X-Git-Url: http://matita.cs.unibo.it/gitweb/?a=blobdiff_plain;f=helm%2Fsoftware%2Fmatita%2Fnlibrary%2Farithmetics%2Fnat.ma;h=25745e370c19d3ed3072e525630234461c6a5725;hb=63047f8ff8ef477ac32939985b0b41b70e918054;hp=b6683b267801bac94d220ad5ca573ac644eaf1a5;hpb=8899a3f240f62633f4df58b2ee358fa285a82d1d;p=helm.git

diff --git a/helm/software/matita/nlibrary/arithmetics/nat.ma b/helm/software/matita/nlibrary/arithmetics/nat.ma
index b6683b267..25745e370 100644
--- a/helm/software/matita/nlibrary/arithmetics/nat.ma
+++ b/helm/software/matita/nlibrary/arithmetics/nat.ma
@@ -76,9 +76,9 @@ ntheorem nat_elim2 :
 #R; #ROn; #RSO; #RSS; #n; nelim n;//;
 #n0; #Rn0m; #m; ncases m;/2/; nqed.
 
-ntheorem decidable_eq_nat : \forall n,m:nat.decidable (n=m).
+ntheorem decidable_eq_nat : ∀n,m:nat.decidable (n=m).
 napply nat_elim2; #n;
- ##[ ncases n; /2/;
+ ##[ ncases n; /3/;
  ##| /3/;
  ##| #m; #Hind; ncases Hind; /3/;
  ##]
@@ -112,7 +112,7 @@ ntheorem plus_Sn_m1: ∀n,m:nat. S m + n = n + S m.
 #n; nelim n; nnormalize; //; nqed.
 *)
 
-(*
+(* deleterio 
 ntheorem plus_n_SO : ∀n:nat. S n = n+S O.
 //; nqed. *)
 
@@ -220,6 +220,9 @@ interpretation "natural 'less than'" 'lt x y = (lt x y).
 
 interpretation "natural 'not less than'" 'nless x y = (Not (lt x y)).
 
+(* nlemma eq_lt: ∀n,m. (n < m) = (S n ≤ m).
+//; nqed. *)
+
 ndefinition ge: nat \to nat \to Prop \def
 \lambda n,m:nat.m \leq n.
 
@@ -240,8 +243,9 @@ nqed.
 ntheorem trans_le: \forall n,m,p:nat. n \leq m \to m \leq p \to n \leq p
 \def transitive_le. *)
 
-ntheorem transitive_lt: transitive nat lt.
-#a; #b; #c; #ltab; #ltbc;nelim ltbc;/2/;nqed.
+
+naxiom transitive_lt: transitive nat lt.
+(* #a; #b; #c; #ltab; #ltbc;nelim ltbc;/2/;nqed.*)
 
 (*
 theorem trans_lt: \forall n,m,p:nat. lt n m \to lt m p \to lt n p
@@ -259,13 +263,18 @@ ntheorem le_n_Sn : ∀n:nat. n ≤ S n.
 ntheorem le_pred_n : ∀n:nat. pred n ≤ n.
 #n; nelim n; //; nqed.
 
+(* XXX global problem *)
+nlemma my_trans_le : ∀x,y,z:nat.x ≤ y → y ≤ z → x ≤ z. 
+napply transitive_le.
+nqed.
+
 ntheorem monotonic_pred: monotonic ? le pred.
 #n; #m; #lenm; nelim lenm; /2/; nqed.
 
 ntheorem le_S_S_to_le: ∀n,m:nat. S n ≤ S m → n ≤ m.
-/2/; nqed.
+(* XXX *) nletin hint ≝ monotonic. /2/; nqed.
 
-ntheorem lt_S_S_to_lt: ∀n,m. S n < S m \to n < m.
+ntheorem lt_S_S_to_lt: ∀n,m. S n < S m → n < m.
 /2/; nqed. 
 
 ntheorem lt_to_lt_S_S: ∀n,m. n < m → S n < S m.
@@ -284,15 +293,17 @@ ntheorem not_le_to_not_le_S_S: ∀ n,m:nat. n ≰ m → S n ≰ S m.
 ntheorem not_le_S_S_to_not_le: ∀ n,m:nat. S n ≰ S m → n ≰ m.
 /3/; nqed.
 
