Theory HOL-Library.Float
section ‹Floating-Point Numbers›
theory Float
imports Log_Nat Lattice_Algebras
begin
definition "float = {m * 2 powr e | (m :: int) (e :: int). True}"
typedef float = float
morphisms real_of_float float_of
unfolding float_def by auto
setup_lifting type_definition_float
declare real_of_float [code_unfold]
lemmas float_of_inject[simp]
declare [[coercion "real_of_float :: float ⇒ real"]]
lemma real_of_float_eq: "f1 = f2 ⟷ real_of_float f1 = real_of_float f2" for f1 f2 :: float
unfolding real_of_float_inject ..
declare real_of_float_inverse[simp] float_of_inverse [simp]
declare real_of_float [simp]
subsection ‹Real operations preserving the representation as floating point number›
lemma floatI: "m * 2 powr e = x ⟹ x ∈ float" for m e :: int
by (auto simp: float_def)
lemma zero_float[simp]: "0 ∈ float"
by (auto simp: float_def)
lemma one_float[simp]: "1 ∈ float"
by (intro floatI[of 1 0]) simp
lemma numeral_float[simp]: "numeral i ∈ float"
by (intro floatI[of "numeral i" 0]) simp
lemma neg_numeral_float[simp]: "- numeral i ∈ float"
by (intro floatI[of "- numeral i" 0]) simp
lemma real_of_int_float[simp]: "real_of_int x ∈ float" for x :: int
by (intro floatI[of x 0]) simp
lemma real_of_nat_float[simp]: "real x ∈ float" for x :: nat
by (intro floatI[of x 0]) simp
lemma two_powr_int_float[simp]: "2 powr (real_of_int i) ∈ float" for i :: int
by (intro floatI[of 1 i]) simp
lemma two_powr_nat_float[simp]: "2 powr (real i) ∈ float" for i :: nat
by (intro floatI[of 1 i]) simp
lemma two_powr_minus_int_float[simp]: "2 powr - (real_of_int i) ∈ float" for i :: int
by (intro floatI[of 1 "-i"]) simp
lemma two_powr_minus_nat_float[simp]: "2 powr - (real i) ∈ float" for i :: nat
by (intro floatI[of 1 "-i"]) simp
lemma two_powr_numeral_float[simp]: "2 powr numeral i ∈ float"
by (intro floatI[of 1 "numeral i"]) simp
lemma two_powr_neg_numeral_float[simp]: "2 powr - numeral i ∈ float"
by (intro floatI[of 1 "- numeral i"]) simp
lemma two_pow_float[simp]: "2 ^ n ∈ float"
by (intro floatI[of 1 n]) (simp add: powr_realpow)
lemma plus_float[simp]: "r ∈ float ⟹ p ∈ float ⟹ r + p ∈ float"
unfolding float_def
proof (safe, simp)
have *: "∃(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
if "e1 ≤ e2" for e1 m1 e2 m2 :: int
proof -
from that have "m1 * 2 powr e1 + m2 * 2 powr e2 = (m1 + m2 * 2 ^ nat (e2 - e1)) * 2 powr e1"
by (simp add: powr_diff field_simps flip: powr_realpow)
then show ?thesis
by blast
qed
fix e1 m1 e2 m2 :: int
consider "e2 ≤ e1" | "e1 ≤ e2" by (rule linorder_le_cases)
then show "∃(m::int) (e::int). m1 * 2 powr e1 + m2 * 2 powr e2 = m * 2 powr e"
proof cases
case 1
from *[OF this, of m2 m1] show ?thesis
by (simp add: ac_simps)
next
case 2
then show ?thesis by (rule *)
qed
qed
lemma uminus_float[simp]: "x ∈ float ⟹ -x ∈ float"
by (simp add: float_def) (metis mult_minus_left of_int_minus)
lemma times_float[simp]: "x ∈ float ⟹ y ∈ float ⟹ x * y ∈ float"
apply (clarsimp simp: float_def mult_ac)
by (metis mult.assoc of_int_mult of_int_add powr_add)
lemma minus_float[simp]: "x ∈ float ⟹ y ∈ float ⟹ x - y ∈ float"
using plus_float [of x "- y"] by simp
lemma abs_float[simp]: "x ∈ float ⟹ ¦x¦ ∈ float"
by (cases x rule: linorder_cases[of 0]) auto
lemma sgn_of_float[simp]: "x ∈ float ⟹ sgn x ∈ float"
by (cases x rule: linorder_cases[of 0]) (auto intro!: uminus_float)
lemma div_power_2_float[simp]: "x ∈ float ⟹ x / 2^d ∈ float"
by (simp add: float_def) (metis of_int_diff of_int_of_nat_eq powr_diff powr_realpow zero_less_numeral times_divide_eq_right)
lemma div_power_2_int_float[simp]: "x ∈ float ⟹ x / (2::int)^d ∈ float"
by simp
lemma div_numeral_Bit0_float[simp]:
assumes "x / numeral n ∈ float"
shows "x / (numeral (Num.Bit0 n)) ∈ float"
proof -
have "(x / numeral n) / 2^1 ∈ float"
by (intro assms div_power_2_float)
also have "(x / numeral n) / 2^1 = x / (numeral (Num.Bit0 n))"
by (induct n) auto
finally show ?thesis .
qed
lemma div_neg_numeral_Bit0_float[simp]:
assumes "x / numeral n ∈ float"
shows "x / (- numeral (Num.Bit0 n)) ∈ float"
using assms by force
lemma power_float[simp]:
assumes "a ∈ float"
shows "a ^ b ∈ float"
proof -
from assms obtain m e :: int where "a = m * 2 powr e"
by (auto simp: float_def)
then show ?thesis
by (auto intro!: floatI[where m="m^b" and e = "e*b"]
simp: power_mult_distrib powr_realpow[symmetric] powr_powr)
qed
lift_definition Float :: "int ⇒ int ⇒ float" is "λ(m::int) (e::int). m * 2 powr e"
by simp
declare Float.rep_eq[simp]
code_datatype Float
lemma compute_real_of_float[code]:
"real_of_float (Float m e) = (if e ≥ 0 then m * 2 ^ nat e else m / 2 ^ (nat (-e)))"
by (simp add: powr_int)
subsection ‹Arithmetic operations on floating point numbers›
instantiation float :: "{ring_1,linorder,linordered_ring,linordered_idom,numeral,equal}"
begin
lift_definition zero_float :: float is 0 by simp
declare zero_float.rep_eq[simp]
lift_definition one_float :: float is 1 by simp
declare one_float.rep_eq[simp]
lift_definition plus_float :: "float ⇒ float ⇒ float" is "(+)" by simp
declare plus_float.rep_eq[simp]
lift_definition times_float :: "float ⇒ float ⇒ float" is "(*)" by simp
declare times_float.rep_eq[simp]
lift_definition minus_float :: "float ⇒ float ⇒ float" is "(-)" by simp
declare minus_float.rep_eq[simp]
lift_definition uminus_float :: "float ⇒ float" is "uminus" by simp
declare uminus_float.rep_eq[simp]
lift_definition abs_float :: "float ⇒ float" is abs by simp
declare abs_float.rep_eq[simp]
lift_definition sgn_float :: "float ⇒ float" is sgn by simp
declare sgn_float.rep_eq[simp]
lift_definition equal_float :: "float ⇒ float ⇒ bool" is "(=) :: real ⇒ real ⇒ bool" .
lift_definition less_eq_float :: "float ⇒ float ⇒ bool" is "(≤)" .
declare less_eq_float.rep_eq[simp]
lift_definition less_float :: "float ⇒ float ⇒ bool" is "(<)" .
declare less_float.rep_eq[simp]
instance
by standard (transfer; fastforce simp add: field_simps intro: mult_left_mono mult_right_mono)+
end
lemma real_of_float [simp]: "real_of_float (of_nat n) = of_nat n"
by (induct n) simp_all
lemma real_of_float_of_int_eq [simp]: "real_of_float (of_int z) = of_int z"
by (cases z rule: int_diff_cases) (simp_all add: of_rat_diff)
lemma Float_0_eq_0[simp]: "Float 0 e = 0"
by transfer simp
lemma real_of_float_power[simp]: "real_of_float (f^n) = real_of_float f^n" for f :: float
by (induct n) simp_all
lemma real_of_float_min: "real_of_float (min x y) = min (real_of_float x) (real_of_float y)"
and real_of_float_max: "real_of_float (max x y) = max (real_of_float x) (real_of_float y)"
for x y :: float
by (simp_all add: min_def max_def)
instance float :: unbounded_dense_linorder
proof
fix a b :: float
show "∃c. a < c"
by (metis Float.real_of_float less_float.rep_eq reals_Archimedean2)
show "∃c. c < a"
by (metis add_0 add_strict_right_mono neg_less_0_iff_less zero_less_one)
show "∃c. a < c ∧ c < b" if "a < b"
apply (rule exI[of _ "(a + b) * Float 1 (- 1)"])
using that
apply transfer
apply (simp add: powr_minus)
done
qed
instantiation float :: lattice_ab_group_add
begin
definition inf_float :: "float ⇒ float ⇒ float"
where "inf_float a b = min a b"
definition sup_float :: "float ⇒ float ⇒ float"
where "sup_float a b = max a b"
instance
by standard (transfer; simp add: inf_float_def sup_float_def real_of_float_min real_of_float_max)+
end
lemma float_numeral[simp]: "real_of_float (numeral x :: float) = numeral x"
by (metis of_int_numeral real_of_float_of_int_eq)
lemma transfer_numeral [transfer_rule]:
"rel_fun (=) pcr_float (numeral :: _ ⇒ real) (numeral :: _ ⇒ float)"
by (simp add: rel_fun_def float.pcr_cr_eq cr_float_def)
lemma float_neg_numeral[simp]: "real_of_float (- numeral x :: float) = - numeral x"
by simp
lemma transfer_neg_numeral [transfer_rule]:
"rel_fun (=) pcr_float (- numeral :: _ ⇒ real) (- numeral :: _ ⇒ float)"
by (simp add: rel_fun_def float.pcr_cr_eq cr_float_def)
lemma float_of_numeral: "numeral k = float_of (numeral k)"
and float_of_neg_numeral: "- numeral k = float_of (- numeral k)"
unfolding real_of_float_eq by simp_all
subsection ‹Quickcheck›
instantiation float :: exhaustive
begin
definition exhaustive_float where
"exhaustive_float f d =
Quickcheck_Exhaustive.exhaustive (λx. Quickcheck_Exhaustive.exhaustive (λy. f (Float x y)) d) d"
instance ..
end
context
includes term_syntax
begin
definition [code_unfold]:
"valtermify_float x y = Code_Evaluation.valtermify Float {⋅} x {⋅} y"
end
instantiation float :: full_exhaustive
begin
definition
"full_exhaustive_float f d =
Quickcheck_Exhaustive.full_exhaustive
(λx. Quickcheck_Exhaustive.full_exhaustive (λy. f (valtermify_float x y)) d) d"
instance ..
end
instantiation float :: random
begin
definition "Quickcheck_Random.random i =
scomp (Quickcheck_Random.random (2 ^ nat_of_natural i))
(λman. scomp (Quickcheck_Random.random i) (λexp. Pair (valtermify_float man exp)))"
instance ..
