set S = Funcs F2(),INT ;
set T = (Funcs F2(),INT ) \ F3(),0 ;
set C = F8() leq F7();
set II = F4() \; (F7() += (- 1));
Z0: ( F6() is complying_with_catenation & F6() complies_with_while_wrt (Funcs F2(),INT ) \ F3(),0 ) by AOFA_000:def 32;
reconsider s1 = F6() . F9(),(F7() := F10()) as Element of Funcs F2(),INT ;
reconsider s2 = F6() . s1,(F8() leq F7()) as Element of Funcs F2(),INT ;
S1: ( s1 . F7() = F10() . F9() & s1 . F8() = F9() . F8() ) by D, Th111;
then S2: ( s2 . F7() = F10() . F9() & s2 . F8() = F9() . F8() ) by D, Th114;
Sn: F6() . F9(),F5() = F6() . s1,(while (F8() leq F7()),(F4() \; (F7() += (- 1)))) by F, AOFA_000:def 29;
defpred S1[ Element of Funcs F2(),INT ] means $1 . F7() >= $1 . F8();
defpred S2[ Element of Funcs F2(),INT ] means ( P1[$1] & ( F10() . F9() >= F9() . F8() implies ($1 . F7()) + 1 >= F9() . F8() ) & $1 . F8() = F9() . F8() );
A1: S2[s1] by A, S1, XREAL_1:41;
A2: P1[s2] by B, A;
per cases ( F10() . F9() >= F9() . F8() or F10() . F9() < F9() . F8() ) ;
suppose C1: F10() . F9() >= F9() . F8() ; :: thesis: ( P1[F6() . F9(),F5()] & ( F10() . F9() >= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) - 1 ) & ( F10() . F9() < F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() )
then B': s2 . F3() = 1 by S1, Th114;
defpred S3[ Element of Funcs F2(),INT ] means ( P1[$1] & S1[$1] );
BB: ( F6() . s1,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 iff S3[F6() . s1,(F8() leq F7())] ) by B', A, B, C1, S2;
deffunc H1( Element of Funcs F2(),INT ) -> Element of NAT = In ((($1 . F7()) + 1) - ($1 . F8())),NAT ;
Ct: for s being Element of Funcs F2(),INT st S3[s] holds
( ( S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] implies F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 ) & ( F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 implies S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] ) & H1(F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))) < H1(s) )
proof
let s be Element of Funcs F2(),INT ; :: thesis: ( S3[s] implies ( ( S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] implies F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 ) & ( F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 implies S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] ) & H1(F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))) < H1(s) ) )
assume 00: S3[s] ; :: thesis: ( ( S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] implies F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 ) & ( F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 implies S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] ) & H1(F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))) < H1(s) )
reconsider s' = F6() . s,F4() as Element of Funcs F2(),INT ;
reconsider s'' = F6() . s',(F7() += (- 1)) as Element of Funcs F2(),INT ;
reconsider s''' = F6() . s'',(F8() leq F7()) as Element of Funcs F2(),INT ;
01: ( F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) = F6() . (F6() . s,(F4() \; (F7() += (- 1)))),(F8() leq F7()) & s'' = F6() . s,(F4() \; (F7() += (- 1))) ) by AOFA_000:def 29;
02: ( s''' . F7() = s'' . F7() & s''' . F8() = s'' . F8() & ( s'' . F7() < s'' . F8() implies s''' . F3() = 0 ) & ( s'' . F7() >= s'' . F8() implies s''' . F3() = 1 ) ) by D, Th114;
03: ( s' . F7() = s . F7() & s' . F8() = s . F8() ) by C, 00;
04: ( s'' . F7() = (s' . F7()) - 1 & s'' . F8() = s' . F8() & P1[s''] ) by 00, 01, B, D, Th012;
hence ( S3[F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))] iff F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7())) in (Funcs F2(),INT ) \ F3(),0 ) by 01, 02, B, LemTS; :: thesis: H1(F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))) < H1(s)
reconsider j = (s . F7()) - (s . F8()) as Element of NAT by 00, INT_1:18;
H1(s''') = j by 02, 03, 04, FUNCT_7:def 1;
then H1(s''') + 1 = H1(s) by FUNCT_7:def 1;
hence H1(F6() . s,((F4() \; (F7() += (- 1))) \; (F8() leq F7()))) < H1(s) by 01, NAT_1:13; :: thesis: verum
end;
C': F6() iteration_terminates_for (F4() \; (F7() += (- 1))) \; (F8() leq F7()),F6() . s1,(F8() leq F7()) from AOFA_000:sch 3(BB, Ct);
