set f = xor2c ;
let x, y, z be set ; :: thesis: ( z <> [<*x,y*>,xor2c ] implies for s being State of (GFA1AdderCirc x,y,z)
for a1a2, a1, a2, a3 being Element of BOOLEAN st a1a2 = s . [<*x,y*>,xor2c ] & a1 = s . x & a2 = s . y & a3 = s . z holds
(Following s) . (GFA1AdderOutput x,y,z) = a1a2 'xor' ('not' a3) )
assume A1: z <> [<*x,y*>,xor2c ] ; :: thesis: for s being State of (GFA1AdderCirc x,y,z)
for a1a2, a1, a2, a3 being Element of BOOLEAN st a1a2 = s . [<*x,y*>,xor2c ] & a1 = s . x & a2 = s . y & a3 = s . z holds
(Following s) . (GFA1AdderOutput x,y,z) = a1a2 'xor' ('not' a3)
set xy = [<*x,y*>,xor2c ];
set A = GFA1AdderCirc x,y,z;
let s be State of (GFA1AdderCirc x,y,z); :: thesis: for a1a2, a1, a2, a3 being Element of BOOLEAN st a1a2 = s . [<*x,y*>,xor2c ] & a1 = s . x & a2 = s . y & a3 = s . z holds
(Following s) . (GFA1AdderOutput x,y,z) = a1a2 'xor' ('not' a3)
let a1a2, a1, a2, a3 be Element of BOOLEAN ; :: thesis: ( a1a2 = s . [<*x,y*>,xor2c ] & a1 = s . x & a2 = s . y & a3 = s . z implies (Following s) . (GFA1AdderOutput x,y,z) = a1a2 'xor' ('not' a3) )
assume A2: ( a1a2 = s . [<*x,y*>,xor2c ] & a1 = s . x & a2 = s . y & a3 = s . z ) ; :: thesis: (Following s) . (GFA1AdderOutput x,y,z) = a1a2 'xor' ('not' a3)
thus (Following s) . (GFA1AdderOutput x,y,z) = xor2c . <*(s . [<*x,y*>,xor2c ]),(s . z)*> by A1, Lm3
.= a1a2 'xor' ('not' a3) by A2, Def4 ; :: thesis: verum