Built with Alectryon, running Coq+SerAPI v8.10.0+0.7.0. Coq sources are in this panel; goals and messages will appear in the other. Bubbles () indicate interactive fragments: hover for details, tap to reveal contents. Use Ctrl+↑ Ctrl+↓ to navigate, Ctrl+🖱️ to focus.

(************************************************************************)
(*         *   The Coq Proof Assistant / The Coq Development Team       *)
(*  v      *   INRIA, CNRS and contributors - Copyright 1999-2018       *)
(* <O___,, *       (see CREDITS file for the list of authors)           *)
(*   \VV/  **************************************************************)
(*    //   *    This file is distributed under the terms of the         *)
(*         *     GNU Lesser General Public License Version 2.1          *)
(*         *     (see LICENSE file for the text of the license)         *)
(************************************************************************)

Require Import ZAxioms ZMulOrder ZSgnAbs NZDiv.

Euclidean Division for integers, Euclid convention

We use here the "usual" formulation of the Euclid Theorem ∀ a b, b<>0 → ∃ r q, a = b×q+r ∧ 0 ≤ r < |b|

The outcome of the modulo function is hence always positive. This corresponds to convention "E" in the following paper:

R. Boute, "The Euclidean definition of the functions div and mod", ACM Transactions on Programming Languages and Systems, Vol. 14, No.2, pp. 127-144, April 1992.

See files ZDivTrunc and ZDivFloor for others conventions.

We simply extend NZDiv with a bound for modulo that holds regardless of the sign of a and b. This new specification subsume mod_bound_pos, which nonetheless stays there for subtyping. Note also that ZAxiomSig now already contain a div and a modulo (that follow the Floor convention). We just ignore them here.

Module Type EuclidSpec (Import A : ZAxiomsSig')(Import B : DivMod A).
 Axiom mod_always_pos : forall a b, b ~= 0 -> 0 <= B.modulo a b < abs b.
End EuclidSpec.

Module Type ZEuclid (Z:ZAxiomsSig) := NZDiv.NZDiv Z <+ EuclidSpec Z.

Module ZEuclidProp
 (Import A : ZAxiomsSig')
 (Import B : ZMulOrderProp A)
 (Import C : ZSgnAbsProp A B)
 (Import D : ZEuclid A).

We put notations in a scope, to avoid warnings about redefinitions of notations

 Declare Scope euclid.
 Infix "/" := D.div : euclid.
 Infix "mod" := D.modulo : euclid.
 Local Open Scope euclid.

 Module Import Private_NZDiv := Nop <+ NZDivProp A D B.

Another formulation of the main equation

Lemma mod_eq :
 forall a b, b~=0 -> a mod b == a - b*(a/b).forall a b : t, b ~= 0 -> a mod b == a - b * (a / b)
Proof.forall a b : t, b ~= 0 -> a mod b == a - b * (a / b)
intros.a, b:t
H:b ~= 0
a mod b == a - b * (a / b)
rewrite <- add_move_l.a, b:t
H:b ~= 0
b * (a / b) + a mod b == a
symmetry.a, b:t
H:b ~= 0
a == b * (a / b) + a mod b now apply div_mod.
Qed.

Ltac pos_or_neg a :=
 let LT := fresh "LT" in
 let LE := fresh "LE" in
 destruct (le_gt_cases 0 a) as [LE|LT]; [|rewrite <- opp_pos_neg in LT].

Uniqueness theorems

Theorem div_mod_unique : forall b q1 q2 r1 r2 : t,
  0<=r1<abs b -> 0<=r2<abs b ->
  b*q1+r1 == b*q2+r2 -> q1 == q2 /\ r1 == r2.forall b q1 q2 r1 r2 : t,
0 <= r1 < abs b ->
0 <= r2 < abs b ->
b * q1 + r1 == b * q2 + r2 -> q1 == q2 /\ r1 == r2
Proof.forall b q1 q2 r1 r2 : t,
0 <= r1 < abs b ->
0 <= r2 < abs b ->
b * q1 + r1 == b * q2 + r2 -> q1 == q2 /\ r1 == r2
intros b q1 q2 r1 r2 Hr1 Hr2 EQ.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < abs b
Hr2:0 <= r2 < abs b
EQ:b * q1 + r1 == b * q2 + r2
q1 == q2 /\ r1 == r2
pos_or_neg b.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < abs b
Hr2:0 <= r2 < abs b
EQ:b * q1 + r1 == b * q2 + r2
LE:0 <= b
q1 == q2 /\ r1 == r2
b, q1, q2, r1, r2:t
Hr1:0 <= r1 < abs b
Hr2:0 <= r2 < abs b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
q1 == q2 /\ r1 == r2
rewrite abs_eq in * by trivial.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < b
Hr2:0 <= r2 < b
EQ:b * q1 + r1 == b * q2 + r2
LE:0 <= b
q1 == q2 /\ r1 == r2
b, q1, q2, r1, r2:t
Hr1:0 <= r1 < abs b
Hr2:0 <= r2 < abs b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
q1 == q2 /\ r1 == r2
apply div_mod_unique with b; trivial.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < abs b
Hr2:0 <= r2 < abs b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
q1 == q2 /\ r1 == r2
rewrite abs_neq' in * by auto using lt_le_incl.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
q1 == q2 /\ r1 == r2
rewrite eq_sym_iff.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
q2 == q1 /\ r1 == r2 apply div_mod_unique with (-b); trivial.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
- b * q2 + r1 == - b * q1 + r2
rewrite 2 mul_opp_l.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
- (b * q2) + r1 == - (b * q1) + r2
rewrite add_move_l, sub_opp_r.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
r1 == - (b * q1) + r2 + b * q2
rewrite <-add_assoc.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
r1 == - (b * q1) + (r2 + b * q2)
symmetry.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
- (b * q1) + (r2 + b * q2) == r1 rewrite add_move_l, sub_opp_r.b, q1, q2, r1, r2:t
Hr1:0 <= r1 < - b
Hr2:0 <= r2 < - b
EQ:b * q1 + r1 == b * q2 + r2
LT:0 < - b
r2 + b * q2 == r1 + b * q1
now rewrite (add_comm r2), (add_comm r1).
Qed.

Theorem div_unique:
 forall a b q r, 0<=r<abs b -> a == b*q + r -> q == a/b.forall a b q r : t,
0 <= r < abs b -> a == b * q + r -> q == a / b
Proof.forall a b q r : t,
0 <= r < abs b -> a == b * q + r -> q == a / b
intros a b q r Hr EQ.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
q == a / b
assert (Hb : b~=0).a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
q == a / b
 pos_or_neg b.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LE:0 <= b
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LT:0 < - b
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
q == a / b
 rewrite abs_eq in Hr; intuition; order.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LT:0 < - b
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
q == a / b
 rewrite <- opp_0, eq_opp_r.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LT:0 < - b
- b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
q == a / b rewrite abs_neq' in Hr; intuition; order.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
q == a / b
destruct (div_mod_unique b q (a/b) r (a mod b)); trivial.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
0 <= a mod b < abs b
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
b * q + r == b * (a / b) + a mod b
now apply mod_always_pos.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
b * q + r == b * (a / b) + a mod b
now rewrite <- div_mod.
Qed.

