set i = AddTo GBP ,3,1;
set I = Load (AddTo GBP ,3,1);
set FD = for-down GBP ,2,1,(Load (AddTo GBP ,3,1));
set a = intpos 3;
let s be State of SCMPDS ; :: thesis: for n being Element of NAT st s . GBP = 0 & s . (intpos 2) = n & s . (intpos 3) = 0 holds
(IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = n
let n be Element of NAT ; :: thesis: ( s . GBP = 0 & s . (intpos 2) = n & s . (intpos 3) = 0 implies (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = n )
assume that
A1: s . GBP = 0 and
A2: s . (intpos 2) = n and
A3: s . (intpos 3) = 0 ; :: thesis: (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = n
defpred S1[ Element of NAT ] means for s being State of SCMPDS st s . (intpos 2) = $1 & s . GBP = 0 holds
(IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = $1 + (s . (intpos 3));
A4: now
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume A5: S1[k] ; :: thesis: S1[k + 1]
now
let s be State of SCMPDS ; :: thesis: ( s . (intpos 2) = k + 1 & s . GBP = 0 implies (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = (k + 1) + (s . (intpos 3)) )
assume that
A7: s . (intpos 2) = k + 1 and
A8: s . GBP = 0 ; :: thesis: (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = (k + 1) + (s . (intpos 3))
GBP <> DataLoc (s . GBP ),2 by A7, A8, SCMP_GCD:5;
then A9: not DataLoc (s . GBP ),2 in {GBP } by TARSKI:def 1;
A10: now
set cv = DataLoc (s . GBP ),2;
let t be State of SCMPDS ; :: thesis: ( ( for x being Int_position st x in {GBP } holds
t . x = s . x ) & t . GBP = s . GBP implies ( (IExec (Load (AddTo GBP ,3,1)),t) . GBP = t . GBP & (IExec (Load (AddTo GBP ,3,1)),t) . (DataLoc (s . GBP ),2) = t . (DataLoc (s . GBP ),2) & Load (AddTo GBP ,3,1) is_closed_on t & Load (AddTo GBP ,3,1) is_halting_on t & ( for y being Int_position st y in {GBP } holds
(IExec (Load (AddTo GBP ,3,1)),t) . y = t . y ) ) )
assume that
for x being Int_position st x in {GBP } holds
t . x = s . x and
A11: t . GBP = s . GBP ; :: thesis: ( (IExec (Load (AddTo GBP ,3,1)),t) . GBP = t . GBP & (IExec (Load (AddTo GBP ,3,1)),t) . (DataLoc (s . GBP ),2) = t . (DataLoc (s . GBP ),2) & Load (AddTo GBP ,3,1) is_closed_on t & Load (AddTo GBP ,3,1) is_halting_on t & ( for y being Int_position st y in {GBP } holds
(IExec (Load (AddTo GBP ,3,1)),t) . y = t . y ) )
set t0 = Initialize t;
(Initialize t) . GBP = 0 by A8, A11, SCMPDS_5:40;
then A12: DataLoc ((Initialize t) . GBP ),3 = intpos (0 + 3) by SCMP_GCD:5;
then A13: DataLoc (s . GBP ),2 <> DataLoc ((Initialize t) . GBP ),3 by A7, A8, AMI_3:52, SCMP_GCD:5;
thus A14: (IExec (Load (AddTo GBP ,3,1)),t) . GBP = (Exec (AddTo GBP ,3,1),(Initialize t)) . GBP by SCMPDS_5:45
.= (Initialize t) . GBP by A12, AMI_3:52, SCMPDS_2:60
.= t . GBP by SCMPDS_5:40 ; :: thesis: ( (IExec (Load (AddTo GBP ,3,1)),t) . (DataLoc (s . GBP ),2) = t . (DataLoc (s . GBP ),2) & Load (AddTo GBP ,3,1) is_closed_on t & Load (AddTo GBP ,3,1) is_halting_on t & ( for y being Int_position st y in {GBP } holds
(IExec (Load (AddTo GBP ,3,1)),t) . y = t . y ) )
thus (IExec (Load (AddTo GBP ,3,1)),t) . (DataLoc (s . GBP ),2) = (Exec (AddTo GBP ,3,1),(Initialize t)) . (DataLoc (s . GBP ),2) by SCMPDS_5:45
.= (Initialize t) . (DataLoc (s . GBP ),2) by A13, SCMPDS_2:60
.= t . (DataLoc (s . GBP ),2) by SCMPDS_5:40 ; :: thesis: ( Load (AddTo GBP ,3,1) is_closed_on t & Load (AddTo GBP ,3,1) is_halting_on t & ( for y being Int_position st y in {GBP } holds
