let s be State of SCM+FSA ; :: thesis: for a being Int-Location
for J being good Program of SCM+FSA st ProperTimesBody a,J,s holds
for k being Element of NAT st k <= s . a holds
((StepTimes a,J,s) . k) . (intloc 0 ) = 1
let a be Int-Location ; :: thesis: for J being good Program of SCM+FSA st ProperTimesBody a,J,s holds
for k being Element of NAT st k <= s . a holds
((StepTimes a,J,s) . k) . (intloc 0 ) = 1
let J be good Program of SCM+FSA ; :: thesis: ( ProperTimesBody a,J,s implies for k being Element of NAT st k <= s . a holds
((StepTimes a,J,s) . k) . (intloc 0 ) = 1 )
set I = J;
set ST = StepTimes a,J,s;
set au = 1 -stRWNotIn ({a} \/ (UsedIntLoc J));
set Is = Initialized s;
defpred S1[ Element of NAT ] means ( $1 <= s . a implies ((StepTimes a,J,s) . $1) . (intloc 0 ) = 1 );
assume A1: ProperTimesBody a,J,s ; :: thesis: for k being Element of NAT st k <= s . a holds
((StepTimes a,J,s) . k) . (intloc 0 ) = 1
A2: for k being Element of NAT st S1[k] holds
S1[k + 1]
proof
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume that
A3: ( k <= s . a implies ((StepTimes a,J,s) . k) . (intloc 0 ) = 1 ) and
A4: k + 1 <= s . a ; :: thesis: ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1
reconsider sa = s . a as Element of NAT by A4, INT_1:16;
A5: k < sa by A4, NAT_1:13;
then ( J is_closed_on (StepTimes a,J,s) . k & J is_halting_on (StepTimes a,J,s) . k ) by A1, Def3;
hence ((StepTimes a,J,s) . (k + 1)) . (intloc 0 ) = 1 by A3, A5, Th12; :: thesis: verum
end;
A6: S1[ 0 ]
proof
assume 0 <= s . a ; :: thesis: ((StepTimes a,J,s) . 0 ) . (intloc 0 ) = 1
thus ((StepTimes a,J,s) . 0 ) . (intloc 0 ) = (Exec ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s)) . (intloc 0 ) by SCMFSA_9:def 5
.= (Initialized s) . (intloc 0 ) by SCMFSA_2:89
.= 1 by SCMFSA6C:3 ; :: thesis: verum
end;
thus for k being Element of NAT holds S1[k] from NAT_1:sch 1(A6, A2); :: thesis: verum