:: SFMASTR3  semantic presentation
theorem :: SFMASTR3:1
canceled; 
theorem :: SFMASTR3:2
canceled; 
theorem :: SFMASTR3:3
canceled; 
theorem :: SFMASTR3:4
canceled; 
theorem :: SFMASTR3:5
canceled; 
theorem :: SFMASTR3:6
canceled; 
theorem Th7: :: SFMASTR3:7
theorem Th8: :: SFMASTR3:8
theorem Th9: :: SFMASTR3:9
theorem Th10: :: SFMASTR3:10
theorem Th11: :: SFMASTR3:11
theorem Th12: :: SFMASTR3:12
theorem Th13: :: SFMASTR3:13
theorem Th14: :: SFMASTR3:14
theorem Th15: :: SFMASTR3:15
definition
let a, 
b, 
c be    
Int-Location ;
let I be   
Program of 
SCM+FSA ;
let s be   
State of 
SCM+FSA ;
canceled;canceled;canceled;canceled;canceled;func  StepForUp a,
b,
c,
I,
s ->   Function of  
NAT , 
product the 
Object-Kind of 
SCM+FSA  equals :: SFMASTR3:def 6
 StepWhile>0 (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),
((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))),
((s +* (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(((s . c) - (s . b)) + 1)) +* a,(s . b));
coherence 
 StepWhile>0 (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(((s . c) - (s . b)) + 1)) +* a,(s . b)) is   Function of  NAT , product the Object-Kind of SCM+FSA 
 ;
 
end;
 
:: deftheorem   SFMASTR3:def 1 : 
canceled; 
:: deftheorem   SFMASTR3:def 2 : 
canceled; 
:: deftheorem   SFMASTR3:def 3 : 
canceled; 
:: deftheorem   SFMASTR3:def 4 : 
canceled; 
:: deftheorem   SFMASTR3:def 5 : 
canceled; 
:: deftheorem    defines StepForUp SFMASTR3:def 6 : 
for 
a, 
b, 
c being   
Int-Location  for 
I being  
Program of 
SCM+FSA  for 
s being  
State of 
SCM+FSA  holds   
StepForUp a,
b,
c,
I,
s =  StepWhile>0 (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),
((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))),
((s +* (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(((s . c) - (s . b)) + 1)) +* a,(s . b));
theorem Th16: :: SFMASTR3:16
theorem Th17: :: SFMASTR3:17
theorem Th18: :: SFMASTR3:18
theorem Th19: :: SFMASTR3:19
theorem Th20: :: SFMASTR3:20
theorem Th21: :: SFMASTR3:21
theorem Th22: :: SFMASTR3:22
definition
let a, 
b, 
c be    
Int-Location ;
let I be   
Program of 
SCM+FSA ;
let s be   
State of 
SCM+FSA ;
pred  ProperForUpBody a,
b,
c,
I,
s means :
Def7: 
:: SFMASTR3:def 7
for 
i being   
Element of  
NAT   st 
i < ((s . c) - (s . b)) + 1 holds 
( 
I is_closed_on (StepForUp a,b,c,I,s) . i & 
I is_halting_on (StepForUp a,b,c,I,s) . i );
 
end;
 