end
subsection ‹Represent floats as unique mantissa and exponent›
lemma int_induct_abs[case_names less]:
fixes j :: int
assumes H: "⋀n. (⋀i. ¦i¦ < ¦n¦ ⟹ P i) ⟹ P n"
shows "P j"
proof (induct "nat ¦j¦" arbitrary: j rule: less_induct)
case less
show ?case by (rule H[OF less]) simp
qed
lemma int_cancel_factors:
fixes n :: int
assumes "1 < r"
shows "n = 0 ∨ (∃k i. n = k * r ^ i ∧ ¬ r dvd k)"
proof (induct n rule: int_induct_abs)
case (less n)
have "∃k i. n = k * r ^ Suc i ∧ ¬ r dvd k" if "n ≠ 0" "n = m * r" for m
proof -
from that have "¦m ¦ < ¦n¦"
using ‹1 < r› by (simp add: abs_mult)
from less[OF this] that show ?thesis by auto
qed
then show ?case
by (metis dvd_def monoid_mult_class.mult.right_neutral mult.commute power_0)
qed
lemma mult_powr_eq_mult_powr_iff_asym:
fixes m1 m2 e1 e2 :: int
assumes m1: "¬ 2 dvd m1"
and "e1 ≤ e2"
shows "m1 * 2 powr e1 = m2 * 2 powr e2 ⟷ m1 = m2 ∧ e1 = e2"
(is "?lhs ⟷ ?rhs")
proof
show ?rhs if eq: ?lhs
proof -
have "m1 ≠ 0"
using m1 unfolding dvd_def by auto
from ‹e1 ≤ e2› eq have "m1 = m2 * 2 powr nat (e2 - e1)"
by (simp add: powr_diff field_simps)
also have "… = m2 * 2^nat (e2 - e1)"
by (simp add: powr_realpow)
finally have m1_eq: "m1 = m2 * 2^nat (e2 - e1)"
by linarith
with m1 have "m1 = m2"
by (cases "nat (e2 - e1)") (auto simp add: dvd_def)
then show ?thesis
using eq ‹m1 ≠ 0› by (simp add: powr_inj)
qed
show ?lhs if ?rhs
using that by simp
qed
lemma mult_powr_eq_mult_powr_iff:
"¬ 2 dvd m1 ⟹ ¬ 2 dvd m2 ⟹ m1 * 2 powr e1 = m2 * 2 powr e2 ⟷ m1 = m2 ∧ e1 = e2"
for m1 m2 e1 e2 :: int
using mult_powr_eq_mult_powr_iff_asym[of m1 e1 e2 m2]
using mult_powr_eq_mult_powr_iff_asym[of m2 e2 e1 m1]
by (cases e1 e2 rule: linorder_le_cases) auto
lemma floatE_normed:
assumes x: "x ∈ float"
obtains (zero) "x = 0"
| (powr) m e :: int where "x = m * 2 powr e" "¬ 2 dvd m" "x ≠ 0"
proof -
have "∃(m::int) (e::int). x = m * 2 powr e ∧ ¬ (2::int) dvd m" if "x ≠ 0"
proof -
from x obtain m e :: int where x: "x = m * 2 powr e"
by (auto simp: float_def)
with ‹x ≠ 0› int_cancel_factors[of 2 m] obtain k i where "m = k * 2 ^ i" "¬ 2 dvd k"
by auto
with ‹¬ 2 dvd k› x show ?thesis
apply (rule_tac exI[of _ "k"])
apply (rule_tac exI[of _ "e + int i"])
apply (simp add: powr_add powr_realpow)
done
qed
with that show thesis by blast
qed
lemma float_normed_cases:
fixes f :: float
obtains (zero) "f = 0"
| (powr) m e :: int where "real_of_float f = m * 2 powr e" "¬ 2 dvd m" "f ≠ 0"
proof (atomize_elim, induct f)
case (float_of y)
then show ?case
by (cases rule: floatE_normed) (auto simp: zero_float_def)
qed
definition mantissa :: "float ⇒ int"
where "mantissa f =
fst (SOME p::int × int. (f = 0 ∧ fst p = 0 ∧ snd p = 0) ∨
(f ≠ 0 ∧ real_of_float f = real_of_int (fst p) * 2 powr real_of_int (snd p) ∧ ¬ 2 dvd fst p))"
definition exponent :: "float ⇒ int"
where "exponent f =
snd (SOME p::int × int. (f = 0 ∧ fst p = 0 ∧ snd p = 0) ∨
(f ≠ 0 ∧ real_of_float f = real_of_int (fst p) * 2 powr real_of_int (snd p) ∧ ¬ 2 dvd fst p))"
lemma exponent_0[simp]: "exponent 0 = 0" (is ?E)
and mantissa_0[simp]: "mantissa 0 = 0" (is ?M)
proof -
have "⋀p::int × int. fst p = 0 ∧ snd p = 0 ⟷ p = (0, 0)"
by auto
then show ?E ?M
by (auto simp add: mantissa_def exponent_def zero_float_def)
qed
lemma mantissa_exponent: "real_of_float f = mantissa f * 2 powr exponent f" (is ?E)
and mantissa_not_dvd: "f ≠ 0 ⟹ ¬ 2 dvd mantissa f" (is "_ ⟹ ?D")
proof cases
assume [simp]: "f ≠ 0"
have "f = mantissa f * 2 powr exponent f ∧ ¬ 2 dvd mantissa f"
proof (cases f rule: float_normed_cases)
case zero
then show ?thesis by simp
next
case (powr m e)
then have "∃p::int × int. (f = 0 ∧ fst p = 0 ∧ snd p = 0) ∨
(f ≠ 0 ∧ real_of_float f = real_of_int (fst p) * 2 powr real_of_int (snd p) ∧ ¬ 2 dvd fst p)"
by auto
then show ?thesis
unfolding exponent_def mantissa_def
by (rule someI2_ex) simp
qed
then show ?E ?D by auto
qed simp
lemma mantissa_noteq_0: "f ≠ 0 ⟹ mantissa f ≠ 0"
using mantissa_not_dvd[of f] by auto
lemma mantissa_eq_zero_iff: "mantissa x = 0 ⟷ x = 0"
(is "?lhs ⟷ ?rhs")
proof
show ?rhs if ?lhs
proof -
from that have z: "0 = real_of_float x"
using mantissa_exponent by simp
show ?thesis
by (simp add: zero_float_def z)
qed
show ?lhs if ?rhs
using that by simp
qed
lemma mantissa_pos_iff: "0 < mantissa x ⟷ 0 < x"
by (auto simp: mantissa_exponent algebra_split_simps)
lemma mantissa_nonneg_iff: "0 ≤ mantissa x ⟷ 0 ≤ x"
by (auto simp: mantissa_exponent algebra_split_simps)
lemma mantissa_neg_iff: "0 > mantissa x ⟷ 0 > x"
by (auto simp: mantissa_exponent algebra_split_simps)
lemma
fixes m e :: int
defines "f ≡ float_of (m * 2 powr e)"
assumes dvd: "¬ 2 dvd m"
shows mantissa_float: "mantissa f = m" (is "?M")
and exponent_float: "m ≠ 0 ⟹ exponent f = e" (is "_ ⟹ ?E")
proof cases
assume "m = 0"
with dvd show "mantissa f = m" by auto
next
assume "m ≠ 0"
then have f_not_0: "f ≠ 0" by (simp add: f_def zero_float_def)
from mantissa_exponent[of f] have "m * 2 powr e = mantissa f * 2 powr exponent f"
by (auto simp add: f_def)
then show ?M ?E
using mantissa_not_dvd[OF f_not_0] dvd
by (auto simp: mult_powr_eq_mult_powr_iff)
qed
subsection ‹Compute arithmetic operations›
lemma Float_mantissa_exponent: "Float (mantissa f) (exponent f) = f"
unfolding real_of_float_eq mantissa_exponent[of f] by simp
lemma Float_cases [cases type: float]:
fixes f :: float
obtains (Float) m e :: int where "f = Float m e"
using Float_mantissa_exponent[symmetric]
by (atomize_elim) auto
lemma denormalize_shift:
assumes f_def: "f = Float m e"
and not_0: "f ≠ 0"
obtains i where "m = mantissa f * 2 ^ i" "e = exponent f - i"
proof
from mantissa_exponent[of f] f_def
have "m * 2 powr e = mantissa f * 2 powr exponent f"
by simp
then have eq: "m = mantissa f * 2 powr (exponent f - e)"
by (simp add: powr_diff field_simps)
moreover
have "e ≤ exponent f"
proof (rule ccontr)
assume "¬ e ≤ exponent f"
then have pos: "exponent f < e" by simp
then have "2 powr (exponent f - e) = 2 powr - real_of_int (e - exponent f)"
by simp
also have "… = 1 / 2^nat (e - exponent f)"
using pos by (simp flip: powr_realpow add: powr_diff)
finally have "m * 2^nat (e - exponent f) = real_of_int (mantissa f)"
using eq by simp
then have "mantissa f = m * 2^nat (e - exponent f)"
by linarith
with ‹exponent f < e› have "2 dvd mantissa f"
by (force intro: dvdI[where k="m * 2^(nat (e-exponent f)) div 2"])
then show False using mantissa_not_dvd[OF not_0] by simp
qed
ultimately have "real_of_int m = mantissa f * 2^nat (exponent f - e)"
by (simp flip: powr_realpow)
with ‹e ≤ exponent f›
show "m = mantissa f * 2 ^ nat (exponent f - e)"
by linarith
show "e = exponent f - nat (exponent f - e)"
using ‹e ≤ exponent f› by auto
qed
context
begin
qualified lemma compute_float_zero[code_unfold, code]: "0 = Float 0 0"
by transfer simp
qualified lemma compute_float_one[code_unfold, code]: "1 = Float 1 0"
by transfer simp
lift_definition normfloat :: "float ⇒ float" is "λx. x" .
lemma normloat_id[simp]: "normfloat x = x" by transfer rule
qualified lemma compute_normfloat[code]:
"normfloat (Float m e) =
(if m mod 2 = 0 ∧ m ≠ 0 then normfloat (Float (m div 2) (e + 1))
else if m = 0 then 0 else Float m e)"
by transfer (auto simp add: powr_add zmod_eq_0_iff)
qualified lemma compute_float_numeral[code_abbrev]: "Float (numeral k) 0 = numeral k"
by transfer simp
qualified lemma compute_float_neg_numeral[code_abbrev]: "Float (- numeral k) 0 = - numeral k"
by transfer simp
qualified lemma compute_float_uminus[code]: "- Float m1 e1 = Float (- m1) e1"
by transfer simp
qualified lemma compute_float_times[code]: "Float m1 e1 * Float m2 e2 = Float (m1 * m2) (e1 + e2)"
by transfer (simp add: field_simps powr_add)
qualified lemma compute_float_plus[code]:
"Float m1 e1 + Float m2 e2 =
(if m1 = 0 then Float m2 e2
else if m2 = 0 then Float m1 e1
else if e1 ≤ e2 then Float (m1 + m2 * 2^nat (e2 - e1)) e1
else Float (m2 + m1 * 2^nat (e1 - e2)) e2)"
by transfer (simp add: field_simps powr_realpow[symmetric] powr_diff)
qualified lemma compute_float_minus[code]: "f - g = f + (-g)" for f g :: float
by simp
qualified lemma compute_float_sgn[code]:
"sgn (Float m1 e1) = (if 0 < m1 then 1 else if m1 < 0 then -1 else 0)"
by transfer (simp add: sgn_mult)
lift_definition is_float_pos :: "float ⇒ bool" is "(<) 0 :: real ⇒ bool" .
qualified lemma compute_is_float_pos[code]: "is_float_pos (Float m e) ⟷ 0 < m"
by transfer (auto simp add: zero_less_mult_iff not_le[symmetric, of _ 0])
lift_definition is_float_nonneg :: "float ⇒ bool" is "(≤) 0 :: real ⇒ bool" .
qualified lemma compute_is_float_nonneg[code]: "is_float_nonneg (Float m e) ⟷ 0 ≤ m"
by transfer (auto simp add: zero_le_mult_iff not_less[symmetric, of _ 0])
lift_definition is_float_zero :: "float ⇒ bool" is "(=) 0 :: real ⇒ bool" .
qualified lemma compute_is_float_zero[code]: "is_float_zero (Float m e) ⟷ 0 = m"
by transfer (auto simp add: is_float_zero_def)
qualified lemma compute_float_abs[code]: "¦Float m e¦ = Float ¦m¦ e"
by transfer (simp add: abs_mult)
qualified lemma compute_float_eq[code]: "equal_class.equal f g = is_float_zero (f - g)"
by transfer simp
end
subsection ‹Lemmas for types \<^typ>‹real›, \<^typ>‹nat›, \<^typ>‹int››
lemmas real_of_ints =
of_int_add
of_int_minus
of_int_diff
of_int_mult
of_int_power
of_int_numeral of_int_neg_numeral
lemmas int_of_reals = real_of_ints[symmetric]
subsection ‹Rounding Real Numbers›
definition round_down :: "int ⇒ real ⇒ real"
where "round_down prec x = ⌊x * 2 powr prec⌋ * 2 powr -prec"
definition round_up :: "int ⇒ real ⇒ real"
where "round_up prec x = ⌈x * 2 powr prec⌉ * 2 powr -prec"
lemma round_down_float[simp]: "round_down prec x ∈ float"
unfolding round_down_def
by (auto intro!: times_float simp flip: of_int_minus)
lemma round_up_float[simp]: "round_up prec x ∈ float"
unfolding round_up_def
by (auto intro!: times_float simp flip: of_int_minus)
lemma round_up: "x ≤ round_up prec x"
by (simp add: powr_minus_divide le_divide_eq round_up_def ceiling_correct)
lemma round_down: "round_down prec x ≤ x"
by (simp add: powr_minus_divide divide_le_eq round_down_def)
lemma round_up_0[simp]: "round_up p 0 = 0"
unfolding round_up_def by simp
lemma round_down_0[simp]: "round_down p 0 = 0"
unfolding round_down_def by simp
lemma round_up_diff_round_down: "round_up prec x - round_down prec x ≤ 2 powr -prec"
proof -
have "round_up prec x - round_down prec x = (⌈x * 2 powr prec⌉ - ⌊x * 2 powr prec⌋) * 2 powr -prec"
by (simp add: round_up_def round_down_def field_simps)
also have "… ≤ 1 * 2 powr -prec"
by (rule mult_mono)
(auto simp flip: of_int_diff simp: ceiling_diff_floor_le_1)
finally show ?thesis by simp
qed
lemma round_down_shift: "round_down p (x * 2 powr k) = 2 powr k * round_down (p + k) x"
unfolding round_down_def
by (simp add: powr_add powr_mult field_simps powr_diff)
(simp flip: powr_add)
lemma round_up_shift: "round_up p (x * 2 powr k) = 2 powr k * round_up (p + k) x"
unfolding round_up_def
by (simp add: powr_add powr_mult field_simps powr_diff)
(simp flip: powr_add)
lemma round_up_uminus_eq: "round_up p (-x) = - round_down p x"
and round_down_uminus_eq: "round_down p (-x) = - round_up p x"
by (auto simp: round_up_def round_down_def ceiling_def)
lemma round_up_mono: "x ≤ y ⟹ round_up p x ≤ round_up p y"
by (auto intro!: ceiling_mono simp: round_up_def)
lemma round_up_le1:
assumes "x ≤ 1" "prec ≥ 0"
shows "round_up prec x ≤ 1"
proof -
have "real_of_int ⌈x * 2 powr prec⌉ ≤ real_of_int ⌈2 powr real_of_int prec⌉"
using assms by (auto intro!: ceiling_mono)
also have "… = 2 powr prec" using assms by (auto simp: powr_int intro!: exI[where x="2^nat prec"])
finally show ?thesis
by (simp add: round_up_def) (simp add: powr_minus inverse_eq_divide)
qed
lemma round_up_less1:
assumes "x < 1 / 2" "p > 0"
shows "round_up p x < 1"
proof -
have "x * 2 powr p < 1 / 2 * 2 powr p"
using assms by simp
also have "… ≤ 2 powr p - 1" using ‹p > 0›
by (auto simp: powr_diff powr_int field_simps self_le_power)
finally show ?thesis using ‹p > 0›
by (simp add: round_up_def field_simps powr_minus powr_int ceiling_less_iff)
qed
lemma round_down_ge1:
assumes x: "x ≥ 1"
assumes prec: "p ≥ - log 2 x"
shows "1 ≤ round_down p x"
proof cases
assume nonneg: "0 ≤ p"
have "2 powr p = real_of_int ⌊2 powr real_of_int p⌋"
using nonneg by (auto simp: powr_int)
also have "… ≤ real_of_int ⌊x * 2 powr p⌋"
using assms by (auto intro!: floor_mono)
finally show ?thesis
by (simp add: round_down_def) (simp add: powr_minus inverse_eq_divide)
next
assume neg: "¬ 0 ≤ p"
have "x = 2 powr (log 2 x)"
using x by simp
also have "2 powr (log 2 x) ≥ 2 powr - p"
using prec by auto
finally have x_le: "x ≥ 2 powr -p" .
