definition
let p be
Instruction-Sequence of
SCM+FSA;
let a,
b,
c be
Int-Location;
let I be
MacroInstruction of
SCM+FSA ;
let s be
State of
SCM+FSA;
func StepForUp (
a,
b,
c,
I,
p,
s)
-> sequence of
(product (the_Values_of SCM+FSA)) equals
StepWhile>0 (
(1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),
((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))),
p,
((s +* ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(((s . c) - (s . b)) + 1))) +* (a,(s . b))));
coherence
StepWhile>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(((s . c) - (s . b)) + 1))) +* (a,(s . b)))) is sequence of (product (the_Values_of SCM+FSA))
;
end;
::
deftheorem defines
StepForUp SFMASTR3:def 1 :
for p being Instruction-Sequence of SCM+FSA
for a, b, c being Int-Location
for I being MacroInstruction of SCM+FSA
for s being State of SCM+FSA holds StepForUp (a,b,c,I,p,s) = StepWhile>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(((s . c) - (s . b)) + 1))) +* (a,(s . b))));
definition
let p be
Instruction-Sequence of
SCM+FSA;
let a,
b,
c be
Int-Location;
let I be
MacroInstruction of
SCM+FSA ;
let s be
State of
SCM+FSA;
pred ProperForUpBody a,
b,
c,
I,
s,
p means
for
i being
Nat st
i < ((s . c) - (s . b)) + 1 holds
I is_halting_on (StepForUp (a,b,c,I,p,s)) . i,
p +* (while>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0))))));
end;
::
deftheorem defines
ProperForUpBody SFMASTR3:def 2 :
for p being Instruction-Sequence of SCM+FSA
for a, b, c being Int-Location
for I being MacroInstruction of SCM+FSA
for s being State of SCM+FSA holds
( ProperForUpBody a,b,c,I,s,p iff for i being Nat st i < ((s . c) - (s . b)) + 1 holds
I is_halting_on (StepForUp (a,b,c,I,p,s)) . i,p +* (while>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))))) );
theorem Th16:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
k being
Nat for
p being
Instruction-Sequence of
SCM+FSA for
Ig being
really-closed good MacroInstruction of
SCM+FSA st
((StepForUp (a,bb,cc,Ig,p,s)) . k) . (intloc 0) = 1 &
Ig is_halting_on (StepForUp (a,bb,cc,Ig,p,s)) . k,
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc Ig))),((Ig ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc Ig))),(intloc 0)))))) holds
((StepForUp (a,bb,cc,Ig,p,s)) . (k + 1)) . (intloc 0) = 1
theorem Th17:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
p being
Instruction-Sequence of
SCM+FSA for
Ig being
really-closed good MacroInstruction of
SCM+FSA st
s . (intloc 0) = 1 &
ProperForUpBody a,
bb,
cc,
Ig,
s,
p holds
for
k being
Nat st
k <= ((s . cc) - (s . bb)) + 1 holds
(
((StepForUp (a,bb,cc,Ig,p,s)) . k) . (intloc 0) = 1 & ( not
Ig destroys a implies (
((StepForUp (a,bb,cc,Ig,p,s)) . k) . a = k + (s . bb) &
((StepForUp (a,bb,cc,Ig,p,s)) . k) . a <= (s . cc) + 1 ) ) &
(((StepForUp (a,bb,cc,Ig,p,s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc Ig)))) + k = ((s . cc) - (s . bb)) + 1 )
theorem Th18:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
p being
Instruction-Sequence of
SCM+FSA for
Ig being
really-closed good MacroInstruction of
SCM+FSA st
s . (intloc 0) = 1 &
ProperForUpBody a,
bb,
cc,
Ig,
s,
p holds
for
k being
Nat holds
(
((StepForUp (a,bb,cc,Ig,p,s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc Ig))) > 0 iff
k < ((s . cc) - (s . bb)) + 1 )
theorem Th19:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
k being
Nat for
p being
Instruction-Sequence of
SCM+FSA for
Ig being
really-closed good MacroInstruction of
SCM+FSA st
s . (intloc 0) = 1 &
ProperForUpBody a,
bb,
cc,
Ig,
s,
p &
k < ((s . cc) - (s . bb)) + 1 holds
((StepForUp (a,bb,cc,Ig,p,s)) . (k + 1)) | (({a,bb,cc} \/ (UsedILoc Ig)) \/ FinSeq-Locations) = (IExec ((Ig ";" (AddTo (a,(intloc 0)))),(p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc Ig))),((Ig ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc Ig))),(intloc 0))))))),((StepForUp (a,bb,cc,Ig,p,s)) . k))) | (({a,bb,cc} \/ (UsedILoc Ig)) \/ FinSeq-Locations)
definition
let a,
b,
c be
Int-Location;
let I be
MacroInstruction of
SCM+FSA ;
func for-up (
a,
b,
c,
I)
-> MacroInstruction of
SCM+FSA equals
