set b = DataLoc ((F1() . F3()),F4());
set FR = for-down (F3(),F4(),F5(),F2());
defpred S1[ Nat] means for t being State of SCMPDS st t . (DataLoc ((F1() . F3()),F4())) <= $1 & t . F3() = F1() . F3() & P1[ Dstate t] holds
( (IExec ((for-down (F3(),F4(),F5(),F2())),t)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),t))] );
A4: S1[ 0 ]
proof
let t be State of SCMPDS; :: thesis: ( t . (DataLoc ((F1() . F3()),F4())) <= 0 & t . F3() = F1() . F3() & P1[ Dstate t] implies ( (IExec ((for-down (F3(),F4(),F5(),F2())),t)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),t))] ) )
assume that
A5: ( t . (DataLoc ((F1() . F3()),F4())) <= 0 & t . F3() = F1() . F3() ) and
A6: P1[ Dstate t] ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),t)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),t))] )
thus (IExec ((for-down (F3(),F4(),F5(),F2())),t)) . (DataLoc ((F1() . F3()),F4())) <= 0 by A5, SCMPDS_7:66; :: thesis: P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),t))]
for x being Int_position holds (IExec ((for-down (F3(),F4(),F5(),F2())),t)) . x = t . x by A5, SCMPDS_7:66;
hence P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),t))] by A6, Th5; :: thesis: verum
end;
A7: now
let k be Element of NAT ; :: thesis: ( S1[k] implies S1[k + 1] )
assume A8: S1[k] ; :: thesis: S1[k + 1]
now
let u be State of SCMPDS; :: thesis: ( u . (DataLoc ((F1() . F3()),F4())) <= k + 1 & u . F3() = F1() . F3() & P1[ Dstate u] implies ( (IExec ((for-down (F3(),F4(),F5(),F2())),b1)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),b1))] ) )
assume that
A9: u . (DataLoc ((F1() . F3()),F4())) <= k + 1 and
A10: u . F3() = F1() . F3() and
A11: P1[ Dstate u] ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),b1)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),b1))] )
per cases ( u . (DataLoc ((F1() . F3()),F4())) <= 0 or u . (DataLoc ((F1() . F3()),F4())) > 0 ) ;
suppose u . (DataLoc ((F1() . F3()),F4())) <= 0 ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),b1)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),b1))] )
hence ( (IExec ((for-down (F3(),F4(),F5(),F2())),u)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),u))] ) by A4, A10, A11; :: thesis: verum
end;
suppose A12: u . (DataLoc ((F1() . F3()),F4())) > 0 ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),b1)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),b1))] )
set Ad = AddTo (F3(),F4(),(- F5()));
set Iu = IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u);
A13: ( (IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u)) . F3() = F1() . F3() & P1[ Dstate (IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u))] ) by A3, A10, A11, A12;
(IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u)) . (DataLoc ((F1() . F3()),F4())) = (u . (DataLoc ((F1() . F3()),F4()))) - F5() by A3, A10, A11, A12;
then ((IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u)) . (DataLoc ((F1() . F3()),F4()))) + 1 <= u . (DataLoc ((F1() . F3()),F4())) by A1, INT_1:20, XREAL_1:46;
then ((IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u)) . (DataLoc ((F1() . F3()),F4()))) + 1 <= k + 1 by A9, XXREAL_0:2;
then A14: (IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u)) . (DataLoc ((F1() . F3()),F4())) <= k by XREAL_1:8;
A15: P1[ Dstate u] by A11;
A16: for t being State of SCMPDS st P1[ Dstate t] & t . F3() = u . F3() & t . (DataLoc ((u . F3()),F4())) > 0 holds
( (IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),t)) . F3() = t . F3() & (IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),t)) . (DataLoc ((u . F3()),F4())) = (t . (DataLoc ((u . F3()),F4()))) - F5() & F2() is_closed_on t & F2() is_halting_on t & P1[ Dstate (IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),t))] ) by A3, A10;
A17: u . (DataLoc ((u . F3()),F4())) > 0 by A10, A12;
( ( P1[u] or not P1[u] ) & IExec ((for-down (F3(),F4(),F5(),F2())),u) = IExec ((for-down (F3(),F4(),F5(),F2())),(IExec ((F2() ';' (AddTo (F3(),F4(),(- F5())))),u))) ) from SCPISORT:sch 2(A1, A17, A15, A16);
hence ( (IExec ((for-down (F3(),F4(),F5(),F2())),u)) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),u))] ) by A8, A14, A13; :: thesis: verum
end;
end;
end;
hence S1[k + 1] ; :: thesis: verum
end;
A18: for k being Element of NAT holds S1[k] from NAT_1:sch 1(A4, A7);
 thus ( P1[F1()] or not P1[F1()] ) ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),F1())) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),F1()))] )
per cases ( F1() . (DataLoc ((F1() . F3()),F4())) > 0 or F1() . (DataLoc ((F1() . F3()),F4())) <= 0 ) ;
suppose F1() . (DataLoc ((F1() . F3()),F4())) > 0 ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),F1())) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),F1()))] )
then reconsider m = F1() . (DataLoc ((F1() . F3()),F4())) as Element of NAT by INT_1:16;
S1[m] by A18;
hence ( (IExec ((for-down (F3(),F4(),F5(),F2())),F1())) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),F1()))] ) by A2; :: thesis: verum
end;
suppose F1() . (DataLoc ((F1() . F3()),F4())) <= 0 ; :: thesis: ( (IExec ((for-down (F3(),F4(),F5(),F2())),F1())) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),F1()))] )
hence ( (IExec ((for-down (F3(),F4(),F5(),F2())),F1())) . (DataLoc ((F1() . F3()),F4())) <= 0 & P1[ Dstate (IExec ((for-down (F3(),F4(),F5(),F2())),F1()))] ) by A2, A4; :: thesis: verum
end;
end;