+naxiom decidable_le: ∀n,m. decidable (n≤m).
+(*
 ntheorem decidable_le: ∀n,m. decidable (n≤m).
-napply nat_elim2; #n; /2/;
-#m; #dec; ncases dec;/3/; nqed.
+napply nat_elim2; #n; /3/;
+#m; #dec; ncases dec;/4/; nqed. *)
 
 ntheorem decidable_lt: ∀n,m. decidable (n < m).
 #n; #m; napply decidable_le ; nqed.
 
 ntheorem not_le_Sn_n: ∀n:nat. S n ≰ n.
-#n; nelim n; /2/; nqed.
+#n; nelim n; /3/; nqed.
 
 ntheorem lt_S_to_le: ∀n,m:nat. n < S m → n ≤ m.
 /2/; nqed.
@@ -301,7 +312,7 @@ ntheorem not_le_to_lt: ∀n,m. n ≰ m → m < n.
 napply nat_elim2; #n;
  ##[#abs; napply False_ind;/2/;
  ##|/2/;
- ##|#m;#Hind;#HnotleSS; napply lt_to_lt_S_S;/3/;
+ ##|#m;#Hind;#HnotleSS; napply lt_to_lt_S_S;/4/;
  ##]
 nqed.
 
@@ -310,7 +321,8 @@ ntheorem lt_to_not_le: ∀n,m. n < m → m ≰ n.
 
 ntheorem not_lt_to_le: ∀n,m:nat. n ≮ m → m ≤ n.
 #n; #m; #Hnlt; napply lt_S_to_le;
-(* something strange here: /2/ fails *)
+(* something strange here: /2/ fails: 
+   we need an extra depths for unfolding not *)
 napply not_le_to_lt; napply Hnlt; nqed. 
 
 ntheorem le_to_not_lt: ∀n,m:nat. n ≤ m → m ≮ n.
@@ -427,9 +439,9 @@ ntheorem le_n_Sm_elim : ∀n,m:nat.n ≤ S m →
 (* le and eq *)
 
 ntheorem le_to_le_to_eq: ∀n,m. n ≤ m → m ≤ n → n = m.
-napply nat_elim2; /3/; nqed.
+napply nat_elim2; /4/; nqed.
 
-ntheorem lt_O_S : \forall n:nat. O < S n.
+ntheorem lt_O_S : ∀n:nat. O < S n.
 /2/; nqed.
 
 (*
@@ -528,25 +540,27 @@ apply le_to_or_lt_eq.apply H6.
 qed.
 *)
 
-(******************* monotonicity ******************************)
+(*********************** monotonicity ***************************)
 ntheorem monotonic_le_plus_r: 
 ∀n:nat.monotonic nat le (λm.n + m).
 #n; #a; #b; nelim n; nnormalize; //;
 #m; #H; #leab;napply le_S_S; /2/; nqed.
 
+(*
 ntheorem le_plus_r: ∀p,n,m:nat. n ≤ m → p + n ≤ p + m
-≝ monotonic_le_plus_r.
+≝ monotonic_le_plus_r. *)
 
 ntheorem monotonic_le_plus_l: 
 ∀m:nat.monotonic nat le (λn.n + m).
 /2/; nqed.
 
+(*
 ntheorem le_plus_l: \forall p,n,m:nat. n \le m \to n + p \le m + p
-\def monotonic_le_plus_l. 
+\def monotonic_le_plus_l. *)
 
 ntheorem le_plus: ∀n1,n2,m1,m2:nat. n1 ≤ n2  \to m1 ≤ m2 
 → n1 + m1 ≤ n2 + m2.
-#n1; #n2; #m1; #m2; #len; #lem; napply transitive_le;
+#n1; #n2; #m1; #m2; #len; #lem; napply (transitive_le ? (n1+m2));
 /2/; nqed.
 
 ntheorem le_plus_n :∀n,m:nat. m ≤ n + m.
@@ -559,88 +573,661 @@ ntheorem eq_plus_to_le: ∀n,m,p:nat.n=m+p → m ≤ n.
 //; nqed.
 
 ntheorem le_plus_to_le: ∀a,n,m. a + n ≤ a + m → n ≤ m.
-#a; nelim a; /3/; nqed.
-
-(* times 
-theorem monotonic_le_times_r: 
-\forall n:nat.monotonic nat le (\lambda m. n * m).
-simplify.intros.elim n.
-simplify.apply le_O_n.
-simplify.apply le_plus.
-assumption.
-assumption.
-qed.
+#a; nelim a; nnormalize; /3/; nqed. 
 
-theorem le_times_r: \forall p,n,m:nat. n \le m \to p*n \le p*m
-\def monotonic_le_times_r.
+ntheorem le_plus_to_le_r: ∀a,n,m. n + a ≤ m +a → n ≤ m.
+/2/; nqed. 
 
-theorem monotonic_le_times_l: 
-\forall m:nat.monotonic nat le (\lambda n.n*m).
-simplify.intros.
-rewrite < sym_times.rewrite < (sym_times m).
-apply le_times_r.assumption.
-qed.
+(* plus & lt *)
+
+ntheorem monotonic_lt_plus_r: 
+∀n:nat.monotonic nat lt (λm.n+m).
+/2/; nqed.
+
+(*
+variant lt_plus_r: \forall n,p,q:nat. p < q \to n + p < n + q \def
+monotonic_lt_plus_r. *)
+
+ntheorem monotonic_lt_plus_l: 
+∀n:nat.monotonic nat lt (λm.m+n).
+/2/;nqed.
+
+(*
+variant lt_plus_l: \forall n,p,q:nat. p < q \to p + n < q + n \def
+monotonic_lt_plus_l. *)
+
+ntheorem lt_plus: ∀n,m,p,q:nat. n < m → p < q → n + p < m + q.
+#n; #m; #p; #q; #ltnm; #ltpq;
+napply (transitive_lt ? (n+q));/2/; nqed.
 
+ntheorem lt_plus_to_lt_l :∀n,p,q:nat. p+n < q+n → p<q.
+/2/; nqed.
+
+ntheorem lt_plus_to_lt_r :∀n,p,q:nat. n+p < n+q → p<q.
+/2/; nqed.
+
+ntheorem le_to_lt_to_plus_lt: ∀a,b,c,d:nat.
+a ≤ c → b < d → a + b < c+d.
+(* bello /2/ un po' lento *)
+#a; #b; #c; #d; #leac; #lebd; 
+nnormalize; napplyS le_plus; //; nqed.
+
+(* times *)
+ntheorem monotonic_le_times_r: 
+∀n:nat.monotonic nat le (λm. n * m).
+#n; #x; #y; #lexy; nelim n; nnormalize;//;(* lento /2/;*)
+#a; #lea; napply le_plus; //;
+nqed.
+
+(*
+ntheorem le_times_r: \forall p,n,m:nat. n \le m \to p*n \le p*m
+\def monotonic_le_times_r. *)
+
+ntheorem monotonic_le_times_l: 
+∀m:nat.monotonic nat le (λn.n*m).
+/2/; nqed.
+
+(*
 theorem le_times_l: \forall p,n,m:nat. n \le m \to n*p \le m*p
-\def monotonic_le_times_l.
+\def monotonic_le_times_l. *)
+
+ntheorem le_times: ∀n1,n2,m1,m2:nat. 
+n1 ≤ n2  → m1 ≤ m2 → n1*m1 ≤ n2*m2.
+#n1; #n2; #m1; #m2; #len; #lem; 
+napply transitive_le; (* /2/ slow *)
+ ##[ ##| napply monotonic_le_times_l;//; 
+     ##| napply monotonic_le_times_r;//;
+ ##]
+nqed.
 
-theorem le_times: \forall n1,n2,m1,m2:nat. n1 \le n2  \to m1 \le m2 
-\to n1*m1 \le n2*m2.
+ntheorem lt_times_n: ∀n,m:nat. O < n → m ≤ n*m.
+#n; #m; #H; napplyS monotonic_le_times_l;
+/2/; nqed.
+
+ntheorem le_times_to_le: 
+∀a,n,m. O < a → a * n ≤ a * m → n ≤ m.
+#a; napply nat_elim2; nnormalize;
+  ##[//;
+  ##|#n; #H1; #H2; napply False_ind;
+     ngeneralize in match H2;
+     napply lt_to_not_le;
+     napply (transitive_le ? (S n));/2/;
+  ##|#n; #m; #H; #lta; #le;
+     napply le_S_S; napply H; /2/;
+  ##]
+nqed.
+
+ntheorem le_S_times_2: ∀n,m.O < m → n ≤ m → S n ≤ 2*m.
+#n; #m; #posm; #lenm; (* interessante *)
+napplyS (le_plus n); //; nqed.
+
+(* times & lt *)
+(*
+ntheorem lt_O_times_S_S: ∀n,m:nat.O < (S n)*(S m).
+intros.simplify.unfold lt.apply le_S_S.apply le_O_n.
+qed. *)
+
+(*
+ntheorem lt_times_eq_O: \forall a,b:nat.
+O < a → a * b = O → b = O.
 intros.
-apply (trans_le ? (n2*m1)).
-apply le_times_l.assumption.
-apply le_times_r.assumption.
-qed.
+apply (nat_case1 b)
+[ intros.
+  reflexivity
+| intros.
+  rewrite > H2 in H1.
+  rewrite > (S_pred a) in H1
+  [ apply False_ind.
+    apply (eq_to_not_lt O ((S (pred a))*(S m)))
+    [ apply sym_eq.
+      assumption
+    | apply lt_O_times_S_S
+    ]
+  | assumption
+  ]
+]
+qed. 
 