Theorem mod_unique:
 forall a b q r, 0<=r<abs b -> a == b*q + r -> r == a mod b.forall a b q r : t,
0 <= r < abs b -> a == b * q + r -> r == a mod b
Proof.forall a b q r : t,
0 <= r < abs b -> a == b * q + r -> r == a mod b
intros a b q r Hr EQ.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
r == a mod b
assert (Hb : b~=0).a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
r == a mod b
 pos_or_neg b.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LE:0 <= b
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LT:0 < - b
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
r == a mod b
 rewrite abs_eq in Hr; intuition; order.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LT:0 < - b
b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
r == a mod b
 rewrite <- opp_0, eq_opp_r.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
LT:0 < - b
- b ~= 0
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
r == a mod b rewrite abs_neq' in Hr; intuition; order.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
r == a mod b
destruct (div_mod_unique b q (a/b) r (a mod b)); trivial.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
0 <= a mod b < abs b
a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
b * q + r == b * (a / b) + a mod b
now apply mod_always_pos.a, b, q, r:t
Hr:0 <= r < abs b
EQ:a == b * q + r
Hb:b ~= 0
b * q + r == b * (a / b) + a mod b
now rewrite <- div_mod.
Qed.

Sign rules

Lemma div_opp_r : forall a b, b~=0 -> a/(-b) == -(a/b).forall a b : t, b ~= 0 -> a / - b == - (a / b)
Proof.forall a b : t, b ~= 0 -> a / - b == - (a / b)
intros.a, b:t
H:b ~= 0
a / - b == - (a / b) symmetry.a, b:t
H:b ~= 0
- (a / b) == a / - b
apply div_unique with (a mod b).a, b:t
H:b ~= 0
0 <= a mod b < abs (- b)
a, b:t
H:b ~= 0
a == - b * - (a / b) + a mod b
rewrite abs_opp; now apply mod_always_pos.a, b:t
H:b ~= 0
a == - b * - (a / b) + a mod b
rewrite mul_opp_opp; now apply div_mod.
Qed.

Lemma mod_opp_r : forall a b, b~=0 -> a mod (-b) == a mod b.forall a b : t, b ~= 0 -> a mod - b == a mod b
Proof.forall a b : t, b ~= 0 -> a mod - b == a mod b
intros.a, b:t
H:b ~= 0
a mod - b == a mod b symmetry.a, b:t
H:b ~= 0
a mod b == a mod - b
apply mod_unique with (-(a/b)).a, b:t
H:b ~= 0
0 <= a mod b < abs (- b)
a, b:t
H:b ~= 0
a == - b * - (a / b) + a mod b
rewrite abs_opp; now apply mod_always_pos.a, b:t
H:b ~= 0
a == - b * - (a / b) + a mod b
rewrite mul_opp_opp; now apply div_mod.
Qed.

Lemma div_opp_l_z : forall a b, b~=0 -> a mod b == 0 ->
 (-a)/b == -(a/b).forall a b : t,
b ~= 0 -> a mod b == 0 -> - a / b == - (a / b)
Proof.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a / b == - (a / b)
intros a b Hb Hab.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a / b == - (a / b) symmetry.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- (a / b) == - a / b
apply div_unique with (-(a mod b)).a, b:t
Hb:b ~= 0
Hab:a mod b == 0
0 <= - (a mod b) < abs b
a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a == b * - (a / b) + - (a mod b)
rewrite Hab, opp_0.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
0 <= 0 < abs b
a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a == b * - (a / b) + - (a mod b) split; [order|].a, b:t
Hb:b ~= 0
Hab:a mod b == 0
0 < abs b
a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a == b * - (a / b) + - (a mod b)
pos_or_neg b; [rewrite abs_eq | rewrite abs_neq']; order.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a == b * - (a / b) + - (a mod b)
now rewrite mul_opp_r, <-opp_add_distr, <-div_mod.
Qed.

Lemma div_opp_l_nz : forall a b, b~=0 -> a mod b ~= 0 ->
 (-a)/b == -(a/b)-sgn b.forall a b : t,
b ~= 0 -> a mod b ~= 0 -> - a / b == - (a / b) - sgn b
Proof.forall a b : t,
b ~= 0 -> a mod b ~= 0 -> - a / b == - (a / b) - sgn b
intros a b Hb Hab.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a / b == - (a / b) - sgn b symmetry.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- (a / b) - sgn b == - a / b
apply div_unique with (abs b -(a mod b)).a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
0 <= abs b - a mod b < abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite lt_sub_lt_add_l.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
0 <= abs b - a mod b /\ abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- le_add_le_sub_l.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b + 0 <= abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b) nzsimpl.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b <= abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- (add_0_l (abs b)) at 2.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b <= abs b /\ 0 + abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- add_lt_mono_r.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b <= abs b /\ 0 < a mod b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
destruct (mod_always_pos a b); intuition order.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- 2 add_opp_r, mul_add_distr_l, 2 mul_opp_r.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a ==
- (b * (a / b)) + - (b * sgn b) +
(abs b + - (a mod b))
rewrite sgn_abs.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a ==
- (b * (a / b)) + - abs b + (abs b + - (a mod b))
rewrite add_shuffle2, add_opp_diag_l; nzsimpl.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == - (b * (a / b)) + - (a mod b)
rewrite <-opp_add_distr, <-div_mod; order.
Qed.

Lemma mod_opp_l_z : forall a b, b~=0 -> a mod b == 0 ->
 (-a) mod b == 0.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a mod b == 0
Proof.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a mod b == 0
intros a b Hb Hab.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a mod b == 0 symmetry.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
0 == - a mod b
apply mod_unique with (-(a/b)).a, b:t
Hb:b ~= 0
Hab:a mod b == 0
0 <= 0 < abs b
a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a == b * - (a / b) + 0
split; [order|now rewrite abs_pos].a, b:t
Hb:b ~= 0
Hab:a mod b == 0
- a == b * - (a / b) + 0
now rewrite <-opp_0, <-Hab, mul_opp_r, <-opp_add_distr, <-div_mod.
Qed.

Lemma mod_opp_l_nz : forall a b, b~=0 -> a mod b ~= 0 ->
 (-a) mod b == abs b - (a mod b).forall a b : t,
b ~= 0 -> a mod b ~= 0 -> - a mod b == abs b - a mod b
Proof.forall a b : t,
b ~= 0 -> a mod b ~= 0 -> - a mod b == abs b - a mod b
intros a b Hb Hab.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a mod b == abs b - a mod b symmetry.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
abs b - a mod b == - a mod b
apply mod_unique with (-(a/b)-sgn b).a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
0 <= abs b - a mod b < abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite lt_sub_lt_add_l.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
0 <= abs b - a mod b /\ abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- le_add_le_sub_l.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b + 0 <= abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b) nzsimpl.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b <= abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- (add_0_l (abs b)) at 2.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b <= abs b /\ 0 + abs b < a mod b + abs b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- add_lt_mono_r.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
a mod b <= abs b /\ 0 < a mod b
a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
destruct (mod_always_pos a b); intuition order.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == b * (- (a / b) - sgn b) + (abs b - a mod b)
rewrite <- 2 add_opp_r, mul_add_distr_l, 2 mul_opp_r.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a ==
- (b * (a / b)) + - (b * sgn b) +
(abs b + - (a mod b))
rewrite sgn_abs.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a ==
- (b * (a / b)) + - abs b + (abs b + - (a mod b))
rewrite add_shuffle2, add_opp_diag_l; nzsimpl.a, b:t
Hb:b ~= 0
Hab:a mod b ~= 0
- a == - (b * (a / b)) + - (a mod b)
rewrite <-opp_add_distr, <-div_mod; order.
Qed.

