:: Bubble Sort on SCM+FSA
:: by JingChao Chen and Yatsuka Nakamura
::
:: Received June 17, 1998
:: Copyright (c) 1998-2021 Association of Mizar Users


set SA0 = Start-At (0,SCM+FSA);

theorem :: SCMBSORT:1
canceled;

::$CT
theorem Th1: :: SCMBSORT:2
for s being State of SCM+FSA
for f being FinSeq-Location
for a, b being Int-Location holds (Exec ((b := (f,a)),s)) . b = (s . f) /. |.(s . a).|
proof end;

theorem Th2: :: SCMBSORT:3
for s being State of SCM+FSA
for f being FinSeq-Location
for a, b being Int-Location holds (Exec (((f,a) := b),s)) . f = (s . f) +* (|.(s . a).|,(s . b))
proof end;

theorem Th3: :: SCMBSORT:4
for s being State of SCM+FSA
for f being FinSeq-Location
for m, n being Nat
for a being Int-Location st m <> n + 1 holds
(Exec (((intloc m) := (f,a)),(Initialized s))) . (intloc (n + 1)) = s . (intloc (n + 1))
proof end;

theorem Th4: :: SCMBSORT:5
for s being State of SCM+FSA
for m, n being Nat
for a being Int-Location st m <> n + 1 holds
(Exec (((intloc m) := a),(Initialized s))) . (intloc (n + 1)) = s . (intloc (n + 1))
proof end;

theorem Th5: :: SCMBSORT:6
for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA
for f being FinSeq-Location
for a being read-write Int-Location holds
( (IExec ((Stop SCM+FSA),p,s)) . a = s . a & (IExec ((Stop SCM+FSA),p,s)) . f = s . f )
proof end;

theorem Th6: :: SCMBSORT:7
for p being preProgram of SCM+FSA
for ic being Instruction of SCM+FSA
for a, b being Int-Location st ic in rng p & ( ic = a := b or ic = AddTo (a,b) or ic = SubFrom (a,b) or ic = MultBy (a,b) or ic = Divide (a,b) ) holds
( a in UsedILoc p & b in UsedILoc p )
proof end;

theorem Th7: :: SCMBSORT:8
for p being preProgram of SCM+FSA
for ic being Instruction of SCM+FSA
for a being Int-Location
for la being Nat st ic in rng p & ( ic = a =0_goto la or ic = a >0_goto la ) holds
a in UsedILoc p
proof end;

theorem Th8: :: SCMBSORT:9
for p being preProgram of SCM+FSA
for ic being Instruction of SCM+FSA
for fa being FinSeq-Location
for a, b being Int-Location st ic in rng p & ( ic = b := (fa,a) or ic = (fa,a) := b ) holds
( a in UsedILoc p & b in UsedILoc p )
proof end;

theorem Th9: :: SCMBSORT:10
for p being preProgram of SCM+FSA
for ic being Instruction of SCM+FSA
for fa being FinSeq-Location
for a, b being Int-Location st ic in rng p & ( ic = b := (fa,a) or ic = (fa,a) := b ) holds
fa in UsedI*Loc p
proof end;

theorem Th10: :: SCMBSORT:11
for p being preProgram of SCM+FSA
for ic being Instruction of SCM+FSA
for fa being FinSeq-Location
for a being Int-Location st ic in rng p & ( ic = a :=len fa or ic = fa :=<0,...,0> a ) holds
a in UsedILoc p
proof end;

theorem Th11: :: SCMBSORT:12
for p being preProgram of SCM+FSA
for ic being Instruction of SCM+FSA
for fa being FinSeq-Location
for a being Int-Location st ic in rng p & ( ic = a :=len fa or ic = fa :=<0,...,0> a ) holds
fa in UsedI*Loc p
proof end;

theorem Th12: :: SCMBSORT:13
for t being FinPartState of SCM+FSA
for p being Program of
for x being set st dom t c= Int-Locations \/ FinSeq-Locations & x in ((dom t) \/ (UsedI*Loc p)) \/ (UsedILoc p) & x is not Int-Location holds
x is FinSeq-Location
proof end;

