let s be State of SCM+FSA; :: thesis: for p being Instruction-Sequence of SCM+FSA
for a being Int-Location
for J being really-closed good MacroInstruction of SCM+FSA st ( s . (intloc 0) = 1 or a is read-write ) & ProperTimesBody a,J,s,p holds
for k being Nat st k <= s . a holds
(((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k = s . a
let p be Instruction-Sequence of SCM+FSA; :: thesis: for a being Int-Location
for J being really-closed good MacroInstruction of SCM+FSA st ( s . (intloc 0) = 1 or a is read-write ) & ProperTimesBody a,J,s,p holds
for k being Nat st k <= s . a holds
(((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k = s . a
let a be Int-Location; :: thesis: for J being really-closed good MacroInstruction of SCM+FSA st ( s . (intloc 0) = 1 or a is read-write ) & ProperTimesBody a,J,s,p holds
for k being Nat st k <= s . a holds
(((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k = s . a
let J be really-closed good MacroInstruction of SCM+FSA ; :: thesis: ( ( s . (intloc 0) = 1 or a is read-write ) & ProperTimesBody a,J,s,p implies for k being Nat st k <= s . a holds
(((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k = s . a )
set I = J;
assume that
A1: ( s . (intloc 0) = 1 or a is read-write ) and
A2: ProperTimesBody a,J,s,p ; :: thesis: for k being Nat st k <= s . a holds
(((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k = s . a
set Is = Initialized s;
set au = 1 -stRWNotIn ({a} \/ (UsedILoc J));
set ST = StepTimes (a,J,p,s);
set SW = StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedILoc J))) := a),(Initialized s))));
defpred S1[ Nat] means ( $1 <= s . a implies (((StepTimes (a,J,p,s)) . $1) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + $1 = s . a );
A3: for k being Nat st S1[k] holds
S1[k + 1]
proof
not 1 -stRWNotIn ({a} \/ (UsedILoc J)) in {a} \/ (UsedILoc J) by SCMFSA_M:25;
then A4: not 1 -stRWNotIn ({a} \/ (UsedILoc J)) in UsedILoc J by XBOOLE_0:def 3;
let k be Nat; :: thesis: ( S1[k] implies S1[k + 1] )
assume that
A5: ( k <= s . a implies (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k = s . a ) and
A6: k + 1 <= s . a ; :: thesis: (((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + (k + 1) = s . a
reconsider sa = s . a as Element of NAT by A6, INT_1:3;
A7: k < sa by A6, NAT_1:13;
then A8: ((StepTimes (a,J,p,s)) . k) . (intloc 0) = 1 by A2, Th12;
A9: now :: thesis: not ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedILoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J))) <= 0
assume ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedILoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J))) <= 0 ; :: thesis: contradiction
then (((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedILoc J))) := a),(Initialized s))))) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + k < (s . a) + 0 by A7, XREAL_1:8;
hence contradiction by A5, A7; :: thesis: verum
end;
J is_halting_on (StepTimes (a,J,p,s)) . k,p +* (times* (a,J)) by A2, A7;
then A10: J is_halting_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) by A8, SCMFSA8B:42;
Macro (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0))) is_halting_on IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k)),p +* (times* (a,J)) by SCMFSA7B:19;
then J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0))) is_halting_on Initialized ((StepTimes (a,J,p,s)) . k),p +* (times* (a,J)) by A10, SFMASTR1:3;
then DataPart ((StepWhile>0 ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),p,(Exec (((1 -stRWNotIn ({a} \/ (UsedILoc J))) := a),(Initialized s))))) . (k + 1)) = DataPart (IExec ((J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) by A8, A9, SCMFSA9A:32;
then ((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedILoc J))) = (IExec ((J ";" (SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0)))),(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedILoc J))) by SCMFSA_M:2
.= (Exec ((SubFrom ((1 -stRWNotIn ({a} \/ (UsedILoc J))),(intloc 0))),(IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))))) . (1 -stRWNotIn ({a} \/ (UsedILoc J))) by A10, SFMASTR1:11
.= ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) - ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (intloc 0)) by SCMFSA_2:65
.= ((IExec (J,(p +* (times* (a,J))),((StepTimes (a,J,p,s)) . k))) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) - 1 by A10, SCMFSA8C:67
.= ((Initialized ((StepTimes (a,J,p,s)) . k)) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) - 1 by A10, A4, Th1
.= (((StepTimes (a,J,p,s)) . k) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) - 1 by SCMFSA_M:37 ;
hence (((StepTimes (a,J,p,s)) . (k + 1)) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + (k + 1) = s . a by A5, A7; :: thesis: verum
end;
A11: ( a = intloc 0 or a is read-write ) by SCMFSA_M:def 2;
A12: S1[ 0 ]
proof
assume 0 <= s . a ; :: thesis: (((StepTimes (a,J,p,s)) . 0) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + 0 = s . a
thus (((StepTimes (a,J,p,s)) . 0) . (1 -stRWNotIn ({a} \/ (UsedILoc J)))) + 0 = (Exec (((1 -stRWNotIn ({a} \/ (UsedILoc J))) := a),(Initialized s))) . (1 -stRWNotIn ({a} \/ (UsedILoc J))) by SCMFSA_9:def 5
.= (Initialized s) . a by SCMFSA_2:63
.= s . a by A1, A11, SCMFSA_M:9, SCMFSA_M:37 ; :: thesis: verum
end;
thus for k being Nat holds S1[k] from NAT_1:sch 2(A12, A3); :: thesis: verum