Lemma div_opp_opp_z : forall a b, b~=0 -> a mod b == 0 ->
 (-a)/(-b) == a/b.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a / - b == a / b
Proof.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a / - b == a / b
intros.a, b:t
H:b ~= 0
H0:a mod b == 0
- a / - b == a / b now rewrite div_opp_r, div_opp_l_z, opp_involutive.
Qed.

Lemma div_opp_opp_nz : forall a b, b~=0 -> a mod b ~= 0 ->
 (-a)/(-b) == a/b + sgn(b).forall a b : t,
b ~= 0 -> a mod b ~= 0 -> - a / - b == a / b + sgn b
Proof.forall a b : t,
b ~= 0 -> a mod b ~= 0 -> - a / - b == a / b + sgn b
intros.a, b:t
H:b ~= 0
H0:a mod b ~= 0
- a / - b == a / b + sgn b rewrite div_opp_r, div_opp_l_nz by trivial.a, b:t
H:b ~= 0
H0:a mod b ~= 0
- (- (a / b) - sgn b) == a / b + sgn b
now rewrite opp_sub_distr, opp_involutive.
Qed.

Lemma mod_opp_opp_z : forall a b, b~=0 -> a mod b == 0 ->
 (-a) mod (-b) == 0.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a mod - b == 0
Proof.forall a b : t,
b ~= 0 -> a mod b == 0 -> - a mod - b == 0
intros.a, b:t
H:b ~= 0
H0:a mod b == 0
- a mod - b == 0 now rewrite mod_opp_r, mod_opp_l_z.
Qed.

Lemma mod_opp_opp_nz : forall a b, b~=0 -> a mod b ~= 0 ->
 (-a) mod (-b) == abs b - a mod b.forall a b : t,
b ~= 0 ->
a mod b ~= 0 -> - a mod - b == abs b - a mod b
Proof.forall a b : t,
b ~= 0 ->
a mod b ~= 0 -> - a mod - b == abs b - a mod b
intros.a, b:t
H:b ~= 0
H0:a mod b ~= 0
- a mod - b == abs b - a mod b now rewrite mod_opp_r, mod_opp_l_nz.
Qed.

A division by itself returns 1

Lemma div_same : forall a, a~=0 -> a/a == 1.forall a : t, a ~= 0 -> a / a == 1
Proof.forall a : t, a ~= 0 -> a / a == 1
intros.a:t
H:a ~= 0
a / a == 1 symmetry.a:t
H:a ~= 0
1 == a / a apply div_unique with 0.a:t
H:a ~= 0
0 <= 0 < abs a
a:t
H:a ~= 0
a == a * 1 + 0
split; [order|now rewrite abs_pos].a:t
H:a ~= 0
a == a * 1 + 0
now nzsimpl.
Qed.

Lemma mod_same : forall a, a~=0 -> a mod a == 0.forall a : t, a ~= 0 -> a mod a == 0
Proof.forall a : t, a ~= 0 -> a mod a == 0
intros.a:t
H:a ~= 0
a mod a == 0
rewrite mod_eq, div_same by trivial.a:t
H:a ~= 0
a - a * 1 == 0 nzsimpl.a:t
H:a ~= 0
a - a == 0 apply sub_diag.
Qed.

A division of a small number by a bigger one yields zero.

Theorem div_small: forall a b, 0<=a<b -> a/b == 0.forall a b : t, 0 <= a < b -> a / b == 0
Proof.forall a b : t, 0 <= a < b -> a / b == 0 exact div_small. Qed.

Same situation, in term of modulo:

Theorem mod_small: forall a b, 0<=a<b -> a mod b == a.forall a b : t, 0 <= a < b -> a mod b == a
Proof.forall a b : t, 0 <= a < b -> a mod b == a exact mod_small. Qed.

Basic values of divisions and modulo.

Lemma div_0_l: forall a, a~=0 -> 0/a == 0.forall a : t, a ~= 0 -> 0 / a == 0
Proof.forall a : t, a ~= 0 -> 0 / a == 0
intros.a:t
H:a ~= 0
0 / a == 0 pos_or_neg a.a:t
H:a ~= 0
LE:0 <= a
0 / a == 0
a:t
H:a ~= 0
LT:0 < - a
0 / a == 0 apply div_0_l; order.a:t
H:a ~= 0
LT:0 < - a
0 / a == 0
apply opp_inj.a:t
H:a ~= 0
LT:0 < - a
- (0 / a) == - 0 rewrite <- div_opp_r, opp_0 by trivial.a:t
H:a ~= 0
LT:0 < - a
0 / - a == 0 now apply div_0_l.
Qed.

Lemma mod_0_l: forall a, a~=0 -> 0 mod a == 0.forall a : t, a ~= 0 -> 0 mod a == 0
Proof.forall a : t, a ~= 0 -> 0 mod a == 0
intros; rewrite mod_eq, div_0_l; now nzsimpl.
Qed.

Lemma div_1_r: forall a, a/1 == a.forall a : t, a / 1 == a
Proof.forall a : t, a / 1 == a
intros.a:t
a / 1 == a symmetry.a:t
a == a / 1 apply div_unique with 0.a:t
0 <= 0 < abs 1
a:t
a == 1 * a + 0
assert (H:=lt_0_1); rewrite abs_pos; intuition; order.a:t
a == 1 * a + 0
now nzsimpl.
Qed.

Lemma mod_1_r: forall a, a mod 1 == 0.forall a : t, a mod 1 == 0
Proof.forall a : t, a mod 1 == 0
intros.a:t
a mod 1 == 0 rewrite mod_eq, div_1_r; nzsimpl; auto using sub_diag.a:t
1 ~= 0
apply neq_sym, lt_neq; apply lt_0_1.
Qed.

Lemma div_1_l: forall a, 1<a -> 1/a == 0.forall a : t, 1 < a -> 1 / a == 0
Proof.forall a : t, 1 < a -> 1 / a == 0 exact div_1_l. Qed.

Lemma mod_1_l: forall a, 1<a -> 1 mod a == 1.forall a : t, 1 < a -> 1 mod a == 1
Proof.forall a : t, 1 < a -> 1 mod a == 1 exact mod_1_l. Qed.