theorem Th13: :: SCMBSORT:14
for p1, p2 being Instruction-Sequence of SCM+FSA
for i, k being Nat
for t being FinPartState of SCM+FSA
for p being Program of
for s1, s2 being State of SCM+FSA st k <= i & p c= p1 & p c= p2 & dom t c= Int-Locations \/ FinSeq-Locations & ( for j being Nat holds
( IC (Comput (p1,s1,j)) in dom p & IC (Comput (p2,s2,j)) in dom p ) ) & (Comput (p1,s1,k)) . (IC ) = (Comput (p2,s2,k)) . (IC ) & (Comput (p1,s1,k)) | (((dom t) \/ (UsedI*Loc p)) \/ (UsedILoc p)) = (Comput (p2,s2,k)) | (((dom t) \/ (UsedI*Loc p)) \/ (UsedILoc p)) holds
( (Comput (p1,s1,i)) . (IC ) = (Comput (p2,s2,i)) . (IC ) & (Comput (p1,s1,i)) | (((dom t) \/ (UsedI*Loc p)) \/ (UsedILoc p)) = (Comput (p2,s2,i)) | (((dom t) \/ (UsedI*Loc p)) \/ (UsedILoc p)) )
proof end;

theorem Th14: :: SCMBSORT:15
for p1, p2 being Instruction-Sequence of SCM+FSA
for i, k being Nat
for p being Program of
for s1, s2 being State of SCM+FSA st k <= i & p c= p1 & p c= p2 & ( for j being Nat holds
( IC (Comput (p1,s1,j)) in dom p & IC (Comput (p2,s2,j)) in dom p ) ) & (Comput (p1,s1,k)) . (IC ) = (Comput (p2,s2,k)) . (IC ) & (Comput (p1,s1,k)) | ((UsedI*Loc p) \/ (UsedILoc p)) = (Comput (p2,s2,k)) | ((UsedI*Loc p) \/ (UsedILoc p)) holds
( (Comput (p1,s1,i)) . (IC ) = (Comput (p2,s2,i)) . (IC ) & (Comput (p1,s1,i)) | ((UsedI*Loc p) \/ (UsedILoc p)) = (Comput (p2,s2,i)) | ((UsedI*Loc p) \/ (UsedILoc p)) )
proof end;

theorem :: SCMBSORT:16
canceled;

theorem :: SCMBSORT:17
canceled;

theorem :: SCMBSORT:18
canceled;

theorem :: SCMBSORT:19
canceled;

theorem :: SCMBSORT:20
canceled;

theorem :: SCMBSORT:21
canceled;

theorem :: SCMBSORT:22
canceled;

::$CT 7
theorem Th15: :: SCMBSORT:23
for i1, i2, i3 being Instruction of SCM+FSA holds card ((i1 ";" i2) ";" i3) = 6
proof end;

theorem :: SCMBSORT:24
canceled;

theorem :: SCMBSORT:25
canceled;

::$CT 2
theorem Th16: :: SCMBSORT:26
for I, J being Program of
for k being Nat
for i being Instruction of SCM+FSA st k < card J & i = J . k holds
(I ";" J) . ((card I) + k) = IncAddr (i,(card I))
proof end;

theorem Th17: :: SCMBSORT:27
for I, J being Program of
for i being ins-loc-free Instruction of SCM+FSA st i <> halt SCM+FSA holds
((I ";" i) ";" J) . (card I) = i
proof end;

theorem Th18: :: SCMBSORT:28
for I, J being Program of
for i being Instruction of SCM+FSA holds ((I ";" i) ";" J) . ((card I) + 1) = goto ((card I) + 2)
proof end;

theorem :: SCMBSORT:29
canceled;

theorem :: SCMBSORT:30
canceled;

theorem :: SCMBSORT:31
canceled;

