minus in nat.ma

[helm.git] / helm / software / matita / nlibrary / arithmetics / nat.ma

(**************************************************************************)
(*       ___                                                              *)
(*      ||M||                                                             *)
(*      ||A||       A project by Andrea Asperti                           *)
(*      ||T||                                                             *)
(*      ||I||       Developers:                                           *)
(*      ||T||       A.Asperti, C.Sacerdoti Coen,                          *)
(*      ||A||       E.Tassi, S.Zacchiroli                                 *)
(*      \   /                                                             *)
(*       \ /        This file is distributed under the terms of the       *)
(*        v         GNU Lesser General Public License Version 2.1         *)
(*                                                                        *)
(**************************************************************************)

(* include "higher_order_defs/functions.ma". *)
include "hints_declaration.ma".
include "basics/functions.ma".
include "basics/eq.ma". 

ninductive nat : Type[0] ≝
  | O : nat
  | S : nat → nat.
  
interpretation "Natural numbers" 'N = nat.

alias num (instance 0) = "nnatural number".

(*
nrecord pos : Type ≝
 {n:>nat; is_pos: n ≠ 0}.

ncoercion nat_to_pos: ∀n:nat. n ≠0 →pos ≝ mk_pos on 
*)

(* default "natural numbers" cic:/matita/ng/arithmetics/nat/nat.ind.
*)

ndefinition pred ≝
 λn. match n with [ O ⇒  O | (S p) ⇒ p].

ntheorem pred_Sn : ∀n. n = pred (S n).
//; nqed.

ntheorem injective_S : injective nat nat S.
//; nqed.

(*
ntheorem inj_S : \forall n,m:nat.(S n)=(S m) \to n=m.
//. nqed. *)

ntheorem not_eq_S: ∀n,m:nat. n ≠ m → S n ≠ S m.
/2/; nqed.

ndefinition not_zero: nat → Prop ≝
 λn: nat. match n with
  [ O ⇒ False | (S p) ⇒ True ].

ntheorem not_eq_O_S : ∀n:nat. O ≠ S n.
#n; #eqOS; nchange with (not_zero O); nrewrite > eqOS; //.
nqed.

ntheorem not_eq_n_Sn : ∀n:nat. n ≠ S n.
#n; nelim n; /2/; nqed.

ntheorem nat_case:
 ∀n:nat.∀P:nat → Prop. 
  (n=O → P O) → (∀m:nat. (n=(S m) → P (S m))) → P n.
#n; #P; nelim n; /2/; nqed.

ntheorem nat_elim2 :
 ∀R:nat → nat → Prop.
  (∀n:nat. R O n) 
  → (∀n:nat. R (S n) O)
  → (∀n,m:nat. R n m → R (S n) (S m))
  → ∀n,m:nat. R n m.
#R; #ROn; #RSO; #RSS; #n; nelim n;//;
#n0; #Rn0m; #m; ncases m;/2/; nqed.

ntheorem decidable_eq_nat : \forall n,m:nat.decidable (n=m).
napply nat_elim2; #n;
 ##[ ncases n; /2/;
 ##| /3/;
 ##| #m; #Hind; ncases Hind; /3/;
 ##]
nqed. 

(*************************** plus ******************************)

nlet rec plus n m ≝ 
 match n with 
 [ O ⇒ m
 | S p ⇒ S (plus p m) ].

interpretation "natural plus" 'plus x y = (plus x y).

ntheorem plus_O_n: ∀n:nat. n = 0+n.
//; nqed.

(*
ntheorem plus_Sn_m: ∀n,m:nat. S (n + m) = S n + m.
//; nqed.
*)

ntheorem plus_n_O: ∀n:nat. n = n+0.
#n; nelim n; nnormalize; //; nqed.

ntheorem plus_n_Sm : ∀n,m:nat. S (n+m) = n + S m.
#n; nelim n; nnormalize; //; nqed.

(*
ntheorem plus_Sn_m1: ∀n,m:nat. S m + n = n + S m.
#n; nelim n; nnormalize; //; nqed.
*)

(*
ntheorem plus_n_SO : ∀n:nat. S n = n+S O.
//; nqed. *)

ntheorem symmetric_plus: symmetric ? plus.
#n; nelim n; nnormalize; //; nqed. 

ntheorem associative_plus : associative nat plus.
#n; nelim n; nnormalize; //; nqed.

ntheorem assoc_plus1: ∀a,b,c. c + (b + a) = b + c + a.
//; nqed.

ntheorem injective_plus_r: ∀n:nat.injective nat nat (λm.n+m).
#n; nelim n; nnormalize; /3/; nqed.