Lemma div_mul : forall a b, b~=0 -> (a*b)/b == a.forall a b : t, b ~= 0 -> a * b / b == a
Proof.forall a b : t, b ~= 0 -> a * b / b == a
intros.a, b:t
H:b ~= 0
a * b / b == a symmetry.a, b:t
H:b ~= 0
a == a * b / b apply div_unique with 0.a, b:t
H:b ~= 0
0 <= 0 < abs b
a, b:t
H:b ~= 0
a * b == b * a + 0
split; [order|now rewrite abs_pos].a, b:t
H:b ~= 0
a * b == b * a + 0
nzsimpl; apply mul_comm.
Qed.

Lemma mod_mul : forall a b, b~=0 -> (a*b) mod b == 0.forall a b : t, b ~= 0 -> (a * b) mod b == 0
Proof.forall a b : t, b ~= 0 -> (a * b) mod b == 0
intros.a, b:t
H:b ~= 0
(a * b) mod b == 0 rewrite mod_eq, div_mul by trivial.a, b:t
H:b ~= 0
a * b - b * a == 0 rewrite mul_comm; apply sub_diag.
Qed.

Theorem div_unique_exact a b q: b~=0 -> a == b*q -> q == a/b.a, b, q:t
b ~= 0 -> a == b * q -> q == a / b
Proof.a, b, q:t
b ~= 0 -> a == b * q -> q == a / b
 intros Hb H.a, b, q:t
Hb:b ~= 0
H:a == b * q
q == a / b rewrite H, mul_comm.a, b, q:t
Hb:b ~= 0
H:a == b * q
q == q * b / b symmetry.a, b, q:t
Hb:b ~= 0
H:a == b * q
q * b / b == q now apply div_mul.
Qed.

Order results about mod and div

A modulo cannot grow beyond its starting point.

Theorem mod_le: forall a b, 0<=a -> b~=0 -> a mod b <= a.forall a b : t, 0 <= a -> b ~= 0 -> a mod b <= a
Proof.forall a b : t, 0 <= a -> b ~= 0 -> a mod b <= a
intros.a, b:t
H:0 <= a
H0:b ~= 0
a mod b <= a pos_or_neg b.a, b:t
H:0 <= a
H0:b ~= 0
LE:0 <= b
a mod b <= a
a, b:t
H:0 <= a
H0:b ~= 0
LT:0 < - b
a mod b <= a apply mod_le; order.a, b:t
H:0 <= a
H0:b ~= 0
LT:0 < - b
a mod b <= a
rewrite <- mod_opp_r by trivial.a, b:t
H:0 <= a
H0:b ~= 0
LT:0 < - b
a mod - b <= a apply mod_le; order.
Qed.

Theorem div_pos : forall a b, 0<=a -> 0<b -> 0<= a/b.forall a b : t, 0 <= a -> 0 < b -> 0 <= a / b
Proof.forall a b : t, 0 <= a -> 0 < b -> 0 <= a / b exact div_pos. Qed.

Lemma div_str_pos : forall a b, 0<b<=a -> 0 < a/b.forall a b : t, 0 < b <= a -> 0 < a / b
Proof.forall a b : t, 0 < b <= a -> 0 < a / b exact div_str_pos. Qed.

Lemma div_small_iff : forall a b, b~=0 -> (a/b==0 <-> 0<=a<abs b).forall a b : t,
b ~= 0 -> a / b == 0 <-> 0 <= a < abs b
Proof.forall a b : t,
b ~= 0 -> a / b == 0 <-> 0 <= a < abs b
intros a b Hb.a, b:t
Hb:b ~= 0
a / b == 0 <-> 0 <= a < abs b
split.a, b:t
Hb:b ~= 0
a / b == 0 -> 0 <= a < abs b
a, b:t
Hb:b ~= 0
0 <= a < abs b -> a / b == 0
intros EQ.a, b:t
Hb:b ~= 0
EQ:a / b == 0
0 <= a < abs b
a, b:t
Hb:b ~= 0
0 <= a < abs b -> a / b == 0
rewrite (div_mod a b Hb), EQ; nzsimpl.a, b:t
Hb:b ~= 0
EQ:a / b == 0
0 <= a mod b < abs b
a, b:t
Hb:b ~= 0
0 <= a < abs b -> a / b == 0
now apply mod_always_pos.a, b:t
Hb:b ~= 0
0 <= a < abs b -> a / b == 0
intros.a, b:t
Hb:b ~= 0
H:0 <= a < abs b
a / b == 0 pos_or_neg b.a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LE:0 <= b
a / b == 0
a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LT:0 < - b
a / b == 0
apply div_small.a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LE:0 <= b
0 <= a < b
a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LT:0 < - b
a / b == 0
now rewrite <- (abs_eq b).a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LT:0 < - b
a / b == 0
apply opp_inj; rewrite opp_0, <- div_opp_r by trivial.a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LT:0 < - b
a / - b == 0
apply div_small.a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LT:0 < - b
0 <= a < - b
rewrite <- (abs_neq' b) by order.a, b:t
Hb:b ~= 0
H:0 <= a < abs b
LT:0 < - b
0 <= a < abs b trivial.
Qed.

Lemma mod_small_iff : forall a b, b~=0 -> (a mod b == a <-> 0<=a<abs b).forall a b : t,
b ~= 0 -> a mod b == a <-> 0 <= a < abs b
Proof.forall a b : t,
b ~= 0 -> a mod b == a <-> 0 <= a < abs b
intros.a, b:t
H:b ~= 0
a mod b == a <-> 0 <= a < abs b
rewrite <- div_small_iff, mod_eq by trivial.a, b:t
H:b ~= 0
a - b * (a / b) == a <-> a / b == 0
rewrite sub_move_r, <- (add_0_r a) at 1.a, b:t
H:b ~= 0
a + 0 == a + b * (a / b) <-> a / b == 0 rewrite add_cancel_l.a, b:t
H:b ~= 0
0 == b * (a / b) <-> a / b == 0
rewrite eq_sym_iff, eq_mul_0.a, b:t
H:b ~= 0
b == 0 \/ a / b == 0 <-> a / b == 0 tauto.
Qed.

As soon as the divisor is strictly greater than 1, the division is strictly decreasing.

Lemma div_lt : forall a b, 0<a -> 1<b -> a/b < a.forall a b : t, 0 < a -> 1 < b -> a / b < a
Proof.forall a b : t, 0 < a -> 1 < b -> a / b < a exact div_lt. Qed.

le is compatible with a positive division.

