let a be read-write Int-Location ; :: thesis: for s being State of SCM+FSA st a <> intloc (3 + 1) & a <> intloc (1 + 1) holds
(IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = s . a
let s be State of SCM+FSA; :: thesis: ( a <> intloc (3 + 1) & a <> intloc (1 + 1) implies (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = s . a )
assume that
A1: a <> intloc (3 + 1) and
A2: a <> intloc (1 + 1) ; :: thesis: (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = s . a
set s1 = Exec ((AddTo ((intloc (3 + 1)),(intloc 0))),(Initialized s));
set s2 = IExec (((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))),s);
A3: (Exec ((AddTo ((intloc (3 + 1)),(intloc 0))),(Initialized s))) . a = (Initialized s) . a by A1, SCMFSA_2:90
.= s . a by SCMFSA6C:3 ;
A4: (IExec (((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))),s)) . a = (Exec ((SubFrom ((intloc (1 + 1)),(intloc 0))),(Exec ((AddTo ((intloc (3 + 1)),(intloc 0))),(Initialized s))))) . a by SCMFSA6C:9
.= s . a by A2, A3, SCMFSA_2:91 ;
per cases ( s . (intloc (4 + 1)) > 0 or s . (intloc (4 + 1)) <= 0 ) ;
suppose s . (intloc (4 + 1)) > 0 ; :: thesis: (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = s . a
hence (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = (IExec ((Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),s)) . a by SCM_HALT:54
.= (Exec ((SubFrom ((intloc (1 + 1)),(intloc (1 + 1)))),(Initialized s))) . a by SCMFSA6C:6
.= (Initialized s) . a by A2, SCMFSA_2:91
.= s . a by SCMFSA6C:3 ;
:: thesis: verum
end;
suppose s . (intloc (4 + 1)) <= 0 ; :: thesis: (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = s . a
hence (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ';' (SubFrom ((intloc (1 + 1)),(intloc 0)))))),s)) . a = s . a by A4, SCM_HALT:54; :: thesis: verum
end;
end;