(* ntheorem inj_plus_r: \forall p,n,m:nat. p+n = p+m \to n=m
\def injective_plus_r. 

ntheorem injective_plus_l: ∀m:nat.injective nat nat (λn.n+m).
/2/; nqed. *)

(* ntheorem inj_plus_l: \forall p,n,m:nat. n+p = m+p \to n=m
\def injective_plus_l. *)

(*************************** times *****************************)

nlet rec times n m ≝ 
 match n with 
 [ O ⇒ O
 | S p ⇒ m+(times p m) ].

interpretation "natural times" 'times x y = (times x y).

ntheorem times_Sn_m: ∀n,m:nat. m+n*m = S n*m.
//; nqed.

ntheorem times_O_n: ∀n:nat. O = O*n.
//; nqed.

ntheorem times_n_O: ∀n:nat. O = n*O.
#n; nelim n; //; nqed.

ntheorem times_n_Sm : ∀n,m:nat. n+(n*m) = n*(S m).
#n; nelim n; nnormalize; //; nqed.

ntheorem symmetric_times : symmetric nat times. 
#n; nelim n; nnormalize; //; nqed.

(* variant sym_times : \forall n,m:nat. n*m = m*n \def
symmetric_times. *)

ntheorem distributive_times_plus : distributive nat times plus.
#n; nelim n; nnormalize; //; nqed.

ntheorem distributive_times_plus_r:  
\forall a,b,c:nat. (b+c)*a = b*a + c*a.
//; nqed.

ntheorem associative_times: associative nat times.
#n; nelim n; nnormalize; //; nqed.

nlemma times_times: ∀x,y,z. x*(y*z) = y*(x*z).
//; nqed. 

(* ci servono questi risultati? 
ntheorem times_O_to_O: ∀n,m:nat.n*m=O → n=O ∨ m=O.
napply nat_elim2; /2/; 
#n; #m; #H; nnormalize; #H1; napply False_ind;napply not_eq_O_S;
//; nqed.
  
ntheorem times_n_SO : ∀n:nat. n = n * S O.
#n; //; nqed.

ntheorem times_SSO_n : ∀n:nat. n + n = (S(S O)) * n.
nnormalize; //; nqed.

nlemma times_SSO: \forall n.(S(S O))*(S n) = S(S((S(S O))*n)).
//; nqed.

ntheorem or_eq_eq_S: \forall n.\exists m. 
n = (S(S O))*m \lor n = S ((S(S O))*m).
#n; nelim n;
  ##[@; /2/;
  ##|#a; #H; nelim H; #b;#or;nelim or;#aeq;
    ##[@ b; @ 2; //;
    ##|@ (S b); @ 1; /2/;
    ##]
nqed.
*)

(******************** ordering relations ************************)

ninductive le (n:nat) : nat → Prop ≝
  | le_n : le n n
  | le_S : ∀ m:nat. le n m → le n (S m).

interpretation "natural 'less or equal to'" 'leq x y = (le x y).

interpretation "natural 'neither less nor equal to'" 'nleq x y = (Not (le x y)).

ndefinition lt: nat → nat → Prop ≝
λn,m:nat. S n ≤ m.

interpretation "natural 'less than'" 'lt x y = (lt x y).

interpretation "natural 'not less than'" 'nless x y = (Not (lt x y)).

ndefinition ge: nat \to nat \to Prop \def
\lambda n,m:nat.m \leq n.

interpretation "natural 'greater or equal to'" 'geq x y = (ge x y).

ndefinition gt: nat \to nat \to Prop \def
\lambda n,m:nat.m<n.

interpretation "natural 'greater than'" 'gt x y = (gt x y).

interpretation "natural 'not greater than'" 'ngtr x y = (Not (gt x y)).

ntheorem transitive_le : transitive nat le.
#a; #b; #c; #leab; #lebc;nelim lebc;/2/;
nqed.

(*
ntheorem trans_le: \forall n,m,p:nat. n \leq m \to m \leq p \to n \leq p
\def transitive_le. *)

ntheorem transitive_lt: transitive nat lt.
#a; #b; #c; #ltab; #ltbc;nelim ltbc;/2/;nqed.

(*
theorem trans_lt: \forall n,m,p:nat. lt n m \to lt m p \to lt n p
\def transitive_lt. *)

ntheorem le_S_S: ∀n,m:nat. n ≤ m → S n ≤ S m.
#n; #m; #lenm; nelim lenm; /2/; nqed.

ntheorem le_O_n : ∀n:nat. O ≤ n.
#n; nelim n; /2/; nqed.

ntheorem le_n_Sn : ∀n:nat. n ≤ S n.
/2/; nqed.

ntheorem le_pred_n : ∀n:nat. pred n ≤ n.
#n; nelim n; //; nqed.

ntheorem monotonic_pred: monotonic ? le pred.
#n; #m; #lenm; nelim lenm; /2/; nqed.

ntheorem le_S_S_to_le: ∀n,m:nat. S n ≤ S m → n ≤ m.
/2/; nqed.

ntheorem lt_S_S_to_lt: ∀n,m. S n < S m \to n < m.
/2/; nqed. 

ntheorem lt_to_lt_S_S: ∀n,m. n < m → S n < S m.
/2/; nqed.

ntheorem lt_to_not_zero : ∀n,m:nat. n < m → not_zero m.
#n; #m; #Hlt; nelim Hlt;//; nqed.

(* lt vs. le *)
ntheorem not_le_Sn_O: ∀ n:nat. S n ≰ O.
#n; #Hlen0; napply (lt_to_not_zero ?? Hlen0); nqed.

ntheorem not_le_to_not_le_S_S: ∀ n,m:nat. n ≰ m → S n ≰ S m.
/3/; nqed.

ntheorem not_le_S_S_to_not_le: ∀ n,m:nat. S n ≰ S m → n ≰ m.
/3/; nqed.

ntheorem decidable_le: ∀n,m. decidable (n≤m).
napply nat_elim2; #n; /2/;
#m; #dec; ncases dec;/3/; nqed.

ntheorem decidable_lt: ∀n,m. decidable (n < m).
#n; #m; napply decidable_le ; nqed.

ntheorem not_le_Sn_n: ∀n:nat. S n ≰ n.
#n; nelim n; /2/; nqed.

ntheorem lt_S_to_le: ∀n,m:nat. n < S m → n ≤ m.
/2/; nqed.

ntheorem not_le_to_lt: ∀n,m. n ≰ m → m < n.
napply nat_elim2; #n;
 ##[#abs; napply False_ind;/2/;
 ##|/2/;
 ##|#m;#Hind;#HnotleSS; napply lt_to_lt_S_S;/3/;
 ##]
nqed.

ntheorem lt_to_not_le: ∀n,m. n < m → m ≰ n.
#n; #m; #Hltnm; nelim Hltnm;/3/; nqed.

ntheorem not_lt_to_le: ∀n,m:nat. n ≮ m → m ≤ n.
#n; #m; #Hnlt; napply lt_S_to_le;
(* something strange here: /2/ fails: 
   we need an extra depths for unfolding not *)
napply not_le_to_lt; napply Hnlt; nqed. 

ntheorem le_to_not_lt: ∀n,m:nat. n ≤ m → m ≮ n.
/2/; nqed.

(* lt and le trans *)

ntheorem lt_to_le_to_lt: ∀n,m,p:nat. n < m → m ≤ p → n < p.
#n; #m; #p; #H; #H1; nelim H1; /2/; nqed.

ntheorem le_to_lt_to_lt: ∀n,m,p:nat. n ≤ m → m < p → n < p.
#n; #m; #p; #H; nelim H; /3/; nqed.

ntheorem lt_S_to_lt: ∀n,m. S n < m → n < m.
/2/; nqed.

ntheorem ltn_to_ltO: ∀n,m:nat. n < m → O < m.
/2/; nqed.

(*
theorem lt_SO_n_to_lt_O_pred_n: \forall n:nat.
(S O) \lt n \to O \lt (pred n).
intros.
apply (ltn_to_ltO (pred (S O)) (pred n) ?).
 apply (lt_pred (S O) n);
 [ apply (lt_O_S O) 
 | assumption
 ]
qed. *)

ntheorem lt_O_n_elim: ∀n:nat. O < n → 
  ∀P:nat → Prop.(∀m:nat.P (S m)) → P n.
#n; nelim n; //; #abs; napply False_ind; /2/; nqed.

(*
theorem lt_pred: \forall n,m. 
  O < n \to n < m \to pred n < pred m. 
apply nat_elim2
  [intros.apply False_ind.apply (not_le_Sn_O ? H)
  |intros.apply False_ind.apply (not_le_Sn_O ? H1)
  |intros.simplify.unfold.apply le_S_S_to_le.assumption
  ]
qed.

theorem S_pred: \forall n:nat.lt O n \to eq nat n (S (pred n)).
intro.elim n.apply False_ind.exact (not_le_Sn_O O H).
apply eq_f.apply pred_Sn.
qed.

theorem le_pred_to_le:
 ∀n,m. O < m → pred n ≤ pred m → n ≤ m.
intros 2;
elim n;
[ apply le_O_n
| simplify in H2;
  rewrite > (S_pred m);
  [ apply le_S_S;
    assumption
  | assumption
  ]
].
qed.

*)

(* le to lt or eq *)
ntheorem le_to_or_lt_eq: ∀n,m:nat. n ≤ m → n < m ∨ n = m.
#n; #m; #lenm; nelim lenm; /3/; nqed.

(* not eq *)
ntheorem lt_to_not_eq : ∀n,m:nat. n < m → n ≠ m.
/2/; nqed.

(*not lt 
ntheorem eq_to_not_lt: ∀a,b:nat. a = b → a ≮ b.
intros.
unfold Not.
intros.
rewrite > H in H1.
apply (lt_to_not_eq b b)
[ assumption
| reflexivity
]
qed. 

theorem lt_n_m_to_not_lt_m_Sn: ∀n,m. n < m → m ≮ S n.
intros;
unfold Not;
intro;
unfold lt in H;
unfold lt in H1;
generalize in match (le_S_S ? ? H);
intro;
generalize in match (transitive_le ? ? ? H2 H1);
intro;
apply (not_le_Sn_n ? H3).
qed. *)

ntheorem not_eq_to_le_to_lt: ∀n,m. n≠m → n≤m → n<m.
#n; #m; #Hneq; #Hle; ncases (le_to_or_lt_eq ?? Hle); //;
#Heq; nelim (Hneq Heq); nqed.

(* le elimination *)
ntheorem le_n_O_to_eq : ∀n:nat. n ≤ O → O=n.
#n; ncases n; //; #a ; #abs; nelim (not_le_Sn_O ? abs); nqed.

ntheorem le_n_O_elim: ∀n:nat. n ≤ O → ∀P: nat →Prop. P O → P n.
#n; ncases n; //; #a; #abs; nelim (not_le_Sn_O ? abs); nqed. 

ntheorem le_n_Sm_elim : ∀n,m:nat.n ≤ S m → 
∀P:Prop. (S n ≤ S m → P) → (n=S m → P) → P.
#n; #m; #Hle; #P; nelim Hle; /3/; nqed.

(* le and eq *)

ntheorem le_to_le_to_eq: ∀n,m. n ≤ m → m ≤ n → n = m.
napply nat_elim2; /3/; nqed.

ntheorem lt_O_S : \forall n:nat. O < S n.
/2/; nqed.

(*
(* other abstract properties *)
theorem antisymmetric_le : antisymmetric nat le.
unfold antisymmetric.intros 2.
apply (nat_elim2 (\lambda n,m.(n \leq m \to m \leq n \to n=m))).
intros.apply le_n_O_to_eq.assumption.
intros.apply False_ind.apply (not_le_Sn_O ? H).
intros.apply eq_f.apply H.
apply le_S_S_to_le.assumption.
apply le_S_S_to_le.assumption.
qed.

theorem antisym_le: \forall n,m:nat. n \leq m \to m \leq n \to n=m
\def antisymmetric_le.

theorem le_n_m_to_lt_m_Sn_to_eq_n_m: ∀n,m. n ≤ m → m < S n → n=m.
intros;
unfold lt in H1;
generalize in match (le_S_S_to_le ? ? H1);
intro;
apply antisym_le;
assumption.
qed.
*)