::$CT 3
theorem Th19: :: SCMBSORT:32
for p being Program of
for s being State of SCM+FSA holds (UsedI*Loc p) \/ (UsedILoc p) c= dom s
proof end;

theorem Th20: :: SCMBSORT:33
for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA
for I being Program of
for f being FinSeq-Location holds (Result ((p +* I),(Initialized s))) . f = (IExec (I,p,s)) . f
proof end;

set a0 = intloc 0;

set a1 = intloc 1;

set a2 = intloc 2;

set a3 = intloc 3;

set a4 = intloc 4;

set a5 = intloc 5;

set a6 = intloc 6;

Lm1: intloc 0 <> intloc 2
by SCMFSA_2:101;

Lm2: intloc 0 <> intloc 4
by SCMFSA_2:101;

Lm3: intloc 0 <> intloc 5
by SCMFSA_2:101;

Lm4: intloc 0 <> intloc 6
by SCMFSA_2:101;

Lm5: intloc 1 <> intloc 2
by SCMFSA_2:101;

Lm6: intloc 1 <> intloc 3
by SCMFSA_2:101;

Lm7: intloc 1 <> intloc 4
by SCMFSA_2:101;

Lm8: intloc 1 <> intloc 5
by SCMFSA_2:101;

Lm9: intloc 1 <> intloc 6
by SCMFSA_2:101;

Lm10: intloc 2 <> intloc 3
by SCMFSA_2:101;

Lm11: intloc 2 <> intloc 4
by SCMFSA_2:101;

Lm12: intloc 2 <> intloc 5
by SCMFSA_2:101;

Lm13: intloc 2 <> intloc 6
by SCMFSA_2:101;

Lm14: intloc 3 <> intloc 4
by SCMFSA_2:101;

Lm15: intloc 3 <> intloc 5
by SCMFSA_2:101;

Lm16: intloc 3 <> intloc 6
by SCMFSA_2:101;

Lm17: intloc 4 <> intloc 5
by SCMFSA_2:101;

Lm18: intloc 4 <> intloc 6
by SCMFSA_2:101;

Lm19: intloc 5 <> intloc 6
by SCMFSA_2:101;

set initializeWorkMem = (((((intloc 2) := (intloc 0)) ";" ((intloc 3) := (intloc 0))) ";" ((intloc 4) := (intloc 0))) ";" ((intloc 5) := (intloc 0))) ";" ((intloc 6) := (intloc 0));

:: set a0 = intloc 0;
:: set a1 = intloc 1;
:: set a2 = intloc 2;
:: set a3 = intloc 3;
:: set a4 = intloc 4;
:: set a5 = intloc 5;
:: set a6 = intloc 6;
:: set initializeWorkMem= (a2:= a0) ";" (a3:= a0) ";"
:: (a4:= a0) ";" (a5:= a0) ";" (a6:= a0);
definition
let f be FinSeq-Location ;
func bubble-sort f -> Program of equals :: SCMBSORT:def 1
(((((((intloc 2) := (intloc 0)) ";" ((intloc 3) := (intloc 0))) ";" ((intloc 4) := (intloc 0))) ";" ((intloc 5) := (intloc 0))) ";" ((intloc 6) := (intloc 0))) ";" ((intloc 1) :=len f)) ";" (Times ((intloc 1),(((((intloc 2) := (intloc 1)) ";" (SubFrom ((intloc 2),(intloc 0)))) ";" ((intloc 3) :=len f)) ";" (Times ((intloc 2),(((((((intloc 4) := (intloc 3)) ";" (SubFrom ((intloc 3),(intloc 0)))) ";" ((intloc 5) := (f,(intloc 3)))) ";" ((intloc 6) := (f,(intloc 4)))) ";" (SubFrom ((intloc 6),(intloc 5)))) ";" (if>0 ((intloc 6),((((intloc 6) := (f,(intloc 4))) ";" ((f,(intloc 3)) := (intloc 6))) ";" ((f,(intloc 4)) := (intloc 5))),(Stop SCM+FSA)))))))));
correctness
coherence
(((((((intloc 2) := (intloc 0)) ";" ((intloc 3) := (intloc 0))) ";" ((intloc 4) := (intloc 0))) ";" ((intloc 5) := (intloc 0))) ";" ((intloc 6) := (intloc 0))) ";" ((intloc 1) :=len f)) ";" (Times ((intloc 1),(((((intloc 2) := (intloc 1)) ";" (SubFrom ((intloc 2),(intloc 0)))) ";" ((intloc 3) :=len f)) ";" (Times ((intloc 2),(((((((intloc 4) := (intloc 3)) ";" (SubFrom ((intloc 3),(intloc 0)))) ";" ((intloc 5) := (f,(intloc 3)))) ";" ((intloc 6) := (f,(intloc 4)))) ";" (SubFrom ((intloc 6),(intloc 5)))) ";" (if>0 ((intloc 6),((((intloc 6) := (f,(intloc 4))) ";" ((f,(intloc 3)) := (intloc 6))) ";" ((f,(intloc 4)) := (intloc 5))),(Stop SCM+FSA))))))))) is Program of ;
;
end;