D': for s being Element of Funcs F2(),INT st S2[s] & s in (Funcs F2(),INT ) \ F3(),0 & S1[s] holds
S2[F6() . s,(F4() \; (F7() += (- 1)))]
proof
let s be Element of Funcs F2(),INT ; :: thesis: ( S2[s] & s in (Funcs F2(),INT ) \ F3(),0 & S1[s] implies S2[F6() . s,(F4() \; (F7() += (- 1)))] )
assume 01: ( S2[s] & s in (Funcs F2(),INT ) \ F3(),0 & S1[s] ) ; :: thesis: S2[F6() . s,(F4() \; (F7() += (- 1)))]
thus P1[F6() . s,(F4() \; (F7() += (- 1)))] by 01, B; :: thesis: ( ( F10() . F9() >= F9() . F8() implies ((F6() . s,(F4() \; (F7() += (- 1)))) . F7()) + 1 >= F9() . F8() ) & (F6() . s,(F4() \; (F7() += (- 1)))) . F8() = F9() . F8() )
reconsider s'' = F6() . s,F4() as Element of Funcs F2(),INT ;
reconsider s''' = F6() . s'',(F7() += (- 1)) as Element of Funcs F2(),INT ;
03: ( s'' . F7() = s . F7() & s'' . F8() = s . F8() & s''' . F7() = (s'' . F7()) - 1 & s''' . F8() = s'' . F8() ) by 01, C, D, Th012;
s''' = F6() . s,(F4() \; (F7() += (- 1))) by AOFA_000:def 29;
hence ( ( F10() . F9() >= F9() . F8() implies ((F6() . s,(F4() \; (F7() += (- 1)))) . F7()) + 1 >= F9() . F8() ) & (F6() . s,(F4() \; (F7() += (- 1)))) . F8() = F9() . F8() ) by 01, 03; :: thesis: verum
end;
E': for s being Element of Funcs F2(),INT st S2[s] holds
( S2[F6() . s,(F8() leq F7())] & ( F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F8() leq F7())] ) & ( S1[F6() . s,(F8() leq F7())] implies F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 ) )
proof
let s be Element of Funcs F2(),INT ; :: thesis: ( S2[s] implies ( S2[F6() . s,(F8() leq F7())] & ( F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F8() leq F7())] ) & ( S1[F6() . s,(F8() leq F7())] implies F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 ) ) )
assume 01: S2[s] ; :: thesis: ( S2[F6() . s,(F8() leq F7())] & ( F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F8() leq F7())] ) & ( S1[F6() . s,(F8() leq F7())] implies F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 ) )
hence P1[F6() . s,(F8() leq F7())] by B; :: thesis: ( ( F10() . F9() >= F9() . F8() implies ((F6() . s,(F8() leq F7())) . F7()) + 1 >= F9() . F8() ) & (F6() . s,(F8() leq F7())) . F8() = F9() . F8() & ( F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F8() leq F7())] ) & ( S1[F6() . s,(F8() leq F7())] implies F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 ) )
( (F6() . s,(F8() leq F7())) . F7() = s . F7() & (F6() . s,(F8() leq F7())) . F8() = s . F8() & ( s . F7() < s . F8() implies (F6() . s,(F8() leq F7())) . F3() = 0 ) & ( s . F7() >= s . F8() implies (F6() . s,(F8() leq F7())) . F3() = 1 ) ) by D, Th114;
hence ( ( F10() . F9() >= F9() . F8() implies ((F6() . s,(F8() leq F7())) . F7()) + 1 >= F9() . F8() ) & (F6() . s,(F8() leq F7())) . F8() = F9() . F8() & ( F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 implies S1[F6() . s,(F8() leq F7())] ) & ( S1[F6() . s,(F8() leq F7())] implies F6() . s,(F8() leq F7()) in (Funcs F2(),INT ) \ F3(),0 ) ) by 01, LemTS; :: thesis: verum
end;
F': ( S2[F6() . s1,(while (F8() leq F7()),(F4() \; (F7() += (- 1))))] & not S1[F6() . s1,(while (F8() leq F7()),(F4() \; (F7() += (- 1))))] ) from AOFA_000:sch 5(A1, C', D', E');
then ((F6() . F9(),F5()) . F7()) + 1 <= ((F9() . F8()) + 1) - 1 by Sn, INT_1:20;
then ((F6() . F9(),F5()) . F7()) + 1 = F9() . F8() by C1, Sn, F', XXREAL_0:1;
hence ( P1[F6() . F9(),F5()] & ( F10() . F9() >= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) - 1 ) & ( F10() . F9() < F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() ) by C1, F', F, AOFA_000:def 29; :: thesis: verum
end;
suppose C2: F10() . F9() < F9() . F8() ; :: thesis: ( P1[F6() . F9(),F5()] & ( F10() . F9() >= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) - 1 ) & ( F10() . F9() < F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() )
then s2 . F3() = 0 by S1, Th114;
then s2 nin (Funcs F2(),INT ) \ F3(),0 by LemTS;
hence ( P1[F6() . F9(),F5()] & ( F10() . F9() >= F9() . F8() implies (F6() . F9(),F5()) . F7() = (F9() . F8()) - 1 ) & ( F10() . F9() < F9() . F8() implies (F6() . F9(),F5()) . F7() = F10() . F9() ) & (F6() . F9(),F5()) . F8() = F9() . F8() ) by A2, C2, S2, Sn, Z0, AOFA_000:def 31; :: thesis: verum
end;
end;