let s be State of SCM+FSA ; :: thesis: for I being InitHalting keepInt0_1 Program of SCM+FSA
for a being read-write Int-Location st I does_not_destroy a holds
(Computation ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))),(LifeSpan ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))))) . a = (s . a) - 1
let I be InitHalting keepInt0_1 Program of SCM+FSA ; :: thesis: for a being read-write Int-Location st I does_not_destroy a holds
(Computation ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))),(LifeSpan ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))))) . a = (s . a) - 1
let a be read-write Int-Location ; :: thesis: ( I does_not_destroy a implies (Computation ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))),(LifeSpan ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))))) . a = (s . a) - 1 )
assume A1: I does_not_destroy a ; :: thesis: (Computation ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))),(LifeSpan ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))))) . a = (s . a) - 1
set s0 = Initialize s;
set s1 = (Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )));
A2: ( a in dom (Initialize s) & not a in dom (I +* (Start-At (insloc 0 ))) ) by SCMFSA6B:12, SCMFSA_2:66;
(IExec (I ';' (SubFrom a,(intloc 0 ))),s) . a = (Exec (SubFrom a,(intloc 0 )),(IExec I,s)) . a by Th33
.= ((IExec I,s) . a) - ((IExec I,s) . (intloc 0 )) by SCMFSA_2:91
.= ((IExec I,s) . a) - 1 by Th17
.= ((Computation ((Initialize s) +* (I +* (Start-At (insloc 0 )))),0 ) . a) - 1 by A1, Th62
.= (((Initialize s) +* (I +* (Start-At (insloc 0 )))) . a) - 1 by AMI_1:13
.= ((Initialize s) . a) - 1 by A2, FUNCT_4:12 ;
hence (Computation ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))),(LifeSpan ((Initialize s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At (insloc 0 )))))) . a = ((Initialize s) . a) - 1 by Th61
.= (s . a) - 1 by SCMFSA6C:3 ;
:: thesis: verum