:: deftheorem Def7   defines ProperForUpBody SFMASTR3:def 7 : 
for 
a, 
b, 
c being   
Int-Location  for 
I being  
Program of 
SCM+FSA  for 
s being  
State of 
SCM+FSA  holds 
 (  
ProperForUpBody a,
b,
c,
I,
s iff for 
i being   
Element of  
NAT   st 
i < ((s . c) - (s . b)) + 1 holds 
( 
I is_closed_on (StepForUp a,b,c,I,s) . i & 
I is_halting_on (StepForUp a,b,c,I,s) . i ) );
theorem Th23: :: SFMASTR3:23
theorem Th24: :: SFMASTR3:24
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
bb, 
cc being   
Int-Location  for 
Ig being 
good Program of 
SCM+FSA  for 
k being   
Element of  
NAT   st 
((StepForUp a,bb,cc,Ig,s) . k) . (intloc 0 ) = 1 & 
Ig is_closed_on (StepForUp a,bb,cc,Ig,s) . k & 
Ig is_halting_on (StepForUp a,bb,cc,Ig,s) . k holds 
((StepForUp a,bb,cc,Ig,s) . (k + 1)) . (intloc 0 ) = 1
theorem Th25: :: SFMASTR3:25
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
bb, 
cc being   
Int-Location  for 
Ig being 
good Program of 
SCM+FSA   st 
s . (intloc 0 ) = 1 &  
ProperForUpBody a,
bb,
cc,
Ig,
s holds 
for 
k being   
Element of  
NAT   st 
k <= ((s . cc) - (s . bb)) + 1 holds 
( 
((StepForUp a,bb,cc,Ig,s) . k) . (intloc 0 ) = 1 & ( 
Ig does_not_destroy a implies ( 
((StepForUp a,bb,cc,Ig,s) . k) . a = k + (s . bb) & 
((StepForUp a,bb,cc,Ig,s) . k) . a <= (s . cc) + 1 ) ) & 
(((StepForUp a,bb,cc,Ig,s) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc Ig)))) + k = ((s . cc) - (s . bb)) + 1 )
theorem Th26: :: SFMASTR3:26
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
bb, 
cc being   
Int-Location  for 
Ig being 
good Program of 
SCM+FSA   st 
s . (intloc 0 ) = 1 &  
ProperForUpBody a,
bb,
cc,
Ig,
s holds 
for 
k being   
Element of  
NAT  holds 
 ( 
((StepForUp a,bb,cc,Ig,s) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc Ig))) >  0  iff 
k < ((s . cc) - (s . bb)) + 1 )
theorem Th27: :: SFMASTR3:27
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
bb, 
cc being   
Int-Location  for 
Ig being 
good Program of 
SCM+FSA  for 
k being   
Element of  
NAT   st 
s . (intloc 0 ) = 1 &  
ProperForUpBody a,
bb,
cc,
Ig,
s & 
k < ((s . cc) - (s . bb)) + 1 holds 
((StepForUp a,bb,cc,Ig,s) . (k + 1)) | (({a,bb,cc} \/ (UsedIntLoc Ig)) \/ FinSeq-Locations ) = (IExec (Ig ';' (AddTo a,(intloc 0 ))),((StepForUp a,bb,cc,Ig,s) . k)) | (({a,bb,cc} \/ (UsedIntLoc Ig)) \/ FinSeq-Locations )
definition
let a, 
b, 
c be    
Int-Location ;
let I be   
Program of 
SCM+FSA ;
func  for-up a,
b,
c,
I ->   Program of 
SCM+FSA  equals :: SFMASTR3:def 8
(((((1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))) := c) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),b)) ';' (AddTo (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := b)) ';' (while>0 (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))));
coherence 
(((((1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))) := c) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),b)) ';' (AddTo (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := b)) ';' (while>0 (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 )))) is   Program of SCM+FSA 
 ;
 
end;
 
:: deftheorem    defines for-up SFMASTR3:def 8 : 
for 
a, 
b, 
c being   
Int-Location  for 
I being  
Program of 
SCM+FSA  holds   
for-up a,
b,
c,
I = (((((1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))) := c) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),b)) ';' (AddTo (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := b)) ';' (while>0 (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,b,c} \/ (UsedIntLoc I))),(intloc 0 ))));
theorem Th28: :: SFMASTR3:28
theorem Th29: :: SFMASTR3:29
theorem Th30: :: SFMASTR3:30
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
bb, 
cc being   
Int-Location  for 
I being  
Program of 
SCM+FSA   st 
s . (intloc 0 ) = 1 & 
s . bb > s . cc holds 
( ( for 
x being   
Int-Location   st 
x <> a & 
x in {bb,cc} \/ (UsedIntLoc I) holds 
(IExec (for-up a,bb,cc,I),s) . x = s . x ) & ( for 
f being   
FinSeq-Location  holds  
(IExec (for-up a,bb,cc,I),s) . f = s . f ) )
Lm1: 
now 
let s be   
State of 
SCM+FSA ; 
::  thesis:  for a being read-write  Int-Location 
 for bb, cc being   Int-Location 
 for I being good Program of SCM+FSA   st s . (intloc 0 ) = 1 & (  ProperForUpBody a,bb,cc,I,s or I is parahalting ) holds 
(  ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s &  WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s )let a be  
read-write  Int-Location ; 
::  thesis:  for bb, cc being   Int-Location 
 for I being good Program of SCM+FSA   st s . (intloc 0 ) = 1 & (  ProperForUpBody a,bb,cc,I,s or I is parahalting ) holds 
(  ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s &  WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s )let bb, 
cc be    
Int-Location ; 
::  thesis:  for I being good Program of SCM+FSA   st s . (intloc 0 ) = 1 & (  ProperForUpBody a,bb,cc,I,s or I is parahalting ) holds 
(  ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s &  WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s )set D = 
Int-Locations  \/ FinSeq-Locations ;
let I be  
good Program of 
SCM+FSA ; 
::  thesis:  ( s . (intloc 0 ) = 1 & (  ProperForUpBody a,bb,cc,I,s or I is parahalting ) implies (  ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s &  WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s ) )assume that A1: 
s . (intloc 0 ) = 1
 
