let s be State of SCMPDS ; :: thesis: for I, J being Program of SCMPDS
for k being Element of NAT st I is_closed_on s & I is_halting_on s & k <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) holds
Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),k, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),k equal_outside NAT
let I, J be Program of SCMPDS ; :: thesis: for k being Element of NAT st I is_closed_on s & I is_halting_on s & k <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) holds
Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),k, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),k equal_outside NAT
let k be Element of NAT ; :: thesis: ( I is_closed_on s & I is_halting_on s & k <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) implies Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),k, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),k equal_outside NAT )
set spI = stop I;
set s1 = (Initialize s) +* (stop I);
set s2 = (Initialize s) +* (I ';' J);
set n = LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I));
assume that
A1: I is_closed_on s and
A2: I is_halting_on s ; :: thesis: ( not k <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) or Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),k, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),k equal_outside NAT )
assume A3: k <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) ; :: thesis: Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),k, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),k equal_outside NAT
defpred S1[ Element of NAT ] means ( $1 <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) implies Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),$1, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),$1 equal_outside NAT );
A6: for m being Element of NAT st S1[m] holds
S1[m + 1]
proof
let m be Element of NAT ; :: thesis: ( S1[m] implies S1[m + 1] )
assume A7: ( m <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) implies Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m equal_outside NAT ) ; :: thesis: S1[m + 1]
T: ProgramPart ((Initialize s) +* (stop I)) = ProgramPart (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) by AMI_1:123;
A8: Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),(m + 1) = Following (ProgramPart ((Initialize s) +* (stop I))),(Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) by AMI_1:14
.= Exec (CurInstr (ProgramPart (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)),(Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)),(Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) by T ;
A9: IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) in dom (stop I) by A1, SCMPDS_6:def 2;
T: ProgramPart ((Initialize s) +* (I ';' J)) = ProgramPart (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m) by AMI_1:123;
A10: Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),(m + 1) = Following (ProgramPart ((Initialize s) +* (I ';' J))),(Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m) by AMI_1:14
.= Exec (CurInstr (ProgramPart (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m)),(Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m)),(Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m) by T ;
assume A11: m + 1 <= LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) ; :: thesis: Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),(m + 1), Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),(m + 1) equal_outside NAT
then m < LifeSpan (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)) by NAT_1:13;
then A12: IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) in dom I by A1, A2, SCMPDS_6:40;
then A13: IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) in dom (I ';' J) by FUNCT_4:13;
Y: (ProgramPart (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) /. (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) = (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by COMPOS_1:38;
Z: (ProgramPart (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m)) /. (IC (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m)) = (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m) . (IC (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m)) by COMPOS_1:38;
CurInstr (ProgramPart (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)),(Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m) = ((Initialize s) +* (stop I)) . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by Y, AMI_1:54
.= (stop I) . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by A9, FUNCT_4:14
.= I . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by A12, SCMPDS_4:37
.= (I ';' J) . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by A12, SCMPDS_4:37
.= ((Initialize s) +* (I ';' J)) . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by A13, FUNCT_4:14
.= (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m) . (IC (Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),m)) by AMI_1:54
.= CurInstr (ProgramPart (Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m)),(Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),m) by A7, A11, Z, COMPOS_1:24, NAT_1:13 ;
hence Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),(m + 1), Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),(m + 1) equal_outside NAT by A7, A11, A10, A8, NAT_1:13, SCMPDS_4:15; :: thesis: verum
end;
A14: Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),0 = (Initialize s) +* (I ';' J) by AMI_1:13;
A15: Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),0 = (Initialize s) +* (stop I) by AMI_1:13;
A16: Initialize s,(Initialize s) +* (I ';' J) equal_outside NAT by FUNCT_7:132;
(Initialize s) +* (stop I), Initialize s equal_outside NAT by FUNCT_7:28, FUNCT_7:132;
then A17: S1[ 0 ] by A16, A15, A14, FUNCT_7:29;
for k being Element of NAT holds S1[k] from NAT_1:sch 1(A17, A6);
 hence Comput (ProgramPart ((Initialize s) +* (stop I))),((Initialize s) +* (stop I)),k, Comput (ProgramPart ((Initialize s) +* (I ';' J))),((Initialize s) +* (I ';' J)),k equal_outside NAT by A3; :: thesis: verum