set S = Funcs F2(),INT ;
set T = (Funcs F2(),INT ) \ F3(),0 ;
set C = F7() leq F8();
set II = F4() \; (F7() += 1);
Z0: ( F6() is complying_with_catenation & F6() complies_with_while_wrt (Funcs F2(),INT ) \ F3(),0 ) by AOFA_000:def 32;
reconsider s1 = F6() . F9(),(F7() := F10()) as Element of Funcs F2(),INT ;
reconsider s2 = F6() . s1,(F7() leq F8()) as Element of Funcs F2(),INT ;
S1: ( s1 . F7() = F10() . F9() & s1 . F8() = F9() . F8() ) by D, Th111;
then S2: ( s2 . F7() = F10() . F9() & s2 . F8() = F9() . F8() ) by D, Th114;
Sn: F6() . F9(),F5() = F6() . s1,(while (F7() leq F8()),(F4() \; (F7() += 1))) by F, AOFA_000:def 29;
defpred S1[ Element of Funcs F2(),INT ] means $1 . F7() <= $1 . F8();
defpred S2[ Element of Funcs F2(),INT ] means ( P1[$1] & ( F10() . F9() <= F9() . F8() implies ($1 . F7()) - 1 <= F9() . F8() ) & $1 . F8() = F9() . F8() );
(F10() . F9()) - 1 < F10() . F9() by XREAL_1:46;
then A1: S2[s1] by A, S1, XXREAL_0:2;
A2: P1[s2] by B, A;
per cases ( F10() . F9() <= F9() . F8() or F10() . F9() > F9() . F8() ) ;
suppose C1: F10() . F9() <= F9() . F8() ; :: thesis: ( P1[F6() . F9(),F5()] & ( F10() . F9() <= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) + 1 ) & ( F10() . F9() > F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() )
then B': s2 . F3() = 1 by S1, Th114;
defpred S3[ Element of Funcs F2(),INT ] means ( P1[$1] & S1[$1] );
BB: ( F6() . s1,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 iff S3[F6() . s1,(F7() leq F8())] ) by A, B, C1, S2, B';
deffunc H1( Element of Funcs F2(),INT ) -> Element of NAT = In ((($1 . F8()) + 1) - ($1 . F7())),NAT ;
Ct: for s being Element of Funcs F2(),INT st S3[s] holds
( ( S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] implies F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 ) & ( F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 implies S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] ) & H1(F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))) < H1(s) )
proof
let s be Element of Funcs F2(),INT ; :: thesis: ( S3[s] implies ( ( S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] implies F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 ) & ( F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 implies S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] ) & H1(F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))) < H1(s) ) )
assume 00: S3[s] ; :: thesis: ( ( S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] implies F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 ) & ( F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 implies S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] ) & H1(F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))) < H1(s) )
reconsider s' = F6() . s,F4() as Element of Funcs F2(),INT ;
reconsider s'' = F6() . s',(F7() += 1) as Element of Funcs F2(),INT ;
reconsider s''' = F6() . s'',(F7() leq F8()) as Element of Funcs F2(),INT ;
01: ( F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) = F6() . (F6() . s,(F4() \; (F7() += 1))),(F7() leq F8()) & s'' = F6() . s,(F4() \; (F7() += 1)) ) by AOFA_000:def 29;
02: ( s''' . F7() = s'' . F7() & s''' . F8() = s'' . F8() & ( s'' . F7() > s'' . F8() implies s''' . F3() = 0 ) & ( s'' . F7() <= s'' . F8() implies s''' . F3() = 1 ) ) by D, Th114;
03: ( s' . F7() = s . F7() & s' . F8() = s . F8() ) by C, 00;
04: ( s'' . F7() = (s' . F7()) + 1 & s'' . F8() = s' . F8() & P1[s''] ) by 00, 01, B, D, Th012;
hence ( S3[F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))] iff F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8())) in (Funcs F2(),INT ) \ F3(),0 ) by 01, 02, B, LemTS; :: thesis: H1(F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))) < H1(s)
reconsider j = (s . F8()) - (s . F7()) as Element of NAT by 00, INT_1:18;
H1(s''') = j by 02, 03, 04, FUNCT_7:def 1;
then H1(s''') + 1 = H1(s) by FUNCT_7:def 1;
hence H1(F6() . s,((F4() \; (F7() += 1)) \; (F7() leq F8()))) < H1(s) by 01, NAT_1:13; :: thesis: verum
end;
C': F6() iteration_terminates_for (F4() \; (F7() += 1)) \; (F7() leq F8()),F6() . s1,(F7() leq F8()) from AOFA_000:sch 3(BB, Ct);