from neg have "2 powr real_of_int p ≤ 2 powr 0"
by (intro powr_mono) auto
also have "… ≤ ⌊2 powr 0::real⌋" by simp
also have "… ≤ ⌊x * 2 powr (real_of_int p)⌋"
unfolding of_int_le_iff
using x x_le by (intro floor_mono) (simp add: powr_minus_divide field_simps)
finally show ?thesis
using prec x
by (simp add: round_down_def powr_minus_divide pos_le_divide_eq)
qed
lemma round_up_le0: "x ≤ 0 ⟹ round_up p x ≤ 0"
unfolding round_up_def
by (auto simp: field_simps mult_le_0_iff zero_le_mult_iff)
subsection ‹Rounding Floats›
definition div_twopow :: "int ⇒ nat ⇒ int"
where [simp]: "div_twopow x n = x div (2 ^ n)"
definition mod_twopow :: "int ⇒ nat ⇒ int"
where [simp]: "mod_twopow x n = x mod (2 ^ n)"
lemma compute_div_twopow[code]:
"div_twopow x n = (if x = 0 ∨ x = -1 ∨ n = 0 then x else div_twopow (x div 2) (n - 1))"
by (cases n) (auto simp: zdiv_zmult2_eq div_eq_minus1)
lemma compute_mod_twopow[code]:
"mod_twopow x n = (if n = 0 then 0 else x mod 2 + 2 * mod_twopow (x div 2) (n - 1))"
by (cases n) (auto simp: zmod_zmult2_eq)
lift_definition float_up :: "int ⇒ float ⇒ float" is round_up by simp
declare float_up.rep_eq[simp]
lemma round_up_correct: "round_up e f - f ∈ {0..2 powr -e}"
unfolding atLeastAtMost_iff
proof
have "round_up e f - f ≤ round_up e f - round_down e f"
using round_down by simp
also have "… ≤ 2 powr -e"
using round_up_diff_round_down by simp
finally show "round_up e f - f ≤ 2 powr - (real_of_int e)"
by simp
qed (simp add: algebra_simps round_up)
lemma float_up_correct: "real_of_float (float_up e f) - real_of_float f ∈ {0..2 powr -e}"
by transfer (rule round_up_correct)
lift_definition float_down :: "int ⇒ float ⇒ float" is round_down by simp
declare float_down.rep_eq[simp]
lemma round_down_correct: "f - (round_down e f) ∈ {0..2 powr -e}"
unfolding atLeastAtMost_iff
proof
have "f - round_down e f ≤ round_up e f - round_down e f"
using round_up by simp
also have "… ≤ 2 powr -e"
using round_up_diff_round_down by simp
finally show "f - round_down e f ≤ 2 powr - (real_of_int e)"
by simp
qed (simp add: algebra_simps round_down)
lemma float_down_correct: "real_of_float f - real_of_float (float_down e f) ∈ {0..2 powr -e}"
by transfer (rule round_down_correct)
context
begin
qualified lemma compute_float_down[code]:
"float_down p (Float m e) =
(if p + e < 0 then Float (div_twopow m (nat (-(p + e)))) (-p) else Float m e)"
proof (cases "p + e < 0")
case True
then have "real_of_int ((2::int) ^ nat (-(p + e))) = 2 powr (-(p + e))"
using powr_realpow[of 2 "nat (-(p + e))"] by simp
also have "… = 1 / 2 powr p / 2 powr e"
unfolding powr_minus_divide of_int_minus by (simp add: powr_add)
finally show ?thesis
using ‹p + e < 0›
apply transfer
apply (simp add: round_down_def field_simps flip: floor_divide_of_int_eq powr_add)
apply (metis (no_types, opaque_lifting) Float.rep_eq
add.inverse_inverse compute_real_of_float diff_minus_eq_add
floor_divide_of_int_eq int_of_reals(1) linorder_not_le
minus_add_distrib of_int_eq_numeral_power_cancel_iff )
done
next
case False
then have r: "real_of_int e + real_of_int p = real (nat (e + p))"
by simp
have r: "⌊(m * 2 powr e) * 2 powr real_of_int p⌋ = (m * 2 powr e) * 2 powr real_of_int p"
by (auto intro: exI[where x="m*2^nat (e+p)"]
simp add: ac_simps powr_add[symmetric] r powr_realpow)
with ‹¬ p + e < 0› show ?thesis
by transfer (auto simp add: round_down_def field_simps powr_add powr_minus)
qed
lemma abs_round_down_le: "¦f - (round_down e f)¦ ≤ 2 powr -e"
using round_down_correct[of f e] by simp
lemma abs_round_up_le: "¦f - (round_up e f)¦ ≤ 2 powr -e"
using round_up_correct[of e f] by simp
lemma round_down_nonneg: "0 ≤ s ⟹ 0 ≤ round_down p s"
by (auto simp: round_down_def)
lemma ceil_divide_floor_conv:
assumes "b ≠ 0"
shows "⌈real_of_int a / real_of_int b⌉ =
(if b dvd a then a div b else ⌊real_of_int a / real_of_int b⌋ + 1)"
proof (cases "b dvd a")
case True
then show ?thesis
by (simp add: ceiling_def floor_divide_of_int_eq dvd_neg_div
flip: of_int_minus divide_minus_left)
next
case False
then have "a mod b ≠ 0"
by auto
then have ne: "real_of_int (a mod b) / real_of_int b ≠ 0"
using ‹b ≠ 0› by auto
have "⌈real_of_int a / real_of_int b⌉ = ⌊real_of_int a / real_of_int b⌋ + 1"
by (metis add_cancel_left_right ceiling_altdef floor_divide_of_int_eq ne of_int_div_aux)
then show ?thesis
using ‹¬ b dvd a› by simp
qed
qualified lemma compute_float_up[code]: "float_up p x = - float_down p (-x)"
by transfer (simp add: round_down_uminus_eq)
end
lemma bitlen_Float:
fixes m e
defines [THEN meta_eq_to_obj_eq]: "f ≡ Float m e"
shows "bitlen ¦mantissa f¦ + exponent f = (if m = 0 then 0 else bitlen ¦m¦ + e)"
proof (cases "m = 0")
case True
then show ?thesis by (simp add: f_def bitlen_alt_def)
next
case False
then have "f ≠ 0"
unfolding real_of_float_eq by (simp add: f_def)
then have "mantissa f ≠ 0"
by (simp add: mantissa_eq_zero_iff)
moreover
obtain i where "m = mantissa f * 2 ^ i" "e = exponent f - int i"
by (rule f_def[THEN denormalize_shift, OF ‹f ≠ 0›])
ultimately show ?thesis by (simp add: abs_mult)
qed
lemma float_gt1_scale:
assumes "1 ≤ Float m e"
shows "0 ≤ e + (bitlen m - 1)"
proof -
have "0 < Float m e" using assms by auto
then have "0 < m" using powr_gt_zero[of 2 e]
by (auto simp: zero_less_mult_iff)
then have "m ≠ 0" by auto
show ?thesis
proof (cases "0 ≤ e")
case True
then show ?thesis
using ‹0 < m› by (simp add: bitlen_alt_def)
next
case False
have "(1::int) < 2" by simp
let ?S = "2^(nat (-e))"
have "inverse (2 ^ nat (- e)) = 2 powr e"
using assms False powr_realpow[of 2 "nat (-e)"]
by (auto simp: powr_minus field_simps)
then have "1 ≤ real_of_int m * inverse ?S"
using assms False powr_realpow[of 2 "nat (-e)"]
by (auto simp: powr_minus)
then have "1 * ?S ≤ real_of_int m * inverse ?S * ?S"
by (rule mult_right_mono) auto
then have "?S ≤ real_of_int m"
unfolding mult.assoc by auto
then have "?S ≤ m"
unfolding of_int_le_iff[symmetric] by auto
from this bitlen_bounds[OF ‹0 < m›, THEN conjunct2]
have "nat (-e) < (nat (bitlen m))"
unfolding power_strict_increasing_iff[OF ‹1 < 2›, symmetric]
by (rule order_le_less_trans)
then have "-e < bitlen m"
using False by auto
then show ?thesis
by auto
qed
qed
subsection ‹Truncating Real Numbers›
definition truncate_down::"nat ⇒ real ⇒ real"
where "truncate_down prec x = round_down (prec - ⌊log 2 ¦x¦⌋) x"
lemma truncate_down: "truncate_down prec x ≤ x"
using round_down by (simp add: truncate_down_def)
lemma truncate_down_le: "x ≤ y ⟹ truncate_down prec x ≤ y"
by (rule order_trans[OF truncate_down])
lemma truncate_down_zero[simp]: "truncate_down prec 0 = 0"
by (simp add: truncate_down_def)
lemma truncate_down_float[simp]: "truncate_down p x ∈ float"
by (auto simp: truncate_down_def)
definition truncate_up::"nat ⇒ real ⇒ real"
where "truncate_up prec x = round_up (prec - ⌊log 2 ¦x¦⌋) x"
lemma truncate_up: "x ≤ truncate_up prec x"
using round_up by (simp add: truncate_up_def)
lemma truncate_up_le: "x ≤ y ⟹ x ≤ truncate_up prec y"
by (rule order_trans[OF _ truncate_up])
lemma truncate_up_zero[simp]: "truncate_up prec 0 = 0"
by (simp add: truncate_up_def)
lemma truncate_up_uminus_eq: "truncate_up prec (-x) = - truncate_down prec x"
and truncate_down_uminus_eq: "truncate_down prec (-x) = - truncate_up prec x"
by (auto simp: truncate_up_def round_up_def truncate_down_def round_down_def ceiling_def)
lemma truncate_up_float[simp]: "truncate_up p x ∈ float"
by (auto simp: truncate_up_def)
lemma mult_powr_eq: "0 < b ⟹ b ≠ 1 ⟹ 0 < x ⟹ x * b powr y = b powr (y + log b x)"
by (simp_all add: powr_add)
lemma truncate_down_pos:
assumes "x > 0"
shows "truncate_down p x > 0"
proof -
have "0 ≤ log 2 x - real_of_int ⌊log 2 x⌋"
by (simp add: algebra_simps)
moreover have "0 ≤ real p - real_of_int ⌊log 2 x⌋ + log 2 x"
by linarith
ultimately show ?thesis
using assms
by (auto simp: truncate_down_def round_down_def mult_powr_eq
intro!: ge_one_powr_ge_zero mult_pos_pos)
qed
lemma truncate_down_nonneg: "0 ≤ y ⟹ 0 ≤ truncate_down prec y"
by (auto simp: truncate_down_def round_down_def)
lemma truncate_down_ge1: "1 ≤ x ⟹ 1 ≤ truncate_down p x"
apply (auto simp: truncate_down_def algebra_simps intro!: round_down_ge1)
apply linarith
done
lemma truncate_up_nonpos: "x ≤ 0 ⟹ truncate_up prec x ≤ 0"
by (auto simp: truncate_up_def round_up_def intro!: mult_nonpos_nonneg)
lemma truncate_up_le1:
assumes "x ≤ 1"
shows "truncate_up p x ≤ 1"
proof -
consider "x ≤ 0" | "x > 0"
by arith
then show ?thesis
proof cases
case 1
with truncate_up_nonpos[OF this, of p] show ?thesis
by simp
next
case 2
then have le: "⌊log 2 ¦x¦⌋ ≤ 0"
using assms by (auto simp: log_less_iff)
from assms have "0 ≤ int p" by simp
from add_mono[OF this le]
show ?thesis
using assms by (simp add: truncate_up_def round_up_le1 add_mono)
qed
qed
lemma truncate_down_shift_int:
"truncate_down p (x * 2 powr real_of_int k) = truncate_down p x * 2 powr k"
by (cases "x = 0")
(simp_all add: algebra_simps abs_mult log_mult truncate_down_def
round_down_shift[of _ _ k, simplified])
lemma truncate_down_shift_nat: "truncate_down p (x * 2 powr real k) = truncate_down p x * 2 powr k"
by (metis of_int_of_nat_eq truncate_down_shift_int)
lemma truncate_up_shift_int: "truncate_up p (x * 2 powr real_of_int k) = truncate_up p x * 2 powr k"
by (cases "x = 0")
(simp_all add: algebra_simps abs_mult log_mult truncate_up_def
round_up_shift[of _ _ k, simplified])
lemma truncate_up_shift_nat: "truncate_up p (x * 2 powr real k) = truncate_up p x * 2 powr k"