Lemma div_le_mono : forall a b c, 0<c -> a<=b -> a/c <= b/c.forall a b c : t, 0 < c -> a <= b -> a / c <= b / c
Proof.forall a b c : t, 0 < c -> a <= b -> a / c <= b / c
intros a b c Hc Hab.a, b, c:t
Hc:0 < c
Hab:a <= b
a / c <= b / c
rewrite lt_eq_cases in Hab.a, b, c:t
Hc:0 < c
Hab:a < b \/ a == b
a / c <= b / c destruct Hab as [LT|EQ];
 [|rewrite EQ; order].a, b, c:t
Hc:0 < c
LT:a < b
a / c <= b / c
rewrite <- lt_succ_r.a, b, c:t
Hc:0 < c
LT:a < b
a / c < S (b / c)
rewrite (mul_lt_mono_pos_l c) by order.a, b, c:t
Hc:0 < c
LT:a < b
c * (a / c) < c * S (b / c)
nzsimpl.a, b, c:t
Hc:0 < c
LT:a < b
c * (a / c) < c * (b / c) + c
rewrite (add_lt_mono_r _ _ (a mod c)).a, b, c:t
Hc:0 < c
LT:a < b
c * (a / c) + a mod c < c * (b / c) + c + a mod c
rewrite <- div_mod by order.a, b, c:t
Hc:0 < c
LT:a < b
a < c * (b / c) + c + a mod c
apply lt_le_trans with b; trivial.a, b, c:t
Hc:0 < c
LT:a < b
b <= c * (b / c) + c + a mod c
rewrite (div_mod b c) at 1 by order.a, b, c:t
Hc:0 < c
LT:a < b
c * (b / c) + b mod c <= c * (b / c) + c + a mod c
rewrite <- add_assoc, <- add_le_mono_l.a, b, c:t
Hc:0 < c
LT:a < b
b mod c <= c + a mod c
apply le_trans with (c+0).a, b, c:t
Hc:0 < c
LT:a < b
b mod c <= c + 0
a, b, c:t
Hc:0 < c
LT:a < b
c + 0 <= c + a mod c
nzsimpl; destruct (mod_always_pos b c); try order.a, b, c:t
Hc:0 < c
LT:a < b
H:0 <= b mod c
H0:b mod c < abs c
b mod c <= c
a, b, c:t
Hc:0 < c
LT:a < b
c + 0 <= c + a mod c
rewrite abs_eq in *; order.a, b, c:t
Hc:0 < c
LT:a < b
c + 0 <= c + a mod c
rewrite <- add_le_mono_l.a, b, c:t
Hc:0 < c
LT:a < b
0 <= a mod c destruct (mod_always_pos a c); order.
Qed.

In this convention, div performs Rounding-Toward-Bottom when divisor is positive, and Rounding-Toward-Top otherwise.

Since we cannot speak of rational values here, we express this fact by multiplying back by b, and this leads to a nice unique statement.

Lemma mul_div_le : forall a b, b~=0 -> b*(a/b) <= a.forall a b : t, b ~= 0 -> b * (a / b) <= a
Proof.forall a b : t, b ~= 0 -> b * (a / b) <= a
intros.a, b:t
H:b ~= 0
b * (a / b) <= a
rewrite (div_mod a b) at 2; trivial.a, b:t
H:b ~= 0
b * (a / b) <= b * (a / b) + a mod b
rewrite <- (add_0_r (b*(a/b))) at 1.a, b:t
H:b ~= 0
b * (a / b) + 0 <= b * (a / b) + a mod b
rewrite <- add_le_mono_l.a, b:t
H:b ~= 0
0 <= a mod b
now destruct (mod_always_pos a b).
Qed.

Giving a reversed bound is slightly more complex

Lemma mul_succ_div_gt: forall a b, 0<b -> a < b*(S (a/b)).forall a b : t, 0 < b -> a < b * S (a / b)
Proof.forall a b : t, 0 < b -> a < b * S (a / b)
intros.a, b:t
H:0 < b
a < b * S (a / b)
nzsimpl.a, b:t
H:0 < b
a < b * (a / b) + b
rewrite (div_mod a b) at 1; try order.a, b:t
H:0 < b
b * (a / b) + a mod b < b * (a / b) + b
rewrite <- add_lt_mono_l.a, b:t
H:0 < b
a mod b < b
destruct (mod_always_pos a b).a, b:t
H:0 < b
b ~= 0
a, b:t
H:0 < b
H0:0 <= a mod b
H1:a mod b < abs b
a mod b < b order.a, b:t
H:0 < b
H0:0 <= a mod b
H1:a mod b < abs b
a mod b < b
rewrite abs_eq in *; order.
Qed.

Lemma mul_pred_div_gt: forall a b, b<0 -> a < b*(P (a/b)).forall a b : t, b < 0 -> a < b * P (a / b)
Proof.forall a b : t, b < 0 -> a < b * P (a / b)
intros a b Hb.a, b:t
Hb:b < 0
a < b * P (a / b)
rewrite mul_pred_r, <- add_opp_r.a, b:t
Hb:b < 0
a < b * (a / b) + - b
rewrite (div_mod a b) at 1; try order.a, b:t
Hb:b < 0
b * (a / b) + a mod b < b * (a / b) + - b
rewrite <- add_lt_mono_l.a, b:t
Hb:b < 0
a mod b < - b
destruct (mod_always_pos a b).a, b:t
Hb:b < 0
b ~= 0
a, b:t
Hb:b < 0
H:0 <= a mod b
H0:a mod b < abs b
a mod b < - b order.a, b:t
Hb:b < 0
H:0 <= a mod b
H0:a mod b < abs b
a mod b < - b
rewrite <- opp_pos_neg in Hb.a, b:t
Hb:0 < - b
H:0 <= a mod b
H0:a mod b < abs b
a mod b < - b rewrite abs_neq' in *; order.
Qed.

NB: The three previous properties could be used as specifications for div.

Inequality mul_div_le is exact iff the modulo is zero.

Lemma div_exact : forall a b, b~=0 -> (a == b*(a/b) <-> a mod b == 0).forall a b : t,
b ~= 0 -> a == b * (a / b) <-> a mod b == 0
Proof.forall a b : t,
b ~= 0 -> a == b * (a / b) <-> a mod b == 0
intros.a, b:t
H:b ~= 0
a == b * (a / b) <-> a mod b == 0
rewrite (div_mod a b) at 1; try order.a, b:t
H:b ~= 0
b * (a / b) + a mod b == b * (a / b) <-> a mod b == 0
rewrite <- (add_0_r (b*(a/b))) at 2.a, b:t
H:b ~= 0
b * (a / b) + a mod b == b * (a / b) + 0 <->
a mod b == 0
apply add_cancel_l.
Qed.

Some additional inequalities about div.

Theorem div_lt_upper_bound:
  forall a b q, 0<b -> a < b*q -> a/b < q.forall a b q : t, 0 < b -> a < b * q -> a / b < q
Proof.forall a b q : t, 0 < b -> a < b * q -> a / b < q
intros.a, b, q:t
H:0 < b
H0:a < b * q
a / b < q
rewrite (mul_lt_mono_pos_l b) by trivial.a, b, q:t
H:0 < b
H0:a < b * q
b * (a / b) < b * q
apply le_lt_trans with a; trivial.a, b, q:t
H:0 < b
H0:a < b * q
b * (a / b) <= a
apply mul_div_le; order.
Qed.

Theorem div_le_upper_bound:
  forall a b q, 0<b -> a <= b*q -> a/b <= q.forall a b q : t, 0 < b -> a <= b * q -> a / b <= q
Proof.forall a b q : t, 0 < b -> a <= b * q -> a / b <= q
intros.a, b, q:t
H:0 < b
H0:a <= b * q
a / b <= q
rewrite <- (div_mul q b) by order.a, b, q:t
H:0 < b
H0:a <= b * q
a / b <= q * b / b
apply div_le_mono; trivial.a, b, q:t
H:0 < b
H0:a <= b * q
a <= q * b now rewrite mul_comm.
Qed.