(* well founded induction principles *)

ntheorem nat_elim1 : ∀n:nat.∀P:nat → Prop. 
(∀m.(∀p. p < m → P p) → P m) → P n.
#n; #P; #H; 
ncut (∀q:nat. q ≤ n → P q);/2/;
nelim n; 
 ##[#q; #HleO; (* applica male *) 
    napply (le_n_O_elim ? HleO);
    napply H; #p; #ltpO;
    napply False_ind; /2/; 
 ##|#p; #Hind; #q; #HleS; 
    napply H; #a; #lta; napply Hind;
    napply le_S_S_to_le;/2/;
 ##]
nqed.

(* some properties of functions *)
(*
definition increasing \def \lambda f:nat \to nat. 
\forall n:nat. f n < f (S n).

theorem increasing_to_monotonic: \forall f:nat \to nat.
increasing f \to monotonic nat lt f.
unfold monotonic.unfold lt.unfold increasing.unfold lt.intros.elim H1.apply H.
apply (trans_le ? (f n1)).
assumption.apply (trans_le ? (S (f n1))).
apply le_n_Sn.
apply H.
qed.

theorem le_n_fn: \forall f:nat \to nat. (increasing f) 
\to \forall n:nat. n \le (f n).
intros.elim n.
apply le_O_n.
apply (trans_le ? (S (f n1))).
apply le_S_S.apply H1.
simplify in H. unfold increasing in H.unfold lt in H.apply H.
qed.

theorem increasing_to_le: \forall f:nat \to nat. (increasing f) 
\to \forall m:nat. \exists i. m \le (f i).
intros.elim m.
apply (ex_intro ? ? O).apply le_O_n.
elim H1.
apply (ex_intro ? ? (S a)).
apply (trans_le ? (S (f a))).
apply le_S_S.assumption.
simplify in H.unfold increasing in H.unfold lt in H.
apply H.
qed.

theorem increasing_to_le2: \forall f:nat \to nat. (increasing f) 
\to \forall m:nat. (f O) \le m \to 
\exists i. (f i) \le m \land m <(f (S i)).
intros.elim H1.
apply (ex_intro ? ? O).
split.apply le_n.apply H.
elim H3.elim H4.
cut ((S n1) < (f (S a)) \lor (S n1) = (f (S a))).
elim Hcut.
apply (ex_intro ? ? a).
split.apply le_S. assumption.assumption.
apply (ex_intro ? ? (S a)).
split.rewrite < H7.apply le_n.
rewrite > H7.
apply H.
apply le_to_or_lt_eq.apply H6.
qed.
*)

(*********************** monotonicity ***************************)
ntheorem monotonic_le_plus_r: 
∀n:nat.monotonic nat le (λm.n + m).
#n; #a; #b; nelim n; nnormalize; //;
#m; #H; #leab;napply le_S_S; /2/; nqed.

(*
ntheorem le_plus_r: ∀p,n,m:nat. n ≤ m → p + n ≤ p + m
≝ monotonic_le_plus_r. *)

ntheorem monotonic_le_plus_l: 
∀m:nat.monotonic nat le (λn.n + m).
/2/; nqed.

(*
ntheorem le_plus_l: \forall p,n,m:nat. n \le m \to n + p \le m + p
\def monotonic_le_plus_l. *)

ntheorem le_plus: ∀n1,n2,m1,m2:nat. n1 ≤ n2  \to m1 ≤ m2 
→ n1 + m1 ≤ n2 + m2.
#n1; #n2; #m1; #m2; #len; #lem; napply transitive_le;
/2/; nqed.

ntheorem le_plus_n :∀n,m:nat. m ≤ n + m.
/2/; nqed. 

ntheorem le_plus_n_r :∀n,m:nat. m ≤ m + n.
/2/; nqed.

ntheorem eq_plus_to_le: ∀n,m,p:nat.n=m+p → m ≤ n.
//; nqed.

ntheorem le_plus_to_le: ∀a,n,m. a + n ≤ a + m → n ≤ m.
#a; nelim a; /3/; nqed. 

ntheorem le_plus_to_le_r: ∀a,n,m. n + a ≤ m +a → n ≤ m.
/2/; nqed. 

