let s be State of SCM+FSA ; :: thesis: for c0 being Element of NAT st IC s = c0 holds
for a being Int-Location
for k being Integer st ( for c being Element of NAT st c < len (aSeq a,k) holds
(aSeq a,k) . (c + 1) = s . (c0 + c) ) holds
for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
let c0 be Element of NAT ; :: thesis: ( IC s = c0 implies for a being Int-Location
for k being Integer st ( for c being Element of NAT st c < len (aSeq a,k) holds
(aSeq a,k) . (c + 1) = s . (c0 + c) ) holds
for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i )
assume A1: IC s = c0 ; :: thesis: for a being Int-Location
for k being Integer st ( for c being Element of NAT st c < len (aSeq a,k) holds
(aSeq a,k) . (c + 1) = s . (c0 + c) ) holds
for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
let a be Int-Location ; :: thesis: for k being Integer st ( for c being Element of NAT st c < len (aSeq a,k) holds
(aSeq a,k) . (c + 1) = s . (c0 + c) ) holds
for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
let k be Integer; :: thesis: ( ( for c being Element of NAT st c < len (aSeq a,k) holds
(aSeq a,k) . (c + 1) = s . (c0 + c) ) implies for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i )
assume A2: for c being Element of NAT st c < len (aSeq a,k) holds
(aSeq a,k) . (c + 1) = s . (c0 + c) ; :: thesis: for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
per cases ( k > 0 or k <= 0 ) ;
suppose A3: k > 0 ; :: thesis: for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
then reconsider k9 = k as Element of NAT by INT_1:16;
consider k1 being Element of NAT such that
A4: k1 + 1 = k9 and
A5: aSeq a,k9 = <*(a := (intloc 0 ))*> ^ (k1 |-> (AddTo a,(intloc 0 ))) by A3, SCMFSA_7:def 3;
defpred S1[ Nat] means ( $1 <= k9 implies IC (Comput (ProgramPart s),s,$1) = c0 + $1 );
A6: len (aSeq a,k9) = (len <*(a := (intloc 0 ))*>) + (len (k1 |-> (AddTo a,(intloc 0 )))) by A5, FINSEQ_1:35
.= 1 + (len (k1 |-> (AddTo a,(intloc 0 )))) by FINSEQ_1:56
.= k9 by A4, FINSEQ_1:def 18 ;
for i being Element of NAT st i <= len (aSeq a,k9) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
proof
A7: now
let i be Element of NAT ; :: thesis: ( 1 < i & i <= k9 implies (aSeq a,k9) . i = AddTo a,(intloc 0 ) )
assume that
A8: 1 < i and
A9: i <= k9 ; :: thesis: (aSeq a,k9) . i = AddTo a,(intloc 0 )
A10: 1 <= i - 1 by A8, INT_1:79;
then reconsider i1 = i - 1 as Element of NAT by INT_1:16;
i - 1 <= k9 - 1 by A9, XREAL_1:11;
then A11: i1 in Seg k1 by A4, A10;
len <*(a := (intloc 0 ))*> = 1 by FINSEQ_1:56;
hence (aSeq a,k9) . i = (k1 |-> (AddTo a,(intloc 0 ))) . (i - 1) by A5, A6, A8, A9, FINSEQ_1:37
.= AddTo a,(intloc 0 ) by A11, FUNCOP_1:13 ;
:: thesis: verum
end;
A12: now
let i be Element of NAT ; :: thesis: ( 0 < i & i < k9 implies s . (c0 + i) = AddTo a,(intloc 0 ) )
assume that
A13: 0 < i and
A14: i < k9 ; :: thesis: s . (c0 + i) = AddTo a,(intloc 0 )
A15: ( 0 + 1 < i + 1 & i + 1 <= k9 ) by A13, A14, NAT_1:13, XREAL_1:8;
thus s . (c0 + i) = (aSeq a,k9) . (i + 1) by A2, A6, A14
.= AddTo a,(intloc 0 ) by A7, A15 ; :: thesis: verum
end;
A16: s . (c0 + 0 ) = (aSeq a,k9) . (0 + 1) by A2, A3, A6
.= a := (intloc 0 ) by A5, FINSEQ_1:58 ;
A17: now
let n be Element of NAT ; :: thesis: ( n = 0 implies ( Comput (ProgramPart s),s,n = s & CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s ) )
Y: (ProgramPart (Comput (ProgramPart s),s,n)) /. (IC (Comput (ProgramPart s),s,n)) = (Comput (ProgramPart s),s,n) . (IC (Comput (ProgramPart s),s,n)) by AMI_1:150;
assume n = 0 ; :: thesis: ( Comput (ProgramPart s),s,n = s & CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s )
hence A18: Comput (ProgramPart s),s,n = s by AMI_1:13; :: thesis: ( CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s )
hence A19: CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) by A1, A16, AMI_1:def 16, Y; :: thesis: Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s
thus Comput (ProgramPart s),s,(n + 1) = Following (ProgramPart s),(Comput (ProgramPart s),s,n) by AMI_1:14
.= Exec (a := (intloc 0 )),s by A18, A19, AMI_1:def 18 ; :: thesis: verum
end;
A20: for n being Element of NAT st S1[n] holds
S1[n + 1]
proof
let n be Element of NAT ; :: thesis: ( S1[n] implies S1[n + 1] )
assume A21: S1[n] ; :: thesis: S1[n + 1]
assume A22: n + 1 <= k9 ; :: thesis: IC (Comput (ProgramPart s),s,(n + 1)) = c0 + (n + 1)
per cases ( n = 0 or n > 0 ) ;
suppose A23: n = 0 ; :: thesis: IC (Comput (ProgramPart s),s,(n + 1)) = c0 + (n + 1)
hence IC (Comput (ProgramPart s),s,(n + 1)) = IC (Exec (a := (intloc 0 )),s) by A17
.= (Exec (a := (intloc 0 )),s) . (IC SCM+FSA ) by AMI_1:def 15
.= succ (c0 + n) by A1, A23, SCMFSA_2:89
.= (c0 + n) + 1 by NAT_1:39
.= c0 + (n + 1) ;
:: thesis: verum
end;
suppose A24: n > 0 ; :: thesis: IC (Comput (ProgramPart s),s,(n + 1)) = c0 + (n + 1)
A25: n < k9 by A22, NAT_1:13;
Y: (ProgramPart (Comput (ProgramPart s),s,n)) /. (IC (Comput (ProgramPart s),s,n)) = (Comput (ProgramPart s),s,n) . (IC (Comput (ProgramPart s),s,n)) by AMI_1:150;
A26: n + 0 <= n + 1 by XREAL_1:9;
then A27: CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = (Comput (ProgramPart s),s,n) . (c0 + n) by A21, A22, AMI_1:def 16, XXREAL_0:2, Y
.= s . (c0 + n) by AMI_1:54
.= AddTo a,(intloc 0 ) by A12, A24, A25 ;
T: ProgramPart s = ProgramPart (Comput (ProgramPart s),s,n) by AMI_1:144;
A28: Comput (ProgramPart s),s,(n + 1) = Following (ProgramPart s),(Comput (ProgramPart s),s,n) by AMI_1:14
.= Exec (AddTo a,(intloc 0 )),(Comput (ProgramPart s),s,n) by A27, AMI_1:def 18, T ;
thus IC (Comput (ProgramPart s),s,(n + 1)) = (Comput (ProgramPart s),s,(n + 1)) . (IC SCM+FSA ) by AMI_1:def 15
.= succ (IC (Comput (ProgramPart s),s,n)) by A28, SCMFSA_2:90
.= (c0 + n) + 1 by A21, A22, A26, NAT_1:39, XXREAL_0:2
.= c0 + (n + 1) ; :: thesis: verum
