:: SCMFSA9A semantic presentation begin theorem Th1: :: SCMFSA9A:1 for l being Element of NAT for i being Instruction of SCM+FSA holds UsedIntLoc (l .--> i) = UsedIntLoc i proof let l be Element of NAT ; ::_thesis: for i being Instruction of SCM+FSA holds UsedIntLoc (l .--> i) = UsedIntLoc i let i be Instruction of SCM+FSA; ::_thesis: UsedIntLoc (l .--> i) = UsedIntLoc i set p = l .--> i; consider UIL being Function of the InstructionsF of SCM+FSA,(Fin Int-Locations) such that A1: for i being Instruction of SCM+FSA holds UIL . i = UsedIntLoc i and A2: UsedIntLoc (l .--> i) = Union (UIL * (l .--> i)) by SF_MASTR:def_2; A3: dom UIL = the InstructionsF of SCM+FSA by FUNCT_2:def_1; thus UsedIntLoc (l .--> i) = union (rng (UIL * ({l} --> i))) by A2, CARD_3:def_4 .= union (rng ({l} --> (UIL . i))) by A3, FUNCOP_1:17 .= union {(UIL . i)} by FUNCOP_1:8 .= union {(UsedIntLoc i)} by A1 .= UsedIntLoc i by ZFMISC_1:25 ; ::_thesis: verum end; theorem Th2: :: SCMFSA9A:2 for l being Element of NAT for i being Instruction of SCM+FSA holds UsedInt*Loc (l .--> i) = UsedInt*Loc i proof let l be Element of NAT ; ::_thesis: for i being Instruction of SCM+FSA holds UsedInt*Loc (l .--> i) = UsedInt*Loc i let i be Instruction of SCM+FSA; ::_thesis: UsedInt*Loc (l .--> i) = UsedInt*Loc i set p = l .--> i; consider UIL being Function of the InstructionsF of SCM+FSA,(Fin FinSeq-Locations) such that A1: for i being Instruction of SCM+FSA holds UIL . i = UsedInt*Loc i and A2: UsedInt*Loc (l .--> i) = Union (UIL * (l .--> i)) by SF_MASTR:def_4; A3: dom UIL = the InstructionsF of SCM+FSA by FUNCT_2:def_1; thus UsedInt*Loc (l .--> i) = union (rng (UIL * ({l} --> i))) by A2, CARD_3:def_4 .= union (rng ({l} --> (UIL . i))) by A3, FUNCOP_1:17 .= union {(UIL . i)} by FUNCOP_1:8 .= union {(UsedInt*Loc i)} by A1 .= UsedInt*Loc i by ZFMISC_1:25 ; ::_thesis: verum end; theorem Th3: :: SCMFSA9A:3 UsedIntLoc (Stop SCM+FSA) = {} by Th1, SF_MASTR:13; theorem Th4: :: SCMFSA9A:4 UsedInt*Loc (Stop SCM+FSA) = {} proof thus UsedInt*Loc (Stop SCM+FSA) = UsedInt*Loc (halt SCM+FSA) by Th2 .= {} by SF_MASTR:32 ; ::_thesis: verum end; theorem Th5: :: SCMFSA9A:5 for l being Element of NAT holds UsedIntLoc (Goto l) = {} proof let l be Element of NAT ; ::_thesis: UsedIntLoc (Goto l) = {} Goto l = 0 .--> (goto l) by SCMFSA8A:def_1; hence UsedIntLoc (Goto l) = UsedIntLoc (goto l) by Th1 .= {} by SF_MASTR:15 ; ::_thesis: verum end; theorem Th6: :: SCMFSA9A:6 for l being Element of NAT holds UsedInt*Loc (Goto l) = {} proof let l be Element of NAT ; ::_thesis: UsedInt*Loc (Goto l) = {} Goto l = 0 .--> (goto l) by SCMFSA8A:def_1; hence UsedInt*Loc (Goto l) = UsedInt*Loc (goto l) by Th2 .= {} by SF_MASTR:32 ; ::_thesis: verum end; set D = Int-Locations \/ FinSeq-Locations; set SAt = Start-At (0,SCM+FSA); theorem Th7: :: SCMFSA9A:7 for b being Int-Location for I, J being Program of SCM+FSA holds UsedIntLoc (if=0 (b,I,J)) = ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) proof let b be Int-Location; ::_thesis: for I, J being Program of SCM+FSA holds UsedIntLoc (if=0 (b,I,J)) = ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) let I, J be Program of SCM+FSA; ::_thesis: UsedIntLoc (if=0 (b,I,J)) = ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) set I5 = Stop SCM+FSA; set a = b; set I1 = b =0_goto ((card J) + 3); set I3 = Goto ((card I) + 1); thus UsedIntLoc (if=0 (b,I,J)) = UsedIntLoc (((((b =0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I) ";" (Stop SCM+FSA)) by SCMFSA8B:def_1 .= (UsedIntLoc ((((b =0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I)) \/ {} by Th3, SF_MASTR:27 .= (UsedIntLoc (((b =0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1)))) \/ (UsedIntLoc I) by SF_MASTR:27 .= ((UsedIntLoc ((b =0_goto ((card J) + 3)) ";" J)) \/ (UsedIntLoc (Goto ((card I) + 1)))) \/ (UsedIntLoc I) by SF_MASTR:27 .= ((UsedIntLoc ((b =0_goto ((card J) + 3)) ";" J)) \/ {}) \/ (UsedIntLoc I) by Th5 .= ((UsedIntLoc (b =0_goto ((card J) + 3))) \/ (UsedIntLoc J)) \/ (UsedIntLoc I) by SF_MASTR:29 .= ({b} \/ (UsedIntLoc J)) \/ (UsedIntLoc I) by SF_MASTR:16 .= ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) by XBOOLE_1:4 ; ::_thesis: verum end; theorem Th8: :: SCMFSA9A:8 for I, J being Program of SCM+FSA for a being Int-Location holds UsedInt*Loc (if=0 (a,I,J)) = (UsedInt*Loc I) \/ (UsedInt*Loc J) proof let I, J be Program of SCM+FSA; ::_thesis: for a being Int-Location holds UsedInt*Loc (if=0 (a,I,J)) = (UsedInt*Loc I) \/ (UsedInt*Loc J) set I5 = Stop SCM+FSA; let a be Int-Location; ::_thesis: UsedInt*Loc (if=0 (a,I,J)) = (UsedInt*Loc I) \/ (UsedInt*Loc J) set I1 = a =0_goto ((card J) + 3); set I3 = Goto ((card I) + 1); thus UsedInt*Loc (if=0 (a,I,J)) = UsedInt*Loc (((((a =0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I) ";" (Stop SCM+FSA)) by SCMFSA8B:def_1 .= (UsedInt*Loc ((((a =0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I)) \/ {} by Th4, SF_MASTR:43 .= (UsedInt*Loc (((a =0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1)))) \/ (UsedInt*Loc I) by SF_MASTR:43 .= ((UsedInt*Loc ((a =0_goto ((card J) + 3)) ";" J)) \/ (UsedInt*Loc (Goto ((card I) + 1)))) \/ (UsedInt*Loc I) by SF_MASTR:43 .= ((UsedInt*Loc ((a =0_goto ((card J) + 3)) ";" J)) \/ {}) \/ (UsedInt*Loc I) by Th6 .= ((UsedInt*Loc (a =0_goto ((card J) + 3))) \/ (UsedInt*Loc J)) \/ (UsedInt*Loc I) by SF_MASTR:45 .= ({} \/ (UsedInt*Loc J)) \/ (UsedInt*Loc I) by SF_MASTR:32 .= (UsedInt*Loc I) \/ (UsedInt*Loc J) ; ::_thesis: verum end; theorem Th9: :: SCMFSA9A:9 for b being Int-Location for I, J being Program of SCM+FSA holds UsedIntLoc (if>0 (b,I,J)) = ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) proof let b be Int-Location; ::_thesis: for I, J being Program of SCM+FSA holds UsedIntLoc (if>0 (b,I,J)) = ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) let I, J be Program of SCM+FSA; ::_thesis: UsedIntLoc (if>0 (b,I,J)) = ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) set I5 = Stop SCM+FSA; set a = b; set I1 = b >0_goto ((card J) + 3); set I3 = Goto ((card I) + 1); thus UsedIntLoc (if>0 (b,I,J)) = UsedIntLoc (((((b >0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I) ";" (Stop SCM+FSA)) by SCMFSA8B:def_2 .= (UsedIntLoc ((((b >0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I)) \/ {} by Th3, SF_MASTR:27 .= (UsedIntLoc (((b >0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1)))) \/ (UsedIntLoc I) by SF_MASTR:27 .= ((UsedIntLoc ((b >0_goto ((card J) + 3)) ";" J)) \/ (UsedIntLoc (Goto ((card I) + 1)))) \/ (UsedIntLoc I) by SF_MASTR:27 .= ((UsedIntLoc ((b >0_goto ((card J) + 3)) ";" J)) \/ {}) \/ (UsedIntLoc I) by Th5 .= ((UsedIntLoc (b >0_goto ((card J) + 3))) \/ (UsedIntLoc J)) \/ (UsedIntLoc I) by SF_MASTR:29 .= ({b} \/ (UsedIntLoc J)) \/ (UsedIntLoc I) by SF_MASTR:16 .= ({b} \/ (UsedIntLoc I)) \/ (UsedIntLoc J) by XBOOLE_1:4 ; ::_thesis: verum end; theorem Th10: :: SCMFSA9A:10 for b being Int-Location for I, J being Program of SCM+FSA holds UsedInt*Loc (if>0 (b,I,J)) = (UsedInt*Loc I) \/ (UsedInt*Loc J) proof let b be Int-Location; ::_thesis: for I, J being Program of SCM+FSA holds UsedInt*Loc (if>0 (b,I,J)) = (UsedInt*Loc I) \/ (UsedInt*Loc J) let I, J be Program of SCM+FSA; ::_thesis: UsedInt*Loc (if>0 (b,I,J)) = (UsedInt*Loc I) \/ (UsedInt*Loc J) set I5 = Stop SCM+FSA; set a = b; set I1 = b >0_goto ((card J) + 3); set I3 = Goto ((card I) + 1); thus UsedInt*Loc (if>0 (b,I,J)) = UsedInt*Loc (((((b >0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I) ";" (Stop SCM+FSA)) by SCMFSA8B:def_2 .= (UsedInt*Loc ((((b >0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1))) ";" I)) \/ {} by Th4, SF_MASTR:43 .= (UsedInt*Loc (((b >0_goto ((card J) + 3)) ";" J) ";" (Goto ((card I) + 1)))) \/ (UsedInt*Loc I) by SF_MASTR:43 .= ((UsedInt*Loc ((b >0_goto ((card J) + 3)) ";" J)) \/ (UsedInt*Loc (Goto ((card I) + 1)))) \/ (UsedInt*Loc I) by SF_MASTR:43 .= ((UsedInt*Loc ((b >0_goto ((card J) + 3)) ";" J)) \/ {}) \/ (UsedInt*Loc I) by Th6 .= ((UsedInt*Loc (b >0_goto ((card J) + 3))) \/ (UsedInt*Loc J)) \/ (UsedInt*Loc I) by SF_MASTR:45 .= ({} \/ (UsedInt*Loc J)) \/ (UsedInt*Loc I) by SF_MASTR:32 .= (UsedInt*Loc I) \/ (UsedInt*Loc J) ; ::_thesis: verum end; begin Lm1: for a being Int-Location for I being Program of SCM+FSA holds ( (card I) + 4 in dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) & (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) ) proof set J = Stop SCM+FSA; set G = Goto 0; let a be Int-Location; ::_thesis: for I being Program of SCM+FSA holds ( (card I) + 4 in dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) & (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) ) let I be Program of SCM+FSA; ::_thesis: ( (card I) + 4 in dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) & (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) ) set I1 = I ";" (Goto 0); set i = a =0_goto ((card (Stop SCM+FSA)) + 3); set c4 = (card I) + 4; set Lc4 = (card I) + 4; set Mi = (((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I; A1: card (Stop SCM+FSA) = 1 by COMPOS_1:4; A2: card ((Goto 0) ";" (Stop SCM+FSA)) = (card (Goto 0)) + (card (Stop SCM+FSA)) by SCMFSA6A:21 .= 1 + 1 by A1, SCMFSA8A:15 .= 2 ; A3: if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)) = ((((a =0_goto ((card (Stop SCM+FSA)) + 3)) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" (I ";" (Goto 0))) ";" (Stop SCM+FSA) by SCMFSA8B:def_1 .= (((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) ";" (Goto 0)) ";" (Stop SCM+FSA) by SCMFSA6A:25 .= ((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) ";" ((Goto 0) ";" (Stop SCM+FSA)) by SCMFSA6A:25 ; then card (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = (card ((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I)) + (card ((Goto 0) ";" (Stop SCM+FSA))) by SCMFSA6A:21; then A4: card ((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) = (card (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) - (card ((Goto 0) ";" (Stop SCM+FSA))) .= ((card I) + 6) - 2 by A2, SCMFSA_9:1 .= (card I) + 4 ; then A5: not (card I) + 4 in dom ((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) ; set GJ = (Goto 0) ";" (Stop SCM+FSA); A6: Goto 0 = 0 .--> (goto 0) by SCMFSA8A:def_1; then A7: (Goto 0) . 0 = goto 0 by FUNCOP_1:72; dom (Goto 0) = {0} by A6, FUNCOP_1:13; then A8: 0 in dom (Goto 0) by TARSKI:def_1; A9: dom (Goto 0) c= dom ((Goto 0) ";" (Stop SCM+FSA)) by SCMFSA6A:17; then 0 + ((card I) + 4) in { (il + ((card I) + 4)) where il is Element of NAT : il in dom ((Goto 0) ";" (Stop SCM+FSA)) } by A8; then A10: (card I) + 4 in dom (Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) by VALUED_1:def_12; then A11: (Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) /. ((card I) + 4) = (Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) . (0 + ((card I) + 4)) by PARTFUN1:def_6 .= ((Goto 0) ";" (Stop SCM+FSA)) . 0 by A8, A9, VALUED_1:def_12 .= goto 0 by A8, A7, SCMFSA6A:15 ; A12: card (Stop SCM+FSA) = 1 by COMPOS_1:4; card (I ";" (Goto 0)) = (card I) + (card (Goto 0)) by SCMFSA6A:21 .= (card I) + 1 by SCMFSA8A:15 ; then ((card (I ";" (Goto 0))) + (card (Stop SCM+FSA))) + 3 = ((card I) + 4) + 1 by A12; then (card I) + 4 < ((card (I ";" (Goto 0))) + (card (Stop SCM+FSA))) + 3 by NAT_1:13; hence A13: (card I) + 4 in dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by SCMFSA8C:27; ::_thesis: (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) A14: Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4)) = IncAddr ((Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))),((card I) + 4)) by COMPOS_1:34; A15: dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = (dom (Directed ((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I))) \/ (dom (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4)))) by A3, A4, FUNCT_4:def_1; then dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = (dom ((((Macro (a =0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I)) \/ (dom (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4)))) by FUNCT_4:99; then (card I) + 4 in dom (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) by A13, A5, XBOOLE_0:def_3; hence (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) . ((card I) + 4) by A13, A3, A4, A15, FUNCT_4:def_1 .= IncAddr ((goto 0),((card I) + 4)) by A10, A11, A14, COMPOS_1:def_21 .