by (metis of_int_of_nat_eq truncate_up_shift_int)
subsection ‹Truncating Floats›
lift_definition float_round_up :: "nat ⇒ float ⇒ float" is truncate_up
by (simp add: truncate_up_def)
lemma float_round_up: "real_of_float x ≤ real_of_float (float_round_up prec x)"
using truncate_up by transfer simp
lemma float_round_up_zero[simp]: "float_round_up prec 0 = 0"
by transfer simp
lift_definition float_round_down :: "nat ⇒ float ⇒ float" is truncate_down
by (simp add: truncate_down_def)
lemma float_round_down: "real_of_float (float_round_down prec x) ≤ real_of_float x"
using truncate_down by transfer simp
lemma float_round_down_zero[simp]: "float_round_down prec 0 = 0"
by transfer simp
lemmas float_round_up_le = order_trans[OF _ float_round_up]
and float_round_down_le = order_trans[OF float_round_down]
lemma minus_float_round_up_eq: "- float_round_up prec x = float_round_down prec (- x)"
and minus_float_round_down_eq: "- float_round_down prec x = float_round_up prec (- x)"
by (transfer; simp add: truncate_down_uminus_eq truncate_up_uminus_eq)+
context
begin
qualified lemma compute_float_round_down[code]:
"float_round_down prec (Float m e) =
(let d = bitlen ¦m¦ - int prec - 1 in
if 0 < d then Float (div_twopow m (nat d)) (e + d)
else Float m e)"
using Float.compute_float_down[of "Suc prec - bitlen ¦m¦ - e" m e, symmetric]
by transfer
(simp add: field_simps abs_mult log_mult bitlen_alt_def truncate_down_def
cong del: if_weak_cong)
qualified lemma compute_float_round_up[code]:
"float_round_up prec x = - float_round_down prec (-x)"
by transfer (simp add: truncate_down_uminus_eq)
end
lemma truncate_up_nonneg_mono:
assumes "0 ≤ x" "x ≤ y"
shows "truncate_up prec x ≤ truncate_up prec y"
proof -
consider "⌊log 2 x⌋ = ⌊log 2 y⌋" | "⌊log 2 x⌋ ≠ ⌊log 2 y⌋" "0 < x" | "x ≤ 0"
by arith
then show ?thesis
proof cases
case 1
then show ?thesis
using assms
by (auto simp: truncate_up_def round_up_def intro!: ceiling_mono)
next
case 2
from assms ‹0 < x› have "log 2 x ≤ log 2 y"
by auto
with ‹⌊log 2 x⌋ ≠ ⌊log 2 y⌋›
have logless: "log 2 x < log 2 y"
by linarith
have flogless: "⌊log 2 x⌋ < ⌊log 2 y⌋"
using ‹⌊log 2 x⌋ ≠ ⌊log 2 y⌋› ‹log 2 x ≤ log 2 y› by linarith
have "truncate_up prec x =
real_of_int ⌈x * 2 powr real_of_int (int prec - ⌊log 2 x⌋ )⌉ * 2 powr - real_of_int (int prec - ⌊log 2 x⌋)"
using assms by (simp add: truncate_up_def round_up_def)
also have "⌈x * 2 powr real_of_int (int prec - ⌊log 2 x⌋)⌉ ≤ (2 ^ (Suc prec))"
proof (simp only: ceiling_le_iff)
have "x * 2 powr real_of_int (int prec - ⌊log 2 x⌋) ≤
x * (2 powr real (Suc prec) / (2 powr log 2 x))"
using real_of_int_floor_add_one_ge[of "log 2 x"] assms
by (auto simp: algebra_simps simp flip: powr_diff intro!: mult_left_mono)
then show "x * 2 powr real_of_int (int prec - ⌊log 2 x⌋) ≤ real_of_int ((2::int) ^ (Suc prec))"
using ‹0 < x› by (simp add: powr_realpow powr_add)
qed
then have "real_of_int ⌈x * 2 powr real_of_int (int prec - ⌊log 2 x⌋)⌉ ≤ 2 powr int (Suc prec)"
by (auto simp: powr_realpow powr_add)
(metis power_Suc of_int_le_numeral_power_cancel_iff)
also
have "2 powr - real_of_int (int prec - ⌊log 2 x⌋) ≤ 2 powr - real_of_int (int prec - ⌊log 2 y⌋ + 1)"
using logless flogless by (auto intro!: floor_mono)
also have "2 powr real_of_int (int (Suc prec)) ≤
2 powr (log 2 y + real_of_int (int prec - ⌊log 2 y⌋ + 1))"
using assms ‹0 < x›
by (auto simp: algebra_simps)
finally have "truncate_up prec x ≤
2 powr (log 2 y + real_of_int (int prec - ⌊log 2 y⌋ + 1)) * 2 powr - real_of_int (int prec - ⌊log 2 y⌋ + 1)"
by simp
also have "… = 2 powr (log 2 y + real_of_int (int prec - ⌊log 2 y⌋) - real_of_int (int prec - ⌊log 2 y⌋))"
by (subst powr_add[symmetric]) simp
also have "… = y"
using ‹0 < x› assms
by (simp add: powr_add)
also have "… ≤ truncate_up prec y"
by (rule truncate_up)
finally show ?thesis .
next
case 3
then show ?thesis
using assms
by (auto intro!: truncate_up_le)
qed
qed
lemma truncate_up_switch_sign_mono:
assumes "x ≤ 0" "0 ≤ y"
shows "truncate_up prec x ≤ truncate_up prec y"
proof -
note truncate_up_nonpos[OF ‹x ≤ 0›]
also note truncate_up_le[OF ‹0 ≤ y›]
finally show ?thesis .
qed
lemma truncate_down_switch_sign_mono:
assumes "x ≤ 0"
and "0 ≤ y"
and "x ≤ y"
shows "truncate_down prec x ≤ truncate_down prec y"
proof -
note truncate_down_le[OF ‹x ≤ 0›]
also note truncate_down_nonneg[OF ‹0 ≤ y›]
finally show ?thesis .
qed
lemma truncate_down_nonneg_mono:
assumes "0 ≤ x" "x ≤ y"
shows "truncate_down prec x ≤ truncate_down prec y"
proof -
consider "x ≤ 0" | "⌊log 2 ¦x¦⌋ = ⌊log 2 ¦y¦⌋" |
"0 < x" "⌊log 2 ¦x¦⌋ ≠ ⌊log 2 ¦y¦⌋"
by arith
then show ?thesis
proof cases
case 1
with assms have "x = 0" "0 ≤ y" by simp_all
then show ?thesis
by (auto intro!: truncate_down_nonneg)
next
case 2
then show ?thesis
using assms
by (auto simp: truncate_down_def round_down_def intro!: floor_mono)
next
case 3
from ‹0 < x› have "log 2 x ≤ log 2 y" "0 < y" "0 ≤ y"
using assms by auto
with ‹⌊log 2 ¦x¦⌋ ≠ ⌊log 2 ¦y¦⌋›
have logless: "log 2 x < log 2 y" and flogless: "⌊log 2 x⌋ < ⌊log 2 y⌋"
unfolding atomize_conj abs_of_pos[OF ‹0 < x›] abs_of_pos[OF ‹0 < y›]
by (metis floor_less_cancel linorder_cases not_le)
have "2 powr prec ≤ y * 2 powr real prec / (2 powr log 2 y)"
using ‹0 < y› by simp
also have "… ≤ y * 2 powr real (Suc prec) / (2 powr (real_of_int ⌊log 2 y⌋ + 1))"
using ‹0 ≤ y› ‹0 ≤ x› assms(2)
by (auto intro!: powr_mono divide_left_mono
simp: of_nat_diff powr_add powr_diff)
also have "… = y * 2 powr real (Suc prec) / (2 powr real_of_int ⌊log 2 y⌋ * 2)"
by (auto simp: powr_add)
finally have "(2 ^ prec) ≤ ⌊y * 2 powr real_of_int (int (Suc prec) - ⌊log 2 ¦y¦⌋ - 1)⌋"
using ‹0 ≤ y›
by (auto simp: powr_diff le_floor_iff powr_realpow powr_add)
then have "(2 ^ (prec)) * 2 powr - real_of_int (int prec - ⌊log 2 ¦y¦⌋) ≤ truncate_down prec y"
by (auto simp: truncate_down_def round_down_def)
moreover have "x ≤ (2 ^ prec) * 2 powr - real_of_int (int prec - ⌊log 2 ¦y¦⌋)"
proof -
have "x = 2 powr (log 2 ¦x¦)" using ‹0 < x› by simp
also have "… ≤ (2 ^ (Suc prec )) * 2 powr - real_of_int (int prec - ⌊log 2 ¦x¦⌋)"
using real_of_int_floor_add_one_ge[of "log 2 ¦x¦"] ‹0 < x›
by (auto simp flip: powr_realpow powr_add simp: algebra_simps powr_mult_base le_powr_iff)
also
have "2 powr - real_of_int (int prec - ⌊log 2 ¦x¦⌋) ≤ 2 powr - real_of_int (int prec - ⌊log 2 ¦y¦⌋ + 1)"
using logless flogless ‹x > 0› ‹y > 0›
by (auto intro!: floor_mono)
finally show ?thesis
by (auto simp flip: powr_realpow simp: powr_diff assms of_nat_diff)
qed
ultimately show ?thesis
by (metis dual_order.trans truncate_down)
qed
qed
lemma truncate_down_eq_truncate_up: "truncate_down p x = - truncate_up p (-x)"
and truncate_up_eq_truncate_down: "truncate_up p x = - truncate_down p (-x)"
by (auto simp: truncate_up_uminus_eq truncate_down_uminus_eq)
lemma truncate_down_mono: "x ≤ y ⟹ truncate_down p x ≤ truncate_down p y"
by (smt (verit) truncate_down_nonneg_mono truncate_up_nonneg_mono truncate_up_uminus_eq)
lemma truncate_up_mono: "x ≤ y ⟹ truncate_up p x ≤ truncate_up p y"
by (simp add: truncate_up_eq_truncate_down truncate_down_mono)
lemma truncate_up_nonneg: "0 ≤ truncate_up p x" if "0 ≤ x"
by (simp add: that truncate_up_le)
lemma truncate_up_pos: "0 < truncate_up p x" if "0 < x"
by (meson less_le_trans that truncate_up)
lemma truncate_up_less_zero_iff[simp]: "truncate_up p x < 0 ⟷ x < 0"
by (smt (verit) truncate_down_pos truncate_down_uminus_eq truncate_up_nonneg)
lemma truncate_up_nonneg_iff[simp]: "truncate_up p x ≥ 0 ⟷ x ≥ 0"
using truncate_up_less_zero_iff[of p x] truncate_up_nonneg[of x]
by linarith
lemma truncate_down_less_zero_iff[simp]: "truncate_down p x < 0 ⟷ x < 0"
by (metis le_less_trans not_less_iff_gr_or_eq truncate_down truncate_down_pos truncate_down_zero)
lemma truncate_down_nonneg_iff[simp]: "truncate_down p x ≥ 0 ⟷ x ≥ 0"
using truncate_down_less_zero_iff[of p x] truncate_down_nonneg[of x p]
by linarith
lemma truncate_down_eq_zero_iff[simp]: "truncate_down prec x = 0 ⟷ x = 0"
by (metis not_less_iff_gr_or_eq truncate_down_less_zero_iff truncate_down_pos truncate_down_zero)
lemma truncate_up_eq_zero_iff[simp]: "truncate_up prec x = 0 ⟷ x = 0"
by (metis not_less_iff_gr_or_eq truncate_up_less_zero_iff truncate_up_pos truncate_up_zero)
subsection ‹Approximation of positive rationals›
lemma div_mult_twopow_eq: "a div ((2::nat) ^ n) div b = a div (b * 2 ^ n)" for a b :: nat
by (cases "b = 0") (simp_all add: div_mult2_eq[symmetric] ac_simps)
lemma real_div_nat_eq_floor_of_divide: "a div b = real_of_int ⌊a / b⌋" for a b :: nat
by (simp add: floor_divide_of_nat_eq [of a b])
definition "rat_precision prec x y =
(let d = bitlen x - bitlen y
in int prec - d + (if Float (abs x) 0 < Float (abs y) d then 1 else 0))"
lemma floor_log_divide_eq:
assumes "i > 0" "j > 0" "p > 1"
shows "⌊log p (i / j)⌋ = floor (log p i) - floor (log p j) -
(if i ≥ j * p powr (floor (log p i) - floor (log p j)) then 0 else 1)"
proof -
let ?l = "log p"
let ?fl = "λx. floor (?l x)"
have "⌊?l (i / j)⌋ = ⌊?l i - ?l j⌋" using assms
by (auto simp: log_divide)
also have "… = floor (real_of_int (?fl i - ?fl j) + (?l i - ?fl i - (?l j - ?fl j)))"
(is "_ = floor (_ + ?r)")
by (simp add: algebra_simps)
also note floor_add2
also note ‹p > 1›
note powr = powr_le_cancel_iff[symmetric, OF ‹1 < p›, THEN iffD2]
note powr_strict = powr_less_cancel_iff[symmetric, OF ‹1 < p›, THEN iffD2]