:: deftheorem defines bubble-sort SCMBSORT:def 1 :
for f being FinSeq-Location holds bubble-sort f = (((((((intloc 2) := (intloc 0)) ";" ((intloc 3) := (intloc 0))) ";" ((intloc 4) := (intloc 0))) ";" ((intloc 5) := (intloc 0))) ";" ((intloc 6) := (intloc 0))) ";" ((intloc 1) :=len f)) ";" (Times ((intloc 1),(((((intloc 2) := (intloc 1)) ";" (SubFrom ((intloc 2),(intloc 0)))) ";" ((intloc 3) :=len f)) ";" (Times ((intloc 2),(((((((intloc 4) := (intloc 3)) ";" (SubFrom ((intloc 3),(intloc 0)))) ";" ((intloc 5) := (f,(intloc 3)))) ";" ((intloc 6) := (f,(intloc 4)))) ";" (SubFrom ((intloc 6),(intloc 5)))) ";" (if>0 ((intloc 6),((((intloc 6) := (f,(intloc 4))) ";" ((f,(intloc 3)) := (intloc 6))) ";" ((f,(intloc 4)) := (intloc 5))),(Stop SCM+FSA)))))))));

definition
func Bubble-Sort-Algorithm -> Program of equals :: SCMBSORT:def 2
 bubble-sort (fsloc 0);
coherence
bubble-sort (fsloc 0) is Program of ;
end;

:: deftheorem defines Bubble-Sort-Algorithm SCMBSORT:def 2 :
Bubble-Sort-Algorithm = bubble-sort (fsloc 0);

set b1 = intloc (0 + 1);

set b2 = intloc (1 + 1);

set b3 = intloc (2 + 1);

set b4 = intloc (3 + 1);

set b5 = intloc (4 + 1);

set b6 = intloc (5 + 1);

set f0 = fsloc 0;

set i1 = (intloc (3 + 1)) := (intloc (2 + 1));

set i2 = SubFrom ((intloc (2 + 1)),(intloc 0));

set i3 = (intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1)));

set i4 = (intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)));

set i5 = SubFrom ((intloc (5 + 1)),(intloc (4 + 1)));

set i6 = ((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1));

set i7 = ((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1));

set SS = Stop SCM+FSA;

set ifc = if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA));

set body2 = ((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)));

set T2 = Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))));

set j1 = (intloc (1 + 1)) := (intloc (0 + 1));

set j2 = SubFrom ((intloc (1 + 1)),(intloc 0));

set j3 = (intloc (2 + 1)) :=len (fsloc 0);

set Sb = (((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0));

set body1 = ((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))));

set T1 = Times ((intloc (0 + 1)),(((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))))));

set w2 = (intloc (1 + 1)) := (intloc 0);

set w3 = (intloc (2 + 1)) := (intloc 0);

set w4 = (intloc (3 + 1)) := (intloc 0);

set w5 = (intloc (4 + 1)) := (intloc 0);

set w6 = (intloc (5 + 1)) := (intloc 0);

set w7 = (intloc (0 + 1)) :=len (fsloc 0);

theorem Th21: :: SCMBSORT:34
for f being FinSeq-Location holds UsedILoc (bubble-sort f) = {(intloc 0),(intloc 1),(intloc 2),(intloc 3),(intloc 4),(intloc 5),(intloc 6)}
proof end;

theorem Th22: :: SCMBSORT:35
for f being FinSeq-Location holds UsedI*Loc (bubble-sort f) = {f}
proof end;

theorem :: SCMBSORT:36
canceled;

theorem :: SCMBSORT:37
canceled;