= goto (0 + ((card I) + 4)) by SCMFSA_4:1 ; ::_thesis: verum end; Lm2: for a being Int-Location for I being Program of SCM+FSA holds UsedIntLoc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) proof let a be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedIntLoc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) let I be Program of SCM+FSA; ::_thesis: UsedIntLoc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) set Lc4 = (card I) + 4; set if0 = if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)); set ic4 = ((card I) + 4) .--> (goto 0); consider UIL1 being Function of the InstructionsF of SCM+FSA,(Fin Int-Locations) such that A1: for i being Instruction of SCM+FSA holds UIL1 . i = UsedIntLoc i and A2: UsedIntLoc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = Union (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) by SF_MASTR:def_2; A3: dom UIL1 = the InstructionsF of SCM+FSA by FUNCT_2:def_1; A4: now__::_thesis:_(_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_&_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_((if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_&_(_for_x_being_set_st_x_in_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_holds_ (UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_._x_=_(UIL1_*_((if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_._x_)_) thus dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: ( dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) & ( for x being set st x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 ) ) A5: rng ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) c= dom UIL1 by A3, RELAT_1:def_19; A6: dom (((card I) + 4) .--> (goto 0)) = {((card I) + 4)} by FUNCOP_1:13; then A7: (card I) + 4 in dom (((card I) + 4) .--> (goto 0)) by TARSKI:def_1; (card I) + 4 in dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm1; then ( dom ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = (dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) \/ (dom (((card I) + 4) .--> (goto 0))) & dom (((card I) + 4) .--> (goto 0)) c= dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) ) by A6, FUNCT_4:def_1, ZFMISC_1:31; then A8: dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = dom ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by XBOOLE_1:12; rng (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) c= dom UIL1 by A3, RELAT_1:def_19; hence A9: dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by RELAT_1:27 .= dom (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by A5, A8, RELAT_1:27 ; ::_thesis: for x being set st x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 let x be set ; ::_thesis: ( x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) implies (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 ) assume A10: x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 percases ( x <> (card I) + 4 or x = (card I) + 4 ) ; suppose x <> (card I) + 4 ; ::_thesis: (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 then A11: not x in dom (((card I) + 4) .--> (goto 0)) by A6, TARSKI:def_1; thus (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A11, FUNCT_4:11 .= (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; supposeA12: x = (card I) + 4 ; ::_thesis: (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 thus (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (goto (0 + ((card I) + 4))) by A12, Lm1 .= UsedIntLoc (goto (0 + ((card I) + 4))) by A1 .= {} by SF_MASTR:15 .= UsedIntLoc (goto 0) by SF_MASTR:15 .= UIL1 . (goto 0) by A1 .= UIL1 . ((((card I) + 4) .--> (goto 0)) . x) by A12, FUNCOP_1:72 .= UIL1 . (((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A7, A12, FUNCT_4:13 .= (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; end; end; consider UIL2 being Function of the InstructionsF of SCM+FSA,(Fin Int-Locations) such that A13: for i being Instruction of SCM+FSA holds UIL2 . i = UsedIntLoc i and A14: UsedIntLoc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = Union (UIL2 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by SF_MASTR:def_2; for c being Element of the InstructionsF of SCM+FSA holds UIL1 . c = UIL2 . c proof let c be Element of the InstructionsF of SCM+FSA; ::_thesis: UIL1 . c = UIL2 . c reconsider d = c as Instruction of SCM+FSA ; thus UIL1 . c = UsedIntLoc d by A1 .= UIL2 . c by A13 ; ::_thesis: verum end; then UIL1 = UIL2 by FUNCT_2:63; hence UsedIntLoc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by A2, A14, A4, FUNCT_1:2; ::_thesis: verum end; Lm3: for a being Int-Location for I being Program of SCM+FSA holds UsedInt*Loc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) proof let a be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedInt*Loc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) let I be Program of SCM+FSA; ::_thesis: UsedInt*Loc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) set Lc4 = (card I) + 4; set if0 = if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)); set ic4 = ((card I) + 4) .--> (goto 0); consider UIL1 being Function of the InstructionsF of SCM+FSA,(Fin FinSeq-Locations) such that A1: for i being Instruction of SCM+FSA holds UIL1 . i = UsedInt*Loc i and A2: UsedInt*Loc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = Union (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) by SF_MASTR:def_4; A3: dom UIL1 = the InstructionsF of SCM+FSA by FUNCT_2:def_1; A4: now__::_thesis:_(_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_&_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_((if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_&_(_for_x_being_set_st_x_in_dom_(UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_holds_ (UIL1_*_(if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_._x_=_(UIL1_*_((if=0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_._x_)_) thus dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: ( dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) & ( for x being set st x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 ) ) A5: rng ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) c= dom UIL1 by A3, RELAT_1:def_19; A6: dom (((card I) + 4) .--> (goto 0)) = {((card I) + 4)} by FUNCOP_1:13; then A7: (card I) + 4 in dom (((card I) + 4) .--> (goto 0)) by TARSKI:def_1; (card I) + 4 in dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm1; then ( dom ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = (dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) \/ (dom (((card I) + 4) .--> (goto 0))) & dom (((card I) + 4) .--> (goto 0)) c= dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) ) by A6, FUNCT_4:def_1, ZFMISC_1:31; then A8: dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = dom ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by XBOOLE_1:12; rng (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) c= dom UIL1 by A3, RELAT_1:def_19; hence A9: dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by RELAT_1:27 .= dom (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by A5, A8, RELAT_1:27 ; ::_thesis: for x being set st x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 let x be set ; ::_thesis: ( x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) implies (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 ) assume A10: x in dom (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 percases ( x <> (card I) + 4 or x = (card I) + 4 ) ; suppose x <> (card I) + 4 ; ::_thesis: (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 then A11: not x in dom (((card I) + 4) .--> (goto 0)) by A6, TARSKI:def_1; thus (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A11, FUNCT_4:11 .= (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; supposeA12: x = (card I) + 4 ; ::_thesis: (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 thus (UIL1 * (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (goto (0 + ((card I) + 4))) by A12, Lm1 .= UsedInt*Loc (goto (0 + ((card I) + 4))) by A1 .= {} by SF_MASTR:32 .= UsedInt*Loc (goto 0) by SF_MASTR:32 .= UIL1 . (goto 0) by A1 .= UIL1 . ((((card I) + 4) .--> (goto 0)) . x) by A12, FUNCOP_1:72 .= UIL1 . (((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A7, A12, FUNCT_4:13 .= (UIL1 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; end; end; consider UIL2 being Function of the InstructionsF of SCM+FSA,(Fin FinSeq-Locations) such that A13: for i being Instruction of SCM+FSA holds UIL2 . i = UsedInt*Loc i and A14: UsedInt*Loc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = Union (UIL2 * ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by SF_MASTR:def_4; for c being Element of the InstructionsF of SCM+FSA holds UIL1 . c = UIL2 . c proof let c be Element of the InstructionsF of SCM+FSA; ::_thesis: UIL1 . c = UIL2 . c reconsider d = c as Instruction of SCM+FSA ; thus UIL1 . c = UsedInt*Loc d by A1 .= UIL2 . c by A13 ; ::_thesis: verum end; then UIL1 = UIL2 by FUNCT_2:63; hence UsedInt*Loc (if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if=0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by A2, A14, A4, FUNCT_1:2; ::_thesis: verum end; theorem :: SCMFSA9A:11 for b being Int-Location for I being Program of SCM+FSA holds UsedIntLoc (while=0 (b,I)) = {b} \/ (UsedIntLoc I) proof let b be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedIntLoc (while=0 (b,I)) = {b} \/ (UsedIntLoc I) let I be Program of SCM+FSA; ::_thesis: UsedIntLoc (while=0 (b,I)) = {b} \/ (UsedIntLoc I) set J = Stop SCM+FSA; set a = b; set IG = I ";" (Goto 0); while=0 (b,I) = (if=0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)) by SCMFSA_9:def_1; hence UsedIntLoc (while=0 (b,I)) = UsedIntLoc (if=0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm2 .= ({b} \/ (UsedIntLoc (I ";" (Goto 0)))) \/ (UsedIntLoc (Stop SCM+FSA)) by Th7 .= ({b} \/ ((UsedIntLoc I) \/ (UsedIntLoc (Goto 0)))) \/ (UsedIntLoc (Stop SCM+FSA)) by SF_MASTR:27 .= ({b} \/ ((UsedIntLoc I) \/ {})) \/ (UsedIntLoc (Stop SCM+FSA)) by Th5 .= {b} \/ (UsedIntLoc I) by Th3 ; ::_thesis: verum end; theorem :: SCMFSA9A:12 for b being Int-Location for I being Program of SCM+FSA holds UsedInt*Loc (while=0 (b,I)) = UsedInt*Loc I proof let b be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedInt*Loc (while=0 (b,I)) = UsedInt*Loc I let I be Program of SCM+FSA; ::_thesis: UsedInt*Loc (while=0 (b,I)) = UsedInt*Loc I set J = Stop SCM+FSA; set a = b; set IG = I ";" (Goto 0); while=0 (b,I) = (if=0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)) by SCMFSA_9:def_1; hence UsedInt*Loc (while=0 (b,I)) = UsedInt*Loc (if=0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm3 .= (UsedInt*Loc (I ";" (Goto 0))) \/ (UsedInt*Loc (Stop SCM+FSA)) by Th8 .= ((UsedInt*Loc I) \/ (UsedInt*Loc (Goto 0))) \/ (UsedInt*Loc (Stop SCM+FSA)) by SF_MASTR:43 .= (UsedInt*Loc I) \/ {} by Th4, Th6 .= UsedInt*Loc I ; ::_thesis: verum end; definition let p be Instruction-Sequence of SCM+FSA; let s be State of SCM+FSA; let a be read-write Int-Location; let I be Program of SCM+FSA; pred ProperBodyWhile=0 a,I,s,p means :Def1: :: SCMFSA9A:def 1 for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a = 0 holds ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ); pred WithVariantWhile=0 a,I,s,p means :Def2: :: SCMFSA9A:def 2 ex f being Function of (product (the_Values_of SCM+FSA)),NAT st for k being Element of NAT holds ( f . ((StepWhile=0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile=0 (a,I,p,s)) . k) or ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 ); end; :: deftheorem Def1 defines ProperBodyWhile=0 SCMFSA9A:def_1_:_ for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA holds ( ProperBodyWhile=0 a,I,s,p iff for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a = 0 holds ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) ); :: deftheorem Def2 defines WithVariantWhile=0 SCMFSA9A:def_2_:_ for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA holds ( WithVariantWhile=0 a,I,s,p iff ex f being Function of (product (the_Values_of SCM+FSA)),NAT st for k being Element of NAT holds ( f . ((StepWhile=0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile=0 (a,I,p,s)) . k) or ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 ) ); theorem Th13: :: SCMFSA9A:13 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA holds ProperBodyWhile=0 a,I,s,p proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA holds ProperBodyWhile=0 a,I,s,p let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being parahalting Program of SCM+FSA holds ProperBodyWhile=0 a,I,s,p let a be read-write Int-Location; ::_thesis: for I being parahalting Program of SCM+FSA holds ProperBodyWhile=0 a,I,s,p let I be parahalting Program of SCM+FSA; ::_thesis: ProperBodyWhile=0 a,I,s,p let k be Element of NAT ; :: according to SCMFSA9A:def_1 ::_thesis: ( ((StepWhile=0 (a,I,p,s)) . k) . a = 0 implies ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) ) assume ((StepWhile=0 (a,I,p,s)) . k) . a = 0 ; ::_thesis: ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) thus I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) by SCMFSA7B:18; ::_thesis: I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) thus I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) by SCMFSA7B:19; ::_thesis: verum end; theorem Th14: :: SCMFSA9A:14 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s,p & WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s,p & WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s,p & WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s,p & WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) let I be Program of SCM+FSA; ::_thesis: ( ProperBodyWhile=0 a,I,s,p & WithVariantWhile=0 a,I,s,p implies ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) ) assume A1: for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a = 0 holds ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) ; :: according to SCMFSA9A:def_1 ::_thesis: ( not WithVariantWhile=0 a,I,s,p or ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) ) set s1 = Initialize s; set p1 = p +* (while=0 (a,I)); A2: (p +* (while=0 (a,I))) +* (while=0 (a,I)) = p +* (while=0 (a,I)) ; defpred S1[ Element of NAT ] means ((StepWhile=0 (a,I,p,s)) . $1) . a <> 0 ; given f being Function of (product (the_Values_of SCM+FSA)),NAT such that A3: for k being Element of NAT holds ( f . ((StepWhile=0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile=0 (a,I,p,s)) . k) or ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 ) ; :: according to SCMFSA9A:def_2 ::_thesis: ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) deffunc H1( Nat) -> Element of NAT = f . ((StepWhile=0 (a,I,p,s)) . $1); A4: for k being Element of NAT holds ( H1(k + 1) < H1(k) or S1[k] ) by A3; consider m being Element of NAT such that A5: S1[m] and A6: for n being Element of NAT st S1[n] holds m <= n from NAT_1:sch_18(A4); defpred S2[ Nat] means ( $1 + 1 <= m implies ex k being Element of NAT st (StepWhile=0 (a,I,p,s)) . ($1 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),k) ); A7: now__::_thesis:_for_k_being_Element_of_NAT_st_S2[k]_holds_ S2[k_+_1] let k be Element of NAT ; ::_thesis: ( S2[k] implies S2[k + 1] ) assume A8: S2[k] ; ::_thesis: S2[k + 1] now__::_thesis:_(_(k_+_1)_+_1_<=_m_implies_ex_m_being_Element_of_NAT_st_(StepWhile=0_(a,I,p,s))_._((k_+_1)_+_1)_=_Comput_((p_+*_(while=0_(a,I))),(Initialize_s),m)_) set sk1 = (StepWhile=0 (a,I,p,s)) . (k + 1); set sk = (StepWhile=0 (a,I,p,s)) . k; set pk = p +* (while=0 (a,I)); assume A9: (k + 1) + 1 <= m ; ::_thesis: ex m being Element of NAT st (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),m) k + 0 < k + (1 + 1) by XREAL_1:6; then k < m by A9, XXREAL_0:2; then A10: ((StepWhile=0 (a,I,p,s)) . k) . a = 0 by A6; (k + 1) + 0 < (k + 1) + 1 by XREAL_1:6; then consider n being Element of NAT such that A11: (StepWhile=0 (a,I,p,s)) . (k + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),n) by A8, A9, XXREAL_0:2; A12: (StepWhile=0 (a,I,p,s)) . (k + 1) = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . k)),((LifeSpan ((((p +* (while=0 (a,I))) +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)))) + 3)) by SCMFSA_9:def_4; take m = n + ((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . (k + 1))))) + 3); ::_thesis: (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),m) ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) by A1, A10; then IC ((StepWhile=0 (a,I,p,s)) . (k + 1)) = 0 by A12, A10, SCMFSA_9:22; then (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),(n + ((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . (k + 1))))) + 3))) by A11, SCMFSA_9:26; hence (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),m) ; ::_thesis: verum end; hence S2[k + 1] ; ::_thesis: verum end; A13: S2[ 0 ] proof assume 0 + 1 <= m ; ::_thesis: ex k being Element of NAT st (StepWhile=0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),k) take n = (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3; ::_thesis: (StepWhile=0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),n) thus (StepWhile=0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),n) by SCMFSA_9:25; ::_thesis: verum end; A14: for k being Element of NAT holds S2[k] from NAT_1:sch_1(A13, A7); percases ( m = 0 or m <> 0 ) ; suppose m = 0 ; ::_thesis: ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) then s . a <> 0 by A5, SCMFSA_9:def_4; hence ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) by SCMFSA_9:18; ::_thesis: verum end; supposeA15: m <> 0 ; ::_thesis: ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) set ii = (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3; set sm = (StepWhile=0 (a,I,p,s)) . m; set pm = p +* (while=0 (a,I)); set sm1 = Initialize ((StepWhile=0 (a,I,p,s)) . m); set pm1 = (p +* (while=0 (a,I))) +* (while=0 (a,I)); consider i being Nat such that A16: m = i + 1 by A15, NAT_1:6; reconsider i = i as Element of NAT by ORDINAL1:def_12; set si = (StepWhile=0 (a,I,p,s)) . i; set psi = p +* (while=0 (a,I)); A17: (StepWhile=0 (a,I,p,s)) . m = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . i)),((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . i)))) + 3)) by A16, SCMFSA_9:def_4; m = i + 1 by A16; then consider n being Element of NAT such that A18: (StepWhile=0 (a,I,p,s)) . m = Comput ((p +* (while=0 (a,I))),(Initialize s),n) by A14; i < m by A16, NAT_1:13; then A19: ((StepWhile=0 (a,I,p,s)) . i) . a = 0 by A6; then ( I is_closed_on (StepWhile=0 (a,I,p,s)) . i,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . i,p +* (while=0 (a,I)) ) by A1; then IC ((StepWhile=0 (a,I,p,s)) . m) = 0 by A17, A19, SCMFSA_9:22; then Start-At (0,SCM+FSA) c= (StepWhile=0 (a,I,p,s)) . m by MEMSTR_0:30; then A20: Initialize ((StepWhile=0 (a,I,p,s)) . m) = (StepWhile=0 (a,I,p,s)) . m by FUNCT_4:98; while=0 (a,I) is_halting_on (StepWhile=0 (a,I,p,s)) . m,p +* (while=0 (a,I)) by A5, SCMFSA_9:18; then (p +* (while=0 (a,I))) +* (while=0 (a,I)) halts_on Initialize ((StepWhile=0 (a,I,p,s)) . m) by SCMFSA7B:def_7; then consider j being Element of NAT such that A21: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . m),j))) = halt SCM+FSA by A20, EXTPRO_1:29; A22: Comput ((p +* (while=0 (a,I))),(Initialize s),(n + j)) = Comput ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),n)),j) by EXTPRO_1:4; CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),(n + j)))) = halt SCM+FSA by A18, A21, A22; then p +* (while=0 (a,I)) halts_on Initialize s by EXTPRO_1:29; hence while=0 (a,I) is_halting_on s,p by SCMFSA7B:def_7; ::_thesis: while=0 (a,I) is_closed_on s,p now__::_thesis:_for_q_being_Element_of_NAT_holds_IC_(Comput_((p_+*_(while=0_(a,I))),(Initialize_s),q))_in_dom_(while=0_(a,I)) let q be Element of NAT ; ::_thesis: IC (Comput ((p +* (while=0 (a,I))),(Initialize s),b1)) in dom (while=0 (a,I)) percases ( q <= (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3 or q > (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3 ) ; supposeA23: q <= (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3 ; ::_thesis: IC (Comput ((p +* (while=0 (a,I))),(Initialize s),b1)) in dom (while=0 (a,I)) A24: (StepWhile=0 (a,I,p,s)) . 0 = s by SCMFSA_9:def_4; then A25: s . a = 0 by A6, A15; then ( I is_closed_on s,p +* (while=0 (a,I)) & I is_halting_on s,p +* (while=0 (a,I)) ) by A1, A24; hence IC (Comput ((p +* (while=0 (a,I))),(Initialize s),q)) in dom (while=0 (a,I)) by A23, A25, A2, SCMFSA_9:22; ::_thesis: verum end; supposeA26: q > (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3 ; ::_thesis: IC (Comput ((p +* (while=0 (a,I))),(Initialize s),b1)) in dom (while=0 (a,I)) A27: now__::_thesis:_ex_k_being_Element_of_NAT_st_ (_(StepWhile=0_(a,I,p,s))_._1_=_Comput_((p_+*_(while=0_(a,I))),(Initialize_s),k)_&_k_<=_q_) take k = (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3; ::_thesis: ( (StepWhile=0 (a,I,p,s)) . 1 = Comput ((p +* (while=0 (a,I))),(Initialize s),k) & k <= q ) thus ( (StepWhile=0 (a,I,p,s)) . 1 = Comput ((p +* (while=0 (a,I))),(Initialize s),k) & k <= q ) by A26, SCMFSA_9:25; ::_thesis: verum end; defpred S3[ Nat] means ( $1 <= m & $1 <> 0 & ex k being Element of NAT st ( (StepWhile=0 (a,I,p,s)) . $1 = Comput ((p +* (while=0 (a,I))),(Initialize s),k) & k <= q ) ); A28: for i being Nat st S3[i] holds i <= m ; 0 + 1 < m + 1 by A15, XREAL_1:6; then 1 <= m by NAT_1:13; then A29: ex k being Nat st S3[k] by A27; consider t being Nat such that A30: ( S3[t] & ( for i being Nat st S3[i] holds i <= t ) ) from NAT_1:sch_6(A28, A29); reconsider t = t as Element of NAT by ORDINAL1:def_12; percases ( t = m or t <> m ) ; suppose t = m ; ::_thesis: IC (Comput ((p +* (while=0 (a,I))),(Initialize s),b1)) in dom (while=0 (a,I)) then consider r being Element of NAT such that A31: (StepWhile=0 (a,I,p,s)) . m = Comput ((p +* (while=0 (a,I))),(Initialize s),r) and A32: r <= q by A30; consider x being Nat such that A33: q = r + x by A32, NAT_1:10; A34: while=0 (a,I) is_closed_on (StepWhile=0 (a,I,p,s)) . m,p +* (while=0 (a,I)) by A5, SCMFSA_9:18; reconsider x = x as Element of NAT by ORDINAL1:def_12; Comput ((p +* (while=0 (a,I))),(Initialize s),q) = Comput ((p +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . m)),x) by A20, A31, A33, EXTPRO_1:4; hence IC (Comput ((p +* (while=0 (a,I))),(Initialize s),q)) in dom (while=0 (a,I)) by A34, A2, SCMFSA7B:def_6; ::_thesis: verum end; supposeA35: t <> m ; ::_thesis: IC (Comput ((p +* (while=0 (a,I))),(Initialize s),b1)) in dom (while=0 (a,I)) set Dt = (StepWhile=0 (a,I,p,s)) . t; set pt = p +* (while=0 (a,I)); consider y being Nat such that A36: t = y + 1 by A30, NAT_1:6; reconsider y = y as Element of NAT by ORDINAL1:def_12; set Dy = (StepWhile=0 (a,I,p,s)) . y; set py = p +* (while=0 (a,I)); A37: (StepWhile=0 (a,I,p,s)) . t = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . y)),((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . y)))) + 3)) by A36, SCMFSA_9:def_4; y + 0 < t by A36, XREAL_1:6; then y < m by A30, XXREAL_0:2; then A38: ((StepWhile=0 (a,I,p,s)) . y) . a = 0 by A6; then ( I is_closed_on (StepWhile=0 (a,I,p,s)) . y,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . y,p +* (while=0 (a,I)) ) by A1; then A39: IC ((StepWhile=0 (a,I,p,s)) . t) = 0 by A37, A38, SCMFSA_9:22; consider z being Element of NAT such that A40: (StepWhile=0 (a,I,p,s)) . t = Comput ((p +* (while=0 (a,I))),(Initialize s),z) and A41: z <= q by A30; consider w being Nat such that A42: q = z + w by A41, NAT_1:10; reconsider w = w as Element of NAT by ORDINAL1:def_12; A43: (StepWhile=0 (a,I,p,s)) . t = Initialize ((StepWhile=0 (a,I,p,s)) . t) by A40, A39, SCMFSA_9:26; A44: Comput ((p +* (while=0 (a,I))),(Initialize s),q) = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . t)),w) by A43, A40, A42, EXTPRO_1:4; set z2 = z + ((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . t)))) + 3); A45: t < m by A30, A35, XXREAL_0:1; now__::_thesis:_not_z_+_((LifeSpan_(((p_+*_(while=0_(a,I)))_+*_I),(Initialize_((StepWhile=0_(a,I,p,s))_._t))))_+_3)_<=_q assume A46: z + ((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . t)))) + 3) <= q ; ::_thesis: contradiction A47: now__::_thesis:_ex_k_being_Element_of_NAT_st_ (_(StepWhile=0_(a,I,p,s))_._(t_+_1)_=_Comput_((p_+*_(while=0_(a,I))),(Initialize_s),k)_&_k_<=_q_) take k = z + ((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . t)))) + 3); ::_thesis: ( (StepWhile=0 (a,I,p,s)) . (t + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),k) & k <= q ) thus ( (StepWhile=0 (a,I,p,s)) . (t + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),k) & k <= q ) by A40, A39, A46, SCMFSA_9:26; ::_thesis: verum end; t + 1 <= m by A45, NAT_1:13; hence contradiction by A30, A47, XREAL_1:29; ::_thesis: verum end; then A48: w < (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . t)))) + 3 by A42, XREAL_1:6; A49: ((StepWhile=0 (a,I,p,s)) . t) . a = 0 by A6, A45; then ( I is_closed_on (StepWhile=0 (a,I,p,s)) . t,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . t,p +* (while=0 (a,I)) ) by A1; hence IC (Comput ((p +* (while=0 (a,I))),(Initialize s),q)) in dom (while=0 (a,I)) by A48, A44, A49, SCMFSA_9:22; ::_thesis: verum end; end; end; end; end; hence while=0 (a,I) is_closed_on s,p by SCMFSA7B:def_6; ::_thesis: verum end; end; end; theorem Th15: :: SCMFSA9A:15 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA st WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA st WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being parahalting Program of SCM+FSA st WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) let a be read-write Int-Location; ::_thesis: for I being parahalting Program of SCM+FSA st WithVariantWhile=0 a,I,s,p holds ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) let I be parahalting Program of SCM+FSA; ::_thesis: ( WithVariantWhile=0 a,I,s,p implies ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) ) assume A1: WithVariantWhile=0 a,I,s,p ; ::_thesis: ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) ProperBodyWhile=0 a,I,s,p proof let k be Element of NAT ; :: according to SCMFSA9A:def_1 ::_thesis: ( ((StepWhile=0 (a,I,p,s)) . k) . a = 0 implies ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) ) assume ((StepWhile=0 (a,I,p,s)) . k) . a = 0 ; ::_thesis: ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) thus ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) by SCMFSA7B:18, SCMFSA7B:19; ::_thesis: verum end; hence ( while=0 (a,I) is_halting_on s,p & while=0 (a,I) is_closed_on s,p ) by A1, Th14; ::_thesis: verum end; theorem Th16: :: SCMFSA9A:16 for p being Instruction-Sequence of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for s being 0 -started State of SCM+FSA st while=0 (a,I) c= p & s . a <> 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for s being 0 -started State of SCM+FSA st while=0 (a,I) c= p & s . a <> 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for s being 0 -started State of SCM+FSA st while=0 (a,I) c= p & s . a <> 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) let I be Program of SCM+FSA; ::_thesis: for s being 0 -started State of SCM+FSA st while=0 (a,I) c= p & s . a <> 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) let s be 0 -started State of SCM+FSA; ::_thesis: ( while=0 (a,I) c= p & s . a <> 0 implies ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) ) A1: Start-At (0,SCM+FSA) c= s by MEMSTR_0:29; assume that A2: while=0 (a,I) c= p and A3: s . a <> 0 ; ::_thesis: ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) A4: p +* (while=0 (a,I)) = p by A2, FUNCT_4:98; set i = a =0_goto 4; set s1 = Initialize s; set p1 = p +* (while=0 (a,I)); A5: while=0 (a,I) c= p +* (while=0 (a,I)) by FUNCT_4:25; A6: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; not a in dom (Start-At (0,SCM+FSA)) by SCMFSA_2:102; then A7: (Initialize s) . a = s . a by FUNCT_4:11; A8: 1 in dom (while=0 (a,I)) by SCMFSA_9:10; A9: (p +* (while=0 (a,I))) . 1 = (while=0 (a,I)) . 1 by A8, FUNCT_4:13 .= goto 2 by SCMFSA_9:11 ; A10: IC (Initialize s) = IC (Start-At (0,SCM+FSA)) by A6, FUNCT_4:13 .= 0 by FUNCOP_1:72 ; A11: (p +* (while=0 (a,I))) /. (IC (Initialize s)) = (p +* (while=0 (a,I))) . (IC (Initialize s)) by PBOOLE:143; 0 in dom (while=0 (a,I)) by SCMFSA_9:10; then (p +* (while=0 (a,I))) . 0 = (while=0 (a,I)) . 0 by FUNCT_4:13 .= a =0_goto 4 by SCMFSA_9:11 ; then A12: CurInstr ((p +* (while=0 (a,I))),(Initialize s)) = a =0_goto 4 by A10, A11; A13: Comput ((p +* (while=0 (a,I))),(Initialize s),(0 + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),0))) by EXTPRO_1:3 .= Following ((p +* (while=0 (a,I))),(Initialize s)) .= Exec ((a =0_goto 4),(Initialize s)) by A12 ; set loc5 = (card I) + 5; set s5 = Comput ((p +* (while=0 (a,I))),(Initialize s),4); set p5 = p +* (while=0 (a,I)); set s4 = Comput ((p +* (while=0 (a,I))),(Initialize s),3); set p4 = p +* (while=0 (a,I)); set s3 = Comput ((p +* (while=0 (a,I))),(Initialize s),2); set p3 = p +* (while=0 (a,I)); set s2 = Comput ((p +* (while=0 (a,I))),(Initialize s),1); A14: 2 in dom (while=0 (a,I)) by SCMFSA_9:12; A15: (p +* (while=0 (a,I))) . 2 = (while=0 (a,I)) . 2 by A14, FUNCT_4:13 .= goto 3 by SCMFSA_9:16 ; A16: 3 in dom (while=0 (a,I)) by SCMFSA_9:12; A17: (p +* (while=0 (a,I))) . 3 = (while=0 (a,I)) . 3 by A16, FUNCT_4:13 .= goto ((card I) + 5) by SCMFSA_9:15 ; A18: (card I) + 5 in dom (while=0 (a,I)) by SCMFSA_9:13; A19: (p +* (while=0 (a,I))) . ((card I) + 5) = (while=0 (a,I)) . ((card I) + 5) by A18, A5, GRFUNC_1:2 .= halt SCM+FSA by SCMFSA_9:14 ; A20: ( ( for c being Int-Location holds (Exec ((goto ((card I) + 5)),(Comput ((p +* (while=0 (a,I))),(Initialize s),3)))) . c = (Comput ((p +* (while=0 (a,I))),(Initialize s),3)) . c ) & ( for f being FinSeq-Location holds (Exec ((goto ((card I) + 5)),(Comput ((p +* (while=0 (a,I))),(Initialize s),3)))) . f = (Comput ((p +* (while=0 (a,I))),(Initialize s),3)) . f ) ) by SCMFSA_2:69; A21: ( ( for c being Int-Location holds (Exec ((goto 2),(Comput ((p +* (while=0 (a,I))),(Initialize s),1)))) . c = (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) . c ) & ( for f being FinSeq-Location holds (Exec ((goto 2),(Comput ((p +* (while=0 (a,I))),(Initialize s),1)))) . f = (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) . f ) ) by SCMFSA_2:69; A22: (p +* (while=0 (a,I))) /. (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),1))) = (p +* (while=0 (a,I))) . (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),1))) by PBOOLE:143; IC (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) = succ 0 by A3, A10, A13, A7, SCMFSA_2:70 .= 0 + 1 ; then A23: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),1))) = goto 2 by A9, A22; A24: Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),1))) by EXTPRO_1:3 .= Exec ((goto 2),(Comput ((p +* (while=0 (a,I))),(Initialize s),1))) by A23 ; A25: (p +* (while=0 (a,I))) /. (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),2))) = (p +* (while=0 (a,I))) . (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),2))) by PBOOLE:143; IC (Comput ((p +* (while=0 (a,I))),(Initialize s),2)) = 2 by A24, SCMFSA_2:69; then A26: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),2))) = goto 3 by A15, A25; A27: Comput ((p +* (while=0 (a,I))),(Initialize s),(2 + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),2))) by EXTPRO_1:3 .= Exec ((goto 3),(Comput ((p +* (while=0 (a,I))),(Initialize s),2))) by A26 ; A28: (p +* (while=0 (a,I))) /. (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),3))) = (p +* (while=0 (a,I))) . (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),3))) by PBOOLE:143; IC (Comput ((p +* (while=0 (a,I))),(Initialize s),3)) = 3 by A27, SCMFSA_2:69; then A29: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),3))) = goto ((card I) + 5) by A17, A28; A30: Comput ((p +* (while=0 (a,I))),(Initialize s),(3 + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),3))) by EXTPRO_1:3 .= Exec ((goto ((card I) + 5)),(Comput ((p +* (while=0 (a,I))),(Initialize s),3))) by A29 ; A31: (p +* (while=0 (a,I))) /. (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),4))) = (p +* (while=0 (a,I))) . (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),4))) by PBOOLE:143; IC (Comput ((p +* (while=0 (a,I))),(Initialize s),4)) = (card I) + 5 by A30, SCMFSA_2:69; then A32: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),4))) = halt SCM+FSA by A19, A31; then A33: p +* (while=0 (a,I)) halts_on Initialize s by EXTPRO_1:29; A34: s = Initialize s by A1, FUNCT_4:98; now__::_thesis:_for_k_being_Element_of_NAT_st_CurInstr_(p,(Comput_(p,s,k)))_=_halt_SCM+FSA_holds_ not_4_>_k let k be Element of NAT ; ::_thesis: ( CurInstr (p,(Comput (p,s,k))) = halt SCM+FSA implies not 4 > k ) assume A35: CurInstr (p,(Comput (p,s,k))) = halt SCM+FSA ; ::_thesis: not 4 > k assume 4 > k ; ::_thesis: contradiction then 3 + 1 > k ; then A36: k <= 3 by NAT_1:13; percases ( k = 0 or k = 1 or k = 2 or k = 3 ) by A36, NAT_1:27; suppose k = 0 ; ::_thesis: contradiction then Comput (p,s,k) = s by EXTPRO_1:2; hence contradiction by A34, A12, A35, A4; ::_thesis: verum end; suppose k = 1 ; ::_thesis: contradiction hence contradiction by A34, A23, A35, A4; ::_thesis: verum end; suppose k = 2 ; ::_thesis: contradiction hence contradiction by A34, A26, A35, A4; ::_thesis: verum end; suppose k = 3 ; ::_thesis: contradiction hence contradiction by A34, A29, A35, A4; ::_thesis: verum end; end; end; hence A37: LifeSpan (p,s) = 4 by A34, A32, A33, A4, EXTPRO_1:def_15; ::_thesis: for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s A38: ( ( for c being Int-Location holds (Exec ((a =0_goto 4),(Initialize s))) . c = (Initialize s) . c ) & ( for f being FinSeq-Location holds (Exec ((a =0_goto 4),(Initialize s))) . f = (Initialize s) . f ) ) by SCMFSA_2:70; then A39: DataPart (Comput (p,s,1)) = DataPart s by A34, A13, A4, SCMFSA_M:2; then A40: DataPart (Comput (p,s,2)) = DataPart s by A34, A24, A21, A4, SCMFSA_M:2; A41: ( ( for c being Int-Location holds (Exec ((goto 3),(Comput ((p +* (while=0 (a,I))),(Initialize s),2)))) . c = (Comput ((p +* (while=0 (a,I))),(Initialize s),2)) . c ) & ( for f being FinSeq-Location holds (Exec ((goto 3),(Comput ((p +* (while=0 (a,I))),(Initialize s),2)))) . f = (Comput ((p +* (while=0 (a,I))),(Initialize s),2)) . f ) ) by SCMFSA_2:69; then DataPart (Comput (p,s,3)) = DataPart s by A34, A27, A40, A4, SCMFSA_M:2; then A42: DataPart (Comput (p,s,4)) = DataPart s by A34, A30, A20, A4, SCMFSA_M:2; let k be Element of NAT ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s ( k <= 3 or 3 < k ) ; then A43: ( k = 0 or k = 1 or k = 2 or k = 3 or 3 + 1 <= k ) by NAT_1:13, NAT_1:27; percases ( k = 0 or k = 1 or k = 2 or k = 3 or 4 <= k ) by A43; suppose k = 0 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by EXTPRO_1:2; ::_thesis: verum end; suppose k = 1 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by A34, A13, A38, A4, SCMFSA_M:2; ::_thesis: verum end; suppose k = 2 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by A34, A24, A21, A39, A4, SCMFSA_M:2; ::_thesis: verum end; suppose k = 3 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by A34, A27, A41, A40, A4, SCMFSA_M:2; ::_thesis: verum end; suppose 4 <= k ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s then CurInstr (p,(Comput (p,s,k))) = halt SCM+FSA by A34, A33, A37, A4, EXTPRO_1:36; hence DataPart (Comput (p,s,k)) = DataPart s by A37, A42, EXTPRO_1:24; ::_thesis: verum end; end; end; theorem Th17: :: SCMFSA9A:17 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a = 0 holds DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a = 0 holds DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a = 0 holds DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a = 0 holds DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) let I be Program of SCM+FSA; ::_thesis: ( I is_closed_on s,p & I is_halting_on s,p & s . a = 0 implies DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) ) assume that A1: ( I is_closed_on s,p & I is_halting_on s,p ) and A2: s . a = 0 ; ::_thesis: DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) set sI = Initialize s; set pI = p +* I; set s1 = Initialize s; set p1 = p +* (while=0 (a,I)); A3: while=0 (a,I) c= p +* (while=0 (a,I)) by FUNCT_4:25; defpred S1[ Nat] means ( $1 <= LifeSpan ((p +* I),(Initialize s)) implies ( IC (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + $1))) = (IC (Comput ((p +* I),(Initialize s),$1))) + 4 & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + $1))) = DataPart (Comput ((p +* I),(Initialize s),$1)) ) ); A4: now__::_thesis:_for_k_being_Element_of_NAT_st_S1[k]_holds_ S1[k_+_1] let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A5: S1[k] ; ::_thesis: S1[k + 1] now__::_thesis:_(_k_+_1_<=_LifeSpan_((p_+*_I),(Initialize_s))_implies_(_IC_(Comput_((p_+*_(while=0_(a,I))),(Initialize_s),((1_+_k)_+_1)))_=_(IC_(Comput_((p_+*_I),(Initialize_s),(k_+_1))))_+_4_&_DataPart_(Comput_((p_+*_(while=0_(a,I))),(Initialize_s),((1_+_k)_+_1)))_=_DataPart_(Comput_((p_+*_I),(Initialize_s),(k_+_1)))_)_) A6: k + 0 < k + 1 by XREAL_1:6; assume k + 1 <= LifeSpan ((p +* I),(Initialize s)) ; ::_thesis: ( IC (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + k) + 1))) = (IC (Comput ((p +* I),(Initialize s),(k + 1)))) + 4 & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + k) + 1))) = DataPart (Comput ((p +* I),(Initialize s),(k + 1))) ) then k < LifeSpan ((p +* I),(Initialize s)) by A6, XXREAL_0:2; hence ( IC (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + k) + 1))) = (IC (Comput ((p +* I),(Initialize s),(k + 1)))) + 4 & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + k) + 1))) = DataPart (Comput ((p +* I),(Initialize s),(k + 1))) ) by A1, A5, SCMFSA_9:19; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; set i = a =0_goto 4; set s2 = Comput ((p +* (while=0 (a,I))),(Initialize s),1); set p2 = p +* (while=0 (a,I)); A7: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; A8: IC (Initialize s) = IC (Start-At (0,SCM+FSA)) by A7, FUNCT_4:13 .