let s be State of SCM+FSA; :: thesis:
let p be Instruction-Sequence of SCM+FSA; :: thesis:
let a be Int-Location ; :: thesis:
let J be good Program of SCM+FSA; :: thesis:
set I = J;
assume that
A1: ( s . (intloc 0) = 1 or not a is read-only ) and
A2: ProperTimesBody a,J,s,p ; :: thesis:
set Is = Initialized s;
set au = 1 -stRWNotIn ({a} \/ (UsedIntLoc J));
set ST = StepTimes (a,J,p,s);
set SW = StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))));
defpred S₁[ Nat] means ( $1 <= s . a implies (((StepTimes (a,J,p,s)) . $1) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + $1 = s . a );
A3: for k being Element of NAT st S₁[k] holds
S₁[k + 1]

not 1 -stRWNotIn ({a} \/ (UsedIntLoc J)) in {a} \/ (UsedIntLoc J) by SFMASTR1:20;
then A4: not 1 -stRWNotIn ({a} \/ (UsedIntLoc J)) in UsedIntLoc J by XBOOLE_0:def 3;
let k be Element of NAT ; :: thesis:
assume that
A5: ( k <= s . a implies (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + k = s . a ) and
A6: k + 1 <= s . a ; :: thesis:
reconsider sa = s . a as Element of NAT by A6, INT_1:3;
A7: k < sa by A6, NAT_1:13;
then A8: ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 by A2, Th16;

A9: now

assume ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) <= 0 ; :: thesis:
then (((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + k < (s . a) + 0 by A7, XREAL_1:8;
hence contradiction by A5, A7; :: thesis:

end;

A10: Macro (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))) is_closed_on IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k)),p +* (times* (a,J)) by SCMFSA7B:18;
A11: J is_closed_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) by A2, A7, Def4;
then A12: J is_closed_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) by A8, Th4;
J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) by A2, A7, Def4;
then A13: J is_halting_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) by A8, A11, Th5;
Macro (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))) is_halting_on IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k)),p +* (times* (a,J)) by SCMFSA7B:19;
then J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))) is_halting_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) by A12, A13, A10, SFMASTR1:3;
then DataPart ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))))) . (k + 1)) = DataPart (IExec ((J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) by A8, A12, A13, A10, A9, SCMFSA9A:32, SFMASTR1:2;
then ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) = (IExec ((J ';' (SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by SCMFSA6A:7
.= (Exec ((SubFrom ((1 -stRWNotIn ({a} \/ (UsedIntLoc J))),(intloc 0))),(IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by A12, A13, SFMASTR1:11
.= ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (intloc 0)) by SCMFSA_2:65
.= ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by A12, A13, SCMFSA8C:67
.= ((Initialized ((StepTimes (a,J,p,s)) . k)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by A12, A13, A4, Th1
.= (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) - 1 by SCMFSA6C:3 ;
hence (((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + (k + 1) = s . a by A5, A7; :: thesis:

end;

A14: ( a = intloc 0 or not a is read-only ) by SF_MASTR:def 5;
A15: S₁[ 0 ]

assume 0 <= s . a ; :: thesis:
thus (((StepTimes (a,J,p,s)) . 0) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J)))) + 0 = (Exec (((1 -stRWNotIn ({a} \/ (UsedIntLoc J))) := a),(Initialized s))) . (1 -stRWNotIn ({a} \/ (UsedIntLoc J))) by SCMFSA_9:def 5
.= (Initialized s) . a by SCMFSA_2:63
.= s . a by A1, A14, SCMFSA6A:38, SCMFSA6C:3 ; :: thesis:

end;

thus for k being Element of NAT holds S₁[k] from NAT_1:sch 1(A15, A3); :: thesis: