let s be State of SCM+FSA; :: thesis: for aa, bb being Int-Location
for f being FinSeq-Location
for p being Instruction-Sequence of SCM+FSA st 1 <= s . aa & s . aa <= len (s . f) & 1 <= s . bb & s . bb <= len (s . f) & s . (intloc 0) = 1 holds
(IExec ((swap (f,aa,bb)),p,s)) . f = ((s . f) +* ((s . aa),((s . f) . (s . bb)))) +* ((s . bb),((s . f) . (s . aa)))
let aa, bb be Int-Location ; :: thesis: for f being FinSeq-Location
for p being Instruction-Sequence of SCM+FSA st 1 <= s . aa & s . aa <= len (s . f) & 1 <= s . bb & s . bb <= len (s . f) & s . (intloc 0) = 1 holds
(IExec ((swap (f,aa,bb)),p,s)) . f = ((s . f) +* ((s . aa),((s . f) . (s . bb)))) +* ((s . bb),((s . f) . (s . aa)))
let f be FinSeq-Location ; :: thesis: for p being Instruction-Sequence of SCM+FSA st 1 <= s . aa & s . aa <= len (s . f) & 1 <= s . bb & s . bb <= len (s . f) & s . (intloc 0) = 1 holds
(IExec ((swap (f,aa,bb)),p,s)) . f = ((s . f) +* ((s . aa),((s . f) . (s . bb)))) +* ((s . bb),((s . f) . (s . aa)))
let p be Instruction-Sequence of SCM+FSA; :: thesis: ( 1 <= s . aa & s . aa <= len (s . f) & 1 <= s . bb & s . bb <= len (s . f) & s . (intloc 0) = 1 implies (IExec ((swap (f,aa,bb)),p,s)) . f = ((s . f) +* ((s . aa),((s . f) . (s . bb)))) +* ((s . bb),((s . f) . (s . aa))) )
set a = aa;
set b = bb;
assume that
A1: 1 <= s . aa and
A2: s . aa <= len (s . f) and
A3: 1 <= s . bb and
A4: s . bb <= len (s . f) and
A5: s . (intloc 0) = 1 ; :: thesis: (IExec ((swap (f,aa,bb)),p,s)) . f = ((s . f) +* ((s . aa),((s . f) . (s . bb)))) +* ((s . bb),((s . f) . (s . aa)))
set aux1 = 1 -stRWNotIn {aa,bb};
set aux2 = 2 -ndRWNotIn {aa,bb};
set i0 = (1 -stRWNotIn {aa,bb}) := (f,aa);
set i1 = (2 -ndRWNotIn {aa,bb}) := (f,bb);
set i2 = (f,aa) := (2 -ndRWNotIn {aa,bb});
set s0 = Initialized s;
set s1 = Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s));
set s2 = IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s);
A6: ( bb = intloc 0 or not bb is read-only ) by SF_MASTR:def 5;
reconsider sa = s . aa as Element of NAT by A1, INT_1:3;
set s0a = abs ((Initialized s) . aa);
set s2a = abs ((IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . aa);
A7: ( aa = intloc 0 or not aa is read-only ) by SF_MASTR:def 5;
A8: sa = abs (s . aa) by ABSVALUE:def 1;
then A9: ( (Initialized s) . f = s . f & sa = abs ((Initialized s) . aa) ) by A5, A7, SCMFSA6A:38, SCMFSA6C:3;
reconsider sb = s . bb as Element of NAT by A3, INT_1:3;
A10: sb = abs (s . bb) by ABSVALUE:def 1;
set s3 = IExec (((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))) ';' ((f,aa) := (2 -ndRWNotIn {aa,bb}))),p,s);
A11: 1 -stRWNotIn {aa,bb} <> 2 -ndRWNotIn {aa,bb} by SFMASTR1:21;
A12: (IExec (((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))) ';' ((f,aa) := (2 -ndRWNotIn {aa,bb}))),p,s)) . (1 -stRWNotIn {aa,bb}) = (Exec (((f,aa) := (2 -ndRWNotIn {aa,bb})),(IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)))) . (1 -stRWNotIn {aa,bb}) by SCMFSA6C:6
.= (IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . (1 -stRWNotIn {aa,bb}) by SCMFSA_2:73
.= (Exec (((2 -ndRWNotIn {aa,bb}) := (f,bb)),(Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))))) . (1 -stRWNotIn {aa,bb}) by SCMFSA6C:8
.= (Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . (1 -stRWNotIn {aa,bb}) by A11, SCMFSA_2:72