Theorem div_le_lower_bound:
  forall a b q, 0<b -> b*q <= a -> q <= a/b.forall a b q : t, 0 < b -> b * q <= a -> q <= a / b
Proof.forall a b q : t, 0 < b -> b * q <= a -> q <= a / b
intros.a, b, q:t
H:0 < b
H0:b * q <= a
q <= a / b
rewrite <- (div_mul q b) by order.a, b, q:t
H:0 < b
H0:b * q <= a
q * b / b <= a / b
apply div_le_mono; trivial.a, b, q:t
H:0 < b
H0:b * q <= a
q * b <= a now rewrite mul_comm.
Qed.

A division respects opposite monotonicity for the divisor

Lemma div_le_compat_l: forall p q r, 0<=p -> 0<q<=r -> p/r <= p/q.forall p q r : t,
0 <= p -> 0 < q <= r -> p / r <= p / q
Proof.forall p q r : t,
0 <= p -> 0 < q <= r -> p / r <= p / q exact div_le_compat_l. Qed.

Relations between usual operations and mod and div

Lemma mod_add : forall a b c, c~=0 ->
 (a + b * c) mod c == a mod c.forall a b c : t,
c ~= 0 -> (a + b * c) mod c == a mod c
Proof.forall a b c : t,
c ~= 0 -> (a + b * c) mod c == a mod c
intros.a, b, c:t
H:c ~= 0
(a + b * c) mod c == a mod c
symmetry.a, b, c:t
H:c ~= 0
a mod c == (a + b * c) mod c
apply mod_unique with (a/c+b); trivial.a, b, c:t
H:c ~= 0
0 <= a mod c < abs c
a, b, c:t
H:c ~= 0
a + b * c == c * (a / c + b) + a mod c
now apply mod_always_pos.a, b, c:t
H:c ~= 0
a + b * c == c * (a / c + b) + a mod c
rewrite mul_add_distr_l, add_shuffle0, <- div_mod by order.a, b, c:t
H:c ~= 0
a + b * c == a + c * b
now rewrite mul_comm.
Qed.

Lemma div_add : forall a b c, c~=0 ->
 (a + b * c) / c == a / c + b.forall a b c : t,
c ~= 0 -> (a + b * c) / c == a / c + b
Proof.forall a b c : t,
c ~= 0 -> (a + b * c) / c == a / c + b
intros.a, b, c:t
H:c ~= 0
(a + b * c) / c == a / c + b
apply (mul_cancel_l _ _ c); try order.a, b, c:t
H:c ~= 0
c * ((a + b * c) / c) == c * (a / c + b)
apply (add_cancel_r _ _ ((a+b*c) mod c)).a, b, c:t
H:c ~= 0
c * ((a + b * c) / c) + (a + b * c) mod c ==
c * (a / c + b) + (a + b * c) mod c
rewrite <- div_mod, mod_add by order.a, b, c:t
H:c ~= 0
a + b * c == c * (a / c + b) + a mod c
rewrite mul_add_distr_l, add_shuffle0, <- div_mod by order.a, b, c:t
H:c ~= 0
a + b * c == a + c * b
now rewrite mul_comm.
Qed.

Lemma div_add_l: forall a b c, b~=0 ->
 (a * b + c) / b == a + c / b.forall a b c : t,
b ~= 0 -> (a * b + c) / b == a + c / b
Proof.forall a b c : t,
b ~= 0 -> (a * b + c) / b == a + c / b
 intros a b c.a, b, c:t
b ~= 0 -> (a * b + c) / b == a + c / b rewrite (add_comm _ c), (add_comm a).a, b, c:t
b ~= 0 -> (c + a * b) / b == c / b + a
 now apply div_add.
Qed.

Cancellations.

With the current convention, the following isn't always true when c<0: -3*-1 / -2*-1 = 3/2 = 1 while -3/-2 = 2

Lemma div_mul_cancel_r : forall a b c, b~=0 -> 0<c ->
 (a*c)/(b*c) == a/b.forall a b c : t,
b ~= 0 -> 0 < c -> a * c / (b * c) == a / b
Proof.forall a b c : t,
b ~= 0 -> 0 < c -> a * c / (b * c) == a / b
intros.a, b, c:t
H:b ~= 0
H0:0 < c
a * c / (b * c) == a / b
symmetry.a, b, c:t
H:b ~= 0
H0:0 < c
a / b == a * c / (b * c)
apply div_unique with ((a mod b)*c).a, b, c:t
H:b ~= 0
H0:0 < c
0 <= a mod b * c < abs (b * c)
a, b, c:t
H:b ~= 0
H0:0 < c
a * c == b * c * (a / b) + a mod b * c
(* ineqs *)
rewrite abs_mul, (abs_eq c) by order.a, b, c:t
H:b ~= 0
H0:0 < c
0 <= a mod b * c < abs b * c
a, b, c:t
H:b ~= 0
H0:0 < c
a * c == b * c * (a / b) + a mod b * c
rewrite <-(mul_0_l c), <-mul_lt_mono_pos_r, <-mul_le_mono_pos_r by trivial.a, b, c:t
H:b ~= 0
H0:0 < c
0 <= a mod b < abs b
a, b, c:t
H:b ~= 0
H0:0 < c
a * c == b * c * (a / b) + a mod b * c
now apply mod_always_pos.a, b, c:t
H:b ~= 0
H0:0 < c
a * c == b * c * (a / b) + a mod b * c
(* equation *)
rewrite (div_mod a b) at 1 by order.a, b, c:t
H:b ~= 0
H0:0 < c
(b * (a / b) + a mod b) * c ==
b * c * (a / b) + a mod b * c
rewrite mul_add_distr_r.a, b, c:t
H:b ~= 0
H0:0 < c
b * (a / b) * c + a mod b * c ==
b * c * (a / b) + a mod b * c
rewrite add_cancel_r.a, b, c:t
H:b ~= 0
H0:0 < c
b * (a / b) * c == b * c * (a / b)
rewrite <- 2 mul_assoc.a, b, c:t
H:b ~= 0
H0:0 < c
b * (a / b * c) == b * (c * (a / b)) now rewrite (mul_comm c).
Qed.

Lemma div_mul_cancel_l : forall a b c, b~=0 -> 0<c ->
 (c*a)/(c*b) == a/b.forall a b c : t,
b ~= 0 -> 0 < c -> c * a / (c * b) == a / b
Proof.forall a b c : t,
b ~= 0 -> 0 < c -> c * a / (c * b) == a / b
intros.a, b, c:t
H:b ~= 0
H0:0 < c
c * a / (c * b) == a / b rewrite !(mul_comm c); now apply div_mul_cancel_r.
Qed.