and A2: 
(  
ProperForUpBody a,
bb,
cc,
I,
s or 
I is 
parahalting )
 ; 
::  thesis:  (  ProperBodyWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s &  WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s )A3: 
 
ProperForUpBody a,
bb,
cc,
I,
s
 by A2, Th23;
set aux = 1 
-stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I));
set i0 = 
(1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc;
set i1 =  
SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),
bb;
set i2 =  
AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),
(intloc 0 );
set i3 = 
a := bb;
set IB = 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ));
set s1 =  
IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),
s;
set s2 = 
(s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,
(s . bb);
A4: 
(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s) | (Int-Locations  \/ FinSeq-Locations ) = ((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb)) | (Int-Locations  \/ FinSeq-Locations )
 by A1, Th22;
set IB2 = 
(AddTo a,(intloc 0 )) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ));
set SW1 =  
StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),
((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),
(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s);
set SW2 =  
StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),
((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),
((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb));
set SF =  
StepForUp a,
bb,
cc,
I,
s;
set scb1 = 
((s . cc) - (s . bb)) + 1;
A5: 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) = I ';' ((AddTo a,(intloc 0 )) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )))
 by SCMFSA6A:70;
A6: 
 
StepForUp a,
bb,
cc,
I,
s =  StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),
((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),
((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))
 ;
A7: 
 
ProperBodyWhile>0 1 
-stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )),
(s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,
(s . bb)
 
proof 
let k be    
Element of  
NAT ; 
:: according to SCMFSA9A:def 4 ::  thesis:  ( ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  or ( (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k & (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k ) )
assume 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) >  0 
 ; 
::  thesis:  ( (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k & (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k )
then A8: 
k < ((s . cc) - (s . bb)) + 1
 
by A1, A3, A6, Th26;
then A9: 
((StepForUp a,bb,cc,I,s) . k) . (intloc 0 ) = 1
 
by A1, A3, Th25;
A10: 
I is_closed_on (StepForUp a,bb,cc,I,s) . k
 
by A3, A8, Def7;
then A11: 
I is_closed_on  Initialize ((StepForUp a,bb,cc,I,s) . k)
 
by A9, SFMASTR2:4;
I is_halting_on (StepForUp a,bb,cc,I,s) . k
 
by A3, A8, Def7;
then A12: 
I is_halting_on  Initialize ((StepForUp a,bb,cc,I,s) . k)
 
by A9, A10, SFMASTR2:5;
A13: 
(AddTo a,(intloc 0 )) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on  IExec I,
((StepForUp a,bb,cc,I,s) . k)
 
by SCMFSA7B:24;
then A14: 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on  Initialize ((StepForUp a,bb,cc,I,s) . k)
 
by A5, A11, A12, SFMASTR1:3;
hence 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k
 by A9, SFMASTR2:4; 
::  thesis:  (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k
(AddTo a,(intloc 0 )) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on  IExec I,
((StepForUp a,bb,cc,I,s) . k)
 
by SCMFSA7B:25;
then 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on  Initialize ((StepForUp a,bb,cc,I,s) . k)
 
