let s be State of SCM+FSA ; :: thesis: for a being Int-Location
for J being good Program of SCM+FSA st ProperTimesBody a,J,s & 0 <= s . a & ( s . (intloc 0 ) = 1 or not a is read-only ) holds
for k being Element of NAT st k >= s . a holds
( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 )
let a be Int-Location ; :: thesis: for J being good Program of SCM+FSA st ProperTimesBody a,J,s & 0 <= s . a & ( s . (intloc 0 ) = 1 or not a is read-only ) holds
for k being Element of NAT st k >= s . a holds
( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 )
let J be good Program of SCM+FSA ; :: thesis: ( ProperTimesBody a,J,s & 0 <= s . a & ( s . (intloc 0 ) = 1 or not a is read-only ) implies for k being Element of NAT st k >= s . a holds
( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 ) )
set I = J;
assume that
A1: ProperTimesBody a,J,s and
A2: 0 <= s . a and
A3: ( s . (intloc 0 ) = 1 or not a is read-only ) ; :: thesis: for k being Element of NAT st k >= s . a holds
( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 )
set au = 1 -stRWNotIn ({a} \/ (UsedIntLoc J));
set ST = StepTimes a,J,s;
set SW = StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s));
defpred S1[ Nat] means ( $1 >= s . a implies ( ((StepTimes a,J,s) . $1) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . $1) . (intloc 0 ) = 1 ) );
A4: for k being Element of NAT st S1[k] holds
S1[k + 1]
proof
reconsider sa = s . a as Element of NAT by A2, INT_1:16;
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume that
A5: ( k >= s . a implies ( ((StepTimes a,J,s) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 ) ) and
A6: k + 1 >= s . a ; :: thesis: ( ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 )
per cases ( k + 1 = sa or k + 1 > sa ) by A6, XXREAL_0:1;
suppose A7: k + 1 = sa ; :: thesis: ( ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 )
then (((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + (k + 1) = s . a by A1, A3, Th17;
hence ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 by A7; :: thesis: ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1
thus ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 by A1, A7, Th16; :: thesis: verum
end;
suppose A8: k + 1 > sa ; :: thesis: ( ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 )
then A9: DataPart ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . (k + 1)) = DataPart ((StepWhile>0 (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom (1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0 ))),(Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialize s))) . k) by A5, NAT_1:13, SCMFSA9A:37;
hence ((StepTimes a,J,s) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 by A5, A8, NAT_1:13, SCMFSA6A:38; :: thesis: ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1
thus ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 by A5, A8, A9, NAT_1:13, SCMFSA6A:38; :: thesis: verum
end;
end;
end;
A10: S1[ 0 ]
proof
assume A11: 0 >= s . a ; :: thesis: ( ((StepTimes a,J,s) . 0 ) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = 0 & ((StepTimes a,J,s) . 0 ) . (intloc 0 ) = 1 )
thus ((StepTimes a,J,s) . 0 ) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes a,J,s) . 0 ) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + 0
.= 0 by A1, A2, A3, A11, Th17 ; :: thesis: ((StepTimes a,J,s) . 0 ) . (intloc 0 ) = 1
thus ((StepTimes a,J,s) . 0 ) . (intloc 0 ) = 1 by A1, A2, Th16; :: thesis: verum
end;
thus for k being Element of NAT holds S1[k] from NAT_1:sch 1(A10, A4); :: thesis: verum