let s be State of SCM+FSA ; :: thesis: for I being Program of SCM+FSA
for a being Int-Location st I does_not_destroy a & I is_closed_on s holds
for k being Element of NAT holds (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . a = s . a
let I be Program of SCM+FSA ; :: thesis: for a being Int-Location st I does_not_destroy a & I is_closed_on s holds
for k being Element of NAT holds (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . a = s . a
let a be Int-Location ; :: thesis: ( I does_not_destroy a & I is_closed_on s implies for k being Element of NAT holds (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . a = s . a )
assume A1: I does_not_destroy a ; :: thesis: ( not I is_closed_on s or for k being Element of NAT holds (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . a = s . a )
defpred S1[ Nat] means (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),$1) . a = s . a;
dom I misses dom (Start-At 0 ,SCM+FSA ) by SF_MASTR:64;
then ( I +* (Start-At 0 ,SCM+FSA ) c= s +* (I +* (Start-At 0 ,SCM+FSA )) & I c= I +* (Start-At 0 ,SCM+FSA ) ) by FUNCT_4:26, FUNCT_4:33;
then A2: I c= s +* (I +* (Start-At 0 ,SCM+FSA )) by XBOOLE_1:1;
assume A3: I is_closed_on s ; :: thesis: for k being Element of NAT holds (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . a = s . a
A4: now
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume A5: S1[k] ; :: thesis: S1[k + 1]
set l = IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k);
A6: IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) in dom I by A3, Def7;
then (s +* (I +* (Start-At 0 ,SCM+FSA ))) . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) = I . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) by A2, GRFUNC_1:8;
then (s +* (I +* (Start-At 0 ,SCM+FSA ))) . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) in rng I by A6, FUNCT_1:def 5;
then A7: (s +* (I +* (Start-At 0 ,SCM+FSA ))) . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) does_not_destroy a by A1, Def4;
Y: (ProgramPart (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) /. (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) = (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) by AMI_1:150;
T: ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA ))) = ProgramPart (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) by AMI_1:144;
(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),(k + 1)) . a = (Following (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) . a by AMI_1:14
.= (Exec (CurInstr (ProgramPart (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)),(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)),(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) . a by AMI_1:def 18, T
.= (Exec ((Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k) . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k))),(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) . a by AMI_1:def 16, Y
.= (Exec ((s +* (I +* (Start-At 0 ,SCM+FSA ))) . (IC (Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k))),(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),k)) . a by AMI_1:54
.= s . a by A5, A7, Th26 ;
hence S1[k + 1] ; :: thesis: verum
end;
A8: not a in dom (I +* (Start-At 0 ,SCM+FSA )) by SCMFSA6B:12;
(Comput (ProgramPart (s +* (I +* (Start-At 0 ,SCM+FSA )))),(s +* (I +* (Start-At 0 ,SCM+FSA ))),0 ) . a = (s +* (I +* (Start-At 0 ,SCM+FSA ))) . a by AMI_1:13
.= s . a by A8, FUNCT_4:12 ;
then A9: S1[ 0 ] ;
thus for k being Element of NAT holds S1[k] from NAT_1:sch 1(A9, A4); :: thesis: verum