(((((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))) := c) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),b))) ";" (AddTo ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))) ";" (a := b)) ";" (while>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0))))));
coherence
(((((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))) := c) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),b))) ";" (AddTo ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))) ";" (a := b)) ";" (while>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))))) is MacroInstruction of SCM+FSA
;
end;
::
deftheorem defines
for-up SFMASTR3:def 3 :
for a, b, c being Int-Location
for I being MacroInstruction of SCM+FSA holds for-up (a,b,c,I) = (((((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))) := c) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),b))) ";" (AddTo ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0)))) ";" (a := b)) ";" (while>0 ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,b,c} \/ (UsedILoc I))),(intloc 0))))));
theorem Th22:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
p being
Instruction-Sequence of
SCM+FSA for
I being
really-closed MacroInstruction of
SCM+FSA st
s . (intloc 0) = 1 &
s . bb > s . cc holds
( ( for
x being
Int-Location st
x <> a &
x in {bb,cc} \/ (UsedILoc I) holds
(IExec ((for-up (a,bb,cc,I)),p,s)) . x = s . x ) & ( for
f being
FinSeq-Location holds
(IExec ((for-up (a,bb,cc,I)),p,s)) . f = s . f ) )
Lm1:
now for s being State of SCM+FSA
for a being read-write Int-Location
for bb, cc being Int-Location
for p being Instruction-Sequence of SCM+FSA
for I being really-closed good MacroInstruction of SCM+FSA st s . (intloc 0) = 1 & ( ProperForUpBody a,bb,cc,I,s,p or I is parahalting ) holds
( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p )
let s be
State of
SCM+FSA;
for a being read-write Int-Location
for bb, cc being Int-Location
for p being Instruction-Sequence of SCM+FSA
for I being really-closed good MacroInstruction of SCM+FSA st s . (intloc 0) = 1 & ( ProperForUpBody a,bb,cc,I,s,p or I is parahalting ) holds
( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p )let a be
read-write Int-Location;
for bb, cc being Int-Location
for p being Instruction-Sequence of SCM+FSA
for I being really-closed good MacroInstruction of SCM+FSA st s . (intloc 0) = 1 & ( ProperForUpBody a,bb,cc,I,s,p or I is parahalting ) holds
( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p )let bb,
cc be
Int-Location;
for p being Instruction-Sequence of SCM+FSA
for I being really-closed good MacroInstruction of SCM+FSA st s . (intloc 0) = 1 & ( ProperForUpBody a,bb,cc,I,s,p or I is parahalting ) holds
( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p )let p be
Instruction-Sequence of
SCM+FSA;
for I being really-closed good MacroInstruction of SCM+FSA st s . (intloc 0) = 1 & ( ProperForUpBody a,bb,cc,I,s,p or I is parahalting ) holds
( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p )let I be
really-closed good MacroInstruction of
SCM+FSA ;
( s . (intloc 0) = 1 & ( ProperForUpBody a,bb,cc,I,s,p or I is parahalting ) implies ( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p ) )assume that A1:
s . (intloc 0) = 1
and A2:
(
ProperForUpBody a,
bb,
cc,
I,
s,
p or
I is
parahalting )
;
( ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p & WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p )A3:
ProperForUpBody a,
bb,
cc,
I,
s,
p
by A2, Th15;
set scb1 =
((s . cc) - (s . bb)) + 1;
set SF =
StepForUp (
a,
bb,
cc,
I,
p,
s);
set aux = 1
-stRWNotIn ({a,bb,cc} \/ (UsedILoc I));
set IB =
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)));
set s2 =
(s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (
a,
(s . bb));
set p2 =
p;
set IB2 =
(AddTo (a,(intloc 0))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)));
set SW2 =
StepWhile>0 (
(1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),
((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),
p,
((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))));
A4:
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) = I ";" ((AddTo (a,(intloc 0))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))
by SCMFSA6A:28;
A5:
ProperBodyWhile>0 1
-stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))),
(s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (
a,
(s . bb)),
p
proof
let k be
Nat;
SCMFSA9A:def 4 ( ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0 or (I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k,p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))))) )
assume
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) > 0
;
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k,p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
then A6:
k < ((s . cc) - (s . bb)) + 1
by A1, A3, Th18;
A7:
((StepForUp (a,bb,cc,I,p,s)) . k) . (intloc 0) = 1
by A1, A3, A6, Th17;
I is_halting_on (StepForUp (a,bb,cc,I,p,s)) . k,
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by A3, A6;
then A8:
I is_halting_on Initialized ((StepForUp (a,bb,cc,I,p,s)) . k),
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by A7, SCMFSA8B:42;
(AddTo (a,(intloc 0))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on IExec (
I,
(p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))),
((StepForUp (a,bb,cc,I,p,s)) . k)),
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by SCMFSA7B:19;
then
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on Initialized ((StepForUp (a,bb,cc,I,p,s)) . k),
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by A4, A8, SFMASTR1:3;
hence
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k,
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by A7, SCMFSA8B:42;
verum
end;
set i3 =
a := bb;
set i2 =
AddTo (
(1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),
(intloc 0));
set i1 =
SubFrom (
(1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),
bb);
set i0 =
(1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc;
set s1 =
IExec (
(((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),
p,
s);
set p1 =
p;
set SW1 =
StepWhile>0 (
(1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),
((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),
p,
(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)));
deffunc H1(
State of
SCM+FSA)
-> Element of
NAT =
|.($1 . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))).|;
consider f being
Function of
(product (the_Values_of SCM+FSA)),
NAT such that A9:
for
x being
Element of
product (the_Values_of SCM+FSA) holds
f . x = H1(
x)
from FUNCT_2:sch 4();
A10:
for
x being
State of
SCM+FSA holds
f . x = H1(
x)
A11:
DataPart (IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)) = DataPart ((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb)))
by A1, Th14;
thus
ProperBodyWhile>0 1
-stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))),
IExec (
(((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),
p,
s),
p
WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))), IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s),p
proof
let k be
Nat;
SCMFSA9A:def 4 ( ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0 or (I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k,p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))))) )
assume A12:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) > 0
;
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k,p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
A13:
DataPart ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) = DataPart ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k)
by A11, A5, SCMFSA9A:34;
then A14:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) = ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))
by SCMFSA_M:2;
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k,
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by A5, A12, A14;
hence
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))) is_halting_on (StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k,
p +* (while>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))))))
by A13, SCMFSA8B:5;
verum
end;
A15:
for
k being
Nat holds
(
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) or
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0 )
proof
let k be
Nat;
( f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) or ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0 )
A16:
DataPart ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) = DataPart ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k)