::$CT 2
theorem Th23: :: SCMBSORT:38
for f being FinSeq-Location holds card (bubble-sort f) = 53
proof end;

theorem Th24: :: SCMBSORT:39
for P being Instruction-Sequence of SCM+FSA st Bubble-Sort-Algorithm c= P holds
for f being FinSeq-Location
for k being Nat st k < 53 holds
Bubble-Sort-Algorithm . k = P . k
proof end;

Lm20: for P being Instruction-Sequence of SCM+FSA st Bubble-Sort-Algorithm c= P holds
( P . 0 = (intloc 2) := (intloc 0) & P . 1 = goto 2 & P . 2 = (intloc 3) := (intloc 0) & P . 3 = goto 4 & P . 4 = (intloc 4) := (intloc 0) & P . 5 = goto 6 & P . 6 = (intloc 5) := (intloc 0) & P . 7 = goto 8 & P . 8 = (intloc 6) := (intloc 0) & P . 9 = goto 10 & P . 10 = (intloc 1) :=len (fsloc 0) & P . 11 = goto 12 )
proof end;

Lm21: for s being 0 -started State of SCM+FSA
for P being Instruction-Sequence of SCM+FSA st Bubble-Sort-Algorithm c= P holds
( (Comput (P,s,1)) . (IC ) = 1 & (Comput (P,s,1)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,1)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,2)) . (IC ) = 2 & (Comput (P,s,2)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,2)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,3)) . (IC ) = 3 & (Comput (P,s,3)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,3)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,4)) . (IC ) = 4 & (Comput (P,s,4)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,4)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,5)) . (IC ) = 5 & (Comput (P,s,5)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,5)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,6)) . (IC ) = 6 & (Comput (P,s,6)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,6)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,7)) . (IC ) = 7 & (Comput (P,s,7)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,7)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,8)) . (IC ) = 8 & (Comput (P,s,8)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,8)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,9)) . (IC ) = 9 & (Comput (P,s,9)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,9)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,10)) . (IC ) = 10 & (Comput (P,s,10)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,10)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,11)) . (IC ) = 11 & (Comput (P,s,11)) . (intloc 0) = s . (intloc 0) & (Comput (P,s,11)) . (fsloc 0) = s . (fsloc 0) & (Comput (P,s,11)) . (intloc 1) = len (s . (fsloc 0)) & (Comput (P,s,11)) . (intloc 2) = s . (intloc 0) & (Comput (P,s,11)) . (intloc 3) = s . (intloc 0) & (Comput (P,s,11)) . (intloc 4) = s . (intloc 0) & (Comput (P,s,11)) . (intloc 5) = s . (intloc 0) & (Comput (P,s,11)) . (intloc 6) = s . (intloc 0) )
proof end;

Lm22: not ((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))) destroys intloc (1 + 1)
proof end;

Lm23: ( Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))) is good & Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))) is InitHalting )
proof end;

Lm24: not ((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))) destroys intloc (0 + 1)
proof end;

Lm25: not ((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))) destroys intloc (0 + 1)
proof end;

Lm26: ( Times ((intloc (0 + 1)),(((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))))) is good & Times ((intloc (0 + 1)),(((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))))) is InitHalting )
proof end;

theorem :: SCMBSORT:40
( bubble-sort (fsloc 0) is keepInt0_1 & bubble-sort (fsloc 0) is InitHalting ) by Lm26;

Lm27: for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA holds
( ( s . (intloc (5 + 1)) > 0 implies (IExec ((if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))),p,s)) . (fsloc 0) = ((s . (fsloc 0)) +* (|.(s . (intloc (2 + 1))).|,((s . (fsloc 0)) /. |.(s . (intloc (3 + 1))).|))) +* (|.(s . (intloc (3 + 1))).|,(s . (intloc (4 + 1)))) ) & ( s . (intloc (5 + 1)) <= 0 implies (IExec ((if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))),p,s)) . (fsloc 0) = s . (fsloc 0) ) )
proof end;