Lemma mul_mod_distr_l: forall a b c, b~=0 -> 0<c ->
  (c*a) mod (c*b) == c * (a mod b).forall a b c : t,
b ~= 0 ->
0 < c -> (c * a) mod (c * b) == c * (a mod b)
Proof.forall a b c : t,
b ~= 0 ->
0 < c -> (c * a) mod (c * b) == c * (a mod b)
intros.a, b, c:t
H:b ~= 0
H0:0 < c
(c * a) mod (c * b) == c * (a mod b)
rewrite <- (add_cancel_l _ _ ((c*b)* ((c*a)/(c*b)))).a, b, c:t
H:b ~= 0
H0:0 < c
c * b * (c * a / (c * b)) + (c * a) mod (c * b) ==
c * b * (c * a / (c * b)) + c * (a mod b)
rewrite <- div_mod.a, b, c:t
H:b ~= 0
H0:0 < c
c * a == c * b * (c * a / (c * b)) + c * (a mod b)
a, b, c:t
H:b ~= 0
H0:0 < c
c * b ~= 0
rewrite div_mul_cancel_l by trivial.a, b, c:t
H:b ~= 0
H0:0 < c
c * a == c * b * (a / b) + c * (a mod b)
a, b, c:t
H:b ~= 0
H0:0 < c
c * b ~= 0
rewrite <- mul_assoc, <- mul_add_distr_l, mul_cancel_l by order.a, b, c:t
H:b ~= 0
H0:0 < c
a == b * (a / b) + a mod b
a, b, c:t
H:b ~= 0
H0:0 < c
c * b ~= 0
apply div_mod; order.a, b, c:t
H:b ~= 0
H0:0 < c
c * b ~= 0
rewrite <- neq_mul_0; intuition; order.
Qed.

Lemma mul_mod_distr_r: forall a b c, b~=0 -> 0<c ->
  (a*c) mod (b*c) == (a mod b) * c.forall a b c : t,
b ~= 0 -> 0 < c -> (a * c) mod (b * c) == a mod b * c
Proof.forall a b c : t,
b ~= 0 -> 0 < c -> (a * c) mod (b * c) == a mod b * c
 intros.a, b, c:t
H:b ~= 0
H0:0 < c
(a * c) mod (b * c) == a mod b * c rewrite !(mul_comm _ c); now rewrite mul_mod_distr_l.
Qed.

Operations modulo.

Theorem mod_mod: forall a n, n~=0 ->
 (a mod n) mod n == a mod n.forall a n : t, n ~= 0 -> (a mod n) mod n == a mod n
Proof.forall a n : t, n ~= 0 -> (a mod n) mod n == a mod n
intros.a, n:t
H:n ~= 0
(a mod n) mod n == a mod n rewrite mod_small_iff by trivial.a, n:t
H:n ~= 0
0 <= a mod n < abs n
now apply mod_always_pos.
Qed.

Lemma mul_mod_idemp_l : forall a b n, n~=0 ->
 ((a mod n)*b) mod n == (a*b) mod n.forall a b n : t,
n ~= 0 -> (a mod n * b) mod n == (a * b) mod n
Proof.forall a b n : t,
n ~= 0 -> (a mod n * b) mod n == (a * b) mod n
 intros a b n Hn.a, b, n:t
Hn:n ~= 0
(a mod n * b) mod n == (a * b) mod n symmetry.a, b, n:t
Hn:n ~= 0
(a * b) mod n == (a mod n * b) mod n
 rewrite (div_mod a n) at 1 by order.a, b, n:t
Hn:n ~= 0
((n * (a / n) + a mod n) * b) mod n ==
(a mod n * b) mod n
 rewrite add_comm, (mul_comm n), (mul_comm _ b).a, b, n:t
Hn:n ~= 0
(b * (a mod n + a / n * n)) mod n ==
(a mod n * b) mod n
 rewrite mul_add_distr_l, mul_assoc.a, b, n:t
Hn:n ~= 0
(b * (a mod n) + b * (a / n) * n) mod n ==
(a mod n * b) mod n
 rewrite mod_add by trivial.a, b, n:t
Hn:n ~= 0
(b * (a mod n)) mod n == (a mod n * b) mod n
 now rewrite mul_comm.
Qed.

Lemma mul_mod_idemp_r : forall a b n, n~=0 ->
 (a*(b mod n)) mod n == (a*b) mod n.forall a b n : t,
n ~= 0 -> (a * (b mod n)) mod n == (a * b) mod n
Proof.forall a b n : t,
n ~= 0 -> (a * (b mod n)) mod n == (a * b) mod n
 intros.a, b, n:t
H:n ~= 0
(a * (b mod n)) mod n == (a * b) mod n rewrite !(mul_comm a).a, b, n:t
H:n ~= 0
(b mod n * a) mod n == (b * a) mod n now apply mul_mod_idemp_l.
Qed.

Theorem mul_mod: forall a b n, n~=0 ->
 (a * b) mod n == ((a mod n) * (b mod n)) mod n.forall a b n : t,
n ~= 0 -> (a * b) mod n == (a mod n * (b mod n)) mod n
Proof.forall a b n : t,
n ~= 0 -> (a * b) mod n == (a mod n * (b mod n)) mod n
 intros.a, b, n:t
H:n ~= 0
(a * b) mod n == (a mod n * (b mod n)) mod n now rewrite mul_mod_idemp_l, mul_mod_idemp_r.
Qed.

Lemma add_mod_idemp_l : forall a b n, n~=0 ->
 ((a mod n)+b) mod n == (a+b) mod n.forall a b n : t,
n ~= 0 -> (a mod n + b) mod n == (a + b) mod n
Proof.forall a b n : t,
n ~= 0 -> (a mod n + b) mod n == (a + b) mod n
 intros a b n Hn.a, b, n:t
Hn:n ~= 0
(a mod n + b) mod n == (a + b) mod n symmetry.a, b, n:t
Hn:n ~= 0
(a + b) mod n == (a mod n + b) mod n
 rewrite (div_mod a n) at 1 by order.a, b, n:t
Hn:n ~= 0
(n * (a / n) + a mod n + b) mod n ==
(a mod n + b) mod n
 rewrite <- add_assoc, add_comm, mul_comm.a, b, n:t
Hn:n ~= 0
(a mod n + b + a / n * n) mod n == (a mod n + b) mod n
 now rewrite mod_add.
Qed.

Lemma add_mod_idemp_r : forall a b n, n~=0 ->
 (a+(b mod n)) mod n == (a+b) mod n.forall a b n : t,
n ~= 0 -> (a + b mod n) mod n == (a + b) mod n
Proof.forall a b n : t,
n ~= 0 -> (a + b mod n) mod n == (a + b) mod n
 intros.a, b, n:t
H:n ~= 0
(a + b mod n) mod n == (a + b) mod n rewrite !(add_comm a).a, b, n:t
H:n ~= 0
(b mod n + a) mod n == (b + a) mod n now apply add_mod_idemp_l.
Qed.

Theorem add_mod: forall a b n, n~=0 ->
 (a+b) mod n == (a mod n + b mod n) mod n.forall a b n : t,
n ~= 0 -> (a + b) mod n == (a mod n + b mod n) mod n
Proof.forall a b n : t,
n ~= 0 -> (a + b) mod n == (a mod n + b mod n) mod n
 intros.a, b, n:t
H:n ~= 0
(a + b) mod n == (a mod n + b mod n) mod n now rewrite add_mod_idemp_l, add_mod_idemp_r.
Qed.