have "floor ?r = (if i ≥ j * p powr (?fl i - ?fl j) then 0 else -1)" (is "_ = ?if")
using assms
by (linarith |
auto
intro!: floor_eq2
intro: powr_strict powr
simp: powr_diff powr_add field_split_simps algebra_simps)+
finally
show ?thesis by simp
qed
lemma truncate_down_rat_precision:
"truncate_down prec (real x / real y) = round_down (rat_precision prec x y) (real x / real y)"
and truncate_up_rat_precision:
"truncate_up prec (real x / real y) = round_up (rat_precision prec x y) (real x / real y)"
unfolding truncate_down_def truncate_up_def rat_precision_def
by (cases x; cases y) (auto simp: floor_log_divide_eq algebra_simps bitlen_alt_def)
lift_definition lapprox_posrat :: "nat ⇒ nat ⇒ nat ⇒ float"
is "λprec (x::nat) (y::nat). truncate_down prec (x / y)"
by simp
context
begin
qualified lemma compute_lapprox_posrat[code]:
"lapprox_posrat prec x y =
(let
l = rat_precision prec x y;
d = if 0 ≤ l then x * 2^nat l div y else x div 2^nat (- l) div y
in normfloat (Float d (- l)))"
unfolding div_mult_twopow_eq
by transfer
(simp add: round_down_def powr_int real_div_nat_eq_floor_of_divide field_simps Let_def
truncate_down_rat_precision del: two_powr_minus_int_float)
end
lift_definition rapprox_posrat :: "nat ⇒ nat ⇒ nat ⇒ float"
is "λprec (x::nat) (y::nat). truncate_up prec (x / y)"
by simp
context
begin
qualified lemma compute_rapprox_posrat[code]:
fixes prec x y
defines "l ≡ rat_precision prec x y"
shows "rapprox_posrat prec x y =
(let
l = l;
(r, s) = if 0 ≤ l then (x * 2^nat l, y) else (x, y * 2^nat(-l));
d = r div s;
m = r mod s
in normfloat (Float (d + (if m = 0 ∨ y = 0 then 0 else 1)) (- l)))"
proof (cases "y = 0")
assume "y = 0"
then show ?thesis by transfer simp
next
assume "y ≠ 0"
show ?thesis
proof (cases "0 ≤ l")
case True
define x' where "x' = x * 2 ^ nat l"
have "int x * 2 ^ nat l = x'"
by (simp add: x'_def)
moreover have "real x * 2 powr l = real x'"
by (simp flip: powr_realpow add: ‹0 ≤ l› x'_def)
ultimately show ?thesis
using ceil_divide_floor_conv[of y x'] powr_realpow[of 2 "nat l"] ‹0 ≤ l› ‹y ≠ 0›
l_def[symmetric, THEN meta_eq_to_obj_eq]
apply transfer
apply (auto simp add: round_up_def truncate_up_rat_precision)
apply (metis floor_divide_of_int_eq of_int_of_nat_eq)
done
next
case False
define y' where "y' = y * 2 ^ nat (- l)"
from ‹y ≠ 0› have "y' ≠ 0" by (simp add: y'_def)
have "int y * 2 ^ nat (- l) = y'"
by (simp add: y'_def)
moreover have "real x * real_of_int (2::int) powr real_of_int l / real y = x / real y'"
using ‹¬ 0 ≤ l› by (simp flip: powr_realpow add: powr_minus y'_def field_simps)
ultimately show ?thesis
using ceil_divide_floor_conv[of y' x] ‹¬ 0 ≤ l› ‹y' ≠ 0› ‹y ≠ 0›
l_def[symmetric, THEN meta_eq_to_obj_eq]
apply transfer
apply (auto simp add: round_up_def ceil_divide_floor_conv truncate_up_rat_precision)
apply (metis floor_divide_of_int_eq of_int_of_nat_eq)
done
qed
qed
end
lemma rat_precision_pos:
assumes "0 ≤ x"
and "0 < y"
and "2 * x < y"
shows "rat_precision n (int x) (int y) > 0"
proof -
have "0 < x ⟹ log 2 x + 1 = log 2 (2 * x)"
by (simp add: log_mult)
then have "bitlen (int x) < bitlen (int y)"
using assms
by (simp add: bitlen_alt_def)
(auto intro!: floor_mono simp add: one_add_floor)
then show ?thesis
using assms
by (auto intro!: pos_add_strict simp add: field_simps rat_precision_def)
qed
lemma rapprox_posrat_less1:
"0 ≤ x ⟹ 0 < y ⟹ 2 * x < y ⟹ real_of_float (rapprox_posrat n x y) < 1"
by transfer (simp add: rat_precision_pos round_up_less1 truncate_up_rat_precision)
lift_definition lapprox_rat :: "nat ⇒ int ⇒ int ⇒ float" is
"λprec (x::int) (y::int). truncate_down prec (x / y)"
by simp
context
begin
qualified lemma compute_lapprox_rat[code]:
"lapprox_rat prec x y =
(if y = 0 then 0
else if 0 ≤ x then
(if 0 < y then lapprox_posrat prec (nat x) (nat y)
else - (rapprox_posrat prec (nat x) (nat (-y))))
else
(if 0 < y
then - (rapprox_posrat prec (nat (-x)) (nat y))
else lapprox_posrat prec (nat (-x)) (nat (-y))))"
by transfer (simp add: truncate_up_uminus_eq)
lift_definition rapprox_rat :: "nat ⇒ int ⇒ int ⇒ float" is
"λprec (x::int) (y::int). truncate_up prec (x / y)"
by simp
lemma "rapprox_rat = rapprox_posrat"
by transfer auto
lemma "lapprox_rat = lapprox_posrat"
by transfer auto
qualified lemma compute_rapprox_rat[code]:
"rapprox_rat prec x y = - lapprox_rat prec (-x) y"
by transfer (simp add: truncate_down_uminus_eq)
qualified lemma compute_truncate_down[code]:
"truncate_down p (Ratreal r) = (let (a, b) = quotient_of r in lapprox_rat p a b)"
by transfer (auto split: prod.split simp: of_rat_divide dest!: quotient_of_div)
qualified lemma compute_truncate_up[code]:
"truncate_up p (Ratreal r) = (let (a, b) = quotient_of r in rapprox_rat p a b)"
by transfer (auto split: prod.split simp: of_rat_divide dest!: quotient_of_div)
end
subsection ‹Division›
definition "real_divl prec a b = truncate_down prec (a / b)"
definition "real_divr prec a b = truncate_up prec (a / b)"
lift_definition float_divl :: "nat ⇒ float ⇒ float ⇒ float" is real_divl
by (simp add: real_divl_def)
context
begin
qualified lemma compute_float_divl[code]:
"float_divl prec (Float m1 s1) (Float m2 s2) = lapprox_rat prec m1 m2 * Float 1 (s1 - s2)"
apply transfer
unfolding real_divl_def of_int_1 mult_1 truncate_down_shift_int[symmetric]
apply (simp add: powr_diff powr_minus)
done
lift_definition float_divr :: "nat ⇒ float ⇒ float ⇒ float" is real_divr
by (simp add: real_divr_def)
qualified lemma compute_float_divr[code]:
"float_divr prec x y = - float_divl prec (-x) y"
by transfer (simp add: real_divr_def real_divl_def truncate_down_uminus_eq)
end
subsection ‹Approximate Addition›
definition "plus_down prec x y = truncate_down prec (x + y)"
definition "plus_up prec x y = truncate_up prec (x + y)"
lemma float_plus_down_float[intro, simp]: "x ∈ float ⟹ y ∈ float ⟹ plus_down p x y ∈ float"
by (simp add: plus_down_def)
lemma float_plus_up_float[intro, simp]: "x ∈ float ⟹ y ∈ float ⟹ plus_up p x y ∈ float"
by (simp add: plus_up_def)
lift_definition float_plus_down :: "nat ⇒ float ⇒ float ⇒ float" is plus_down ..
lift_definition float_plus_up :: "nat ⇒ float ⇒ float ⇒ float" is plus_up ..
lemma plus_down: "plus_down prec x y ≤ x + y"
and plus_up: "x + y ≤ plus_up prec x y"
by (auto simp: plus_down_def truncate_down plus_up_def truncate_up)
lemma float_plus_down: "real_of_float (float_plus_down prec x y) ≤ x + y"
and float_plus_up: "x + y ≤ real_of_float (float_plus_up prec x y)"
by (transfer; rule plus_down plus_up)+
lemmas plus_down_le = order_trans[OF plus_down]
and plus_up_le = order_trans[OF _ plus_up]
and float_plus_down_le = order_trans[OF float_plus_down]
and float_plus_up_le = order_trans[OF _ float_plus_up]
lemma compute_plus_up[code]: "plus_up p x y = - plus_down p (-x) (-y)"
using truncate_down_uminus_eq[of p "x + y"]
by (auto simp: plus_down_def plus_up_def)
lemma truncate_down_log2_eqI:
assumes "⌊log 2 ¦x¦⌋ = ⌊log 2 ¦y¦⌋"
assumes "⌊x * 2 powr (p - ⌊log 2 ¦x¦⌋)⌋ = ⌊y * 2 powr (p - ⌊log 2 ¦x¦⌋)⌋"
shows "truncate_down p x = truncate_down p y"
using assms by (auto simp: truncate_down_def round_down_def)
lemma sum_neq_zeroI:
"¦a¦ ≥ k ⟹ ¦b¦ < k ⟹ a + b ≠ 0"
"¦a¦ > k ⟹ ¦b¦ ≤ k ⟹ a + b ≠ 0"
for a k :: real
by auto
lemma abs_real_le_2_powr_bitlen[simp]: "¦real_of_int m2¦ < 2 powr real_of_int (bitlen ¦m2¦)"
proof (cases "m2 = 0")
case True
then show ?thesis by simp
next
case False
then have "¦m2¦ < 2 ^ nat (bitlen ¦m2¦)"
using bitlen_bounds[of "¦m2¦"]
by (auto simp: powr_add bitlen_nonneg)
then show ?thesis
by (metis bitlen_nonneg powr_int of_int_abs of_int_less_numeral_power_cancel_iff
zero_less_numeral)
qed
lemma floor_sum_times_2_powr_sgn_eq:
fixes ai p q :: int
and a b :: real
assumes "a * 2 powr p = ai"
and b_le_1: "¦b * 2 powr (p + 1)¦ ≤ 1"
and leqp: "q ≤ p"
shows "⌊(a + b) * 2 powr q⌋ = ⌊(2 * ai + sgn b) * 2 powr (q - p - 1)⌋"
proof -
consider "b = 0" | "b > 0" | "b < 0" by arith
then show ?thesis
proof cases
case 1
then show ?thesis
by (simp flip: assms(1) powr_add add: algebra_simps powr_mult_base)
next
case 2
then have "b * 2 powr p < ¦b * 2 powr (p + 1)¦"
by simp
also note b_le_1
finally have b_less_1: "b * 2 powr real_of_int p < 1" .
from b_less_1 ‹b > 0› have floor_eq: "⌊b * 2 powr real_of_int p⌋ = 0" "⌊sgn b / 2⌋ = 0"
by (simp_all add: floor_eq_iff)
have "⌊(a + b) * 2 powr q⌋ = ⌊(a + b) * 2 powr p * 2 powr (q - p)⌋"
by (simp add: algebra_simps flip: powr_realpow powr_add)
also have "… = ⌊(ai + b * 2 powr p) * 2 powr (q - p)⌋"
by (simp add: assms algebra_simps)
also have "… = ⌊(ai + b * 2 powr p) / real_of_int ((2::int) ^ nat (p - q))⌋"
using assms
by (simp add: algebra_simps divide_powr_uminus flip: powr_realpow powr_add)
also have "… = ⌊ai / real_of_int ((2::int) ^ nat (p - q))⌋"
by (simp del: of_int_power add: floor_divide_real_eq_div floor_eq)
finally have "⌊(a + b) * 2 powr real_of_int q⌋ = ⌊real_of_int ai / real_of_int ((2::int) ^ nat (p - q))⌋" .
moreover
have "⌊(2 * ai + (sgn b)) * 2 powr (real_of_int (q - p) - 1)⌋ =
⌊real_of_int ai / real_of_int ((2::int) ^ nat (p - q))⌋"
proof -
have "⌊(2 * ai + sgn b) * 2 powr (real_of_int (q - p) - 1)⌋ = ⌊(ai + sgn b / 2) * 2 powr (q - p)⌋"
by (subst powr_diff) (simp add: field_simps)
also have "… = ⌊(ai + sgn b / 2) / real_of_int ((2::int) ^ nat (p - q))⌋"
using leqp by (simp flip: powr_realpow add: powr_diff)
also have "… = ⌊ai / real_of_int ((2::int) ^ nat (p - q))⌋"
by (simp del: of_int_power add: floor_divide_real_eq_div floor_eq)
finally show ?thesis .