Lm28: for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA holds (IExec ((if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))),p,s)) . (intloc (2 + 1)) = s . (intloc (2 + 1))
proof end;

Lm29: for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA st s . (intloc (2 + 1)) <= len (s . (fsloc 0)) & s . (intloc (2 + 1)) >= 2 holds
( (IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (intloc (2 + 1)) = (s . (intloc (2 + 1))) - 1 & s . (fsloc 0),(IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0) are_fiberwise_equipotent & ( (s . (fsloc 0)) . (s . (intloc (2 + 1))) = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . (s . (intloc (2 + 1))) or (s . (fsloc 0)) . (s . (intloc (2 + 1))) = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . ((s . (intloc (2 + 1))) - 1) ) & ( (s . (fsloc 0)) . (s . (intloc (2 + 1))) = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . (s . (intloc (2 + 1))) or (s . (fsloc 0)) . ((s . (intloc (2 + 1))) - 1) = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . (s . (intloc (2 + 1))) ) & ( (s . (fsloc 0)) . (s . (intloc (2 + 1))) = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . ((s . (intloc (2 + 1))) - 1) or (s . (fsloc 0)) . ((s . (intloc (2 + 1))) - 1) = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . ((s . (intloc (2 + 1))) - 1) ) & ( for k being set st k <> (s . (intloc (2 + 1))) - 1 & k <> s . (intloc (2 + 1)) & k in dom (s . (fsloc 0)) holds
(s . (fsloc 0)) . k = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . k ) & ex x1, x2 being Integer st
( x1 = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . ((s . (intloc (2 + 1))) - 1) & x2 = ((IExec ((((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))),p,s)) . (fsloc 0)) . (s . (intloc (2 + 1))) & x1 >= x2 ) )
proof end;

Lm30: for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA st s . (intloc (1 + 1)) >= 0 & s . (intloc (1 + 1)) < s . (intloc (2 + 1)) & s . (intloc (2 + 1)) <= len (s . (fsloc 0)) holds
ex k being Nat st
( k <= s . (intloc (2 + 1)) & k >= (s . (intloc (2 + 1))) - (s . (intloc (1 + 1))) & ((IExec ((Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))),p,s)) . (fsloc 0)) . k = (s . (fsloc 0)) . (s . (intloc (2 + 1))) )
proof end;

Lm31: for k being Nat
for t being State of SCM+FSA
for q being Instruction-Sequence of SCM+FSA st k = t . (intloc (1 + 1)) & k < t . (intloc (2 + 1)) & t . (intloc (2 + 1)) <= len (t . (fsloc 0)) holds
( t . (fsloc 0),(IExec ((Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))),q,t)) . (fsloc 0) are_fiberwise_equipotent & ( for m being Nat st ( ( m < (t . (intloc (2 + 1))) - k & m >= 1 ) or ( m > t . (intloc (2 + 1)) & m in dom (t . (fsloc 0)) ) ) holds
(t . (fsloc 0)) . m = ((IExec ((Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))),q,t)) . (fsloc 0)) . m ) & ( for m being Nat st m >= (t . (intloc (2 + 1))) - k & m <= t . (intloc (2 + 1)) holds
ex x1, x2 being Integer st
( x1 = ((IExec ((Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))),q,t)) . (fsloc 0)) . ((t . (intloc (2 + 1))) - k) & x2 = ((IExec ((Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))),q,t)) . (fsloc 0)) . m & x1 >= x2 ) ) & ( for i being Nat st i >= (t . (intloc (2 + 1))) - k & i <= t . (intloc (2 + 1)) holds
ex n being Nat st
( n >= (t . (intloc (2 + 1))) - k & n <= t . (intloc (2 + 1)) & ((IExec ((Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA)))))),q,t)) . (fsloc 0)) . i = (t . (fsloc 0)) . n ) ) )
proof end;