(IExec (Load (AddTo GBP ,3,1)),t) . y = t . y ) )
thus ( Load (AddTo GBP ,3,1) is_closed_on t & Load (AddTo GBP ,3,1) is_halting_on t ) by SCMPDS_6:34, SCMPDS_6:35; :: thesis: for y being Int_position st y in {GBP } holds
(IExec (Load (AddTo GBP ,3,1)),t) . y = t . y
hereby :: thesis: verum
let y be Int_position ; :: thesis: ( y in {GBP } implies (IExec (Load (AddTo GBP ,3,1)),t) . y = t . y )
assume y in {GBP } ; :: thesis: (IExec (Load (AddTo GBP ,3,1)),t) . y = t . y
then y = GBP by TARSKI:def 1;
hence (IExec (Load (AddTo GBP ,3,1)),t) . y = t . y by A14; :: thesis: verum
end;
end;
set j = AddTo GBP ,2,(- 1);
set s0 = Initialize s;
set s1 = IExec (Load (AddTo GBP ,3,1)),s;
set s2 = IExec ((Load (AddTo GBP ,3,1)) ';' (AddTo GBP ,2,(- 1))),s;
set l2 = intpos 2;
A15: (Initialize s) . GBP = 0 by A8, SCMPDS_5:40;
then A16: DataLoc ((Initialize s) . GBP ),3 = intpos (0 + 3) by SCMP_GCD:5;
A17: (IExec (Load (AddTo GBP ,3,1)),s) . GBP = (Exec (AddTo GBP ,3,1),(Initialize s)) . GBP by SCMPDS_5:45
.= 0 by A15, A16, AMI_3:52, SCMPDS_2:60 ;
then A18: DataLoc ((IExec (Load (AddTo GBP ,3,1)),s) . GBP ),2 = intpos (0 + 2) by SCMP_GCD:5;
A19: (IExec ((Load (AddTo GBP ,3,1)) ';' (AddTo GBP ,2,(- 1))),s) . (intpos 2) = (Exec (AddTo GBP ,2,(- 1)),(IExec (Load (AddTo GBP ,3,1)),s)) . (intpos 2) by SCMPDS_5:46
.= ((IExec (Load (AddTo GBP ,3,1)),s) . (intpos 2)) + (- 1) by A18, SCMPDS_2:60
.= ((Exec (AddTo GBP ,3,1),(Initialize s)) . (intpos 2)) + (- 1) by SCMPDS_5:45
.= ((Initialize s) . (intpos 2)) + (- 1) by A16, AMI_3:52, SCMPDS_2:60
.= (k + 1) + (- 1) by A7, SCMPDS_5:40
.= k ;
A20: (IExec ((Load (AddTo GBP ,3,1)) ';' (AddTo GBP ,2,(- 1))),s) . (intpos 3) = (Exec (AddTo GBP ,2,(- 1)),(IExec (Load (AddTo GBP ,3,1)),s)) . (intpos 3) by SCMPDS_5:46
.= (IExec (Load (AddTo GBP ,3,1)),s) . (intpos 3) by A18, AMI_3:52, SCMPDS_2:60
.= (Exec (AddTo GBP ,3,1),(Initialize s)) . (intpos 3) by SCMPDS_5:45
.= ((Initialize s) . (intpos 3)) + 1 by A16, SCMPDS_2:60
.= (s . (intpos 3)) + 1 by SCMPDS_5:40 ;
A21: (IExec ((Load (AddTo GBP ,3,1)) ';' (AddTo GBP ,2,(- 1))),s) . GBP = (Exec (AddTo GBP ,2,(- 1)),(IExec (Load (AddTo GBP ,3,1)),s)) . GBP by SCMPDS_5:46
.= 0 by A17, A18, AMI_3:52, SCMPDS_2:60 ;
DataLoc (s . GBP ),2 = intpos (0 + 2) by A8, SCMP_GCD:5;
hence (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),(IExec ((Load (AddTo GBP ,3,1)) ';' (AddTo GBP ,2,(- 1))),s)) . (intpos 3) by A7, A8, A9, A10, Th68
.= k + ((IExec ((Load (AddTo GBP ,3,1)) ';' (AddTo GBP ,2,(- 1))),s) . (intpos 3)) by A5, A19, A21
.= (k + 1) + (s . (intpos 3)) by A20 ;
:: thesis: verum
end;
hence S1[k + 1] ; :: thesis: verum
end;
A22: S1[ 0 ]
proof
let s be State of SCMPDS ; :: thesis: ( s . (intpos 2) = 0 & s . GBP = 0 implies (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = 0 + (s . (intpos 3)) )
assume that
A23: s . (intpos 2) = 0 and
A24: s . GBP = 0 ; :: thesis: (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = 0 + (s . (intpos 3))
DataLoc (s . GBP ),2 = intpos (0 + 2) by A24, SCMP_GCD:5;
hence (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = 0 + (s . (intpos 3)) by A23, Th66; :: thesis: verum
end;
for k being Element of NAT holds S1[k] from NAT_1:sch 1(A22, A4);
 hence (IExec (for-down GBP ,2,1,(Load (AddTo GBP ,3,1))),s) . (intpos 3) = n + 0 by A1, A2, A3
.= n ;
:: thesis: verum