qed
ultimately show ?thesis by simp
next
case 3
then have floor_eq: "⌊b * 2 powr (real_of_int p + 1)⌋ = -1"
using b_le_1
by (auto simp: floor_eq_iff algebra_simps pos_divide_le_eq[symmetric] abs_if divide_powr_uminus
intro!: mult_neg_pos split: if_split_asm)
have "⌊(a + b) * 2 powr q⌋ = ⌊(2*a + 2*b) * 2 powr p * 2 powr (q - p - 1)⌋"
by (simp add: algebra_simps powr_mult_base flip: powr_realpow powr_add)
also have "… = ⌊(2 * (a * 2 powr p) + 2 * b * 2 powr p) * 2 powr (q - p - 1)⌋"
by (simp add: algebra_simps)
also have "… = ⌊(2 * ai + b * 2 powr (p + 1)) / 2 powr (1 - q + p)⌋"
using assms by (simp add: algebra_simps powr_mult_base divide_powr_uminus)
also have "… = ⌊(2 * ai + b * 2 powr (p + 1)) / real_of_int ((2::int) ^ nat (p - q + 1))⌋"
using assms by (simp add: algebra_simps flip: powr_realpow)
also have "… = ⌊(2 * ai - 1) / real_of_int ((2::int) ^ nat (p - q + 1))⌋"
using ‹b < 0› assms
by (simp add: floor_divide_of_int_eq floor_eq floor_divide_real_eq_div
del: of_int_mult of_int_power of_int_diff)
also have "… = ⌊(2 * ai - 1) * 2 powr (q - p - 1)⌋"
using assms by (simp add: algebra_simps divide_powr_uminus flip: powr_realpow)
finally show ?thesis
using ‹b < 0› by simp
qed
qed
lemma log2_abs_int_add_less_half_sgn_eq:
fixes ai :: int
and b :: real
assumes "¦b¦ ≤ 1/2"
and "ai ≠ 0"
shows "⌊log 2 ¦real_of_int ai + b¦⌋ = ⌊log 2 ¦ai + sgn b / 2¦⌋"
proof (cases "b = 0")
case True
then show ?thesis by simp
next
case False
define k where "k = ⌊log 2 ¦ai¦⌋"
then have "⌊log 2 ¦ai¦⌋ = k"
by simp
then have k: "2 powr k ≤ ¦ai¦" "¦ai¦ < 2 powr (k + 1)"
by (simp_all add: floor_log_eq_powr_iff ‹ai ≠ 0›)
have "k ≥ 0"
using assms by (auto simp: k_def)
define r where "r = ¦ai¦ - 2 ^ nat k"
have r: "0 ≤ r" "r < 2 powr k"
using ‹k ≥ 0› k
by (auto simp: r_def k_def algebra_simps powr_add abs_if powr_int)
then have "r ≤ (2::int) ^ nat k - 1"
using ‹k ≥ 0› by (auto simp: powr_int)
from this[simplified of_int_le_iff[symmetric]] ‹0 ≤ k›
have r_le: "r ≤ 2 powr k - 1"
by (auto simp: algebra_simps powr_int)
(metis of_int_1 of_int_add of_int_le_numeral_power_cancel_iff)
have "¦ai¦ = 2 powr k + r"
using ‹k ≥ 0› by (auto simp: k_def r_def simp flip: powr_realpow)
have pos: "¦b¦ < 1 ⟹ 0 < 2 powr k + (r + b)" for b :: real
using ‹0 ≤ k› ‹ai ≠ 0›
by (auto simp add: r_def powr_realpow[symmetric] abs_if sgn_if algebra_simps
split: if_split_asm)
have less: "¦sgn ai * b¦ < 1"
and less': "¦sgn (sgn ai * b) / 2¦ < 1"
using ‹¦b¦ ≤ _› by (auto simp: abs_if sgn_if split: if_split_asm)
have floor_eq: "⋀b::real. ¦b¦ ≤ 1 / 2 ⟹
⌊log 2 (1 + (r + b) / 2 powr k)⌋ = (if r = 0 ∧ b < 0 then -1 else 0)"
using ‹k ≥ 0› r r_le
by (auto simp: floor_log_eq_powr_iff powr_minus_divide field_simps sgn_if)
from ‹real_of_int ¦ai¦ = _› have "¦ai + b¦ = 2 powr k + (r + sgn ai * b)"
using ‹¦b¦ ≤ _› ‹0 ≤ k› r
by (auto simp add: sgn_if abs_if)
also have "⌊log 2 …⌋ = ⌊log 2 (2 powr k + r + sgn (sgn ai * b) / 2)⌋"
proof -
have "2 powr k + (r + (sgn ai) * b) = 2 powr k * (1 + (r + sgn ai * b) / 2 powr k)"
by (simp add: field_simps)
also have "⌊log 2 …⌋ = k + ⌊log 2 (1 + (r + sgn ai * b) / 2 powr k)⌋"
using pos[OF less]
by (subst log_mult) (simp_all add: log_mult powr_mult field_simps)
also
let ?if = "if r = 0 ∧ sgn ai * b < 0 then -1 else 0"
have "⌊log 2 (1 + (r + sgn ai * b) / 2 powr k)⌋ = ?if"
using ‹¦b¦ ≤ _›
by (intro floor_eq) (auto simp: abs_mult sgn_if)
also
have "… = ⌊log 2 (1 + (r + sgn (sgn ai * b) / 2) / 2 powr k)⌋"
by (subst floor_eq) (auto simp: sgn_if)
also have "k + … = ⌊log 2 (2 powr k * (1 + (r + sgn (sgn ai * b) / 2) / 2 powr k))⌋"
unfolding int_add_floor
using pos[OF less'] ‹¦b¦ ≤ _›
by (simp add: field_simps add_log_eq_powr del: floor_add2)
also have "2 powr k * (1 + (r + sgn (sgn ai * b) / 2) / 2 powr k) =
2 powr k + r + sgn (sgn ai * b) / 2"
by (simp add: sgn_if field_simps)
finally show ?thesis .
qed
also have "2 powr k + r + sgn (sgn ai * b) / 2 = ¦ai + sgn b / 2¦"
unfolding ‹real_of_int ¦ai¦ = _›[symmetric] using ‹ai ≠ 0›
by (auto simp: abs_if sgn_if algebra_simps)
finally show ?thesis .
qed
context
begin
qualified lemma compute_far_float_plus_down:
fixes m1 e1 m2 e2 :: int
and p :: nat
defines "k1 ≡ Suc p - nat (bitlen ¦m1¦)"
assumes H: "bitlen ¦m2¦ ≤ e1 - e2 - k1 - 2" "m1 ≠ 0" "m2 ≠ 0" "e1 ≥ e2"
shows "float_plus_down p (Float m1 e1) (Float m2 e2) =
float_round_down p (Float (m1 * 2 ^ (Suc (Suc k1)) + sgn m2) (e1 - int k1 - 2))"
proof -
let ?a = "real_of_float (Float m1 e1)"
let ?b = "real_of_float (Float m2 e2)"
let ?sum = "?a + ?b"
let ?shift = "real_of_int e2 - real_of_int e1 + real k1 + 1"
let ?m1 = "m1 * 2 ^ Suc k1"
let ?m2 = "m2 * 2 powr ?shift"
let ?m2' = "sgn m2 / 2"
let ?e = "e1 - int k1 - 1"
have sum_eq: "?sum = (?m1 + ?m2) * 2 powr ?e"
by (auto simp flip: powr_add powr_mult powr_realpow simp: powr_mult_base algebra_simps)
have "¦?m2¦ * 2 < 2 powr (bitlen ¦m2¦ + ?shift + 1)"
by (auto simp: field_simps powr_add powr_mult_base powr_diff abs_mult)
also have "… ≤ 2 powr 0"
using H by (intro powr_mono) auto
finally have abs_m2_less_half: "¦?m2¦ < 1 / 2"
by simp
then have "¦real_of_int m2¦ < 2 powr -(?shift + 1)"
unfolding powr_minus_divide by (auto simp: bitlen_alt_def field_simps powr_mult_base abs_mult)
also have "… ≤ 2 powr real_of_int (e1 - e2 - 2)"
by simp
finally have b_less_quarter: "¦?b¦ < 1/4 * 2 powr real_of_int e1"
by (simp add: powr_add field_simps powr_diff abs_mult)
also have "1/4 < ¦real_of_int m1¦ / 2" using ‹m1 ≠ 0› by simp
finally have b_less_half_a: "¦?b¦ < 1/2 * ¦?a¦"
by (simp add: algebra_simps powr_mult_base abs_mult)
then have a_half_less_sum: "¦?a¦ / 2 < ¦?sum¦"
by (auto simp: field_simps abs_if split: if_split_asm)
from b_less_half_a have "¦?b¦ < ¦?a¦" "¦?b¦ ≤ ¦?a¦"
by simp_all
have "¦real_of_float (Float m1 e1)¦ ≥ 1/4 * 2 powr real_of_int e1"
using ‹m1 ≠ 0›
by (auto simp: powr_add powr_int bitlen_nonneg divide_right_mono abs_mult)
then have "?sum ≠ 0" using b_less_quarter
by (rule sum_neq_zeroI)
then have "?m1 + ?m2 ≠ 0"
unfolding sum_eq by (simp add: abs_mult zero_less_mult_iff)
have "¦real_of_int ?m1¦ ≥ 2 ^ Suc k1" "¦?m2'¦ < 2 ^ Suc k1"
using ‹m1 ≠ 0› ‹m2 ≠ 0› by (auto simp: sgn_if less_1_mult abs_mult simp del: power.simps)
then have sum'_nz: "?m1 + ?m2' ≠ 0"
by (intro sum_neq_zeroI)
have "⌊log 2 ¦real_of_float (Float m1 e1) + real_of_float (Float m2 e2)¦⌋ = ⌊log 2 ¦?m1 + ?m2¦⌋ + ?e"
using ‹?m1 + ?m2 ≠ 0›
unfolding floor_add[symmetric] sum_eq
by (simp add: abs_mult log_mult) linarith
also have "⌊log 2 ¦?m1 + ?m2¦⌋ = ⌊log 2 ¦?m1 + sgn (real_of_int m2 * 2 powr ?shift) / 2¦⌋"
using abs_m2_less_half ‹m1 ≠ 0›
by (intro log2_abs_int_add_less_half_sgn_eq) (auto simp: abs_mult)
also have "sgn (real_of_int m2 * 2 powr ?shift) = sgn m2"
by (auto simp: sgn_if zero_less_mult_iff less_not_sym)
also
have "¦?m1 + ?m2'¦ * 2 powr ?e = ¦?m1 * 2 + sgn m2¦ * 2 powr (?e - 1)"
by (auto simp: field_simps powr_minus[symmetric] powr_diff powr_mult_base)
then have "⌊log 2 ¦?m1 + ?m2'¦⌋ + ?e = ⌊log 2 ¦real_of_float (Float (?m1 * 2 + sgn m2) (?e - 1))¦⌋"
using ‹?m1 + ?m2' ≠ 0›
unfolding floor_add_int
by (simp add: log_add_eq_powr abs_mult_pos del: floor_add2)
finally
have "⌊log 2 ¦?sum¦⌋ = ⌊log 2 ¦real_of_float (Float (?m1*2 + sgn m2) (?e - 1))¦⌋" .
then have "plus_down p (Float m1 e1) (Float m2 e2) =
truncate_down p (Float (?m1*2 + sgn m2) (?e - 1))"
unfolding plus_down_def
proof (rule truncate_down_log2_eqI)
let ?f = "(int p - ⌊log 2 ¦real_of_float (Float m1 e1) + real_of_float (Float m2 e2)¦⌋)"
let ?ai = "m1 * 2 ^ (Suc k1)"
have "⌊(?a + ?b) * 2 powr real_of_int ?f⌋ = ⌊(real_of_int (2 * ?ai) + sgn ?b) * 2 powr real_of_int (?f - - ?e - 1)⌋"
proof (rule floor_sum_times_2_powr_sgn_eq)
show "?a * 2 powr real_of_int (-?e) = real_of_int ?ai"
by (simp add: powr_add powr_realpow[symmetric] powr_diff)
show "¦?b * 2 powr real_of_int (-?e + 1)¦ ≤ 1"
using abs_m2_less_half
by (simp add: abs_mult powr_add[symmetric] algebra_simps powr_mult_base)
next
have "e1 + ⌊log 2 ¦real_of_int m1¦⌋ - 1 = ⌊log 2 ¦?a¦⌋ - 1"
using ‹m1 ≠ 0›
by (simp add: int_add_floor algebra_simps log_mult abs_mult del: floor_add2)
also have "… ≤ ⌊log 2 ¦?a + ?b¦⌋"
using a_half_less_sum ‹m1 ≠ 0› ‹?sum ≠ 0›
unfolding floor_diff_of_int[symmetric]
by (auto simp add: log_minus_eq_powr powr_minus_divide intro!: floor_mono)
finally
have "int p - ⌊log 2 ¦?a + ?b¦⌋ ≤ p - (bitlen ¦m1¦) - e1 + 2"
by (auto simp: algebra_simps bitlen_alt_def ‹m1 ≠ 0›)
also have "… ≤ - ?e"
using bitlen_nonneg[of "¦m1¦"] by (simp add: k1_def)
finally show "?f ≤ - ?e" by simp
qed
also have "sgn ?b = sgn m2"
using powr_gt_zero[of 2 e2]
by (auto simp add: sgn_if zero_less_mult_iff simp del: powr_gt_zero)
also have "⌊(real_of_int (2 * ?m1) + real_of_int (sgn m2)) * 2 powr real_of_int (?f - - ?e - 1)⌋ =
⌊Float (?m1 * 2 + sgn m2) (?e - 1) * 2 powr ?f⌋"
by (simp flip: powr_add powr_realpow add: algebra_simps)
finally
show "⌊(?a + ?b) * 2 powr ?f⌋ = ⌊real_of_float (Float (?m1 * 2 + sgn m2) (?e - 1)) * 2 powr ?f⌋" .
