let s be State of SCM+FSA; :: thesis: for p being Instruction-Sequence of SCM+FSA
for a being Int-Location
for J being good Program of SCM+FSA
for k being Element of NAT st ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 & J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) & J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) holds
( ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 & ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let p be Instruction-Sequence of SCM+FSA; :: thesis: for a being Int-Location
for J being good Program of SCM+FSA
for k being Element of NAT st ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 & J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) & J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) holds
( ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 & ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let a be Int-Location ; :: thesis: for J being good Program of SCM+FSA
for k being Element of NAT st ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 & J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) & J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) holds
( ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 & ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let J be good Program of SCM+FSA; :: thesis: for k being Element of NAT st ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 & J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) & J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) holds
( ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 & ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
let k be Element of NAT ; :: thesis: ( ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 & J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) & J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) implies ( ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 & ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) ) )
set I = J;
assume that
A1: ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 and
A2: ( J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) & J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) ) ; :: thesis: ( ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 & ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 ) )
set ST = StepTimes (a,J,p,s);
A3: ( J is_closed_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) & J is_halting_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) ) by A1, A2, Th5;
set au = 1 -stRWNotIn ({a} \/ (UsedIntLoc J));
set SW = StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))));
A4: Macro (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))) is_closed_on IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k)),p +* (times* (a,J)) by SCMFSA7B:18;
Macro (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))) is_halting_on IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k)),p +* (times* (a,J)) by SCMFSA7B:19;
then A5: J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))) is_halting_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) by A3, A4, SFMASTR1:3;
hereby :: thesis: ( ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 implies ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 )
per cases ( ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) <= 0 or ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 ) ;
suppose ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) <= 0 ; :: thesis: ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1
then DataPart ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . (k + 1)) = DataPart ((StepTimes (a,J,p,s)) . k) by SCMFSA9A:31;
hence ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1 by A1, SCMFSA6A:7; :: thesis: verum
end;
suppose ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 ; :: thesis: ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = 1
then DataPart ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . (k + 1)) = DataPart (IExec ((J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) by A1, A3, A4, A5, SCMFSA9A:32, SFMASTR1:2;
hence ((StepTimes (a,J,p,s)) . (k + 1)) . (intloc 0) = (IExec ((J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (intloc 0) by SCMFSA6A:7
.= (Exec ((SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))),(IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))))) . (intloc 0) by A3, SFMASTR1:11
.= (IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (intloc 0) by SCMFSA_2:65
.= 1 by A3, SCMFSA8C:67 ;
:: thesis: verum
end;
end;
end;
not 1 -stRWNotIn ({a} \/ (UsedIntLoc J)) in {a} \/ (UsedIntLoc J) by SFMASTR1:20;
then A6: not 1 -stRWNotIn ({a} \/ (UsedIntLoc J)) in UsedIntLoc J by XBOOLE_0:def 3;
assume ((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) > 0 ; :: thesis: ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1
then DataPart ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . (k + 1)) = DataPart (IExec ((J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) by A1, A3, A4, A5, SCMFSA9A:32, SFMASTR1:2;
hence ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (IExec ((J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by SCMFSA6A:7
.= (Exec ((SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))),(IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by A3, SFMASTR1:11
.= ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (intloc 0)) by SCMFSA_2:65
.= ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by A3, SCMFSA8C:67
.= ((Initialized ((StepTimes (a,J,p,s)) . k)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by A3, A6, Th1
.= (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by SCMFSA6C:3 ;
:: thesis: verum