Lm32: for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA holds
( (IExec (((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))),p,s)) . (intloc (1 + 1)) = (s . (intloc (0 + 1))) - 1 & (IExec (((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))),p,s)) . (intloc (2 + 1)) = len (s . (fsloc 0)) & (IExec (((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))),p,s)) . (fsloc 0) = s . (fsloc 0) )
proof end;

Lm33: for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA st s . (intloc (0 + 1)) = len (s . (fsloc 0)) holds
( s . (fsloc 0),(IExec ((Times ((intloc (0 + 1)),(((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))))))),p,s)) . (fsloc 0) are_fiberwise_equipotent & ( for i, j being Nat st i >= 1 & j <= len (s . (fsloc 0)) & i < j holds
for x1, x2 being Integer st x1 = ((IExec ((Times ((intloc (0 + 1)),(((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))))))),p,s)) . (fsloc 0)) . i & x2 = ((IExec ((Times ((intloc (0 + 1)),(((((intloc (1 + 1)) := (intloc (0 + 1))) ";" (SubFrom ((intloc (1 + 1)),(intloc 0)))) ";" ((intloc (2 + 1)) :=len (fsloc 0))) ";" (Times ((intloc (1 + 1)),(((((((intloc (3 + 1)) := (intloc (2 + 1))) ";" (SubFrom ((intloc (2 + 1)),(intloc 0)))) ";" ((intloc (4 + 1)) := ((fsloc 0),(intloc (2 + 1))))) ";" ((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1))))) ";" (SubFrom ((intloc (5 + 1)),(intloc (4 + 1))))) ";" (if>0 ((intloc (5 + 1)),((((intloc (5 + 1)) := ((fsloc 0),(intloc (3 + 1)))) ";" (((fsloc 0),(intloc (2 + 1))) := (intloc (5 + 1)))) ";" (((fsloc 0),(intloc (3 + 1))) := (intloc (4 + 1)))),(Stop SCM+FSA))))))))),p,s)) . (fsloc 0)) . j holds
x1 >= x2 ) )
proof end;

theorem Th26: :: SCMBSORT:41
for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA holds
( s . (fsloc 0),(IExec ((bubble-sort (fsloc 0)),p,s)) . (fsloc 0) are_fiberwise_equipotent & ( for i, j being Nat st i >= 1 & j <= len (s . (fsloc 0)) & i < j holds
for x1, x2 being Integer st x1 = ((IExec ((bubble-sort (fsloc 0)),p,s)) . (fsloc 0)) . i & x2 = ((IExec ((bubble-sort (fsloc 0)),p,s)) . (fsloc 0)) . j holds
x1 >= x2 ) )
proof end;

theorem Th27: :: SCMBSORT:42
for i being Nat
for s being State of SCM+FSA
for P being Instruction-Sequence of SCM+FSA st Bubble-Sort-Algorithm c= P holds
for w being FinSequence of INT st Initialized ((fsloc 0) .--> w) c= s holds
IC (Comput (P,s,i)) in dom Bubble-Sort-Algorithm
proof end;

theorem Th28: :: SCMBSORT:43
for p being Instruction-Sequence of SCM+FSA
for s being State of SCM+FSA
for t being FinSequence of INT st (Initialize ((intloc 0) .--> 1)) +* ((fsloc 0) .--> t) c= s & Bubble-Sort-Algorithm c= p holds
ex u being FinSequence of REAL st
( t,u are_fiberwise_equipotent & u is non-increasing & u is FinSequence of INT & (Result (p,s)) . (fsloc 0) = u )
proof end;

theorem Th29: :: SCMBSORT:44
for w being FinSequence of INT holds Initialized ((fsloc 0) .--> w) is Bubble-Sort-Algorithm -autonomic
proof end;

registration
cluster Bubble-Sort-Algorithm -> halt-ending ;
coherence
Bubble-Sort-Algorithm is halt-ending ;
end;

theorem :: SCMBSORT:45
Bubble-Sort-Algorithm , Initialize ((intloc 0) .--> 1) computes Sorting-Function
proof end;