.= ((Initialized s) . f) /. (abs ((Initialized s) . aa)) by Th11
.= (s . f) . sa by A1, A2, A9, FINSEQ_4:15 ;
set i3 = (f,bb) := (1 -stRWNotIn {aa,bb});
A13: (IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . f = (Exec (((2 -ndRWNotIn {aa,bb}) := (f,bb)),(Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))))) . f by SCMFSA6C:9
.= (Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . f by SCMFSA_2:72 ;
A14: (IExec (((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))) ';' ((f,aa) := (2 -ndRWNotIn {aa,bb}))),p,s)) . f = (Exec (((f,aa) := (2 -ndRWNotIn {aa,bb})),(IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)))) . f by SCMFSA6C:7
.= ((IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . f) +* ((abs ((IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . aa)),((IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . (2 -ndRWNotIn {aa,bb}))) by Th12 ;
A15: bb in {aa,bb} by TARSKI:def 2;
then A16: bb <> 2 -ndRWNotIn {aa,bb} by SFMASTR1:20;
bb <> 1 -stRWNotIn {aa,bb} by A15, SFMASTR1:20;
then A17: (Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . bb = (Initialized s) . bb by SCMFSA_2:72
.= s . bb by A5, A6, SCMFSA6A:38, SCMFSA6C:3 ;
A18: aa in {aa,bb} by TARSKI:def 2;
then A19: aa <> 2 -ndRWNotIn {aa,bb} by SFMASTR1:20;
A20: aa <> 1 -stRWNotIn {aa,bb} by A18, SFMASTR1:20;
(IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . aa = (Exec (((2 -ndRWNotIn {aa,bb}) := (f,bb)),(Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))))) . aa by SCMFSA6C:8
.= (Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . aa by A19, SCMFSA_2:72
.= (Initialized s) . aa by A20, SCMFSA_2:72 ;
then A21: sa = abs ((IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . aa) by A5, A8, A7, SCMFSA6A:38, SCMFSA6C:3;
set s1b = abs ((Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . bb);
A22: (Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . f = (Initialized s) . f by SCMFSA_2:72
.= s . f by SCMFSA6C:3 ;
A23: (IExec (((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))) ';' ((f,aa) := (2 -ndRWNotIn {aa,bb}))),p,s)) . bb = (Exec (((f,aa) := (2 -ndRWNotIn {aa,bb})),(IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)))) . bb by SCMFSA6C:6
.= (IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . bb by SCMFSA_2:73
.= (Exec (((2 -ndRWNotIn {aa,bb}) := (f,bb)),(Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))))) . bb by SCMFSA6C:8
.= (Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . bb by A16, SCMFSA_2:72 ;
A24: (IExec ((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))),p,s)) . (2 -ndRWNotIn {aa,bb}) = (Exec (((2 -ndRWNotIn {aa,bb}) := (f,bb)),(Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))))) . (2 -ndRWNotIn {aa,bb}) by SCMFSA6C:8
.= ((Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . f) /. (abs ((Exec (((1 -stRWNotIn {aa,bb}) := (f,aa)),(Initialized s))) . bb)) by Th11
.= (s . f) . sb by A3, A4, A10, A22, A17, FINSEQ_4:15 ;
thus (IExec ((swap (f,aa,bb)),p,s)) . f = (Exec (((f,bb) := (1 -stRWNotIn {aa,bb})),(IExec (((((1 -stRWNotIn {aa,bb}) := (f,aa)) ';' ((2 -ndRWNotIn {aa,bb}) := (f,bb))) ';' ((f,aa) := (2 -ndRWNotIn {aa,bb}))),p,s)))) . f by SCMFSA6C:7
.= ((s . f) +* ((s . aa),((s . f) . (s . bb)))) +* ((s . bb),((s . f) . (s . aa))) by A10, A22, A13, A14, A21, A17, A23, A24, A12, Th12 ; :: thesis: verum