With the current convention, the following result isn't always true with a negative intermediate divisor. For instance 3/(-2)/(-2) = 1 ≠ 0 = 3 / (-2*-2) and 3/(-2)/2 = -1 ≠ 0 = 3 / (-2*2) .

Lemma div_div : forall a b c, 0<b -> c~=0 ->
 (a/b)/c == a/(b*c).forall a b c : t,
0 < b -> c ~= 0 -> a / b / c == a / (b * c)
Proof.forall a b c : t,
0 < b -> c ~= 0 -> a / b / c == a / (b * c)
 intros a b c Hb Hc.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a / b / c == a / (b * c)
 apply div_unique with (b*((a/b) mod c) + a mod b).a, b, c:t
Hb:0 < b
Hc:c ~= 0
0 <= b * ((a / b) mod c) + a mod b < abs (b * c)
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 (* begin 0<= ... <abs(b*c) *)
 rewrite abs_mul.a, b, c:t
Hb:0 < b
Hc:c ~= 0
0 <= b * ((a / b) mod c) + a mod b < abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 destruct (mod_always_pos (a/b) c), (mod_always_pos a b); try order.a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
0 <= b * ((a / b) mod c) + a mod b < abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 split.a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
0 <= b * ((a / b) mod c) + a mod b
a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + a mod b < abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 apply add_nonneg_nonneg; trivial.a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
0 <= b * ((a / b) mod c)
a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + a mod b < abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 apply mul_nonneg_nonneg; order.a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + a mod b < abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 apply lt_le_trans with (b*((a/b) mod c) + abs b).a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + a mod b <
b * ((a / b) mod c) + abs b
a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + abs b <= abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 now rewrite <- add_lt_mono_l.a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + abs b <= abs b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 rewrite (abs_eq b) by order.a, b, c:t
Hb:0 < b
Hc:c ~= 0
H:0 <= (a / b) mod c
H0:(a / b) mod c < abs c
H1:0 <= a mod b
H2:a mod b < abs b
b * ((a / b) mod c) + b <= b * abs c
a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 now rewrite <- mul_succ_r, <- mul_le_mono_pos_l, le_succ_l.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 (* end 0<= ... < abs(b*c) *)
 rewrite (div_mod a b) at 1 by order.a, b, c:t
Hb:0 < b
Hc:c ~= 0
b * (a / b) + a mod b ==
b * c * (a / b / c) + (b * ((a / b) mod c) + a mod b)
 rewrite add_assoc, add_cancel_r.a, b, c:t
Hb:0 < b
Hc:c ~= 0
b * (a / b) ==
b * c * (a / b / c) + b * ((a / b) mod c)
 rewrite <- mul_assoc, <- mul_add_distr_l, mul_cancel_l by order.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a / b == c * (a / b / c) + (a / b) mod c
 apply div_mod; order.
Qed.

Similarly, the following result doesn't always hold when b<0. For instance 3 mod (-2*-2)) = 3 while 3 mod (-2) + (-2)*((3/-2) mod -2) = -1.

Lemma mod_mul_r : forall a b c, 0<b -> c~=0 ->
 a mod (b*c) == a mod b + b*((a/b) mod c).forall a b c : t,
0 < b ->
c ~= 0 ->
a mod (b * c) == a mod b + b * ((a / b) mod c)
Proof.forall a b c : t,
0 < b ->
c ~= 0 ->
a mod (b * c) == a mod b + b * ((a / b) mod c)
 intros a b c Hb Hc.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a mod (b * c) == a mod b + b * ((a / b) mod c)
 apply add_cancel_l with (b*c*(a/(b*c))).a, b, c:t
Hb:0 < b
Hc:c ~= 0
b * c * (a / (b * c)) + a mod (b * c) ==
b * c * (a / (b * c)) +
(a mod b + b * ((a / b) mod c))
 rewrite <- div_mod by (apply neq_mul_0; split; order).a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / (b * c)) +
(a mod b + b * ((a / b) mod c))
 rewrite <- div_div by trivial.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a ==
b * c * (a / b / c) + (a mod b + b * ((a / b) mod c))
 rewrite add_assoc, add_shuffle0, <- mul_assoc, <- mul_add_distr_l.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a == b * (c * (a / b / c) + (a / b) mod c) + a mod b
 rewrite <- div_mod by order.a, b, c:t
Hb:0 < b
Hc:c ~= 0
a == b * (a / b) + a mod b
 apply div_mod; order.
Qed.

Lemma mod_div: forall a b, b~=0 ->
 a mod b / b == 0.forall a b : t, b ~= 0 -> a mod b / b == 0
Proof.forall a b : t, b ~= 0 -> a mod b / b == 0
 intros a b Hb.a, b:t
Hb:b ~= 0
a mod b / b == 0
 rewrite div_small_iff by assumption.a, b:t
Hb:b ~= 0
0 <= a mod b < abs b
 auto using mod_always_pos.
Qed.

A last inequality:

Theorem div_mul_le:
 forall a b c, 0<=a -> 0<b -> 0<=c -> c*(a/b) <= (c*a)/b.forall a b c : t,
0 <= a -> 0 < b -> 0 <= c -> c * (a / b) <= c * a / b
Proof.forall a b c : t,
0 <= a -> 0 < b -> 0 <= c -> c * (a / b) <= c * a / b exact div_mul_le. Qed.

mod is related to divisibility

Lemma mod_divides : forall a b, b~=0 ->
 (a mod b == 0 <-> (b|a)).forall a b : t, b ~= 0 -> a mod b == 0 <-> (b | a)
Proof.forall a b : t, b ~= 0 -> a mod b == 0 <-> (b | a)
intros a b Hb.a, b:t
Hb:b ~= 0
a mod b == 0 <-> (b | a) split.a, b:t
Hb:b ~= 0
a mod b == 0 -> (b | a)
a, b:t
Hb:b ~= 0
(b | a) -> a mod b == 0
intros Hab.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
(b | a)
a, b:t
Hb:b ~= 0
(b | a) -> a mod b == 0 exists (a/b).a, b:t
Hb:b ~= 0
Hab:a mod b == 0
a == a / b * b
a, b:t
Hb:b ~= 0
(b | a) -> a mod b == 0 rewrite mul_comm.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
a == b * (a / b)
a, b:t
Hb:b ~= 0
(b | a) -> a mod b == 0
 rewrite (div_mod a b Hb) at 1.a, b:t
Hb:b ~= 0
Hab:a mod b == 0
b * (a / b) + a mod b == b * (a / b)
a, b:t
Hb:b ~= 0
(b | a) -> a mod b == 0 rewrite Hab; now nzsimpl.a, b:t
Hb:b ~= 0
(b | a) -> a mod b == 0
intros (c,Hc).a, b:t
Hb:b ~= 0
c:t
Hc:a == c * b
a mod b == 0 rewrite Hc.a, b:t
Hb:b ~= 0
c:t
Hc:a == c * b
(c * b) mod b == 0 now apply mod_mul.
Qed.

End ZEuclidProp.