set f = xor2 ;
let x, y, z be set ; :: thesis: ( z <> [<*x,y*>,xor2 ] implies for s being State of (GFA0AdderCirc x,y,z)
for a1, a2, a3 being Element of BOOLEAN st a1 = s . x & a2 = s . y & a3 = s . z holds
( (Following s,2) . (GFA0AdderOutput x,y,z) = (a1 'xor' a2) 'xor' a3 & (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 & (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 ) )
assume A1: z <> [<*x,y*>,xor2 ] ; :: thesis: for s being State of (GFA0AdderCirc x,y,z)
for a1, a2, a3 being Element of BOOLEAN st a1 = s . x & a2 = s . y & a3 = s . z holds
( (Following s,2) . (GFA0AdderOutput x,y,z) = (a1 'xor' a2) 'xor' a3 & (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 & (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 )
set xy = [<*x,y*>,xor2 ];
set A = GFA0AdderCirc x,y,z;
let s be State of (GFA0AdderCirc x,y,z); :: thesis: for a1, a2, a3 being Element of BOOLEAN st a1 = s . x & a2 = s . y & a3 = s . z holds
( (Following s,2) . (GFA0AdderOutput x,y,z) = (a1 'xor' a2) 'xor' a3 & (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 & (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 )
let a1, a2, a3 be Element of BOOLEAN ; :: thesis: ( a1 = s . x & a2 = s . y & a3 = s . z implies ( (Following s,2) . (GFA0AdderOutput x,y,z) = (a1 'xor' a2) 'xor' a3 & (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 & (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 ) )
assume A2: ( a1 = s . x & a2 = s . y & a3 = s . z ) ; :: thesis: ( (Following s,2) . (GFA0AdderOutput x,y,z) = (a1 'xor' a2) 'xor' a3 & (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 & (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 )
thus (Following s,2) . (GFA0AdderOutput x,y,z) = xor2 . <*(xor2 . <*a1,a2*>),a3*> by A1, A2, FACIRC_1:62
.= xor2 . <*(a1 'xor' a2),a3*> by TWOSCOMP:def 13
.= (a1 'xor' a2) 'xor' a3 by TWOSCOMP:def 13 ; :: thesis: ( (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 & (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 )
(Following s,2) . [<*x,y*>,xor2 ] = xor2 . <*a1,a2*> by A1, A2, FACIRC_1:62;
hence (Following s,2) . [<*x,y*>,xor2 ] = a1 'xor' a2 by TWOSCOMP:def 13; :: thesis: ( (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 )
thus ( (Following s,2) . x = a1 & (Following s,2) . y = a2 & (Following s,2) . z = a3 ) by A1, A2, FACIRC_1:62; :: thesis: verum