qed
then show ?thesis
by transfer (simp add: plus_down_def ac_simps Let_def)
qed
lemma compute_float_plus_down_naive[code]: "float_plus_down p x y = float_round_down p (x + y)"
by transfer (auto simp: plus_down_def)
qualified lemma compute_float_plus_down[code]:
fixes p::nat and m1 e1 m2 e2::int
shows "float_plus_down p (Float m1 e1) (Float m2 e2) =
(if m1 = 0 then float_round_down p (Float m2 e2)
else if m2 = 0 then float_round_down p (Float m1 e1)
else
(if e1 ≥ e2 then
(let k1 = Suc p - nat (bitlen ¦m1¦) in
if bitlen ¦m2¦ > e1 - e2 - k1 - 2
then float_round_down p ((Float m1 e1) + (Float m2 e2))
else float_round_down p (Float (m1 * 2 ^ (Suc (Suc k1)) + sgn m2) (e1 - int k1 - 2)))
else float_plus_down p (Float m2 e2) (Float m1 e1)))"
proof -
{
assume "bitlen ¦m2¦ ≤ e1 - e2 - (Suc p - nat (bitlen ¦m1¦)) - 2" "m1 ≠ 0" "m2 ≠ 0" "e1 ≥ e2"
note compute_far_float_plus_down[OF this]
}
then show ?thesis
by transfer (simp add: Let_def plus_down_def ac_simps)
qed
qualified lemma compute_float_plus_up[code]: "float_plus_up p x y = - float_plus_down p (-x) (-y)"
using truncate_down_uminus_eq[of p "x + y"]
by transfer (simp add: plus_down_def plus_up_def ac_simps)
lemma mantissa_zero: "mantissa 0 = 0"
by (fact mantissa_0)
qualified lemma compute_float_less[code]: "a < b ⟷ is_float_pos (float_plus_down 0 b (- a))"
using truncate_down[of 0 "b - a"] truncate_down_pos[of "b - a" 0]
by transfer (auto simp: plus_down_def)
qualified lemma compute_float_le[code]: "a ≤ b ⟷ is_float_nonneg (float_plus_down 0 b (- a))"
using truncate_down[of 0 "b - a"] truncate_down_nonneg[of "b - a" 0]
by transfer (auto simp: plus_down_def)
end
lemma plus_down_mono: "plus_down p a b ≤ plus_down p c d" if "a + b ≤ c + d"
by (auto simp: plus_down_def intro!: truncate_down_mono that)
lemma plus_up_mono: "plus_up p a b ≤ plus_up p c d" if "a + b ≤ c + d"
by (auto simp: plus_up_def intro!: truncate_up_mono that)
subsection ‹Approximate Multiplication›
lemma mult_mono_nonpos_nonneg: "a * b ≤ c * d"
if "a ≤ c" "a ≤ 0" "0 ≤ d" "d ≤ b" for a b c d::"'a::ordered_ring"
by (meson dual_order.trans mult_left_mono_neg mult_right_mono that)
lemma mult_mono_nonneg_nonpos: "b * a ≤ d * c"
if "a ≤ c" "c ≤ 0" "0 ≤ d" "d ≤ b" for a b c d::"'a::ordered_ring"
by (meson dual_order.trans mult_right_mono_neg mult_left_mono that)
lemma mult_mono_nonpos_nonpos: "a * b ≤ c * d"
if "a ≥ c" "a ≤ 0" "b ≥ d" "d ≤ 0" for a b c d::real
by (meson dual_order.trans mult_left_mono_neg mult_right_mono_neg that)
lemma mult_float_mono1:
shows "a ≤ b ⟹ ab ≤ bb ⟹
aa ≤ a ⟹
b ≤ ba ⟹
ac ≤ ab ⟹
bb ≤ bc ⟹
plus_down prec (nprt aa * pprt bc)
(plus_down prec (nprt ba * nprt bc)
(plus_down prec (pprt aa * pprt ac)
(pprt ba * nprt ac)))
≤ plus_down prec (nprt a * pprt bb)
(plus_down prec (nprt b * nprt bb)
(plus_down prec (pprt a * pprt ab)
(pprt b * nprt ab)))"
by (smt (verit, del_insts) mult_mono plus_down_mono add_mono nprt_mono nprt_le_zero zero_le_pprt
pprt_mono mult_mono_nonpos_nonneg mult_mono_nonpos_nonpos mult_mono_nonneg_nonpos)
lemma mult_float_mono2:
shows "a ≤ b ⟹
ab ≤ bb ⟹
aa ≤ a ⟹
b ≤ ba ⟹
ac ≤ ab ⟹
bb ≤ bc ⟹
plus_up prec (pprt b * pprt bb)
(plus_up prec (pprt a * nprt bb)
(plus_up prec (nprt b * pprt ab)
(nprt a * nprt ab)))
≤ plus_up prec (pprt ba * pprt bc)
(plus_up prec (pprt aa * nprt bc)
(plus_up prec (nprt ba * pprt ac)
(nprt aa * nprt ac)))"
by (smt (verit, del_insts) plus_up_mono add_mono mult_mono nprt_mono nprt_le_zero zero_le_pprt pprt_mono
mult_mono_nonpos_nonneg mult_mono_nonpos_nonpos mult_mono_nonneg_nonpos)
subsection ‹Approximate Power›
lemma div2_less_self[termination_simp]: "odd n ⟹ n div 2 < n" for n :: nat
by (simp add: odd_pos)
fun power_down :: "nat ⇒ real ⇒ nat ⇒ real"
where
"power_down p x 0 = 1"
| "power_down p x (Suc n) =
(if odd n then truncate_down (Suc p) ((power_down p x (Suc n div 2))⇧2)
else truncate_down (Suc p) (x * power_down p x n))"
fun power_up :: "nat ⇒ real ⇒ nat ⇒ real"
where
"power_up p x 0 = 1"
| "power_up p x (Suc n) =
(if odd n then truncate_up p ((power_up p x (Suc n div 2))⇧2)
else truncate_up p (x * power_up p x n))"
lift_definition power_up_fl :: "nat ⇒ float ⇒ nat ⇒ float" is power_up
by (induct_tac rule: power_up.induct) simp_all
lift_definition power_down_fl :: "nat ⇒ float ⇒ nat ⇒ float" is power_down
by (induct_tac rule: power_down.induct) simp_all
lemma power_float_transfer[transfer_rule]:
"(rel_fun pcr_float (rel_fun (=) pcr_float)) (^) (^)"
unfolding power_def
by transfer_prover
lemma compute_power_up_fl[code]:
"power_up_fl p x 0 = 1"
"power_up_fl p x (Suc n) =
(if odd n then float_round_up p ((power_up_fl p x (Suc n div 2))⇧2)
else float_round_up p (x * power_up_fl p x n))"
and compute_power_down_fl[code]:
"power_down_fl p x 0 = 1"
"power_down_fl p x (Suc n) =
(if odd n then float_round_down (Suc p) ((power_down_fl p x (Suc n div 2))⇧2)
else float_round_down (Suc p) (x * power_down_fl p x n))"
unfolding atomize_conj by transfer simp
lemma power_down_pos: "0 < x ⟹ 0 < power_down p x n"
by (induct p x n rule: power_down.induct)
(auto simp del: odd_Suc_div_two intro!: truncate_down_pos)
lemma power_down_nonneg: "0 ≤ x ⟹ 0 ≤ power_down p x n"
by (induct p x n rule: power_down.induct)
(auto simp del: odd_Suc_div_two intro!: truncate_down_nonneg mult_nonneg_nonneg)
lemma power_down: "0 ≤ x ⟹ power_down p x n ≤ x ^ n"
proof (induct p x n rule: power_down.induct)
case (2 p x n)
have ?case if "odd n"
proof -
from that 2 have "(power_down p x (Suc n div 2)) ^ 2 ≤ (x ^ (Suc n div 2)) ^ 2"
by (auto intro: power_mono power_down_nonneg simp del: odd_Suc_div_two)
also have "… = x ^ (Suc n div 2 * 2)"
by (simp flip: power_mult)
also have "Suc n div 2 * 2 = Suc n"
using ‹odd n› by presburger
finally show ?thesis
using that by (auto intro!: truncate_down_le simp del: odd_Suc_div_two)
qed
then show ?case
by (auto intro!: truncate_down_le mult_left_mono 2 mult_nonneg_nonneg power_down_nonneg)
qed simp
lemma power_up: "0 ≤ x ⟹ x ^ n ≤ power_up p x n"
proof (induct p x n rule: power_up.induct)
case (2 p x n)
have ?case if "odd n"
proof -
from that even_Suc have "Suc n = Suc n div 2 * 2"
by presburger
then have "x ^ Suc n ≤ (x ^ (Suc n div 2))⇧2"
by (simp flip: power_mult)
also from that 2 have "… ≤ (power_up p x (Suc n div 2))⇧2"
by (auto intro: power_mono simp del: odd_Suc_div_two)
finally show ?thesis
using that by (auto intro!: truncate_up_le simp del: odd_Suc_div_two)
qed
then show ?case
by (auto intro!: truncate_up_le mult_left_mono 2)
qed simp
lemmas power_up_le = order_trans[OF _ power_up]
and power_up_less = less_le_trans[OF _ power_up]
and power_down_le = order_trans[OF power_down]
lemma power_down_fl: "0 ≤ x ⟹ power_down_fl p x n ≤ x ^ n"
by transfer (rule power_down)
lemma power_up_fl: "0 ≤ x ⟹ x ^ n ≤ power_up_fl p x n"
by transfer (rule power_up)
lemma real_power_up_fl: "real_of_float (power_up_fl p x n) = power_up p x n"
by transfer simp
lemma real_power_down_fl: "real_of_float (power_down_fl p x n) = power_down p x n"
by transfer simp
lemmas [simp del] = power_down.simps(2) power_up.simps(2)
lemmas power_down_simp = power_down.simps(2)
lemmas power_up_simp = power_up.simps(2)
lemma power_down_even_nonneg: "even n ⟹ 0 ≤ power_down p x n"
by (induct p x n rule: power_down.induct)
(auto simp: power_down_simp simp del: odd_Suc_div_two intro!: truncate_down_nonneg )
lemma power_down_eq_zero_iff[simp]: "power_down prec b n = 0 ⟷ b = 0 ∧ n ≠ 0"
proof (induction n arbitrary: b rule: less_induct)
case (less x)
then show ?case
using power_down_simp[of _ _ "x - 1"]
by (cases x) (auto simp add: div2_less_self)
qed
lemma power_down_nonneg_iff[simp]:
"power_down prec b n ≥ 0 ⟷ even n ∨ b ≥ 0"
proof (induction n arbitrary: b rule: less_induct)
case (less x)
show ?case
using less(1)[of "x - 1" b] power_down_simp[of _ _ "x - 1"]
by (cases x) (auto simp: algebra_split_simps zero_le_mult_iff)
qed
lemma power_down_neg_iff[simp]:
"power_down prec b n < 0 ⟷
b < 0 ∧ odd n"
using power_down_nonneg_iff[of prec b n] by (auto simp del: power_down_nonneg_iff)
lemma power_down_nonpos_iff[simp]:
notes [simp del] = power_down_neg_iff power_down_eq_zero_iff
shows "power_down prec b n ≤ 0 ⟷ b < 0 ∧ odd n ∨ b = 0 ∧ n ≠ 0"
using power_down_neg_iff[of prec b n] power_down_eq_zero_iff[of prec b n]
by auto
lemma power_down_mono:
"power_down prec a n ≤ power_down prec b n"
if "((0 ≤ a ∧ a ≤ b)∨(odd n ∧ a ≤ b) ∨ (even n ∧ a ≤ 0 ∧ b ≤ a))"
using that
proof (induction n arbitrary: a b rule: less_induct)
case (less i)
show ?case
proof (cases i)
case j: (Suc j)
note IH = less[unfolded j even_Suc not_not]
note [simp del] = power_down.simps
show ?thesis
proof cases
assume [simp]: "even j"
have "a * power_down prec a j ≤ b * power_down prec b j"
by (metis IH(1) IH(2) ‹even j› lessI linear mult_mono mult_mono' mult_mono_nonpos_nonneg power_down_even_nonneg)
then have "truncate_down (Suc prec) (a * power_down prec a j) ≤ truncate_down (Suc prec) (b * power_down prec b j)"
by (auto intro!: truncate_down_mono simp: abs_le_square_iff[symmetric] abs_real_def)
then show ?thesis
unfolding j
by (simp add: power_down_simp)
next
assume [simp]: "odd j"
have "power_down prec 0 (Suc (j div 2)) ≤ - power_down prec b (Suc (j div 2))"
if "b < 0" "even (j div 2)"
by (metis even_Suc le_minus_iff Suc_neq_Zero neg_equal_zero power_down_eq_zero_iff
power_down_nonpos_iff that)
then have "truncate_down (Suc prec) ((power_down prec a (Suc (j div 2)))⇧2)
≤ truncate_down (Suc prec) ((power_down prec b (Suc (j div 2)))⇧2)"
by (smt (verit) IH Suc_less_eq ‹odd j› div2_less_self mult_mono_nonpos_nonpos