(* times *)
ntheorem monotonic_le_times_r: 
∀n:nat.monotonic nat le (λm. n * m).
#n; #x; #y; #lexy; nelim n; nnormalize;//;(* lento /2/;*)
#a; #lea; napply le_plus; //;
nqed.

(*
ntheorem le_times_r: \forall p,n,m:nat. n \le m \to p*n \le p*m
\def monotonic_le_times_r. *)

ntheorem monotonic_le_times_l: 
∀m:nat.monotonic nat le (λn.n*m).
/2/; nqed.

(*
theorem le_times_l: \forall p,n,m:nat. n \le m \to n*p \le m*p
\def monotonic_le_times_l. *)

ntheorem le_times: ∀n1,n2,m1,m2:nat. 
n1 ≤ n2  → m1 ≤ m2 → n1*m1 ≤ n2*m2.
#n1; #n2; #m1; #m2; #len; #lem; 
napply transitive_le; (* /2/ slow *)
 ##[ ##| napply monotonic_le_times_l;//; 
     ##| napply monotonic_le_times_r;//;
 ##]
nqed.

ntheorem lt_times_n: ∀n,m:nat. O < n → m ≤ n*m.
(* bello *)
/2/; nqed.

ntheorem le_times_to_le: 
∀a,n,m. O < a → a * n ≤ a * m → n ≤ m.
#a; napply nat_elim2; nnormalize;
  ##[//;
  ##|#n; #H1; #H2; napply False_ind;
     ngeneralize in match H2;
     napply lt_to_not_le;
     napply (transitive_le ? (S n));/2/;
  ##|#n; #m; #H; #lta; #le;
     napply le_S_S; napply H; /2/;
  ##]
nqed.

ntheorem le_S_times_2: ∀n,m.O < m → n ≤ m → n < 2*m.
#n; #m; #posm; #lenm; (* interessante *)
nnormalize; napplyS (le_plus n); //; nqed.

(************************** minus ******************************)

nlet rec minus n m ≝ 
 match n with 
 [ O ⇒ O
 | S p ⇒ 
        match m with
          [ O ⇒ S p
    | S q ⇒ minus p q ]].
        
interpretation "natural minus" 'minus x y = (minus x y).

ntheorem minus_S_S: ∀n,m:nat.S n - S m = n -m.
//; nqed.

ntheorem minus_O_n: ∀n:nat.O=O-n.
#n; ncases n; //; nqed.

ntheorem minus_n_O: ∀n:nat.n=n-O.
#n; ncases n; //; nqed.

ntheorem minus_n_n: ∀n:nat.O=n-n.
#n; nelim n; //; nqed.

ntheorem minus_Sn_n: ∀n:nat. S O = (S n)-n.
#n; nelim n; //; nqed.

ntheorem minus_Sn_m: ∀m,n:nat. m ≤ n → S n -m = S (n-m).
(* qualcosa da capire qui 
#n; #m; #lenm; nelim lenm; napplyS refl_eq. *)
napply nat_elim2; 
  ##[//
  ##|#n; #abs; napply False_ind;/2/;
  ##|/3/;
  ##]
nqed.

ntheorem eq_minus_S_pred: ∀n,m. n - (S m) = pred(n -m).
napply nat_elim2; //; nqed.

ntheorem plus_minus:
∀m,n,p:nat. m ≤ n → (n-m)+p = (n+p)-m.
napply nat_elim2; 
  ##[//
  ##|#n; #p; #abs; napply False_ind;/2/;
  ##|nnormalize;/3/;
  ##]
nqed.

ntheorem minus_plus_m_m: ∀n,m:nat.n = (n+m)-m.
#n; #m; napplyS (plus_minus m m n); //; nqed.

ntheorem plus_minus_m_m: ∀n,m:nat.
m \leq n \to n = (n-m)+m.
#n; #m; #lemn; napplyS symmetric_eq; 
napplyS (plus_minus m n m); //; nqed.

ntheorem le_plus_minus_m_m: ∀n,m:nat. n ≤ (n-m)+m.
#n; nelim n;
  ##[//
  ##|#a; #Hind; #m; ncases m;/2/;  
  ##]
nqed.

ntheorem minus_to_plus :∀n,m,p:nat.
  m ≤ n → n-m = p → n = m+p.
#n; #m; #p; #lemn; #eqp; napplyS plus_minus_m_m; //;
nqed.

ntheorem plus_to_minus :∀n,m,p:nat.n = m+p → n-m = p.
(* /4/ done in 43.5 *)
#n; #m; #p; #eqp; 
napply symmetric_eq;
napplyS (minus_plus_m_m p m);
nqed.

ntheorem minus_pred_pred : ∀n,m:nat. O < n → O < m → 
pred n - pred m = n - m.
#n; #m; #posn; #posm;
napply (lt_O_n_elim n posn);
napply (lt_O_n_elim m posm);//.
nqed.