-theorem le_times_n: \forall n,m:nat.(S O) \le n \to m \le n*m.
-intros.elim H.simplify.
-elim (plus_n_O ?).apply le_n.
-simplify.rewrite < sym_plus.apply le_plus_n.
+theorem O_lt_times_to_O_lt: \forall a,c:nat.
+O \lt (a * c) \to O \lt a.
+intros.
+apply (nat_case1 a)
+[ intros.
+  rewrite > H1 in H.
+  simplify in H.
+  assumption
+| intros.
+  apply lt_O_S
+]
 qed.
 
-theorem le_times_to_le: 
-\forall a,n,m. S O \le a \to a * n \le a * m \to n \le m.
-intro.
-apply nat_elim2;intros
-  [apply le_O_n
+lemma lt_times_to_lt_O: \forall i,n,m:nat. i < n*m \to O < m.
+intros.
+elim (le_to_or_lt_eq O ? (le_O_n m))
+  [assumption
   |apply False_ind.
-   rewrite < times_n_O in H1.
-   generalize in match H1.
-   apply (lt_O_n_elim ? H).
-   intros.
-   simplify in H2.
-   apply (le_to_not_lt ? ? H2).
-   apply lt_O_S
-  |apply le_S_S.
-   apply H
+   rewrite < H1 in H.
+   rewrite < times_n_O in H.
+   apply (not_le_Sn_O ? H)
+  ]
+qed. *)
+
+(*
+ntheorem monotonic_lt_times_r: 
+∀n:nat.monotonic nat lt (λm.(S n)*m).
+/2/; 
+simplify.
+intros.elim n.
+simplify.rewrite < plus_n_O.rewrite < plus_n_O.assumption.
+apply lt_plus.assumption.assumption.
+qed. *)
+
+ntheorem monotonic_lt_times_l: 
+  ∀c:nat. O < c → monotonic nat lt (λt.(t*c)).
+#c; #posc; #n; #m; #ltnm;
+nelim ltnm; nnormalize;
+  ##[napplyS monotonic_lt_plus_l;//;
+  ##|#a; #_; #lt1; napply (transitive_le ??? lt1);//;
+  ##]
+nqed.
+
+ntheorem monotonic_lt_times_r: 
+  ∀c:nat. O < c → monotonic nat lt (λt.(c*t)).
+(* /2/ lentissimo *)
+#c; #posc; #n; #m; #ltnm;
+(* why?? napplyS (monotonic_lt_times_l c posc n m ltnm); *)
+nrewrite > (symmetric_times c n);
+nrewrite > (symmetric_times c m);
+napply monotonic_lt_times_l;//;
+nqed.
+
+ntheorem lt_to_le_to_lt_times: 
+∀n,m,p,q:nat. n < m → p ≤ q → O < q → n*p < m*q.
+#n; #m; #p; #q; #ltnm; #lepq; #posq;
+napply (le_to_lt_to_lt ? (n*q));
+  ##[napply monotonic_le_times_r;//;
+  ##|napply monotonic_lt_times_l;//;
+  ##]
+nqed.
+
+ntheorem lt_times:∀n,m,p,q:nat. n<m → p<q → n*p < m*q.
+#n; #m; #p; #q; #ltnm; #ltpq;
+napply lt_to_le_to_lt_times;/2/;
+nqed.
+
+ntheorem lt_times_n_to_lt_l: 
+∀n,p,q:nat. O < n → p*n < q*n → p < q.
+#n; #p; #q; #posn; #Hlt;
+nelim (decidable_lt p q);//;
+#nltpq;napply False_ind; 
+napply (lt_to_not_le ? ? Hlt);
+napply monotonic_le_times_l;/3/;
+nqed.
+
+ntheorem lt_times_n_to_lt_r: 
+∀n,p,q:nat. O < n → n*p < n*q → p < q.
+#n; #p; #q; #posn; #Hlt;
+napply (lt_times_n_to_lt_l ??? posn);//;
+nqed.
+
+(*
+theorem nat_compare_times_l : \forall n,p,q:nat. 
+nat_compare p q = nat_compare ((S n) * p) ((S n) * q).
+intros.apply nat_compare_elim.intro.
+apply nat_compare_elim.
+intro.reflexivity.
+intro.absurd (p=q).
+apply (inj_times_r n).assumption.
+apply lt_to_not_eq. assumption.
+intro.absurd (q<p).
+apply (lt_times_to_lt_r n).assumption.
+apply le_to_not_lt.apply lt_to_le.assumption.
+intro.rewrite < H.rewrite > nat_compare_n_n.reflexivity.
+intro.apply nat_compare_elim.intro.
+absurd (p<q).
+apply (lt_times_to_lt_r n).assumption.
+apply le_to_not_lt.apply lt_to_le.assumption.
+intro.absurd (q=p).
+symmetry.
+apply (inj_times_r n).assumption.
+apply lt_to_not_eq.assumption.
+intro.reflexivity.
+qed. *)
+
