfolding Let_def  by transfer (simp add: field_simps abs_mult log_mult bitlen_def cong del: if_weak_cong)hide_fact (open) compute_float_round_uplemma Float_le_zero_iff: "Float a b ≤ 0 <-> a ≤ 0" apply (auto simp: zero_float_def mult_le_0_iff) using powr_gt_zero[of 2 b] by simplemma real_of_float_pprt[simp]: fixes a::float shows "real (pprt a) = pprt (real a)"  unfolding pprt_def sup_float_def max_def sup_real_def by autolemma real_of_float_nprt[simp]: fixes a::float shows "real (nprt a) = nprt (real a)"  unfolding nprt_def inf_float_def min_def inf_real_def by autolift_definition int_floor_fl :: "float => int" is floor by simplemma compute_int_floor_fl[code]:  "int_floor_fl (Float m e) = (if 0 ≤ e then m * 2 ^ nat e else m div (2 ^ (nat (-e))))"  by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)hide_fact (open) compute_int_floor_fllift_definition floor_fl :: "float => float" is "λx. real (floor x)" by simplemma compute_floor_fl[code]:  "floor_fl (Float m e) = (if 0 ≤ e then Float m e else Float (m div (2 ^ (nat (-e)))) 0)"  by transfer (simp add: powr_int int_of_reals floor_divide_eq_div del: real_of_ints)hide_fact (open) compute_floor_fllemma floor_fl: "real (floor_fl x) ≤ real x" by transfer simplemma int_floor_fl: "real (int_floor_fl x) ≤ real x" by transfer simplemma floor_pos_exp: "exponent (floor_fl x) ≥ 0"proof cases  assume nzero: "floor_fl x ≠ float_of 0"  have "floor_fl x = Float ⌊real x⌋ 0" by transfer simp  from denormalize_shift[OF this[THEN eq_reflection] nzero] guess i . note i = this  thus ?thesis by simpqed (simp add: floor_fl_def)end`