Suc_neq_Zero power2_eq_square power_down_neg_iff power_down_nonpos_iff power_mono truncate_down_mono)
then show ?thesis
unfolding j by (simp add: power_down_simp)
qed
qed simp
qed
lemma power_up_even_nonneg: "even n ⟹ 0 ≤ power_up p x n"
by (induct p x n rule: power_up.induct)
(auto simp: power_up.simps simp del: odd_Suc_div_two)
lemma power_up_eq_zero_iff[simp]: "power_up prec b n = 0 ⟷ b = 0 ∧ n ≠ 0"
proof (induction n arbitrary: b rule: less_induct)
case (less x)
then show ?case
using power_up_simp[of _ _ "x - 1"]
by (cases x) (auto simp: algebra_split_simps zero_le_mult_iff div2_less_self)
qed
lemma power_up_nonneg_iff[simp]:
"power_up prec b n ≥ 0 ⟷ even n ∨ b ≥ 0"
proof (induction n arbitrary: b rule: less_induct)
case (less x)
show ?case
using less(1)[of "x - 1" b] power_up_simp[of _ _ "x - 1"]
by (cases x) (auto simp: algebra_split_simps zero_le_mult_iff)
qed
lemma power_up_neg_iff[simp]:
"power_up prec b n < 0 ⟷ b < 0 ∧ odd n"
using power_up_nonneg_iff[of prec b n] by (auto simp del: power_up_nonneg_iff)
lemma power_up_nonpos_iff[simp]:
notes [simp del] = power_up_neg_iff power_up_eq_zero_iff
shows "power_up prec b n ≤ 0 ⟷ b < 0 ∧ odd n ∨ b = 0 ∧ n ≠ 0"
using power_up_neg_iff[of prec b n] power_up_eq_zero_iff[of prec b n]
by auto
lemma power_up_mono:
"power_up prec a n ≤ power_up prec b n"
if "((0 ≤ a ∧ a ≤ b)∨(odd n ∧ a ≤ b) ∨ (even n ∧ a ≤ 0 ∧ b ≤ a))"
using that
proof (induction n arbitrary: a b rule: less_induct)
case (less i)
show ?case
proof (cases i)
case j: (Suc j)
note IH = less[unfolded j even_Suc not_not]
note [simp del] = power_up.simps
show ?thesis
proof cases
assume [simp]: "even j"
have "a * power_up prec a j ≤ b * power_up prec b j"
by (metis IH(1) IH(2) ‹even j› lessI linear mult_mono mult_mono' mult_mono_nonpos_nonneg power_up_even_nonneg)
then have "truncate_up prec (a * power_up prec a j) ≤ truncate_up prec (b * power_up prec b j)"
by (auto intro!: truncate_up_mono simp: abs_le_square_iff[symmetric] abs_real_def)
then show ?thesis
unfolding j
by (simp add: power_up_simp)
next
assume [simp]: "odd j"
have "power_up prec 0 (Suc (j div 2)) ≤ - power_up prec b (Suc (j div 2))"
if "b < 0" "even (j div 2)"
by (metis Suc_neq_Zero even_Suc neg_0_le_iff_le power_up_eq_zero_iff power_up_nonpos_iff that)
then have "truncate_up prec ((power_up prec a (Suc (j div 2)))⇧2)
≤ truncate_up prec ((power_up prec b (Suc (j div 2)))⇧2)"
using IH
by (auto intro!: truncate_up_mono intro: order_trans[where y=0]
simp: abs_le_square_iff[symmetric] abs_real_def
div2_less_self)
then show ?thesis
unfolding j
by (simp add: power_up_simp)
qed
qed simp
qed
subsection ‹Lemmas needed by Approximate›
lemma Float_num[simp]:
"real_of_float (Float 1 0) = 1"
"real_of_float (Float 1 1) = 2"
"real_of_float (Float 1 2) = 4"
"real_of_float (Float 1 (- 1)) = 1/2"
"real_of_float (Float 1 (- 2)) = 1/4"
"real_of_float (Float 1 (- 3)) = 1/8"
"real_of_float (Float (- 1) 0) = -1"
"real_of_float (Float (numeral n) 0) = numeral n"
"real_of_float (Float (- numeral n) 0) = - numeral n"
using two_powr_int_float[of 2] two_powr_int_float[of "-1"] two_powr_int_float[of "-2"]
two_powr_int_float[of "-3"]
using powr_realpow[of 2 2] powr_realpow[of 2 3]
using powr_minus[of "2::real" 1] powr_minus[of "2::real" 2] powr_minus[of "2::real" 3]
by auto
lemma real_of_Float_int[simp]: "real_of_float (Float n 0) = real n"
by simp
lemma float_zero[simp]: "real_of_float (Float 0 e) = 0"
by simp
lemma abs_div_2_less: "a ≠ 0 ⟹ a ≠ -1 ⟹ ¦(a::int) div 2¦ < ¦a¦"
by arith
lemma lapprox_rat: "real_of_float (lapprox_rat prec x y) ≤ real_of_int x / real_of_int y"
by (simp add: lapprox_rat.rep_eq truncate_down)
lemma mult_div_le:
fixes a b :: int
assumes "b > 0"
shows "a ≥ b * (a div b)"
by (smt (verit, ccfv_threshold) assms minus_div_mult_eq_mod mod_int_pos_iff mult.commute)
lemma lapprox_rat_nonneg:
assumes "0 ≤ x" and "0 ≤ y"
shows "0 ≤ real_of_float (lapprox_rat n x y)"
using assms
by transfer (simp add: truncate_down_nonneg)
lemma rapprox_rat: "real_of_int x / real_of_int y ≤ real_of_float (rapprox_rat prec x y)"
by transfer (simp add: truncate_up)
lemma rapprox_rat_le1:
assumes "0 ≤ x" "0 < y" "x ≤ y"
shows "real_of_float (rapprox_rat n x y) ≤ 1"
using assms
by transfer (simp add: truncate_up_le1)
lemma rapprox_rat_nonneg_nonpos: "0 ≤ x ⟹ y ≤ 0 ⟹ real_of_float (rapprox_rat n x y) ≤ 0"
by transfer (simp add: truncate_up_nonpos divide_nonneg_nonpos)
lemma rapprox_rat_nonpos_nonneg: "x ≤ 0 ⟹ 0 ≤ y ⟹ real_of_float (rapprox_rat n x y) ≤ 0"
by transfer (simp add: truncate_up_nonpos divide_nonpos_nonneg)
lemma real_divl: "real_divl prec x y ≤ x / y"
by (simp add: real_divl_def truncate_down)
lemma real_divr: "x / y ≤ real_divr prec x y"
by (simp add: real_divr_def truncate_up)
lemma float_divl: "real_of_float (float_divl prec x y) ≤ x / y"
by transfer (rule real_divl)
lemma real_divl_lower_bound: "0 ≤ x ⟹ 0 ≤ y ⟹ 0 ≤ real_divl prec x y"
by (simp add: real_divl_def truncate_down_nonneg)
lemma float_divl_lower_bound: "0 ≤ x ⟹ 0 ≤ y ⟹ 0 ≤ real_of_float (float_divl prec x y)"
by transfer (rule real_divl_lower_bound)
lemma exponent_1: "exponent 1 = 0"
using exponent_float[of 1 0] by (simp add: one_float_def)
lemma mantissa_1: "mantissa 1 = 1"
using mantissa_float[of 1 0] by (simp add: one_float_def)
lemma bitlen_1: "bitlen 1 = 1"
by (simp add: bitlen_alt_def)
lemma float_upper_bound: "x ≤ 2 powr (bitlen ¦mantissa x¦ + exponent x)"
proof (cases "x = 0")
case True
then show ?thesis by simp
next
case False
then have "mantissa x ≠ 0"
using mantissa_eq_zero_iff by auto
have "x = mantissa x * 2 powr (exponent x)"
by (rule mantissa_exponent)
also have "mantissa x ≤ ¦mantissa x¦"
by simp
also have "… ≤ 2 powr (bitlen ¦mantissa x¦)"
using bitlen_bounds[of "¦mantissa x¦"] bitlen_nonneg ‹mantissa x ≠ 0›
by (auto simp del: of_int_abs simp add: powr_int)
finally show ?thesis by (simp add: powr_add)
qed
lemma real_divl_pos_less1_bound:
assumes "0 < x" "x ≤ 1"
shows "1 ≤ real_divl prec 1 x"
using assms
by (auto intro!: truncate_down_ge1 simp: real_divl_def)
lemma float_divl_pos_less1_bound:
"0 < real_of_float x ⟹ real_of_float x ≤ 1 ⟹ prec ≥ 1 ⟹
1 ≤ real_of_float (float_divl prec 1 x)"
by transfer (rule real_divl_pos_less1_bound)
lemma float_divr: "real_of_float x / real_of_float y ≤ real_of_float (float_divr prec x y)"
by transfer (rule real_divr)
lemma real_divr_pos_less1_lower_bound:
assumes "0 < x"
and "x ≤ 1"
shows "1 ≤ real_divr prec 1 x"
proof -
have "1 ≤ 1 / x"
using ‹0 < x› and ‹x ≤ 1› by auto
also have "… ≤ real_divr prec 1 x"
using real_divr[where x = 1 and y = x] by auto
finally show ?thesis by auto
qed
lemma float_divr_pos_less1_lower_bound: "0 < x ⟹ x ≤ 1 ⟹ 1 ≤ float_divr prec 1 x"
by transfer (rule real_divr_pos_less1_lower_bound)
lemma real_divr_nonpos_pos_upper_bound: "x ≤ 0 ⟹ 0 ≤ y ⟹ real_divr prec x y ≤ 0"
by (simp add: real_divr_def truncate_up_nonpos divide_le_0_iff)
lemma float_divr_nonpos_pos_upper_bound:
"real_of_float x ≤ 0 ⟹ 0 ≤ real_of_float y ⟹ real_of_float (float_divr prec x y) ≤ 0"
by transfer (rule real_divr_nonpos_pos_upper_bound)
lemma real_divr_nonneg_neg_upper_bound: "0 ≤ x ⟹ y ≤ 0 ⟹ real_divr prec x y ≤ 0"
by (simp add: real_divr_def truncate_up_nonpos divide_le_0_iff)
lemma float_divr_nonneg_neg_upper_bound:
"0 ≤ real_of_float x ⟹ real_of_float y ≤ 0 ⟹ real_of_float (float_divr prec x y) ≤ 0"
by transfer (rule real_divr_nonneg_neg_upper_bound)
lemma Float_le_zero_iff: "Float a b ≤ 0 ⟷ a ≤ 0"
by (auto simp: zero_float_def mult_le_0_iff)
lemma real_of_float_pprt[simp]:
fixes a :: float
shows "real_of_float (pprt a) = pprt (real_of_float a)"
unfolding pprt_def sup_float_def max_def sup_real_def by auto
lemma real_of_float_nprt[simp]:
fixes a :: float
shows "real_of_float (nprt a) = nprt (real_of_float a)"
unfolding nprt_def inf_float_def min_def inf_real_def by auto
context
begin
lift_definition int_floor_fl :: "float ⇒ int" is floor .
qualified lemma compute_int_floor_fl[code]:
"int_floor_fl (Float m e) = (if 0 ≤ e then m * 2 ^ nat e else m div (2 ^ (nat (-e))))"
apply transfer
by (smt (verit, ccfv_threshold) Float.rep_eq compute_real_of_float floor_divide_of_int_eq
floor_of_int of_int_1 of_int_add of_int_mult of_int_power)
lift_definition floor_fl :: "float ⇒ float" is "λx. real_of_int ⌊x⌋"
by simp
qualified lemma compute_floor_fl[code]:
"floor_fl (Float m e) = (if 0 ≤ e then Float m e else Float (m div (2 ^ (nat (-e)))) 0)"
apply transfer
using compute_int_floor_fl int_floor_fl.rep_eq powr_int by auto
end
lemma floor_fl: "real_of_float (floor_fl x) ≤ real_of_float x"
by transfer simp
lemma int_floor_fl: "real_of_int (int_floor_fl x) ≤ real_of_float x"
by transfer simp
lemma floor_pos_exp: "exponent (floor_fl x) ≥ 0"
proof (cases "floor_fl x = 0")
case True
then show ?thesis
by (simp add: floor_fl_def)
next
case False
have eq: "floor_fl x = Float ⌊real_of_float x⌋ 0"
by transfer simp
obtain i where "⌊real_of_float x⌋ = mantissa (floor_fl x) * 2 ^ i" "0 = exponent (floor_fl x) - int i"
by (rule denormalize_shift[OF eq False])
then show ?thesis
by simp
qed
lemma compute_mantissa[code]:
"mantissa (Float m e) =
(if m = 0 then 0 else if 2 dvd m then mantissa (normfloat (Float m e)) else m)"
by (auto simp: mantissa_float Float.abs_eq simp flip: zero_float_def)
lemma compute_exponent[code]:
"exponent (Float m e) =
(if m = 0 then 0 else if 2 dvd m then exponent (normfloat (Float m e)) else e)"
by (auto simp: exponent_float Float.abs_eq simp flip: zero_float_def)
lifting_update Float.float.lifting
lifting_forget Float.float.lifting
end