set b = DataLoc (F1() . F3()),F4();
set FR = for-down F3(),F4(),F5(),F2();
defpred S1[ Nat] means for t being State of SCMPDS st t . (DataLoc (F1() . F3()),F4()) <= $1 & t . F3() = F1() . F3() & P1[ Dstate t] holds
( (IExec (for-down F3(),F4(),F5(),F2()),t) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),t)] );
A4: S1[ 0 ]
proof
let t be State of SCMPDS ; :: thesis: ( t . (DataLoc (F1() . F3()),F4()) <= 0 & t . F3() = F1() . F3() & P1[ Dstate t] implies ( (IExec (for-down F3(),F4(),F5(),F2()),t) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),t)] ) )
assume that
A5: ( t . (DataLoc (F1() . F3()),F4()) <= 0 & t . F3() = F1() . F3() ) and
A6: P1[ Dstate t] ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),t) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),t)] )
thus (IExec (for-down F3(),F4(),F5(),F2()),t) . (DataLoc (F1() . F3()),F4()) <= 0 by A5, SCMPDS_7:66; :: thesis: P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),t)]
for x being Int_position holds (IExec (for-down F3(),F4(),F5(),F2()),t) . x = t . x by A5, SCMPDS_7:66;
hence P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),t)] by A6, Th5; :: thesis: verum
end;
A7: now
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume A8: S1[k] ; :: thesis: S1[k + 1]
now
let u be State of SCMPDS ; :: thesis: ( u . (DataLoc (F1() . F3()),F4()) <= k + 1 & u . F3() = F1() . F3() & P1[ Dstate u] implies ( (IExec (for-down F3(),F4(),F5(),F2()),b1) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),b1)] ) )
assume that
A9: u . (DataLoc (F1() . F3()),F4()) <= k + 1 and
A10: u . F3() = F1() . F3() and
A11: P1[ Dstate u] ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),b1) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),b1)] )
per cases ( u . (DataLoc (F1() . F3()),F4()) <= 0 or u . (DataLoc (F1() . F3()),F4()) > 0 ) ;
suppose u . (DataLoc (F1() . F3()),F4()) <= 0 ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),b1) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),b1)] )
hence ( (IExec (for-down F3(),F4(),F5(),F2()),u) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),u)] ) by A4, A10, A11; :: thesis: verum
end;
suppose A12: u . (DataLoc (F1() . F3()),F4()) > 0 ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),b1) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),b1)] )
set Ad = AddTo F3(),F4(),(- F5());
set Iu = IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u;
A13: ( (IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u) . F3() = F1() . F3() & P1[ Dstate (IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u)] ) by A3, A10, A11, A12;
(IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u) . (DataLoc (F1() . F3()),F4()) = (u . (DataLoc (F1() . F3()),F4())) - F5() by A3, A10, A11, A12;
then ((IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u) . (DataLoc (F1() . F3()),F4())) + 1 <= u . (DataLoc (F1() . F3()),F4()) by A1, INT_1:20, XREAL_1:46;
then ((IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u) . (DataLoc (F1() . F3()),F4())) + 1 <= k + 1 by A9, XXREAL_0:2;
then A14: (IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u) . (DataLoc (F1() . F3()),F4()) <= k by XREAL_1:8;
A15: P1[ Dstate u] by A11;
A16: for t being State of SCMPDS st P1[ Dstate t] & t . F3() = u . F3() & t . (DataLoc (u . F3()),F4()) > 0 holds
( (IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),t) . F3() = t . F3() & (IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),t) . (DataLoc (u . F3()),F4()) = (t . (DataLoc (u . F3()),F4())) - F5() & F2() is_closed_on t & F2() is_halting_on t & P1[ Dstate (IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),t)] ) by A3, A10;
A17: u . (DataLoc (u . F3()),F4()) > 0 by A10, A12;
( ( P1[u] or not P1[u] ) & IExec (for-down F3(),F4(),F5(),F2()),u = IExec (for-down F3(),F4(),F5(),F2()),(IExec (F2() ';' (AddTo F3(),F4(),(- F5()))),u) ) from SCPISORT:sch 2(A1, A17, A15, A16);
hence ( (IExec (for-down F3(),F4(),F5(),F2()),u) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),u)] ) by A8, A14, A13; :: thesis: verum
end;
end;
end;
hence S1[k + 1] ; :: thesis: verum
end;
A18: for k being Element of NAT holds S1[k] from NAT_1:sch 1(A4, A7);
 thus ( P1[F1()] or not P1[F1()] ) ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),F1()) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),F1())] )
per cases ( F1() . (DataLoc (F1() . F3()),F4()) > 0 or F1() . (DataLoc (F1() . F3()),F4()) <= 0 ) ;
suppose F1() . (DataLoc (F1() . F3()),F4()) > 0 ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),F1()) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),F1())] )
then reconsider m = F1() . (DataLoc (F1() . F3()),F4()) as Element of NAT by INT_1:16;
S1[m] by A18;
hence ( (IExec (for-down F3(),F4(),F5(),F2()),F1()) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),F1())] ) by A2; :: thesis: verum
end;
suppose F1() . (DataLoc (F1() . F3()),F4()) <= 0 ; :: thesis: ( (IExec (for-down F3(),F4(),F5(),F2()),F1()) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),F1())] )
hence ( (IExec (for-down F3(),F4(),F5(),F2()),F1()) . (DataLoc (F1() . F3()),F4()) <= 0 & P1[ Dstate (IExec (for-down F3(),F4(),F5(),F2()),F1())] ) by A2, A4; :: thesis: verum
end;
end;