end;
end;
end;
let i be Element of NAT ; :: thesis: ( i <= len (aSeq a,k9) implies IC (Comput (ProgramPart s),s,i) = c0 + i )
assume A29: i <= len (aSeq a,k9) ; :: thesis: IC (Comput (ProgramPart s),s,i) = c0 + i
A30: S1[ 0 ] by A1, AMI_1:13;
for i being Element of NAT holds S1[i] from NAT_1:sch 1(A30, A20);
 hence IC (Comput (ProgramPart s),s,i) = c0 + i by A6, A29; :: thesis: verum
end;
hence for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i ; :: thesis: verum
end;
suppose A31: k <= 0 ; :: thesis: for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
then reconsider mk = - k as Element of NAT by INT_1:16;
defpred S1[ Nat] means ( $1 <= (mk + 1) + 1 implies IC (Comput (ProgramPart s),s,$1) = c0 + $1 );
consider k1 being Element of NAT such that
A32: k1 + k = 1 and
A33: aSeq a,k = <*(a := (intloc 0 ))*> ^ (k1 |-> (SubFrom a,(intloc 0 ))) by A31, SCMFSA_7:def 3;
A34: len (aSeq a,k) = (len <*(a := (intloc 0 ))*>) + (len (k1 |-> (SubFrom a,(intloc 0 )))) by A33, FINSEQ_1:35
.= 1 + (len (k1 |-> (SubFrom a,(intloc 0 )))) by FINSEQ_1:56
.= (mk + 1) + 1 by A32, FINSEQ_1:def 18 ;
for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i
proof
A35: now
let i be Element of NAT ; :: thesis: ( 1 < i & i <= (mk + 1) + 1 implies (aSeq a,k) . i = SubFrom a,(intloc 0 ) )
assume that
A36: 1 < i and
A37: i <= (mk + 1) + 1 ; :: thesis: (aSeq a,k) . i = SubFrom a,(intloc 0 )
A38: i - 1 <= ((mk + 1) + 1) - 1 by A37, XREAL_1:11;
A39: 1 - 1 < i - 1 by A36, XREAL_1:11;
then reconsider i1 = i - 1 as Element of NAT by INT_1:16;
(1 - 1) + 1 <= i - 1 by A39, INT_1:20;
then A40: i1 in Seg k1 by A32, A38;
len <*(a := (intloc 0 ))*> = 1 by FINSEQ_1:56;
hence (aSeq a,k) . i = (k1 |-> (SubFrom a,(intloc 0 ))) . (i - 1) by A33, A34, A36, A37, FINSEQ_1:37
.= SubFrom a,(intloc 0 ) by A40, FUNCOP_1:13 ;
:: thesis: verum
end;
A41: now
let i be Element of NAT ; :: thesis: ( 0 < i & i < (mk + 1) + 1 implies s . (c0 + i) = SubFrom a,(intloc 0 ) )
assume that
A42: 0 < i and
A43: i < (mk + 1) + 1 ; :: thesis: s . (c0 + i) = SubFrom a,(intloc 0 )
A44: ( 0 + 1 < i + 1 & i + 1 <= (mk + 1) + 1 ) by A42, A43, NAT_1:13, XREAL_1:8;
thus s . (c0 + i) = (aSeq a,k) . (i + 1) by A2, A34, A43
.= SubFrom a,(intloc 0 ) by A35, A44 ; :: thesis: verum
end;
A45: s . (c0 + 0 ) = (aSeq a,k) . (0 + 1) by A2, A34
.= a := (intloc 0 ) by A33, FINSEQ_1:58 ;
A46: for n being Element of NAT st n = 0 holds
( Comput (ProgramPart s),s,n = s & CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s )
proof
let n be Element of NAT ; :: thesis: ( n = 0 implies ( Comput (ProgramPart s),s,n = s & CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s ) )
Y: (ProgramPart (Comput (ProgramPart s),s,n)) /. (IC (Comput (ProgramPart s),s,n)) = (Comput (ProgramPart s),s,n) . (IC (Comput (ProgramPart s),s,n)) by AMI_1:150;
assume n = 0 ; :: thesis: ( Comput (ProgramPart s),s,n = s & CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s )