= 0 by FUNCOP_1:72 ; not a in dom (Start-At (0,SCM+FSA)) by SCMFSA_2:102; then A9: (Initialize s) . a = s . a by FUNCT_4:11; set loc4 = (card I) + 4; A10: (p +* (while=0 (a,I))) /. (IC (Initialize s)) = (p +* (while=0 (a,I))) . (IC (Initialize s)) by PBOOLE:143; 0 in dom (while=0 (a,I)) by SCMFSA_9:10; then (p +* (while=0 (a,I))) . 0 = (while=0 (a,I)) . 0 by FUNCT_4:13 .= a =0_goto 4 by SCMFSA_9:11 ; then A11: CurInstr ((p +* (while=0 (a,I))),(Initialize s)) = a =0_goto 4 by A8, A10; A12: Comput ((p +* (while=0 (a,I))),(Initialize s),(0 + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),0))) by EXTPRO_1:3 .= Following ((p +* (while=0 (a,I))),(Initialize s)) .= Exec ((a =0_goto 4),(Initialize s)) by A11 ; then ( ( for c being Int-Location holds (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) . c = (Initialize s) . c ) & ( for f being FinSeq-Location holds (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) . f = (Initialize s) . f ) ) by SCMFSA_2:70; then A13: DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) = DataPart (Initialize s) by SCMFSA_M:2 .= DataPart (Initialize s) ; A14: IC (Comput ((p +* (while=0 (a,I))),(Initialize s),1)) = 4 by A2, A12, A9, SCMFSA_2:70; A15: S1[ 0 ] proof assume 0 <= LifeSpan ((p +* I),(Initialize s)) ; ::_thesis: ( IC (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + 0))) = (IC (Comput ((p +* I),(Initialize s),0))) + 4 & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + 0))) = DataPart (Comput ((p +* I),(Initialize s),0)) ) A16: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; IC (Comput ((p +* I),(Initialize s),0)) = IC (Initialize s) .= IC (Start-At (0,SCM+FSA)) by A16, FUNCT_4:13 .= 0 by FUNCOP_1:72 ; hence ( IC (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + 0))) = (IC (Comput ((p +* I),(Initialize s),0))) + 4 & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + 0))) = DataPart (Comput ((p +* I),(Initialize s),0)) ) by A14, A13; ::_thesis: verum end; for k being Element of NAT holds S1[k] from NAT_1:sch_1(A15, A4); then A17: S1[ LifeSpan ((p +* I),(Initialize s))] ; set s4 = Comput ((p +* (while=0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1)); set p4 = p +* (while=0 (a,I)); set s3 = Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)); set p3 = p +* (while=0 (a,I)); A18: (card I) + 4 in dom (while=0 (a,I)) by SCMFSA_9:13; set s2 = Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))); A19: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))))) = goto ((card I) + 4) by A1, A17, SCMFSA_9:20; A20: Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))))) by EXTPRO_1:3 .= Exec ((goto ((card I) + 4)),(Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))))) by A19 ; then A21: ( ( for c being Int-Location holds (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . c = (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s)))))) . c ) & ( for f being FinSeq-Location holds (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . f = (Comput ((p +* (while=0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s)))))) . f ) ) by SCMFSA_2:69; A22: (p +* (while=0 (a,I))) . ((card I) + 4) = (while=0 (a,I)) . ((card I) + 4) by A18, A3, GRFUNC_1:2 .= goto 0 by SCMFSA_9:21 ; A23: (p +* (while=0 (a,I))) /. (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) = (p +* (while=0 (a,I))) . (IC (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) by PBOOLE:143; IC (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) = (card I) + 4 by A20, SCMFSA_2:69; then A24: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) = goto 0 by A22, A23; Comput ((p +* (while=0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1)) = Following ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) by EXTPRO_1:3 .= Exec ((goto 0),(Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) by A24 ; then ( ( for c being Int-Location holds (Comput ((p +* (while=0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1))) . c = (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . c ) & ( for f being FinSeq-Location holds (Comput ((p +* (while=0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1))) . f = (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . f ) ) by SCMFSA_2:69; hence DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) by SCMFSA_M:2 .= DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) by A17, A21, SCMFSA_M:2 ; ::_thesis: verum end; theorem Th18: :: SCMFSA9A:18 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) let I be Program of SCM+FSA; ::_thesis: for k being Element of NAT st ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) let k be Element of NAT ; ::_thesis: ( ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 implies DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) assume A1: ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 ; ::_thesis: DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) set SW = StepWhile=0 (a,I,p,s); set PW = p +* (while=0 (a,I)); A2: while=0 (a,I) c= p +* (while=0 (a,I)) by FUNCT_4:25; A3: DataPart (Initialize ((StepWhile=0 (a,I,p,s)) . k)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) by MEMSTR_0:79; then A4: ((StepWhile=0 (a,I,p,s)) . k) . a = (Initialize ((StepWhile=0 (a,I,p,s)) . k)) . a by SCMFSA_M:2; thus DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)))) + 3))) by SCMFSA_9:def_4 .= DataPart ((StepWhile=0 (a,I,p,s)) . k) by A1, A3, A4, Th16, A2 ; ::_thesis: verum end; theorem Th19: :: SCMFSA9A:19 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) & ((StepWhile=0 (a,I,p,s)) . k) . a = 0 & ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) & ((StepWhile=0 (a,I,p,s)) . k) . a = 0 & ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) & ((StepWhile=0 (a,I,p,s)) . k) . a = 0 & ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) & ((StepWhile=0 (a,I,p,s)) . k) . a = 0 & ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) let I be Program of SCM+FSA; ::_thesis: for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) & ((StepWhile=0 (a,I,p,s)) . k) . a = 0 & ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) let k be Element of NAT ; ::_thesis: ( ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) & ((StepWhile=0 (a,I,p,s)) . k) . a = 0 & ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 implies DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) ) set Ins = NAT ; assume that A1: ( ( I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) & I is_closed_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ) or I is parahalting ) and A2: ((StepWhile=0 (a,I,p,s)) . k) . a = 0 and A3: ((StepWhile=0 (a,I,p,s)) . k) . (intloc 0) = 1 ; ::_thesis: DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) set ISWk = Initialized ((StepWhile=0 (a,I,p,s)) . k); set SW = StepWhile=0 (a,I,p,s); set PW = p +* (while=0 (a,I)); set SWkI = Initialized ((StepWhile=0 (a,I,p,s)) . k); set PWI = (p +* (while=0 (a,I))) +* I; DataPart (Initialized ((StepWhile=0 (a,I,p,s)) . k)) = DataPart ((StepWhile=0 (a,I,p,s)) . k) by A3, SCMFSA_M:19; then A4: ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) by A1, SCMFSA7B:18, SCMFSA7B:19, SCMFSA8B:5; I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) by A1, SCMFSA7B:19; then A5: I is_halting_on Initialized ((StepWhile=0 (a,I,p,s)) . k),p +* (while=0 (a,I)) ; Initialized ((StepWhile=0 (a,I,p,s)) . k) = Initialize (Initialized ((StepWhile=0 (a,I,p,s)) . k)) by MEMSTR_0:44; then A6: (p +* (while=0 (a,I))) +* I halts_on Initialized ((StepWhile=0 (a,I,p,s)) . k) by A5, SCMFSA7B:def_7; A7: (p +* (while=0 (a,I))) +* I halts_on Initialized ((StepWhile=0 (a,I,p,s)) . k) by A6; set SWkIS = Initialize ((StepWhile=0 (a,I,p,s)) . k); set PWIS = (p +* (while=0 (a,I))) +* I; A8: Initialized ((StepWhile=0 (a,I,p,s)) . k) = Initialize ((StepWhile=0 (a,I,p,s)) . k) by A3, SCMFSA_M:18; A9: (StepWhile=0 (a,I,p,s)) . (k + 1) = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)))) + 3)) by SCMFSA_9:def_4; A10: DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) = DataPart (Result (((p +* (while=0 (a,I))) +* I),(Initialized ((StepWhile=0 (a,I,p,s)) . k)))) by SCMFSA6B:def_1 .= DataPart (Result (((p +* (while=0 (a,I))) +* I),(Initialized ((StepWhile=0 (a,I,p,s)) . k)))) .= DataPart (Comput (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)),(LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)))))) by A8, A7, EXTPRO_1:23 ; thus DataPart ((StepWhile=0 (a,I,p,s)) . (k + 1)) = DataPart (Comput (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)),(LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)))))) by A2, A4, Th17, A9 .= DataPart (IExec (I,(p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . k))) by A10 ; ::_thesis: verum end; theorem :: SCMFSA9A:20 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st ( ProperBodyWhile=0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st ( ProperBodyWhile=0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for Ig being good Program of SCM+FSA st ( ProperBodyWhile=0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 let a be read-write Int-Location; ::_thesis: for Ig being good Program of SCM+FSA st ( ProperBodyWhile=0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 let Ig be good Program of SCM+FSA; ::_thesis: ( ( ProperBodyWhile=0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 implies for k being Element of NAT holds ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 ) set I = Ig; assume that A1: ( ProperBodyWhile=0 a,Ig,s,p or Ig is parahalting ) and A2: s . (intloc 0) = 1 ; ::_thesis: for k being Element of NAT holds ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 set SW = StepWhile=0 (a,Ig,p,s); set PW = p +* (while=0 (a,Ig)); defpred S1[ Nat] means ((StepWhile=0 (a,Ig,p,s)) . $1) . (intloc 0) = 1; A3: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A4: ((StepWhile=0 (a,Ig,p,s)) . k) . (intloc 0) = 1 ; ::_thesis: S1[k + 1] percases ( ((StepWhile=0 (a,Ig,p,s)) . k) . a <> 0 or ((StepWhile=0 (a,Ig,p,s)) . k) . a = 0 ) ; suppose ((StepWhile=0 (a,Ig,p,s)) . k) . a <> 0 ; ::_thesis: S1[k + 1] then DataPart ((StepWhile=0 (a,Ig,p,s)) . (k + 1)) = DataPart ((StepWhile=0 (a,Ig,p,s)) . k) by Th18; hence S1[k + 1] by A4, SCMFSA_M:2; ::_thesis: verum end; supposeA5: ((StepWhile=0 (a,Ig,p,s)) . k) . a = 0 ; ::_thesis: S1[k + 1] set Ins = NAT ; set SWkIS = Initialize ((StepWhile=0 (a,Ig,p,s)) . k); set PWIS = (p +* (while=0 (a,Ig))) +* Ig; set SWkI = Initialized ((StepWhile=0 (a,Ig,p,s)) . k); set PWI = (p +* (while=0 (a,Ig))) +* Ig; set ISWk = Initialized ((StepWhile=0 (a,Ig,p,s)) . k); A6: DataPart ((StepWhile=0 (a,Ig,p,s)) . k) = DataPart (Initialized ((StepWhile=0 (a,Ig,p,s)) . k)) by A4, SCMFSA_M:19; A7: ProperBodyWhile=0 a,Ig,s,p by A1, Th13; then A8: Ig is_closed_on (StepWhile=0 (a,Ig,p,s)) . k,p +* (while=0 (a,Ig)) by A5, Def1; Ig is_halting_on (StepWhile=0 (a,Ig,p,s)) . k,p +* (while=0 (a,Ig)) by A5, A7, Def1; then A9: Ig is_halting_on Initialized ((StepWhile=0 (a,Ig,p,s)) . k),p +* (while=0 (a,Ig)) by A8, A6, SCMFSA8B:5; Initialized ((StepWhile=0 (a,Ig,p,s)) . k) = Initialize (Initialized ((StepWhile=0 (a,Ig,p,s)) . k)) by MEMSTR_0:44; then A10: (p +* (while=0 (a,Ig))) +* Ig halts_on Initialized ((StepWhile=0 (a,Ig,p,s)) . k) by A9, SCMFSA7B:def_7; A11: (p +* (while=0 (a,Ig))) +* Ig halts_on Initialized ((StepWhile=0 (a,Ig,p,s)) . k) by A10; A12: Initialized ((StepWhile=0 (a,Ig,p,s)) . k) = Initialize ((StepWhile=0 (a,Ig,p,s)) . k) by A4, SCMFSA_M:18; A13: DataPart (IExec (Ig,(p +* (while=0 (a,Ig))),((StepWhile=0 (a,Ig,p,s)) . k))) = DataPart (Result (((p +* (while=0 (a,Ig))) +* Ig),(Initialized ((StepWhile=0 (a,Ig,p,s)) . k)))) by SCMFSA6B:def_1 .= DataPart (Result (((p +* (while=0 (a,Ig))) +* Ig),(Initialized ((StepWhile=0 (a,Ig,p,s)) . k)))) .= DataPart (Comput (((p +* (while=0 (a,Ig))) +* Ig),(Initialize ((StepWhile=0 (a,Ig,p,s)) . k)),(LifeSpan (((p +* (while=0 (a,Ig))) +* Ig),(Initialize ((StepWhile=0 (a,Ig,p,s)) . k)))))) by A12, A11, EXTPRO_1:23 ; Ig is_closed_on Initialized ((StepWhile=0 (a,Ig,p,s)) . k),p +* (while=0 (a,Ig)) by A8, A6, SCMFSA8B:3; then DataPart ((StepWhile=0 (a,Ig,p,s)) . (k + 1)) = DataPart (IExec (Ig,(p +* (while=0 (a,Ig))),((StepWhile=0 (a,Ig,p,s)) . k))) by A4, A5, A9, Th19; hence ((StepWhile=0 (a,Ig,p,s)) . (k + 1)) . (intloc 0) = (Comput (((p +* (while=0 (a,Ig))) +* Ig),(Initialize ((StepWhile=0 (a,Ig,p,s)) . k)),(LifeSpan (((p +* (while=0 (a,Ig))) +* Ig),(Initialize ((StepWhile=0 (a,Ig,p,s)) . k)))))) . (intloc 0) by A13, SCMFSA_M:2 .