D': for s being Element of Funcs F2(),INT st S2[s] & s in (Funcs F2(),INT ) \ F3(),0 & S1[s] holds
S2[F6() . s,(F4() \; (F7() += 1))]
proof
let s be Element of Funcs F2(),INT ; :: thesis: ( S2[s] & s in (Funcs F2(),INT ) \ F3(),0 & S1[s] implies S2[F6() . s,(F4() \; (F7() += 1))] )
assume 01: ( S2[s] & s in (Funcs F2(),INT ) \ F3(),0 & S1[s] ) ; :: thesis: S2[F6() . s,(F4() \; (F7() += 1))]
thus P1[F6() . s,(F4() \; (F7() += 1))] by B, 01; :: thesis: ( ( F10() . F9() <= F9() . F8() implies ((F6() . s,(F4() \; (F7() += 1))) . F7()) - 1 <= F9() . F8() ) & (F6() . s,(F4() \; (F7() += 1))) . F8() = F9() . F8() )
reconsider s' = F6() . s,F4() as Element of Funcs F2(),INT ;
reconsider s'' = F6() . s',(F7() += 1) as Element of Funcs F2(),INT ;
03: ( s' . F7() = s . F7() & s' . F8() = s . F8() & s'' . F7() = (s' . F7()) + 1 & s'' . F8() = s' . F8() ) by 01, C, D, Th012;
s'' = F6() . s,(F4() \; (F7() += 1)) by AOFA_000:def 29;
hence ( ( F10() . F9() <= F9() . F8() implies ((F6() . s,(F4() \; (F7() += 1))) . F7()) - 1 <= F9() . F8() ) & (F6() . s,(F4() \; (F7() += 1))) . F8() = F9() . F8() ) by 01, 03; :: thesis: verum
end;
E': for s being Element of Funcs F2(),INT st S2[s] holds
( S2[F6() . s,(F7() leq F8())] & ( F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F7() leq F8())] ) & ( S1[F6() . s,(F7() leq F8())] implies F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 ) )
proof
let s be Element of Funcs F2(),INT ; :: thesis: ( S2[s] implies ( S2[F6() . s,(F7() leq F8())] & ( F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F7() leq F8())] ) & ( S1[F6() . s,(F7() leq F8())] implies F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 ) ) )
assume 01: S2[s] ; :: thesis: ( S2[F6() . s,(F7() leq F8())] & ( F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F7() leq F8())] ) & ( S1[F6() . s,(F7() leq F8())] implies F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 ) )
hence P1[F6() . s,(F7() leq F8())] by B; :: thesis: ( ( F10() . F9() <= F9() . F8() implies ((F6() . s,(F7() leq F8())) . F7()) - 1 <= F9() . F8() ) & (F6() . s,(F7() leq F8())) . F8() = F9() . F8() & ( F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F7() leq F8())] ) & ( S1[F6() . s,(F7() leq F8())] implies F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 ) )
( (F6() . s,(F7() leq F8())) . F7() = s . F7() & (F6() . s,(F7() leq F8())) . F8() = s . F8() & ( s . F7() > s . F8() implies (F6() . s,(F7() leq F8())) . F3() = 0 ) & ( s . F7() <= s . F8() implies (F6() . s,(F7() leq F8())) . F3() = 1 ) ) by D, Th114;
hence ( ( F10() . F9() <= F9() . F8() implies ((F6() . s,(F7() leq F8())) . F7()) - 1 <= F9() . F8() ) & (F6() . s,(F7() leq F8())) . F8() = F9() . F8() & ( F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F7() leq F8())] ) & ( S1[F6() . s,(F7() leq F8())] implies F6() . s,(F7() leq F8()) in (Funcs F2(),INT ) \ F3(),0 ) ) by 01, LemTS; :: thesis: verum
end;
F': ( S2[F6() . s1,(while (F7() leq F8()),(F4() \; (F7() += 1)))] & not S1[F6() . s1,(while (F7() leq F8()),(F4() \; (F7() += 1)))] ) from AOFA_000:sch 5(A1, C', D', E');
then (F6() . F9(),F5()) . F7() >= (F9() . F8()) + 1 by Sn, INT_1:20;
then ((F6() . F9(),F5()) . F7()) - 1 >= ((F9() . F8()) + 1) - 1 by XREAL_1:15;
then ((F6() . F9(),F5()) . F7()) - 1 = F9() . F8() by C1, Sn, F', XXREAL_0:1;
hence ( P1[F6() . F9(),F5()] & ( F10() . F9() <= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) + 1 ) & ( F10() . F9() > F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() ) by C1, F, F', AOFA_000:def 29; :: thesis: verum
end;
suppose C2: F10() . F9() > F9() . F8() ; :: thesis: ( P1[F6() . F9(),F5()] & ( F10() . F9() <= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) + 1 ) & ( F10() . F9() > F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() )
then s2 . F3() = 0 by S1, Th114;
then s2 nin (Funcs F2(),INT ) \ F3(),0 by LemTS;
hence ( P1[F6() . F9(),F5()] & ( F10() . F9() <= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) + 1 ) & ( F10() . F9() > F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() ) by A2, C2, S2, Sn, Z0, AOFA_000:def 31; :: thesis: verum
end;
end;