let P be Instruction-Sequence of SCM+FSA; :: thesis: for a being read-write Int-Location
for s being State of SCM+FSA st a <> intloc (3 + 1) & a <> intloc (1 + 1) holds
(IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a
let a be read-write Int-Location; :: thesis: for s being State of SCM+FSA st a <> intloc (3 + 1) & a <> intloc (1 + 1) holds
(IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a
let s be State of SCM+FSA; :: thesis: ( a <> intloc (3 + 1) & a <> intloc (1 + 1) implies (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a )
assume that
A1: a <> intloc (3 + 1) and
A2: a <> intloc (1 + 1) ; :: thesis: (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a
set s1 = Exec ((AddTo ((intloc (3 + 1)),(intloc 0))),(Initialized s));
set s2 = IExec (((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))),P,s);
A3: (Exec ((AddTo ((intloc (3 + 1)),(intloc 0))),(Initialized s))) . a = (Initialized s) . a by A1, SCMFSA_2:64
.= s . a by SCMFSA_M:37 ;
A4: (IExec (((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))),P,s)) . a = (Exec ((SubFrom ((intloc (1 + 1)),(intloc 0))),(Exec ((AddTo ((intloc (3 + 1)),(intloc 0))),(Initialized s))))) . a by SCMFSA6C:8
.= s . a by A2, A3, SCMFSA_2:65 ;
per cases ( s . (intloc (4 + 1)) > 0 or s . (intloc (4 + 1)) <= 0 ) ;
suppose s . (intloc (4 + 1)) > 0 ; :: thesis: (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a
hence (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = (IExec ((Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),P,s)) . a by SCM_HALT:44
.= (IExec ((Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),P,s)) . a
.= (Exec ((SubFrom ((intloc (1 + 1)),(intloc (1 + 1)))),(Initialized s))) . a by SCMFSA6C:5
.= (Exec ((SubFrom ((intloc (1 + 1)),(intloc (1 + 1)))),(Initialized s))) . a
.= (Initialized s) . a by A2, SCMFSA_2:65
.= s . a by SCMFSA_M:37 ;
:: thesis: verum
end;
suppose s . (intloc (4 + 1)) <= 0 ; :: thesis: (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a
hence (IExec ((if>0 ((intloc (4 + 1)),(Macro (SubFrom ((intloc (1 + 1)),(intloc (1 + 1))))),((AddTo ((intloc (3 + 1)),(intloc 0))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))))),P,s)) . a = s . a by A4, SCM_HALT:44; :: thesis: verum
end;
end;