+(* times and plus 
+theorem lt_times_plus_times: \forall a,b,n,m:nat. 
+a < n \to b < m \to a*m + b < n*m.
+intros 3.
+apply (nat_case n)
+  [intros.apply False_ind.apply (not_le_Sn_O ? H)
+  |intros.simplify.
+   rewrite < sym_plus.
+   unfold.
+   change with (S b+a*m1 \leq m1+m*m1).
+   apply le_plus
     [assumption
-    |rewrite < times_n_Sm in H2.
-     rewrite < times_n_Sm in H2.
-     apply (le_plus_to_le a).
-     assumption
+    |apply le_times
+      [apply le_S_S_to_le.assumption
+      |apply le_n
+      ]
     ]
   ]
+qed. *)
+
+(************************** minus ******************************)
+
+nlet rec minus n m ≝ 
+ match n with 
+ [ O ⇒ O
+ | S p ⇒ 
+	match m with
+	  [ O ⇒ S p
+    | S q ⇒ minus p q ]].
+        
+interpretation "natural minus" 'minus x y = (minus x y).
+
+ntheorem minus_S_S: ∀n,m:nat.S n - S m = n -m.
+//; nqed.
+
+ntheorem minus_O_n: ∀n:nat.O=O-n.
+#n; ncases n; //; nqed.
+
+ntheorem minus_n_O: ∀n:nat.n=n-O.
+#n; ncases n; //; nqed.
+
+ntheorem minus_n_n: ∀n:nat.O=n-n.
+#n; nelim n; //; nqed.
+
+ntheorem minus_Sn_n: ∀n:nat. S O = (S n)-n.
+#n; nelim n; //; nqed.
+
+ntheorem minus_Sn_m: ∀m,n:nat. m ≤ n → S n -m = S (n-m).
+(* qualcosa da capire qui 
+#n; #m; #lenm; nelim lenm; napplyS refl_eq. *)
+napply nat_elim2; 
+  ##[//
+  ##|#n; #abs; napply False_ind; /2/.
+  ##|#n; #m; #Hind; #c; napplyS Hind; /2/;
+  ##]
+nqed.
+
+ntheorem not_eq_to_le_to_le_minus: 
+  ∀n,m.n ≠ m → n ≤ m → n ≤ m - 1.
+#n; #m; ncases m;//; #m; nnormalize;
+#H; #H1; napply le_S_S_to_le;
+napplyS (not_eq_to_le_to_lt n (S m) H H1);
+nqed.
+
+ntheorem eq_minus_S_pred: ∀n,m. n - (S m) = pred(n -m).
+napply nat_elim2; //; nqed.
+
+ntheorem plus_minus:
+∀m,n,p:nat. m ≤ n → (n-m)+p = (n+p)-m.
+napply nat_elim2; 
+  ##[//
+  ##|#n; #p; #abs; napply False_ind; /2/;
+  ##|nnormalize;/3/;
+  ##]
+nqed.
+
+ntheorem minus_plus_m_m: ∀n,m:nat.n = (n+m)-m.
+#n; #m; napplyS (plus_minus m m n); //; nqed.
+
+ntheorem plus_minus_m_m: ∀n,m:nat.
+m \leq n \to n = (n-m)+m.
+#n; #m; #lemn; napplyS symmetric_eq; 
+napplyS (plus_minus m n m); //; nqed.
+
+ntheorem le_plus_minus_m_m: ∀n,m:nat. n ≤ (n-m)+m.
+#n; nelim n;
+  ##[//
+  ##|#a; #Hind; #m; ncases m;//;  
+     nnormalize; #n;napplyS le_S_S;//  
+  ##]
+nqed.
+
+ntheorem minus_to_plus :∀n,m,p:nat.
+  m ≤ n → n-m = p → n = m+p.
+#n; #m; #p; #lemn; #eqp; napplyS plus_minus_m_m; //;
+nqed.
+
+ntheorem plus_to_minus :∀n,m,p:nat.n = m+p → n-m = p.
+(* /4/ done in 43.5 *)
+#n; #m; #p; #eqp; 
+napply symmetric_eq;
+napplyS (minus_plus_m_m p m);
+nqed.
+
+ntheorem minus_pred_pred : ∀n,m:nat. O < n → O < m → 
+pred n - pred m = n - m.
+#n; #m; #posn; #posm;
+napply (lt_O_n_elim n posn);
+napply (lt_O_n_elim m posm);//.
+nqed.
+
+(*
+theorem eq_minus_n_m_O: \forall n,m:nat.
+n \leq m \to n-m = O.
+intros 2.
+apply (nat_elim2 (\lambda n,m.n \leq m \to n-m = O)).
+intros.simplify.reflexivity.
+intros.apply False_ind.
+apply not_le_Sn_O;
+[2: apply H | skip].
+intros.
+simplify.apply H.apply le_S_S_to_le. apply H1.
+qed.
+
+theorem le_SO_minus: \forall n,m:nat.S n \leq m \to S O \leq m-n.
+intros.elim H.elim (minus_Sn_n n).apply le_n.
+rewrite > minus_Sn_m.
+apply le_S.assumption.
+apply lt_to_le.assumption.
 qed.
 