= 1 by A4, A8, SCMFSA8C:68 ; ::_thesis: verum end; end; end; A14: S1[ 0 ] by A2, SCMFSA_9:def_4; thus for k being Element of NAT holds S1[k] from NAT_1:sch_1(A14, A3); ::_thesis: verum end; theorem :: SCMFSA9A:21 for p1, p2 being Instruction-Sequence of SCM+FSA for s1, s2 being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) proof let p1, p2 be Instruction-Sequence of SCM+FSA; ::_thesis: for s1, s2 being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) let s1, s2 be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st ProperBodyWhile=0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) let I be Program of SCM+FSA; ::_thesis: ( ProperBodyWhile=0 a,I,s1,p1 & DataPart s1 = DataPart s2 implies for k being Element of NAT holds DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) ) assume that A1: ProperBodyWhile=0 a,I,s1,p1 and A2: DataPart s1 = DataPart s2 ; ::_thesis: for k being Element of NAT holds DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) set WH = while=0 (a,I); set ST2 = StepWhile=0 (a,I,p2,s2); set PT2 = p2 +* (while=0 (a,I)); set ST1 = StepWhile=0 (a,I,p1,s1); set PT1 = p1 +* (while=0 (a,I)); defpred S1[ Nat] means DataPart ((StepWhile=0 (a,I,p1,s1)) . $1) = DataPart ((StepWhile=0 (a,I,p2,s2)) . $1); A3: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) set ST1kI = Initialize ((StepWhile=0 (a,I,p1,s1)) . k); set PT1I = (p1 +* (while=0 (a,I))) +* I; set ST2kI = Initialize ((StepWhile=0 (a,I,p2,s2)) . k); set PT2I = (p2 +* (while=0 (a,I))) +* I; A4: I c= (p1 +* (while=0 (a,I))) +* I by FUNCT_4:25; A5: I c= (p2 +* (while=0 (a,I))) +* I by FUNCT_4:25; assume A6: DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart ((StepWhile=0 (a,I,p2,s2)) . k) ; ::_thesis: S1[k + 1] then A7: ((StepWhile=0 (a,I,p1,s1)) . k) . a = ((StepWhile=0 (a,I,p2,s2)) . k) . a by SCMFSA_M:2; percases ( ((StepWhile=0 (a,I,p1,s1)) . k) . a <> 0 or ((StepWhile=0 (a,I,p1,s1)) . k) . a = 0 ) ; supposeA8: ((StepWhile=0 (a,I,p1,s1)) . k) . a <> 0 ; ::_thesis: S1[k + 1] hence DataPart ((StepWhile=0 (a,I,p1,s1)) . (k + 1)) = DataPart ((StepWhile=0 (a,I,p1,s1)) . k) by Th18 .= DataPart ((StepWhile=0 (a,I,p2,s2)) . (k + 1)) by A6, A7, A8, Th18 ; ::_thesis: verum end; supposeA9: ((StepWhile=0 (a,I,p1,s1)) . k) . a = 0 ; ::_thesis: S1[k + 1] then A10: I is_closed_on (StepWhile=0 (a,I,p1,s1)) . k,p1 +* (while=0 (a,I)) by A1, Def1; A11: I is_halting_on (StepWhile=0 (a,I,p1,s1)) . k,p1 +* (while=0 (a,I)) by A1, A9, Def1; then A12: ( I is_closed_on (StepWhile=0 (a,I,p2,s2)) . k,p2 +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p2,s2)) . k,p2 +* (while=0 (a,I)) ) by A6, A10, SCMFSA8B:5; A13: DataPart ((StepWhile=0 (a,I,p1,s1)) . (k + 1)) = DataPart (Comput (((p1 +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p1,s1)) . k)),((LifeSpan (((p1 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p1,s1)) . k)))) + 3))) by SCMFSA_9:def_4 .= DataPart (Comput (((p1 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p1,s1)) . k)),(LifeSpan (((p1 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p1,s1)) . k)))))) by A9, A10, A11, Th17 ; A14: DataPart ((StepWhile=0 (a,I,p2,s2)) . (k + 1)) = DataPart (Comput (((p2 +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p2,s2)) . k)),((LifeSpan (((p2 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p2,s2)) . k)))) + 3))) by SCMFSA_9:def_4 .= DataPart (Comput (((p2 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p2,s2)) . k)),(LifeSpan (((p2 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p2,s2)) . k)))))) by A7, A9, A12, Th17 ; A15: DataPart ((StepWhile=0 (a,I,p1,s1)) . k) = DataPart (Initialize ((StepWhile=0 (a,I,p1,s1)) . k)) by MEMSTR_0:79; then A16: I is_closed_on Initialize ((StepWhile=0 (a,I,p1,s1)) . k),(p1 +* (while=0 (a,I))) +* I by A10, SCMFSA8B:3; A17: DataPart (Initialize ((StepWhile=0 (a,I,p1,s1)) . k)) = DataPart ((StepWhile=0 (a,I,p1,s1)) . k) by MEMSTR_0:79 .= DataPart (Initialize ((StepWhile=0 (a,I,p2,s2)) . k)) by A6, MEMSTR_0:79 ; I is_halting_on Initialize ((StepWhile=0 (a,I,p1,s1)) . k),(p1 +* (while=0 (a,I))) +* I by A10, A11, A15, SCMFSA8B:5; then LifeSpan (((p1 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p1,s1)) . k))) = LifeSpan (((p2 +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p2,s2)) . k))) by A10, A17, A15, A4, A5, SCMFSA8B:3, SCMFSA8C:18; hence S1[k + 1] by A13, A14, A17, A16, A4, A5, SCMFSA8C:17; ::_thesis: verum end; end; end; DataPart ((StepWhile=0 (a,I,p1,s1)) . 0) = DataPart s1 by SCMFSA_9:def_4 .= DataPart ((StepWhile=0 (a,I,p2,s2)) . 0) by A2, SCMFSA_9:def_4 ; then A18: S1[ 0 ] ; thus for k being Element of NAT holds S1[k] from NAT_1:sch_1(A18, A3); ::_thesis: verum end; definition let p be Instruction-Sequence of SCM+FSA; let s be State of SCM+FSA; let a be read-write Int-Location; let I be Program of SCM+FSA; assume that A1: ( ProperBodyWhile=0 a,I,s,p or I is parahalting ) and A2: WithVariantWhile=0 a,I,s,p ; func ExitsAtWhile=0 (a,I,p,s) -> Element of NAT means :Def3: :: SCMFSA9A:def 3 ex k being Element of NAT st ( it = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ); existence ex b1, k being Element of NAT st ( b1 = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) proof set S = Initialize s; set P = p +* (while=0 (a,I)); set SW = StepWhile=0 (a,I,p,s); set PW = p +* (while=0 (a,I)); A3: while=0 (a,I) c= p +* (while=0 (a,I)) by FUNCT_4:25; defpred S1[ Nat] means ((StepWhile=0 (a,I,p,s)) . $1) . a <> 0 ; consider f being Function of (product (the_Values_of SCM+FSA)),NAT such that A4: for k being Element of NAT holds ( f . ((StepWhile=0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile=0 (a,I,p,s)) . k) or S1[k] ) by A2, Def2; deffunc H1( Nat) -> Element of NAT = f . ((StepWhile=0 (a,I,p,s)) . $1); A5: for k being Element of NAT holds ( H1(k + 1) < H1(k) or S1[k] ) by A4; consider m being Element of NAT such that A6: S1[m] and A7: for n being Element of NAT st S1[n] holds m <= n from NAT_1:sch_18(A5); take m ; ::_thesis: ex k being Element of NAT st ( m = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) take m ; ::_thesis: ( m = m & ((StepWhile=0 (a,I,p,s)) . m) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds m <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) ) thus m = m ; ::_thesis: ( ((StepWhile=0 (a,I,p,s)) . m) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds m <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) ) thus ((StepWhile=0 (a,I,p,s)) . m) . a <> 0 by A6; ::_thesis: ( ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds m <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) ) thus for n being Element of NAT st ((StepWhile=0 (a,I,p,s)) . n) . a <> 0 holds m <= n by A7; ::_thesis: DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) defpred S2[ Nat] means ( $1 + 1 <= m implies ex k being Element of NAT st (StepWhile=0 (a,I,p,s)) . ($1 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),k) ); A8: ProperBodyWhile=0 a,I,s,p by A1, Th13; A9: now__::_thesis:_for_k_being_Element_of_NAT_st_S2[k]_holds_ S2[k_+_1] let k be Element of NAT ; ::_thesis: ( S2[k] implies S2[k + 1] ) assume A10: S2[k] ; ::_thesis: S2[k + 1] now__::_thesis:_(_(k_+_1)_+_1_<=_m_implies_ex_m_being_Element_of_NAT_st_(StepWhile=0_(a,I,p,s))_._((k_+_1)_+_1)_=_Comput_((p_+*_(while=0_(a,I))),(Initialize_s),m)_) set sk1 = (StepWhile=0 (a,I,p,s)) . (k + 1); set sk = (StepWhile=0 (a,I,p,s)) . k; set pk = p +* (while=0 (a,I)); assume A11: (k + 1) + 1 <= m ; ::_thesis: ex m being Element of NAT st (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),m) k + 0 < k + (1 + 1) by XREAL_1:6; then k < m by A11, XXREAL_0:2; then A12: ((StepWhile=0 (a,I,p,s)) . k) . a = 0 by A7; (k + 1) + 0 < (k + 1) + 1 by XREAL_1:6; then consider n being Element of NAT such that A13: (StepWhile=0 (a,I,p,s)) . (k + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),n) by A10, A11, XXREAL_0:2; A14: (StepWhile=0 (a,I,p,s)) . (k + 1) = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . k)))) + 3)) by SCMFSA_9:def_4; take m = n + ((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . (k + 1))))) + 3); ::_thesis: (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),m) ( I is_closed_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . k,p +* (while=0 (a,I)) ) by A8, A12, Def1; then IC ((StepWhile=0 (a,I,p,s)) . (k + 1)) = 0 by A14, A12, SCMFSA_9:22; hence (StepWhile=0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),m) by A13, SCMFSA_9:26; ::_thesis: verum end; hence S2[k + 1] ; ::_thesis: verum end; A15: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; A16: S2[ 0 ] proof assume 0 + 1 <= m ; ::_thesis: ex k being Element of NAT st (StepWhile=0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),k) take n = (LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize s))) + 3; ::_thesis: (StepWhile=0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),n) thus (StepWhile=0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while=0 (a,I))),(Initialize s),n) by SCMFSA_9:25; ::_thesis: verum end; A17: for k being Element of NAT holds S2[k] from NAT_1:sch_1(A16, A9); percases ( m = 0 or m <> 0 ) ; supposeA18: m = 0 ; ::_thesis: DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) A19: DataPart (Initialize s) = DataPart s by MEMSTR_0:79 .= DataPart ((StepWhile=0 (a,I,p,s)) . m) by A18, SCMFSA_9:def_4 ; then (Initialize s) . a = ((StepWhile=0 (a,I,p,s)) . m) . a by SCMFSA_M:2; hence DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) by A6, A19, Th16, A3; ::_thesis: verum end; supposeA20: m <> 0 ; ::_thesis: DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) set sm = (StepWhile=0 (a,I,p,s)) . m; set pm = p +* (while=0 (a,I)); set sm1 = Initialize ((StepWhile=0 (a,I,p,s)) . m); set pm1 = (p +* (while=0 (a,I))) +* (while=0 (a,I)); consider i being Nat such that A21: m = i + 1 by A20, NAT_1:6; reconsider i = i as Element of NAT by ORDINAL1:def_12; set si = (StepWhile=0 (a,I,p,s)) . i; set psi = p +* (while=0 (a,I)); A22: (StepWhile=0 (a,I,p,s)) . m = Comput (((p +* (while=0 (a,I))) +* (while=0 (a,I))),(Initialize ((StepWhile=0 (a,I,p,s)) . i)),((LifeSpan (((p +* (while=0 (a,I))) +* I),(Initialize ((StepWhile=0 (a,I,p,s)) . i)))) + 3)) by A21, SCMFSA_9:def_4; m = i + 1 by A21; then consider n being Element of NAT such that A23: (StepWhile=0 (a,I,p,s)) . m = Comput ((p +* (while=0 (a,I))),(Initialize s),n) by A17; i < m by A21, NAT_1:13; then A24: ((StepWhile=0 (a,I,p,s)) . i) . a = 0 by A7; then ( I is_closed_on (StepWhile=0 (a,I,p,s)) . i,p +* (while=0 (a,I)) & I is_halting_on (StepWhile=0 (a,I,p,s)) . i,p +* (while=0 (a,I)) ) by A8, Def1; then A25: IC ((StepWhile=0 (a,I,p,s)) . m) = 0 by A22, A24, SCMFSA_9:22; A26: IC (Initialize ((StepWhile=0 (a,I,p,s)) . m)) = IC (Start-At (0,SCM+FSA)) by A15, FUNCT_4:13 .= IC ((StepWhile=0 (a,I,p,s)) . m) by A25, FUNCOP_1:72 ; DataPart (Initialize ((StepWhile=0 (a,I,p,s)) . m)) = DataPart ((StepWhile=0 (a,I,p,s)) . m) by MEMSTR_0:79; then A27: Initialize ((StepWhile=0 (a,I,p,s)) . m) = (StepWhile=0 (a,I,p,s)) . m by A26, MEMSTR_0:78; while=0 (a,I) is_halting_on (StepWhile=0 (a,I,p,s)) . m,p +* (while=0 (a,I)) by A6, SCMFSA_9:18; then (p +* (while=0 (a,I))) +* (while=0 (a,I)) halts_on Initialize ((StepWhile=0 (a,I,p,s)) . m) by SCMFSA7B:def_7; then consider j being Element of NAT such that A28: CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . m),j))) = halt SCM+FSA by A27, EXTPRO_1:29; A29: Comput ((p +* (while=0 (a,I))),(Initialize s),(n + j)) = Comput ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),n)),j) by EXTPRO_1:4; CurInstr ((p +* (while=0 (a,I))),(Comput ((p +* (while=0 (a,I))),(Initialize s),(n + j)))) = halt SCM+FSA by A23, A28, A29; then A30: Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s)))) = Comput ((p +* (while=0 (a,I))),(Initialize s),(n + j)) by EXTPRO_1:24 .= Comput ((p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . m),j) by A23, EXTPRO_1:4 .