by A5, A11, A12, A13, SFMASTR1:4;
hence 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k
 by A9, A14, SFMASTR2:5; 
::  thesis:  verum
 
end;
 
thus 
 ProperBodyWhile>0 1 
-stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), 
IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),
s
  ::  thesis:   WithVariantWhile>0 1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s
proof 
let k be    
Element of  
NAT ; 
:: according to SCMFSA9A:def 4 ::  thesis:  ( ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  or ( (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k & (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k ) )
assume A15: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) >  0 
 ; 
::  thesis:  ( (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k & (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k )
A16: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) | (Int-Locations  \/ FinSeq-Locations ) = ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) | (Int-Locations  \/ FinSeq-Locations )
 
by A4, A7, SCMFSA9A:40;
then A17: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) = ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)))
 
by SCMFSA6A:38;
then A18: 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k
 
by A7, A15, SCMFSA9A:def 4;
A19: 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k
 
by A7, A15, A17, SCMFSA9A:def 4;
thus 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_closed_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k
 by A16, A18, SCMFSA8B:6; 
::  thesis:  (I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k
thus 
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )) is_halting_on (StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k
 by A16, A18, A19, SCMFSA8B:8; 
::  thesis:  verum
 
end;
 
deffunc H1(   
Element of  
product the 
Object-Kind of 
SCM+FSA ) 
->    Element of  
NAT  =  
abs ($1 . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))));
consider f being   
Function of  
product the 
Object-Kind of 
SCM+FSA , 
NAT  such that A20: 
for 
x being   
Element of  
product the 
Object-Kind of 
SCM+FSA  holds  
f . x = H1(
x)
 
from FUNCT_2:sch 4();
A21: 
for 
k being   
Element of  
NAT   holds 
( 
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) or 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  )
 
proof 
let k be    
Element of  
NAT ; 
::  thesis:  ( f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) or ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  )
A22: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) | (Int-Locations  \/ FinSeq-Locations ) = ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) | (Int-Locations  \/ FinSeq-Locations )
 
by A4, A7, SCMFSA9A:40;
then A23: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) = ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)))
 
by SCMFSA6A:38;
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . (k + 1)) | (Int-Locations  \/ FinSeq-Locations ) = ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) | (Int-Locations  \/ FinSeq-Locations )
 
by A4, A7, SCMFSA9A:40;
then A24: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) = ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)))
 
by SCMFSA6A:38;
now 
assume A25: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) >  0 
 ; 
::  thesis:  f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k)A26: 
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) = 
 
abs (((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))))
by A20
.= 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)))
by A23, A25, ABSVALUE:def 1
;
k < ((s . cc) - (s . bb)) + 1
 
by A1, A3, A6, A23, A25, Th26;
then A27: 
(((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)))) + k = ((s . cc) - (s . bb)) + 1
 
by A1, A3, A6, Th25;
A28: 
k < ((s . cc) - (s . bb)) + 1
 
by A1, A3, A6, A23, A25, Th26;
then reconsider scb1 = 
((s . cc) - (s . bb)) + 1 as    
Element of  
NAT  by INT_1:16;
A29: 
k + 1 
<= scb1
 by A28, NAT_1:13;
then A30: 
(((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)))) + (k + 1) = ((s . cc) - (s . bb)) + 1
 
by A1, A3, A6, Th25;
per cases 
( ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) >  0  or ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  )
 ;
suppose A31: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) >  0 
 ; 
::  thesis:  f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k)
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) = 
 
abs (((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))))
by A20
.= 
(scb1 - k) - 1
by A24, A30, A31, ABSVALUE:def 1
;
hence 
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k)
 by A26, A27, XREAL_1:148; 
::  thesis:  verum
 
end;
 
suppose A32: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0 
 ; 
::  thesis:  f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k)
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),((s +* (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(((s . cc) - (s . bb)) + 1)) +* a,(s . bb))) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) = scb1 - (k + 1)
 by A30;
then A33: 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) =  0 
 by A24, A29, A32, XREAL_1:50;
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) = 
 
abs (((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))))
by A20
.= 
 
0 
by A33, ABSVALUE:def 1
;
hence 
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k)
 by A22, A25, A26, SCMFSA6A:38; 
::  thesis:  verum
 