-theorem le_S_times_SSO: \forall n,m.O < m \to
-n \le m \to S n \le (S(S O))*m.
+theorem minus_le_S_minus_S: \forall n,m:nat. m-n \leq S (m-(S n)).
 intros.
-simplify.
-rewrite > plus_n_O.
-simplify.rewrite > plus_n_Sm.
-apply le_plus
-  [assumption
-  |rewrite < plus_n_O.
-   assumption
-  ]
+apply (nat_elim2 (\lambda n,m.m-n \leq S (m-(S n)))).
+intro.elim n1.simplify.apply le_n_Sn.
+simplify.rewrite < minus_n_O.apply le_n.
+intros.simplify.apply le_n_Sn.
+intros.simplify.apply H.
+qed.
+
+theorem lt_minus_S_n_to_le_minus_n : \forall n,m,p:nat. m-(S n) < p \to m-n \leq p. 
+intros 3.intro.
+(* autobatch *)
+(* end auto($Revision: 9739 $) proof: TIME=1.33 SIZE=100 DEPTH=100 *)
+apply (trans_le (m-n) (S (m-(S n))) p).
+apply minus_le_S_minus_S.
+assumption.
+qed.
+
+theorem le_minus_m: \forall n,m:nat. n-m \leq n.
+intros.apply (nat_elim2 (\lambda m,n. n-m \leq n)).
+intros.rewrite < minus_n_O.apply le_n.
+intros.simplify.apply le_n.
+intros.simplify.apply le_S.assumption.
+qed.
+
+theorem lt_minus_m: \forall n,m:nat. O < n \to O < m \to n-m \lt n.
+intros.apply (lt_O_n_elim n H).intro.
+apply (lt_O_n_elim m H1).intro.
+simplify.unfold lt.apply le_S_S.apply le_minus_m.
+qed.
+
+theorem minus_le_O_to_le: \forall n,m:nat. n-m \leq O \to n \leq m.
+intros 2.
+apply (nat_elim2 (\lambda n,m:nat.n-m \leq O \to n \leq m)).
+intros.apply le_O_n.
+simplify.intros. assumption.
+simplify.intros.apply le_S_S.apply H.assumption.
 qed.
-(*0 and times *)
-theorem O_lt_const_to_le_times_const:  \forall a,c:nat.
-O \lt c \to a \le a*c.
+*)
+
+(* monotonicity and galois *)
+
+ntheorem monotonic_le_minus_l: 
+∀p,q,n:nat. q ≤ p → q-n ≤ p-n.
+napply nat_elim2; #p; #q;
+  ##[#lePO; napply (le_n_O_elim ? lePO);//;
+  ##|//;
+  ##|#Hind; #n; ncases n;
+    ##[//;
+    ##|#a; #leSS; napply Hind; /2/;
+    ##]
+  ##]
+nqed.
+
+ntheorem le_minus_to_plus: ∀n,m,p. n-m ≤ p → n≤ p+m.
+#n; #m; #p; #lep;
+napply transitive_le;
+  ##[##|napply le_plus_minus_m_m
+  ##|napply monotonic_le_plus_l;//;
+  ##]
+nqed.
+
+ntheorem le_plus_to_minus: ∀n,m,p. n ≤ p+m → n-m ≤ p.
+#n; #m; #p; #lep;
+(* bello *)
+napplyS monotonic_le_minus_l;//;
+nqed.
+
+ntheorem monotonic_le_minus_r: 
+∀p,q,n:nat. q ≤ p → n-p ≤ n-q.
+#p; #q; #n; #lepq;
+napply le_plus_to_minus;
+napply (transitive_le ??? (le_plus_minus_m_m ? q));/2/;
+nqed.
+
+(*********************** boolean arithmetics ********************) 
+include "basics/bool.ma".
+
+nlet rec eqb n m ≝ 
+match n with 
+  [ O ⇒ match m with [ O ⇒ true | S q ⇒ false] 
+  | S p ⇒ match m with [ O ⇒ false | S q ⇒ eqb p q]
+  ].
+	   
+(*
+ntheorem eqb_to_Prop: ∀n,m:nat. 
+match (eqb n m) with
+[ true  \Rightarrow n = m 
+| false \Rightarrow n \neq m].
 intros.
