set b = DataLoc ((F2() . F4()),F5());
set WHL = while>0 (F4(),F5(),F3());
defpred S1[ Element of NAT ] means for t being State of SCMPDS st F1((Dstate t)) <= $1 & t . F4() = F2() . F4() & P1[ Dstate t] holds
( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),t)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),t))] );
A5: S1[ 0 ]
proof
let t be State of SCMPDS; :: thesis: ( F1((Dstate t)) <= 0 & t . F4() = F2() . F4() & P1[ Dstate t] implies ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),t)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),t))] ) )
assume that
A6: F1((Dstate t)) <= 0 and
A7: t . F4() = F2() . F4() and
A8: P1[ Dstate t] ; :: thesis: ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),t)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),t))] )
F1((Dstate t)) >= 0 by NAT_1:2;
then A9: F1((Dstate t)) = 0 by A6, XXREAL_0:1;
then t . (DataLoc ((F2() . F4()),F5())) <= 0 by A2, A8;
then for b being Int_position holds (IExec ((while>0 (F4(),F5(),F3())),t)) . b = t . b by A7, SCMPDS_8:23;
hence ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),t)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),t))] ) by A8, A9, SCPISORT:5; :: thesis: verum
end;
A10: now
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume A11: S1[k] ; :: thesis: S1[k + 1]
now
let u be State of SCMPDS; :: thesis: ( F1((Dstate u)) <= k + 1 & u . F4() = F2() . F4() & P1[ Dstate u] implies ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),b1)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),b1))] ) )
assume that
A12: F1((Dstate u)) <= k + 1 and
A13: u . F4() = F2() . F4() and
A14: P1[ Dstate u] ; :: thesis: ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),b1)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),b1))] )
per cases ( F1((Dstate u)) = 0 or F1((Dstate u)) <> 0 ) ;
suppose F1((Dstate u)) = 0 ; :: thesis: ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),b1)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),b1))] )
hence ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),u)))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),u))] ) by A5, A13, A14; :: thesis: verum
end;
suppose A15: F1((Dstate u)) <> 0 ; :: thesis: ( H1( Dstate (IExec ((while>0 (F4(),F5(),F3())),b1))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),b1))] )
set Iu = IExec (F3(),u);
A16: u . (DataLoc ((F2() . F4()),F5())) > 0 by A2, A14, A15;
then A17: ( (IExec (F3(),u)) . F4() = F2() . F4() & P1[ Dstate (IExec (F3(),u))] ) by A4, A13, A14;
deffunc H1( State of SCMPDS) -> Element of NAT = F1($1);
A18: P1[ Dstate u] by A14;
A19: for t being State of SCMPDS st P1[ Dstate t] & H1( Dstate t) = 0 holds
t . (DataLoc ((u . F4()),F5())) <= 0 by A2, A13;
H1( Dstate (IExec (F3(),u))) < H1( Dstate u) by A4, A13, A14, A16;
then H1( Dstate (IExec (F3(),u))) + 1 <= H1( Dstate u) by INT_1:20;
then H1( Dstate (IExec (F3(),u))) + 1 <= k + 1 by A12, XXREAL_0:2;
then A20: H1( Dstate (IExec (F3(),u))) <= k by XREAL_1:8;
A21: for t being State of SCMPDS st P1[ Dstate t] & t . F4() = u . F4() & t . (DataLoc ((u . F4()),F5())) > 0 holds
( (IExec (F3(),t)) . F4() = t . F4() & F3() is_closed_on t & F3() is_halting_on t & H1( Dstate (IExec (F3(),t))) < H1( Dstate t) & P1[ Dstate (IExec (F3(),t))] ) by A4, A13;
A22: u . (DataLoc ((u . F4()),F5())) > 0 by A2, A13, A14, A15;
( ( H1(u) = H1(u) or P1[u] ) & IExec ((while>0 (F4(),F5(),F3())),u) = IExec ((while>0 (F4(),F5(),F3())),(IExec (F3(),u))) ) from SCMPDS_8:sch 4(A1, A22, A19, A18, A21);
hence ( H1( Dstate (IExec ((while>0 (F4(),F5(),F3())),u))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),u))] ) by A11, A20, A17; :: thesis: verum
end;
end;
end;
hence S1[k + 1] ; :: thesis: verum
end;
for k being Element of NAT holds S1[k] from NAT_1:sch 1(A5, A10);
 then S1[F1((Dstate F2()))] ;
hence ( F1((Dstate (IExec ((while>0 (F4(),F5(),F3())),F2())))) = 0 & P1[ Dstate (IExec ((while>0 (F4(),F5(),F3())),F2()))] ) by A3; :: thesis: verum