set b = DataLoc (F2() . F4()),F5();
set WHL = while<0 F4(),F5(),F3();
defpred S1[ Element of NAT ] means for t being State of SCMPDS st F1((Dstate t)) <= $1 & t . F4() = F2() . F4() & P1[ Dstate t] holds
( F1((Dstate (IExec (while<0 F4(),F5(),F3()),t))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),t)] );
A5: S1[ 0 ]
proof
let t be State of SCMPDS ; :: thesis: ( F1((Dstate t)) <= 0 & t . F4() = F2() . F4() & P1[ Dstate t] implies ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),t))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),t)] ) )
assume that
A6: F1((Dstate t)) <= 0 and
A7: t . F4() = F2() . F4() and
A8: P1[ Dstate t] ; :: thesis: ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),t))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),t)] )
F1((Dstate t)) >= 0 by NAT_1:2;
then A9: F1((Dstate t)) = 0 by A6, XXREAL_0:1;
then t . (DataLoc (F2() . F4()),F5()) >= 0 by A2, A8;
then for b being Int_position holds (IExec (while<0 F4(),F5(),F3()),t) . b = t . b by A7, SCMPDS_8:12;
hence ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),t))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),t)] ) by A8, A9, SCPISORT:5; :: thesis: verum
end;
A10: now
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume A11: S1[k] ; :: thesis: S1[k + 1]
now
let u be State of SCMPDS ; :: thesis: ( F1((Dstate u)) <= k + 1 & u . F4() = F2() . F4() & P1[ Dstate u] implies ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),b1))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),b1)] ) )
assume that
A12: F1((Dstate u)) <= k + 1 and
A13: u . F4() = F2() . F4() and
A14: P1[ Dstate u] ; :: thesis: ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),b1))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),b1)] )
per cases ( F1((Dstate u)) = 0 or F1((Dstate u)) <> 0 ) ;
suppose F1((Dstate u)) = 0 ; :: thesis: ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),b1))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),b1)] )
hence ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),u))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),u)] ) by A5, A13, A14; :: thesis: verum
end;
suppose A15: F1((Dstate u)) <> 0 ; :: thesis: ( H1( Dstate (IExec (while<0 F4(),F5(),F3()),b1)) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),b1)] )
set Iu = IExec F3(),u;
A16: u . (DataLoc (F2() . F4()),F5()) < 0 by A2, A14, A15;
then A17: ( (IExec F3(),u) . F4() = F2() . F4() & P1[ Dstate (IExec F3(),u)] ) by A4, A13, A14;
deffunc H1( State of SCMPDS ) -> Element of NAT = F1($1);
A18: P1[ Dstate u] by A14;
A19: for t being State of SCMPDS st P1[ Dstate t] & H1( Dstate t) = 0 holds
t . (DataLoc (u . F4()),F5()) >= 0 by A2, A13;
H1( Dstate (IExec F3(),u)) < H1( Dstate u) by A4, A13, A14, A16;
then H1( Dstate (IExec F3(),u)) + 1 <= H1( Dstate u) by INT_1:20;
then H1( Dstate (IExec F3(),u)) + 1 <= k + 1 by A12, XXREAL_0:2;
then A20: H1( Dstate (IExec F3(),u)) <= k by XREAL_1:8;
A21: for t being State of SCMPDS st P1[ Dstate t] & t . F4() = u . F4() & t . (DataLoc (u . F4()),F5()) < 0 holds
( (IExec F3(),t) . F4() = t . F4() & F3() is_closed_on t & F3() is_halting_on t & H1( Dstate (IExec F3(),t)) < H1( Dstate t) & P1[ Dstate (IExec F3(),t)] ) by A4, A13;
A22: u . (DataLoc (u . F4()),F5()) < 0 by A2, A13, A14, A15;
( ( H1(u) = H1(u) or P1[u] ) & IExec (while<0 F4(),F5(),F3()),u = IExec (while<0 F4(),F5(),F3()),(IExec F3(),u) ) from SCMPDS_8:sch 2(A1, A22, A19, A18, A21);
hence ( H1( Dstate (IExec (while<0 F4(),F5(),F3()),u)) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),u)] ) by A11, A20, A17; :: thesis: verum
end;
end;
end;
hence S1[k + 1] ; :: thesis: verum
end;
for k being Element of NAT holds S1[k] from NAT_1:sch 1(A5, A10);
 then S1[F1((Dstate F2()))] ;
hence ( F1((Dstate (IExec (while<0 F4(),F5(),F3()),F2()))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),F2())] ) by A3; :: thesis: verum