by A11, A5, SCMFSA9A:34;
then A17:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) = ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))
by SCMFSA_M:2;
DataPart ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . (k + 1)) = DataPart ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1))
by A11, A5, SCMFSA9A:34;
then A18:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) = ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))
by SCMFSA_M:2;
now ( ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) > 0 implies f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) )
assume A19:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) > 0
;
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k)then A20:
k < ((s . cc) - (s . bb)) + 1
by A1, A3, A17, Th18;
k < ((s . cc) - (s . bb)) + 1
by A1, A3, A17, A19, Th18;
then A21:
(((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))) + k = ((s . cc) - (s . bb)) + 1
by A1, A3, Th17;
reconsider scb1 =
((s . cc) - (s . bb)) + 1 as
Element of
NAT by A20, INT_1:3;
A22:
k + 1
<= scb1
by A20, NAT_1:13;
then A23:
(((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))) + (k + 1) = ((s . cc) - (s . bb)) + 1
by A1, A3, Th17;
A24:
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) =
|.(((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))).|
by A10
.=
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))
by A17, A19, ABSVALUE:def 1
;
per cases
( ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) > 0 or ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0 )
;
suppose A25:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) > 0
;
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k)
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) =
|.(((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))).|
by A10
.=
(scb1 - k) - 1
by A18, A23, A25, ABSVALUE:def 1
;
hence
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k)
by A24, A21, XREAL_1:146;
verum
end;
suppose A26:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0
;
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k)
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,((s +* ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(((s . cc) - (s . bb)) + 1))) +* (a,(s . bb))))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) = scb1 - (k + 1)
by A23;
then A27:
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) = 0
by A18, A22, A26, XREAL_1:48;
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) =
|.(((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I)))).|
by A10
.=
0
by A27, ABSVALUE:def 1
;
hence
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k)
by A16, A19, A24, SCMFSA_M:2;
verum
end;
end;
end;
hence
(
f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . (k + 1)) < f . ((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) or
((StepWhile>0 ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),((I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))),p,(IExec ((((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),p,s)))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) <= 0 )
;
verum
end;
thus
WithVariantWhile>0 1
-stRWNotIn ({a,bb,cc} \/ (UsedILoc I)),
(I ";" (AddTo (a,(intloc 0)))) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0))),
IExec (
(((((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))) := cc) ";" (SubFrom ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),bb))) ";" (AddTo ((1 -stRWNotIn ({a,bb,cc} \/ (UsedILoc I))),(intloc 0)))) ";" (a := bb)),
p,
s),
p
by A15;
verum
end;
theorem Th23:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
k being
Nat for
p being
Instruction-Sequence of
SCM+FSA for
Ig being
really-closed good MacroInstruction of
SCM+FSA st
s . (intloc 0) = 1 &
k = ((s . cc) - (s . bb)) + 1 & (
ProperForUpBody a,
bb,
cc,
Ig,
s,
p or
Ig is
parahalting ) holds
DataPart (IExec ((for-up (a,bb,cc,Ig)),p,s)) = DataPart ((StepForUp (a,bb,cc,Ig,p,s)) . k)
theorem Th24:
for
s being
State of
SCM+FSA for
a being
read-write Int-Location for
bb,
cc being
Int-Location for
p being
Instruction-Sequence of
SCM+FSA for
Ig being
really-closed good MacroInstruction of
SCM+FSA st
s . (intloc 0) = 1 & (
ProperForUpBody a,