hence A47: Comput (ProgramPart s),s,n = s by AMI_1:13; :: thesis: ( CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) & Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s )
hence A48: CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = a := (intloc 0 ) by A1, A45, AMI_1:def 16, Y; :: thesis: Comput (ProgramPart s),s,(n + 1) = Exec (a := (intloc 0 )),s
thus Comput (ProgramPart s),s,(n + 1) = Following (ProgramPart s),(Comput (ProgramPart s),s,n) by AMI_1:14
.= Exec (a := (intloc 0 )),s by A47, A48, AMI_1:def 18 ; :: thesis: verum
end;
A49: for n being Element of NAT st S1[n] holds
S1[n + 1]
proof
let n be Element of NAT ; :: thesis: ( S1[n] implies S1[n + 1] )
assume A50: S1[n] ; :: thesis: S1[n + 1]
assume A51: n + 1 <= (mk + 1) + 1 ; :: thesis: IC (Comput (ProgramPart s),s,(n + 1)) = c0 + (n + 1)
per cases ( n = 0 or n > 0 ) ;
suppose A52: n = 0 ; :: thesis: IC (Comput (ProgramPart s),s,(n + 1)) = c0 + (n + 1)
hence IC (Comput (ProgramPart s),s,(n + 1)) = IC (Exec (a := (intloc 0 )),s) by A46
.= (Exec (a := (intloc 0 )),s) . (IC SCM+FSA ) by AMI_1:def 15
.= succ (c0 + n) by A1, A52, SCMFSA_2:89
.= (c0 + n) + 1 by NAT_1:39
.= c0 + (n + 1) ;
:: thesis: verum
end;
suppose A53: n > 0 ; :: thesis: IC (Comput (ProgramPart s),s,(n + 1)) = c0 + (n + 1)
A54: n < (mk + 1) + 1 by A51, NAT_1:13;
Y: (ProgramPart (Comput (ProgramPart s),s,n)) /. (IC (Comput (ProgramPart s),s,n)) = (Comput (ProgramPart s),s,n) . (IC (Comput (ProgramPart s),s,n)) by AMI_1:150;
A55: n + 0 <= n + 1 by XREAL_1:9;
then A56: CurInstr (ProgramPart (Comput (ProgramPart s),s,n)),(Comput (ProgramPart s),s,n) = (Comput (ProgramPart s),s,n) . (c0 + n) by A50, A51, AMI_1:def 16, XXREAL_0:2, Y
.= s . (c0 + n) by AMI_1:54
.= SubFrom a,(intloc 0 ) by A41, A53, A54 ;
T: ProgramPart s = ProgramPart (Comput (ProgramPart s),s,n) by AMI_1:144;
A57: Comput (ProgramPart s),s,(n + 1) = Following (ProgramPart s),(Comput (ProgramPart s),s,n) by AMI_1:14
.= Exec (SubFrom a,(intloc 0 )),(Comput (ProgramPart s),s,n) by A56, AMI_1:def 18, T ;
thus IC (Comput (ProgramPart s),s,(n + 1)) = (Comput (ProgramPart s),s,(n + 1)) . (IC SCM+FSA ) by AMI_1:def 15
.= succ (IC (Comput (ProgramPart s),s,n)) by A57, SCMFSA_2:91
.= (c0 + n) + 1 by A50, A51, A55, NAT_1:39, XXREAL_0:2
.= c0 + (n + 1) ; :: thesis: verum
end;
end;
end;
let i be Element of NAT ; :: thesis: ( i <= len (aSeq a,k) implies IC (Comput (ProgramPart s),s,i) = c0 + i )
assume A58: i <= len (aSeq a,k) ; :: thesis: IC (Comput (ProgramPart s),s,i) = c0 + i
A59: S1[ 0 ] by A1, AMI_1:13;
for i being Element of NAT holds S1[i] from NAT_1:sch 1(A59, A49);
 hence IC (Comput (ProgramPart s),s,i) = c0 + i by A34, A58; :: thesis: verum
end;
hence for i being Element of NAT st i <= len (aSeq a,k) holds
IC (Comput (ProgramPart s),s,i) = c0 + i ; :: thesis: verum
end;
end;