= Comput ((p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . m),(LifeSpan ((p +* (while=0 (a,I))),((StepWhile=0 (a,I,p,s)) . m)))) by A28, EXTPRO_1:24 ; Start-At (0,SCM+FSA) c= (StepWhile=0 (a,I,p,s)) . m by A27, FUNCT_4:25; then (StepWhile=0 (a,I,p,s)) . m is 0 -started by MEMSTR_0:29; hence DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . m) by A6, A30, Th16, A3; ::_thesis: verum end; end; end; uniqueness for b1, b2 being Element of NAT st ex k being Element of NAT st ( b1 = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) & ex k being Element of NAT st ( b2 = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) holds b1 = b2 proof let it1, it2 be Element of NAT ; ::_thesis: ( ex k being Element of NAT st ( it1 = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) & ex k being Element of NAT st ( it2 = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) implies it1 = it2 ) given k1 being Element of NAT such that A31: it1 = k1 and A32: ( ((StepWhile=0 (a,I,p,s)) . k1) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k1 <= i ) ) and DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k1) ; ::_thesis: ( for k being Element of NAT holds ( not it2 = k or not ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 or ex i being Element of NAT st ( ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 & not k <= i ) or not DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) or it1 = it2 ) given k2 being Element of NAT such that A33: it2 = k2 and A34: ( ((StepWhile=0 (a,I,p,s)) . k2) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k2 <= i ) ) and DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k2) ; ::_thesis: it1 = it2 ( k1 <= k2 & k2 <= k1 ) by A32, A34; hence it1 = it2 by A31, A33, XXREAL_0:1; ::_thesis: verum end; end; :: deftheorem Def3 defines ExitsAtWhile=0 SCMFSA9A:def_3_:_ for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile=0 a,I,s,p or I is parahalting ) & WithVariantWhile=0 a,I,s,p holds for b5 being Element of NAT holds ( b5 = ExitsAtWhile=0 (a,I,p,s) iff ex k being Element of NAT st ( b5 = k & ((StepWhile=0 (a,I,p,s)) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,s)) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize s),(LifeSpan ((p +* (while=0 (a,I))),(Initialize s))))) = DataPart ((StepWhile=0 (a,I,p,s)) . k) ) ); theorem :: SCMFSA9A:22 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <> 0 holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart s proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <> 0 holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart s let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <> 0 holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart s let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <> 0 holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart s let I be Program of SCM+FSA; ::_thesis: ( s . (intloc 0) = 1 & s . a <> 0 implies DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart s ) set Ins = NAT ; assume that A1: s . (intloc 0) = 1 and A2: s . a <> 0 ; ::_thesis: DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart s set WH = while=0 (a,I); set Is = Initialized s; set pds = p +* (while=0 (a,I)); A3: while=0 (a,I) c= p +* (while=0 (a,I)) by FUNCT_4:25; A4: Initialized s = Initialize (Initialized s) by MEMSTR_0:44; (Initialized s) . a = s . a by SCMFSA_M:37; then while=0 (a,I) is_halting_on Initialized s,p by A2, SCMFSA_9:18; then A5: p +* (while=0 (a,I)) halts_on Initialized s by A4, SCMFSA7B:def_7; A6: (Initialized s) . a = (Initialized s) . a .= s . a by SCMFSA_M:37 ; thus DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart (Result ((p +* (while=0 (a,I))),(Initialized s))) by SCMFSA6B:def_1 .= DataPart (Comput ((p +* (while=0 (a,I))),(Initialized s),(LifeSpan ((p +* (while=0 (a,I))),(Initialized s))))) by A5, EXTPRO_1:23 .= DataPart (Initialized s) by A2, A6, Th16, A3 .= DataPart s by A1, SCMFSA_M:19 ; ::_thesis: verum end; theorem :: SCMFSA9A:23 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile=0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile=0 a,I, Initialized s,p holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile=0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile=0 a,I, Initialized s,p holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile=0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile=0 a,I, Initialized s,p holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st ( ProperBodyWhile=0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile=0 a,I, Initialized s,p holds DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) let I be Program of SCM+FSA; ::_thesis: ( ( ProperBodyWhile=0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile=0 a,I, Initialized s,p implies DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) ) set Ins = NAT ; set WH = while=0 (a,I); set Is = Initialized s; set pds = p +* (while=0 (a,I)); A1: Initialized s = Initialize (Initialized s) by MEMSTR_0:44; assume A2: ( ( ProperBodyWhile=0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile=0 a,I, Initialized s,p ) ; ::_thesis: DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) then A3: ex k being Element of NAT st ( ExitsAtWhile=0 (a,I,p,(Initialized s)) = k & ((StepWhile=0 (a,I,p,(Initialized s))) . k) . a <> 0 & ( for i being Element of NAT st ((StepWhile=0 (a,I,p,(Initialized s))) . i) . a <> 0 holds k <= i ) & DataPart (Comput ((p +* (while=0 (a,I))),(Initialize (Initialized s)),(LifeSpan ((p +* (while=0 (a,I))),(Initialize (Initialized s)))))) = DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . k) ) by Def3; while=0 (a,I) is_halting_on Initialized s,p by A2, Th14, Th15; then A4: p +* (while=0 (a,I)) halts_on Initialized s by A1, SCMFSA7B:def_7; thus DataPart (IExec ((while=0 (a,I)),p,s)) = DataPart (Result ((p +* (while=0 (a,I))),(Initialized s))) by SCMFSA6B:def_1 .= DataPart (Result ((p +* (while=0 (a,I))),(s +* (Initialize ((intloc 0) .--> 1))))) .= DataPart ((StepWhile=0 (a,I,p,(Initialized s))) . (ExitsAtWhile=0 (a,I,p,(Initialized s)))) by A1, A4, A3, EXTPRO_1:23 ; ::_thesis: verum end; begin Lm4: for a being Int-Location for I being Program of SCM+FSA holds ( (card I) + 4 in dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) & (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) ) proof set J = Stop SCM+FSA; set G = Goto 0; let a be Int-Location; ::_thesis: for I being Program of SCM+FSA holds ( (card I) + 4 in dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) & (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) ) let I be Program of SCM+FSA; ::_thesis: ( (card I) + 4 in dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) & (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) ) set I1 = I ";" (Goto 0); set i = a >0_goto ((card (Stop SCM+FSA)) + 3); set c4 = (card I) + 4; set Lc4 = (card I) + 4; set Mi = (((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I; A1: card (Stop SCM+FSA) = 1 by COMPOS_1:4; A2: card ((Goto 0) ";" (Stop SCM+FSA)) = (card (Goto 0)) + (card (Stop SCM+FSA)) by SCMFSA6A:21 .= 1 + 1 by A1, SCMFSA8A:15 .= 2 ; A3: if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)) = ((((a >0_goto ((card (Stop SCM+FSA)) + 3)) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" (I ";" (Goto 0))) ";" (Stop SCM+FSA) by SCMFSA8B:def_2 .= (((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) ";" (Goto 0)) ";" (Stop SCM+FSA) by SCMFSA6A:25 .= ((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) ";" ((Goto 0) ";" (Stop SCM+FSA)) by SCMFSA6A:25 ; then card (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = (card ((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I)) + (card ((Goto 0) ";" (Stop SCM+FSA))) by SCMFSA6A:21; then A4: card ((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) = (card (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) - (card ((Goto 0) ";" (Stop SCM+FSA))) .= ((card I) + 6) - 2 by A2, SCMFSA_9:2 .= (card I) + 4 ; then A5: not (card I) + 4 in dom ((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I) ; set GJ = (Goto 0) ";" (Stop SCM+FSA); A6: Goto 0 = 0 .--> (goto 0) by SCMFSA8A:def_1; then A7: (Goto 0) . 0 = goto 0 by FUNCOP_1:72; dom (Goto 0) = {0} by A6, FUNCOP_1:13; then A8: 0 in dom (Goto 0) by TARSKI:def_1; A9: dom (Goto 0) c= dom ((Goto 0) ";" (Stop SCM+FSA)) by SCMFSA6A:17; then 0 + ((card I) + 4) in { (il + ((card I) + 4)) where il is Element of NAT : il in dom ((Goto 0) ";" (Stop SCM+FSA)) } by A8; then A10: (card I) + 4 in dom (Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) by VALUED_1:def_12; then A11: (Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) /. ((card I) + 4) = (Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) . (0 + ((card I) + 4)) by PARTFUN1:def_6 .= ((Goto 0) ";" (Stop SCM+FSA)) . 0 by A8, A9, VALUED_1:def_12 .= goto 0 by A8, A7, SCMFSA6A:15 ; A12: card (Stop SCM+FSA) = 1 by COMPOS_1:4; card (I ";" (Goto 0)) = (card I) + (card (Goto 0)) by SCMFSA6A:21 .= (card I) + 1 by SCMFSA8A:15 ; then ((card (I ";" (Goto 0))) + (card (Stop SCM+FSA))) + 3 = ((card I) + 4) + 1 by A12; then (card I) + 4 < ((card (I ";" (Goto 0))) + (card (Stop SCM+FSA))) + 3 by NAT_1:13; hence A13: (card I) + 4 in dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by SCMFSA8C:28; ::_thesis: (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = goto (0 + ((card I) + 4)) A14: Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4)) = IncAddr ((Shift (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))),((card I) + 4)) by COMPOS_1:34; A15: dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = (dom (Directed ((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I))) \/ (dom (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4)))) by A3, A4, FUNCT_4:def_1; then dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = (dom ((((Macro (a >0_goto ((card (Stop SCM+FSA)) + 3))) ";" (Stop SCM+FSA)) ";" (Goto ((card (I ";" (Goto 0))) + 1))) ";" I)) \/ (dom (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4)))) by FUNCT_4:99; then (card I) + 4 in dom (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) by A13, A5, XBOOLE_0:def_3; hence (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . ((card I) + 4) = (Reloc (((Goto 0) ";" (Stop SCM+FSA)),((card I) + 4))) . ((card I) + 4) by A13, A3, A4, A15, FUNCT_4:def_1 .= IncAddr ((goto 0),((card I) + 4)) by A10, A11, A14, COMPOS_1:def_21 .= goto (0 + ((card I) + 4)) by SCMFSA_4:1 ; ::_thesis: verum end; Lm5: for a being Int-Location for I being Program of SCM+FSA holds UsedIntLoc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) proof let a be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedIntLoc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) let I be Program of SCM+FSA; ::_thesis: UsedIntLoc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) set Lc4 = (card I) + 4; set if0 = if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)); set ic4 = ((card I) + 4) .--> (goto 0); consider UIL1 being Function of the InstructionsF of SCM+FSA,(Fin Int-Locations) such that A1: for i being Instruction of SCM+FSA holds UIL1 . i = UsedIntLoc i and A2: UsedIntLoc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = Union (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) by SF_MASTR:def_2; A3: dom UIL1 = the InstructionsF of SCM+FSA by FUNCT_2:def_1; A4: now__::_thesis:_(_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_&_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_((if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_&_(_for_x_being_set_st_x_in_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_holds_ (UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_._x_=_(UIL1_*_((if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_._x_)_) thus dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: ( dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) & ( for x being set st x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 ) ) A5: rng ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) c= dom UIL1 by A3, RELAT_1:def_19; A6: dom (((card I) + 4) .--> (goto 0)) = {((card I) + 4)} by FUNCOP_1:13; then A7: (card I) + 4 in dom (((card I) + 4) .--> (goto 0)) by TARSKI:def_1; (card I) + 4 in dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm4; then ( dom ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = (dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) \/ (dom (((card I) + 4) .--> (goto 0))) & dom (((card I) + 4) .--> (goto 0)) c= dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) ) by A6, FUNCT_4:def_1, ZFMISC_1:31; then A8: dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = dom ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by XBOOLE_1:12; rng (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) c= dom UIL1 by A3, RELAT_1:def_19; hence A9: dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by RELAT_1:27 .= dom (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by A5, A8, RELAT_1:27 ; ::_thesis: for x being set st x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 let x be set ; ::_thesis: ( x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) implies (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 ) assume A10: x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 percases ( x <> (card I) + 4 or x = (card I) + 4 ) ; suppose x <> (card I) + 4 ; ::_thesis: (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 then A11: not x in dom (((card I) + 4) .