let s be State of SCM+FSA ; :: thesis: for a being Int-Location
for J being good Program of SCM+FSA
for k being Element of NAT st ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 & J is_closed_on (StepTimes a,J,s) . k & J is_halting_on (StepTimes a,J,s) . k holds
( ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 & ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let a be Int-Location ; :: thesis: for J being good Program of SCM+FSA
for k being Element of NAT st ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 & J is_closed_on (StepTimes a,J,s) . k & J is_halting_on (StepTimes a,J,s) . k holds
( ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 & ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let J be good Program of SCM+FSA ; :: thesis: for k being Element of NAT st ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 & J is_closed_on (StepTimes a,J,s) . k & J is_halting_on (StepTimes a,J,s) . k holds
( ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 & ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let k be Element of NAT ; :: thesis: ( ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 & J is_closed_on (StepTimes a,J,s) . k & J is_halting_on (StepTimes a,J,s) . k implies ( ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 & ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) ) )
set I = J;
assume that
A1: ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 and
A2: J is_closed_on (StepTimes a,J,s) . k and
A3: J is_halting_on (StepTimes a,J,s) . k ; :: thesis: ( ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 & ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
set ST = StepTimes a,J,s;
set au = 1 -stRWNotIn ({a} \/ (UsedIntLoc J));
set SW = StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s));
A4: J is_closed_on Initialize ((StepTimes a,J,s) . k) by A1, A2, Th4;
A5: J is_halting_on Initialize ((StepTimes a,J,s) . k) by A1, A2, A3, Th5;
A7: Macro (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 )) is_closed_on IExec J,((StepTimes a,J,s) . k) by SCMFSA7B:24;
Macro (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 )) is_halting_on IExec J,((StepTimes a,J,s) . k) by SCMFSA7B:25;
then A9: J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 )) is_halting_on Initialize ((StepTimes a,J,s) . k) by A4, A5, A7, SFMASTR1:4;
hereby :: thesis: ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 )
per cases ( ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) <= 0 or ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 ) ;
suppose ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) <= 0 ; :: thesis: ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1
then DataPart ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . (k + 1)) = DataPart ((StepTimes a,J,s) . k) by SCMFSA9A:37;
hence ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 by A1, SCMFSA6A:38; :: thesis: verum
end;
suppose ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 ; :: thesis: ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1
then DataPart ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . (k + 1)) = DataPart (IExec (J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),((StepTimes a,J,s) . k)) by A1, A7, A9, A4, A5, SCMFSA9A:38, SFMASTR1:3;
hence ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = (IExec (J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),((StepTimes a,J,s) . k)) . (intloc 0 ) by SCMFSA6A:38
.= (Exec (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 )),(IExec J,((StepTimes a,J,s) . k))) . (intloc 0 ) by A4, A5, SFMASTR1:12
.= (IExec J,((StepTimes a,J,s) . k)) . (intloc 0 ) by SCMFSA_2:91
.= 1 by A4, A5, SCMFSA8C:96 ;
:: thesis: verum
end;
end;
end;
not 1 -stRWNotIn ({a} \/ (UsedIntLoc J)) in {a} \/ (UsedIntLoc J) by SFMASTR1:21;
then A10: not 1 -stRWNotIn ({a} \/ (UsedIntLoc J)) in UsedIntLoc J by XBOOLE_0:def 3;
assume ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 ; :: thesis: ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1
then DataPart ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . (k + 1)) = DataPart (IExec (J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),((StepTimes a,J,s) . k)) by A1, A7, A9, A4, A5, SCMFSA9A:38, SFMASTR1:3;
hence ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (IExec (J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),((StepTimes a,J,s) . k)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by SCMFSA6A:38
.= (Exec (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 )),(IExec J,((StepTimes a,J,s) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by A4, A5, SFMASTR1:12
.= ((IExec J,((StepTimes a,J,s) . k)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - ((IExec J,((StepTimes a,J,s) . k)) . (intloc 0 )) by SCMFSA_2:91
.= ((IExec J,((StepTimes a,J,s) . k)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by A4, A5, SCMFSA8C:96
.= ((Initialize ((StepTimes a,J,s) . k)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by A4, A5, A10, Th1
.= (((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by SCMFSA6C:3 ;
:: thesis: verum