bb,
cc,
Ig,
s,
p or
Ig is
parahalting ) holds
for-up (
a,
bb,
cc,
Ig)
is_halting_on s,
p
definition
let start,
finish,
minpos be
Int-Location;
let f be
FinSeq-Location ;
func FinSeqMin (
f,
start,
finish,
minpos)
-> MacroInstruction of
SCM+FSA equals
(minpos := start) ";" (for-up ((3 -rdRWNotIn {start,finish,minpos}),start,finish,((((1 -stRWNotIn {start,finish,minpos}) := (f,(3 -rdRWNotIn {start,finish,minpos}))) ";" ((2 -ndRWNotIn {start,finish,minpos}) := (f,minpos))) ";" (if>0 ((2 -ndRWNotIn {start,finish,minpos}),(1 -stRWNotIn {start,finish,minpos}),(Macro (minpos := (3 -rdRWNotIn {start,finish,minpos}))),(Stop SCM+FSA))))));
coherence
(minpos := start) ";" (for-up ((3 -rdRWNotIn {start,finish,minpos}),start,finish,((((1 -stRWNotIn {start,finish,minpos}) := (f,(3 -rdRWNotIn {start,finish,minpos}))) ";" ((2 -ndRWNotIn {start,finish,minpos}) := (f,minpos))) ";" (if>0 ((2 -ndRWNotIn {start,finish,minpos}),(1 -stRWNotIn {start,finish,minpos}),(Macro (minpos := (3 -rdRWNotIn {start,finish,minpos}))),(Stop SCM+FSA)))))) is MacroInstruction of SCM+FSA
;
end;
::
deftheorem defines
FinSeqMin SFMASTR3:def 4 :
for start, finish, minpos being Int-Location
for f being FinSeq-Location holds FinSeqMin (f,start,finish,minpos) = (minpos := start) ";" (for-up ((3 -rdRWNotIn {start,finish,minpos}),start,finish,((((1 -stRWNotIn {start,finish,minpos}) := (f,(3 -rdRWNotIn {start,finish,minpos}))) ";" ((2 -ndRWNotIn {start,finish,minpos}) := (f,minpos))) ";" (if>0 ((2 -ndRWNotIn {start,finish,minpos}),(1 -stRWNotIn {start,finish,minpos}),(Macro (minpos := (3 -rdRWNotIn {start,finish,minpos}))),(Stop SCM+FSA))))));
theorem Th28:
for
s being
State of
SCM+FSA for
c being
read-write Int-Location for
aa,
bb being
Int-Location for
f being
FinSeq-Location for
p being
Instruction-Sequence of
SCM+FSA st
aa <> c &
bb <> c &
s . (intloc 0) = 1 holds
(
(IExec ((FinSeqMin (f,aa,bb,c)),p,s)) . f = s . f &
(IExec ((FinSeqMin (f,aa,bb,c)),p,s)) . aa = s . aa &
(IExec ((FinSeqMin (f,aa,bb,c)),p,s)) . bb = s . bb )
definition
let f be
FinSeq-Location ;
let a,
b be
Int-Location;
func swap (
f,
a,
b)
-> MacroInstruction of
SCM+FSA equals
((((1 -stRWNotIn {a,b}) := (f,a)) ";" ((2 -ndRWNotIn {a,b}) := (f,b))) ";" ((f,a) := (2 -ndRWNotIn {a,b}))) ";" ((f,b) := (1 -stRWNotIn {a,b}));
coherence
((((1 -stRWNotIn {a,b}) := (f,a)) ";" ((2 -ndRWNotIn {a,b}) := (f,b))) ";" ((f,a) := (2 -ndRWNotIn {a,b}))) ";" ((f,b) := (1 -stRWNotIn {a,b})) is MacroInstruction of SCM+FSA
;
end;
::
deftheorem defines
swap SFMASTR3:def 5 :
for f being FinSeq-Location
for a, b being Int-Location holds swap (f,a,b) = ((((1 -stRWNotIn {a,b}) := (f,a)) ";" ((2 -ndRWNotIn {a,b}) := (f,b))) ";" ((f,a) := (2 -ndRWNotIn {a,b}))) ";" ((f,b) := (1 -stRWNotIn {a,b}));
definition
let f be
FinSeq-Location ;
func Selection-sort f -> Program of
equals
((1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))) :=len f) ";" (for-up ((1 -stRWNotIn ({} Int-Locations)),(intloc 0),(1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))),((FinSeqMin (f,(1 -stRWNotIn ({} Int-Locations)),(1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))),(2 -ndRWNotIn ({} Int-Locations)))) ";" (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations)))))));
coherence
((1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))) :=len f) ";" (for-up ((1 -stRWNotIn ({} Int-Locations)),(intloc 0),(1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))),((FinSeqMin (f,(1 -stRWNotIn ({} Int-Locations)),(1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))),(2 -ndRWNotIn ({} Int-Locations)))) ";" (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))))) is Program of
;
end;
::
deftheorem defines
Selection-sort SFMASTR3:def 6 :
for f being FinSeq-Location holds Selection-sort f = ((1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))) :=len f) ";" (for-up ((1 -stRWNotIn ({} Int-Locations)),(intloc 0),(1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))),((FinSeqMin (f,(1 -stRWNotIn ({} Int-Locations)),(1 -stNotUsed (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations))))),(2 -ndRWNotIn ({} Int-Locations)))) ";" (swap (f,(1 -stRWNotIn ({} Int-Locations)),(2 -ndRWNotIn ({} Int-Locations)))))));