let s be State of SCM+FSA ; :: thesis: for I being InitHalting keepInt0_1 Program of SCM+FSA
for a being read-write Int-Location st not I destroysdestroy a holds
(Comput (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))),(LifeSpan (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))))) . a = (s . a) - 1
let I be InitHalting keepInt0_1 Program of SCM+FSA ; :: thesis: for a being read-write Int-Location st not I destroysdestroy a holds
(Comput (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))),(LifeSpan (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))))) . a = (s . a) - 1
let a be read-write Int-Location ; :: thesis: ( not I destroysdestroy a implies (Comput (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))),(LifeSpan (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))))) . a = (s . a) - 1 )
assume A1: not I destroysdestroy a ; :: thesis: (Comput (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))),(LifeSpan (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))))) . a = (s . a) - 1
set s0 = Initialized s;
set s1 = (Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ));
A2: not a in dom (I +* (Start-At 0 ,SCM+FSA )) by SCMFSA6B:12;
(IExec (I ';' (SubFrom a,(intloc 0 ))),s) . a = (Exec (SubFrom a,(intloc 0 )),(IExec I,s)) . a by Th33
.= ((IExec I,s) . a) - ((IExec I,s) . (intloc 0 )) by SCMFSA_2:91
.= ((IExec I,s) . a) - 1 by Th17
.= ((Comput (ProgramPart ((Initialized s) +* (I +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* (I +* (Start-At 0 ,SCM+FSA ))),0 ) . a) - 1 by A1, Th62
.= (((Initialized s) +* (I +* (Start-At 0 ,SCM+FSA ))) . a) - 1 by AMI_1:13
.= ((Initialized s) . a) - 1 by A2, FUNCT_4:12 ;
hence (Comput (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))),(LifeSpan (ProgramPart ((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA )))),((Initialized s) +* ((I ';' (SubFrom a,(intloc 0 ))) +* (Start-At 0 ,SCM+FSA ))))) . a = ((Initialized s) . a) - 1 by Th61
.= (s . a) - 1 by SCMFSA6C:3 ;
:: thesis: verum