end;
 
 
end;
 
 
end;
 
hence 
( 
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (k + 1)) < f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) or 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . k) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  )
 ; 
::  thesis:  verum
 
end;
 
thus 
 WithVariantWhile>0 1 
-stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I)),
(I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 )), 
IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),
s
  ::  thesis:  verum
proof 
take 
f
; 
:: according to SCMFSA9A:def 5 ::  thesis:  for b1 being   Element of  NAT   holds 
(  not f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . b1) <= f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (b1 + 1)) or ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . b1) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  )
thus 
for 
b1 being   
Element of  
NAT   holds 
(  not 
f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . b1) <= f . ((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . (b1 + 1)) or 
((StepWhile>0 (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),((I ';' (AddTo a,(intloc 0 ))) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))),(IExec (((((1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) := cc) ';' (SubFrom (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),bb)) ';' (AddTo (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))),(intloc 0 ))) ';' (a := bb)),s)) . b1) . (1 -stRWNotIn ({a,bb,cc} \/ (UsedIntLoc I))) <=  0  )
 
by A21; 
::  thesis:  verum
 
end;
 
 
end;
 
theorem Th31: :: SFMASTR3:31
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
cc, 
bb being   
Int-Location  for 
Ig being 
good Program of 
SCM+FSA  for 
k being   
Element of  
NAT   st 
s . (intloc 0 ) = 1 & 
k = ((s . cc) - (s . bb)) + 1 & (  
ProperForUpBody a,
bb,
cc,
Ig,
s or 
Ig is 
parahalting ) holds 
(IExec (for-up a,bb,cc,Ig),s) | (Int-Locations  \/ FinSeq-Locations ) = ((StepForUp a,bb,cc,Ig,s) . k) | (Int-Locations  \/ FinSeq-Locations )
theorem Th32: :: SFMASTR3:32
for 
s being  
State of 
SCM+FSA  for 
a being 
read-write  Int-Location  for 
bb, 
cc being   
Int-Location  for 
Ig being 
good Program of 
SCM+FSA   st 
s . (intloc 0 ) = 1 & (  
ProperForUpBody a,
bb,
cc,
Ig,
s or 
Ig is 
parahalting ) holds 
(  
for-up a,
bb,
cc,
Ig is_closed_on s &  
for-up a,
bb,
cc,
Ig is_halting_on s )
definition
let start, 
finish, 
minpos be    
Int-Location ;
let f be    
FinSeq-Location ;
func  FinSeqMin f,
start,
finish,
minpos ->   Program of 
SCM+FSA  equals :: SFMASTR3:def 9
(minpos := start) ';' (for-up (3 -rdRWNotIn {start,finish,minpos}),start,finish,((((1 -stRWNotIn {start,finish,minpos}) := f,(3 -rdRWNotIn {start,finish,minpos})) ';' ((2 -ndRWNotIn {start,finish,minpos}) := f,minpos)) ';' (if>0 (2 -ndRWNotIn {start,finish,minpos}),(1 -stRWNotIn {start,finish,minpos}),(Macro (minpos := (3 -rdRWNotIn {start,finish,minpos}))),(Stop SCM+FSA ))));
coherence 
(minpos := start) ';' (for-up (3 -rdRWNotIn {start,finish,minpos}),start,finish,((((1 -stRWNotIn {start,finish,minpos}) := f,(3 -rdRWNotIn {start,finish,minpos})) ';' ((2 -ndRWNotIn {start,finish,minpos}) := f,minpos)) ';' (if>0 (2 -ndRWNotIn {start,finish,minpos}),(1 -stRWNotIn {start,finish,minpos}),(Macro (minpos := (3 -rdRWNotIn {start,finish,minpos}))),(Stop SCM+FSA )))) is   Program of SCM+FSA 
 ;
 
end;
 