-rewrite > (times_n_SO a) in \vdash (? % ?).
-apply le_times
-[ apply le_n
-| assumption
-]
-qed. *)
\ No newline at end of file
+apply (nat_elim2
+(\lambda n,m:nat.match (eqb n m) with
+[ true  \Rightarrow n = m 
+| false \Rightarrow n \neq m])).
+intro.elim n1.
+simplify.reflexivity.
+simplify.apply not_eq_O_S.
+intro.
+simplify.unfold Not.
+intro. apply (not_eq_O_S n1).apply sym_eq.assumption.
+intros.simplify.
+generalize in match H.
+elim ((eqb n1 m1)).
+simplify.apply eq_f.apply H1.
+simplify.unfold Not.intro.apply H1.apply inj_S.assumption.
+qed.
+*)
+
+ntheorem eqb_elim : ∀ n,m:nat.∀ P:bool → Prop.
+(n=m → (P true)) → (n ≠ m → (P false)) → (P (eqb n m)). 
+napply nat_elim2; 
+  ##[#n; ncases n; nnormalize; /3/; 
+  ##|nnormalize; /3/; 
+  ##|nnormalize; /4/; 
+  ##] 
+nqed.
+
+ntheorem eqb_n_n: ∀n. eqb n n = true.
+#n; nelim n; nnormalize; //.
+nqed. 
+
+ntheorem eqb_true_to_eq: ∀n,m:nat. eqb n m = true → n = m.
+#n; #m; napply (eqb_elim n m);//;
+#_; #abs; napply False_ind; /2/;
+nqed.
+
+ntheorem eqb_false_to_not_eq: ∀n,m:nat. eqb n m = false → n ≠ m.
+#n; #m; napply (eqb_elim n m);/2/;
+nqed.
+
+ntheorem eq_to_eqb_true: ∀n,m:nat.
+  n = m → eqb n m = true.
+//; nqed.
+
+ntheorem not_eq_to_eqb_false: ∀n,m:nat.
+  n ≠  m → eqb n m = false.
+#n; #m; #noteq; 
+nelim (true_or_false (eqb n m)); //;
+#Heq; napply False_ind; napply noteq;/2/;
+nqed.
+
+nlet rec leb n m ≝ 
+match n with 
+    [ O ⇒ true
+    | (S p) ⇒
+	match m with 
+        [ O ⇒ false
+	      | (S q) ⇒ leb p q]].
+
+ntheorem leb_elim: ∀n,m:nat. ∀P:bool → Prop. 
+(n ≤ m → P true) → (n ≰ m → P false) → P (leb n m).
+napply nat_elim2; nnormalize;
+  ##[/2/
+  ##| /3/;
+  ##|#n; #m; #Hind; #P; #Pt; #Pf; napply Hind;
+    ##[#lenm; napply Pt; napply le_S_S;//;
+    ##|#nlenm; napply Pf; #leSS; /3/;
+    ##]
+  ##]
+nqed.
+
+ntheorem leb_true_to_le:∀n,m.leb n m = true → n ≤ m.
+#n; #m; napply leb_elim;
+  ##[//;
+  ##|#_; #abs; napply False_ind; /2/;
+  ##]
+nqed.
+
+ntheorem leb_false_to_not_le:∀n,m.
+  leb n m = false → n ≰ m.
+#n; #m; napply leb_elim;
+  ##[#_; #abs; napply False_ind; /2/;
+  ##|/2/;
+  ##]
+nqed.
+
+ntheorem le_to_leb_true: ∀n,m. n ≤ m → leb n m = true.
+#n; #m; napply leb_elim; //;
+#H; #H1; napply False_ind; /2/;
+nqed.
+
+ntheorem lt_to_leb_false: ∀n,m. m < n → leb n m = false.
+#n; #m; napply leb_elim; //;
+#H; #H1; napply False_ind; /2/;
+nqed.
+
+(* serve anche ltb? 
+ndefinition ltb ≝λn,m. leb (S n) m.
+
+ntheorem ltb_elim: ∀n,m:nat. ∀P:bool → Prop. 
+(n < m → P true) → (n ≮ m → P false) → P (ltb n m).
+#n; #m; #P; #Hlt; #Hnlt;
+napply leb_elim; /3/; nqed.
+
+ntheorem ltb_true_to_lt:∀n,m.ltb n m = true → n < m.
+#n; #m; #Hltb; napply leb_true_to_le; nassumption;