(*
theorem eq_minus_n_m_O: \forall n,m:nat.
n \leq m \to n-m = O.
intros 2.
apply (nat_elim2 (\lambda n,m.n \leq m \to n-m = O)).
intros.simplify.reflexivity.
intros.apply False_ind.
apply not_le_Sn_O;
[2: apply H | skip].
intros.
simplify.apply H.apply le_S_S_to_le. apply H1.
qed.

theorem le_SO_minus: \forall n,m:nat.S n \leq m \to S O \leq m-n.
intros.elim H.elim (minus_Sn_n n).apply le_n.
rewrite > minus_Sn_m.
apply le_S.assumption.
apply lt_to_le.assumption.
qed.

theorem minus_le_S_minus_S: \forall n,m:nat. m-n \leq S (m-(S n)).
intros.
apply (nat_elim2 (\lambda n,m.m-n \leq S (m-(S n)))).
intro.elim n1.simplify.apply le_n_Sn.
simplify.rewrite < minus_n_O.apply le_n.
intros.simplify.apply le_n_Sn.
intros.simplify.apply H.
qed.

theorem lt_minus_S_n_to_le_minus_n : \forall n,m,p:nat. m-(S n) < p \to m-n \leq p. 
intros 3.intro.
(* autobatch *)
(* end auto($Revision: 9739 $) proof: TIME=1.33 SIZE=100 DEPTH=100 *)
apply (trans_le (m-n) (S (m-(S n))) p).
apply minus_le_S_minus_S.
assumption.
qed.

theorem le_minus_m: \forall n,m:nat. n-m \leq n.
intros.apply (nat_elim2 (\lambda m,n. n-m \leq n)).
intros.rewrite < minus_n_O.apply le_n.
intros.simplify.apply le_n.
intros.simplify.apply le_S.assumption.
qed.

theorem lt_minus_m: \forall n,m:nat. O < n \to O < m \to n-m \lt n.
intros.apply (lt_O_n_elim n H).intro.
apply (lt_O_n_elim m H1).intro.
simplify.unfold lt.apply le_S_S.apply le_minus_m.
qed.

theorem minus_le_O_to_le: \forall n,m:nat. n-m \leq O \to n \leq m.
intros 2.
apply (nat_elim2 (\lambda n,m:nat.n-m \leq O \to n \leq m)).
intros.apply le_O_n.
simplify.intros. assumption.
simplify.intros.apply le_S_S.apply H.assumption.
qed.
*)

(* monotonicity and galois *)

ntheorem monotonic_le_minus_l: 
∀p,q,n:nat. q ≤ p → q-n ≤ p-n.
napply nat_elim2; #p; #q;
  ##[#lePO; napply (le_n_O_elim ? lePO);//;
  ##|//;
  ##|#Hind; #n; ncases n;
    ##[//;
    ##|#a; #leSS; napply Hind; /2/;
    ##]
  ##]
nqed.

ntheorem le_minus_to_plus: ∀n,m,p. n-m ≤ p → n≤ p+m.
#n; #m; #p; #lep;
napply transitive_le;
  ##[##|napply le_plus_minus_m_m
  ##|napply monotonic_le_plus_l;//;
  ##]
nqed.

ntheorem le_plus_to_minus: ∀n,m,p. n ≤ p+m → n-m ≤ p.
#n; #m; #p; #lep;
(* bello *)
napplyS monotonic_le_minus_l;//;
nqed.

ntheorem monotonic_le_minus_r: 
∀p,q,n:nat. q ≤ p → n-p ≤ n-q.
#p; #q; #n; #lepq;
napply le_plus_to_minus;
napply (transitive_le ??? (le_plus_minus_m_m ? q));/2/;
nqed.