:: deftheorem    defines FinSeqMin SFMASTR3:def 9 : 
for 
start, 
finish, 
minpos being   
Int-Location  for 
f being   
FinSeq-Location  holds   
FinSeqMin f,
start,
finish,
minpos = (minpos := start) ';' (for-up (3 -rdRWNotIn {start,finish,minpos}),start,finish,((((1 -stRWNotIn {start,finish,minpos}) := f,(3 -rdRWNotIn {start,finish,minpos})) ';' ((2 -ndRWNotIn {start,finish,minpos}) := f,minpos)) ';' (if>0 (2 -ndRWNotIn {start,finish,minpos}),(1 -stRWNotIn {start,finish,minpos}),(Macro (minpos := (3 -rdRWNotIn {start,finish,minpos}))),(Stop SCM+FSA ))));
theorem Th33: :: SFMASTR3:33
theorem Th34: :: SFMASTR3:34
theorem Th35: :: SFMASTR3:35
theorem Th36: :: SFMASTR3:36
for 
s being  
State of 
SCM+FSA  for 
c being 
read-write  Int-Location  for 
aa, 
bb being   
Int-Location  for 
f being   
FinSeq-Location   st 
aa <> c & 
bb <> c & 
s . (intloc 0 ) = 1 holds 
( 
(IExec (FinSeqMin f,aa,bb,c),s) . f = s . f & 
(IExec (FinSeqMin f,aa,bb,c),s) . aa = s . aa & 
(IExec (FinSeqMin f,aa,bb,c),s) . bb = s . bb )
theorem Th37: :: SFMASTR3:37
definition
let f be    
FinSeq-Location ;
let a, 
b be    
Int-Location ;
func  swap f,
a,
b ->   Program of 
SCM+FSA  equals :: SFMASTR3:def 10
((((1 -stRWNotIn {a,b}) := f,a) ';' ((2 -ndRWNotIn {a,b}) := f,b)) ';' (f,a := (2 -ndRWNotIn {a,b}))) ';' (f,b := (1 -stRWNotIn {a,b}));
coherence 
((((1 -stRWNotIn {a,b}) := f,a) ';' ((2 -ndRWNotIn {a,b}) := f,b)) ';' (f,a := (2 -ndRWNotIn {a,b}))) ';' (f,b := (1 -stRWNotIn {a,b})) is   Program of SCM+FSA 
 ;
 
end;
 
:: deftheorem    defines swap SFMASTR3:def 10 : 
for 
f being   
FinSeq-Location  for 
a, 
b being   
Int-Location  holds   
swap f,
a,
b = ((((1 -stRWNotIn {a,b}) := f,a) ';' ((2 -ndRWNotIn {a,b}) := f,b)) ';' (f,a := (2 -ndRWNotIn {a,b}))) ';' (f,b := (1 -stRWNotIn {a,b}));
theorem Th38: :: SFMASTR3:38
theorem Th39: :: SFMASTR3:39
theorem :: SFMASTR3:40
theorem Th41: :: SFMASTR3:41
theorem :: SFMASTR3:42
definition
let f be    
FinSeq-Location ;
func  Selection-sort f ->   Program of 
SCM+FSA  equals :: SFMASTR3:def 11
((1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))) :=len f) ';' (for-up (1 -stRWNotIn ({} Int-Locations )),(intloc 0 ),(1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))),((FinSeqMin f,(1 -stRWNotIn ({} Int-Locations )),(1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))),(2 -ndRWNotIn ({} Int-Locations ))) ';' (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))));
coherence 
((1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))) :=len f) ';' (for-up (1 -stRWNotIn ({} Int-Locations )),(intloc 0 ),(1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))),((FinSeqMin f,(1 -stRWNotIn ({} Int-Locations )),(1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))),(2 -ndRWNotIn ({} Int-Locations ))) ';' (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations ))))) is   Program of SCM+FSA 
 ;
 
end;
 
:: deftheorem    defines Selection-sort SFMASTR3:def 11 : 
for 
f being   
FinSeq-Location  holds   
Selection-sort f = ((1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))) :=len f) ';' (for-up (1 -stRWNotIn ({} Int-Locations )),(intloc 0 ),(1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))),((FinSeqMin f,(1 -stRWNotIn ({} Int-Locations )),(1 -stNotUsed (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))),(2 -ndRWNotIn ({} Int-Locations ))) ';' (swap f,(1 -stRWNotIn ({} Int-Locations )),(2 -ndRWNotIn ({} Int-Locations )))));
theorem :: SFMASTR3:43