+nqed.
+
+ntheorem ltb_false_to_not_lt:∀n,m.
+  ltb n m = false → n ≮ m.
+#n; #m; #Hltb; napply leb_false_to_not_le; nassumption;
+nqed.
+
+ntheorem lt_to_ltb_true: ∀n,m. n < m → ltb n m = true.
+#n; #m; #Hltb; napply le_to_leb_true; nassumption;
+nqed.
+
+ntheorem le_to_ltb_false: ∀n,m. m \le n → ltb n m = false.
+#n; #m; #Hltb; napply lt_to_leb_false; /2/;
+nqed. *)
+
+ninductive compare : Type[0] ≝
+| LT : compare
+| EQ : compare
+| GT : compare.
+
+ndefinition compare_invert: compare → compare ≝
+  λc.match c with
+      [ LT ⇒ GT
+      | EQ ⇒ EQ
+      | GT ⇒ LT ].
+
+nlet rec nat_compare n m: compare ≝
+match n with
+[ O ⇒ match m with 
+      [ O ⇒ EQ
+      | (S q) ⇒ LT ]
+| S p ⇒ match m with 
+      [ O ⇒ GT
+      | S q ⇒ nat_compare p q]].
+
+ntheorem nat_compare_n_n: ∀n. nat_compare n n = EQ.
+#n;nelim n
+##[//
+##|#m;#IH;nnormalize;//]
+nqed.
+
+ntheorem nat_compare_S_S: ∀n,m:nat.nat_compare n m = nat_compare (S n) (S m).
+//;
+nqed.
+
+ntheorem nat_compare_pred_pred: 
+  ∀n,m.O < n → O < m → nat_compare n m = nat_compare (pred n) (pred m).
+#n;#m;#Hn;#Hm;
+napply (lt_O_n_elim n Hn);
+napply (lt_O_n_elim m Hm);
+#p;#q;//;
+nqed.
+
+ntheorem nat_compare_to_Prop: 
+  ∀n,m.match (nat_compare n m) with
+    [ LT ⇒ n < m
+    | EQ ⇒ n = m
+    | GT ⇒ m < n ].
+#n;#m;
+napply (nat_elim2 (λn,m.match (nat_compare n m) with
+  [ LT ⇒ n < m
+  | EQ ⇒ n = m
+  | GT ⇒ m < n ]) ?????) (* FIXME: don't want to put all these ?, especially when … does not work! *)
+##[##1,2:#n1;ncases n1;//;
+##|#n1;#m1;nnormalize;ncases (nat_compare n1 m1);
+   ##[##1,3:nnormalize;#IH;napply le_S_S;//;
+   ##|nnormalize;#IH;nrewrite > IH;//]
+nqed.
+
+ntheorem nat_compare_n_m_m_n: 
+  ∀n,m:nat.nat_compare n m = compare_invert (nat_compare m n).
+#n;#m;
+napply (nat_elim2 (λn,m. nat_compare n m = compare_invert (nat_compare m n)))
+##[##1,2:#n1;ncases n1;//;
+##|#n1;#m1;#IH;nnormalize;napply IH]
+nqed.
+     
+ntheorem nat_compare_elim : 
+  ∀n,m. ∀P:compare → Prop.
+    (n < m → P LT) → (n=m → P EQ) → (m < n → P GT) → P (nat_compare n m).
+#n;#m;#P;#Hlt;#Heq;#Hgt;
+ncut (match (nat_compare n m) with
+    [ LT ⇒ n < m
+    | EQ ⇒ n=m
+    | GT ⇒ m < n] →
+  P (nat_compare n m))
+##[ncases (nat_compare n m);
+   ##[napply Hlt
+   ##|napply Heq
+   ##|napply Hgt]
+##|#Hcut;napply Hcut;//;
+nqed.
+
+ninductive cmp_cases (n,m:nat) : CProp[0] ≝
+  | cmp_le : n ≤ m → cmp_cases n m
+  | cmp_gt : m < n → cmp_cases n m.
+
+ntheorem lt_to_le : ∀n,m:nat. n < m → n ≤ m.
+#n;#m;#H;nelim H
+##[//
+##|/2/]
+nqed.
+
+nlemma cmp_nat: ∀n,m.cmp_cases n m.
+#n;#m; nlapply (nat_compare_to_Prop n m);
+ncases (nat_compare n m);#H
+##[@;napply lt_to_le;//
+##|@;//
+##|@2;//]
+nqed.