let I be Program of SCM+FSA ; :: thesis: ( I is InitClosed & I is good implies I is keepInt0_1 )
assume A1: ( I is InitClosed & I is good ) ; :: thesis: I is keepInt0_1
then A2: I does_not_destroy intloc 0 by SCMFSA7B:def 5;
now
let s be State of SCM+FSA ; :: thesis: ( Initialized I c= s implies for k being Element of NAT holds (Comput (ProgramPart s),s,k) . (intloc 0 ) = 1 )
assume A3: Initialized I c= s ; :: thesis: for k being Element of NAT holds (Comput (ProgramPart s),s,k) . (intloc 0 ) = 1
let k be Element of NAT ; :: thesis: (Comput (ProgramPart s),s,k) . (intloc 0 ) = 1
I is_closed_onInit s by A1, Th35;
hence (Comput (ProgramPart s),s,k) . (intloc 0 ) = s . (intloc 0 ) by A2, A3, Th37
.= 1 by A3, Th7 ;
:: thesis: verum
end;
hence I is keepInt0_1 by Def3; :: thesis: verum