--> (goto 0)) by A6, TARSKI:def_1; thus (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A11, FUNCT_4:11 .= (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; supposeA12: x = (card I) + 4 ; ::_thesis: (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 thus (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (goto (0 + ((card I) + 4))) by A12, Lm4 .= UsedIntLoc (goto (0 + ((card I) + 4))) by A1 .= {} by SF_MASTR:15 .= UsedIntLoc (goto 0) by SF_MASTR:15 .= UIL1 . (goto 0) by A1 .= UIL1 . ((((card I) + 4) .--> (goto 0)) . x) by A12, FUNCOP_1:72 .= UIL1 . (((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A7, A12, FUNCT_4:13 .= (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; end; end; consider UIL2 being Function of the InstructionsF of SCM+FSA,(Fin Int-Locations) such that A13: for i being Instruction of SCM+FSA holds UIL2 . i = UsedIntLoc i and A14: UsedIntLoc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = Union (UIL2 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by SF_MASTR:def_2; for c being Element of the InstructionsF of SCM+FSA holds UIL1 . c = UIL2 . c proof let c be Element of the InstructionsF of SCM+FSA; ::_thesis: UIL1 . c = UIL2 . c reconsider d = c as Instruction of SCM+FSA ; thus UIL1 . c = UsedIntLoc d by A1 .= UIL2 . c by A13 ; ::_thesis: verum end; then UIL1 = UIL2 by FUNCT_2:63; hence UsedIntLoc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedIntLoc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by A2, A14, A4, FUNCT_1:2; ::_thesis: verum end; Lm6: for a being Int-Location for I being Program of SCM+FSA holds UsedInt*Loc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) proof let a be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedInt*Loc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) let I be Program of SCM+FSA; ::_thesis: UsedInt*Loc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) set Lc4 = (card I) + 4; set if0 = if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)); set ic4 = ((card I) + 4) .--> (goto 0); consider UIL1 being Function of the InstructionsF of SCM+FSA,(Fin FinSeq-Locations) such that A1: for i being Instruction of SCM+FSA holds UIL1 . i = UsedInt*Loc i and A2: UsedInt*Loc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = Union (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) by SF_MASTR:def_4; A3: dom UIL1 = the InstructionsF of SCM+FSA by FUNCT_2:def_1; A4: now__::_thesis:_(_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_&_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_=_dom_(UIL1_*_((if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_&_(_for_x_being_set_st_x_in_dom_(UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_holds_ (UIL1_*_(if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA))))_._x_=_(UIL1_*_((if>0_(a,(I_";"_(Goto_0)),(Stop_SCM+FSA)))_+*_(((card_I)_+_4)_.-->_(goto_0))))_._x_)_) thus dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: ( dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) & ( for x being set st x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 ) ) A5: rng ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) c= dom UIL1 by A3, RELAT_1:def_19; A6: dom (((card I) + 4) .--> (goto 0)) = {((card I) + 4)} by FUNCOP_1:13; then A7: (card I) + 4 in dom (((card I) + 4) .--> (goto 0)) by TARSKI:def_1; (card I) + 4 in dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm4; then ( dom ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = (dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) \/ (dom (((card I) + 4) .--> (goto 0))) & dom (((card I) + 4) .--> (goto 0)) c= dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) ) by A6, FUNCT_4:def_1, ZFMISC_1:31; then A8: dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = dom ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by XBOOLE_1:12; rng (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) c= dom UIL1 by A3, RELAT_1:def_19; hence A9: dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) = dom (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) by RELAT_1:27 .= dom (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by A5, A8, RELAT_1:27 ; ::_thesis: for x being set st x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) holds (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b2 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b2 let x be set ; ::_thesis: ( x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) implies (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 ) assume A10: x in dom (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) ; ::_thesis: (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 percases ( x <> (card I) + 4 or x = (card I) + 4 ) ; suppose x <> (card I) + 4 ; ::_thesis: (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 then A11: not x in dom (((card I) + 4) .--> (goto 0)) by A6, TARSKI:def_1; thus (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A11, FUNCT_4:11 .= (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; supposeA12: x = (card I) + 4 ; ::_thesis: (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . b1 = (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . b1 thus (UIL1 * (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA)))) . x = UIL1 . ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) . x) by A10, FUNCT_1:12 .= UIL1 . (goto (0 + ((card I) + 4))) by A12, Lm4 .= UsedInt*Loc (goto (0 + ((card I) + 4))) by A1 .= {} by SF_MASTR:32 .= UsedInt*Loc (goto 0) by SF_MASTR:32 .= UIL1 . (goto 0) by A1 .= UIL1 . ((((card I) + 4) .--> (goto 0)) . x) by A12, FUNCOP_1:72 .= UIL1 . (((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) . x) by A7, A12, FUNCT_4:13 .= (UIL1 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) . x by A9, A10, FUNCT_1:12 ; ::_thesis: verum end; end; end; consider UIL2 being Function of the InstructionsF of SCM+FSA,(Fin FinSeq-Locations) such that A13: for i being Instruction of SCM+FSA holds UIL2 . i = UsedInt*Loc i and A14: UsedInt*Loc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) = Union (UIL2 * ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)))) by SF_MASTR:def_4; for c being Element of the InstructionsF of SCM+FSA holds UIL1 . c = UIL2 . c proof let c be Element of the InstructionsF of SCM+FSA; ::_thesis: UIL1 . c = UIL2 . c reconsider d = c as Instruction of SCM+FSA ; thus UIL1 . c = UsedInt*Loc d by A1 .= UIL2 . c by A13 ; ::_thesis: verum end; then UIL1 = UIL2 by FUNCT_2:63; hence UsedInt*Loc (if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) = UsedInt*Loc ((if>0 (a,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0))) by A2, A14, A4, FUNCT_1:2; ::_thesis: verum end; theorem :: SCMFSA9A:24 for b being Int-Location for I being Program of SCM+FSA holds UsedIntLoc (while>0 (b,I)) = {b} \/ (UsedIntLoc I) proof let b be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedIntLoc (while>0 (b,I)) = {b} \/ (UsedIntLoc I) let I be Program of SCM+FSA; ::_thesis: UsedIntLoc (while>0 (b,I)) = {b} \/ (UsedIntLoc I) set J = Stop SCM+FSA; set a = b; set IG = I ";" (Goto 0); while>0 (b,I) = (if>0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)) by SCMFSA_9:def_2; hence UsedIntLoc (while>0 (b,I)) = UsedIntLoc (if>0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm5 .= ({b} \/ (UsedIntLoc (I ";" (Goto 0)))) \/ (UsedIntLoc (Stop SCM+FSA)) by Th9 .= ({b} \/ ((UsedIntLoc I) \/ (UsedIntLoc (Goto 0)))) \/ (UsedIntLoc (Stop SCM+FSA)) by SF_MASTR:27 .= ({b} \/ ((UsedIntLoc I) \/ {})) \/ (UsedIntLoc (Stop SCM+FSA)) by Th5 .= {b} \/ (UsedIntLoc I) by Th3 ; ::_thesis: verum end; theorem :: SCMFSA9A:25 for b being Int-Location for I being Program of SCM+FSA holds UsedInt*Loc (while>0 (b,I)) = UsedInt*Loc I proof let b be Int-Location; ::_thesis: for I being Program of SCM+FSA holds UsedInt*Loc (while>0 (b,I)) = UsedInt*Loc I let I be Program of SCM+FSA; ::_thesis: UsedInt*Loc (while>0 (b,I)) = UsedInt*Loc I set J = Stop SCM+FSA; set a = b; set IG = I ";" (Goto 0); while>0 (b,I) = (if>0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) +* (((card I) + 4) .--> (goto 0)) by SCMFSA_9:def_2; hence UsedInt*Loc (while>0 (b,I)) = UsedInt*Loc (if>0 (b,(I ";" (Goto 0)),(Stop SCM+FSA))) by Lm6 .= (UsedInt*Loc (I ";" (Goto 0))) \/ (UsedInt*Loc (Stop SCM+FSA)) by Th10 .= ((UsedInt*Loc I) \/ (UsedInt*Loc (Goto 0))) \/ (UsedInt*Loc (Stop SCM+FSA)) by SF_MASTR:43 .= (UsedInt*Loc I) \/ {} by Th4, Th6 .= UsedInt*Loc I ; ::_thesis: verum end; definition let p be Instruction-Sequence of SCM+FSA; let s be State of SCM+FSA; let a be read-write Int-Location; let I be Program of SCM+FSA; pred ProperBodyWhile>0 a,I,s,p means :Def4: :: SCMFSA9A:def 4 for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a > 0 holds ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ); pred WithVariantWhile>0 a,I,s,p means :Def5: :: SCMFSA9A:def 5 ex f being Function of (product (the_Values_of SCM+FSA)),NAT st for k being Element of NAT holds ( f . ((StepWhile>0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,I,p,s)) . k) or ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 ); end; :: deftheorem Def4 defines ProperBodyWhile>0 SCMFSA9A:def_4_:_ for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA holds ( ProperBodyWhile>0 a,I,s,p iff for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a > 0 holds ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) ); :: deftheorem Def5 defines WithVariantWhile>0 SCMFSA9A:def_5_:_ for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA holds ( WithVariantWhile>0 a,I,s,p iff ex f being Function of (product (the_Values_of SCM+FSA)),NAT st for k being Element of NAT holds ( f . ((StepWhile>0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,I,p,s)) . k) or ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 ) ); theorem Th26: :: SCMFSA9A:26 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA holds ProperBodyWhile>0 a,I,s,p proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA holds ProperBodyWhile>0 a,I,s,p let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being parahalting Program of SCM+FSA holds ProperBodyWhile>0 a,I,s,p let a be read-write Int-Location; ::_thesis: for I being parahalting Program of SCM+FSA holds ProperBodyWhile>0 a,I,s,p let I be parahalting Program of SCM+FSA; ::_thesis: ProperBodyWhile>0 a,I,s,p let k be Element of NAT ; :: according to SCMFSA9A:def_4 ::_thesis: ( ((StepWhile>0 (a,I,p,s)) . k) . a > 0 implies ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) ) assume ((StepWhile>0 (a,I,p,s)) . k) . a > 0 ; ::_thesis: ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) thus I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) by SCMFSA7B:18; ::_thesis: I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) thus I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) by SCMFSA7B:19; ::_thesis: verum end; theorem Th27: :: SCMFSA9A:27 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s,p & WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s,p & WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s,p & WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s,p & WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) let I be Program of SCM+FSA; ::_thesis: ( ProperBodyWhile>0 a,I,s,p & WithVariantWhile>0 a,I,s,p implies ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) ) assume A1: for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a > 0 holds ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) ; :: according to SCMFSA9A:def_4 ::_thesis: ( not WithVariantWhile>0 a,I,s,p or ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) ) set s1 = Initialize s; set p1 = p +* (while>0 (a,I)); A2: (p +* (while>0 (a,I))) +* (while>0 (a,I)) = p +* (while>0 (a,I)) ; defpred S1[ Nat] means ((StepWhile>0 (a,I,p,s)) . $1) . a <= 0 ; given f being Function of (product (the_Values_of SCM+FSA)),NAT such that A3: for k being Element of NAT holds ( f . ((StepWhile>0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,I,p,s)) . k) or ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 ) ; :: according to SCMFSA9A:def_5 ::_thesis: ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) deffunc H1( Nat) -> Element of NAT = f . ((StepWhile>0 (a,I,p,s)) . $1); A4: for k being Element of NAT holds ( H1(k + 1) < H1(k) or S1[k] ) by A3; consider m being Element of NAT such that A5: S1[m] and A6: for n being Element of NAT st S1[n] holds m <= n from NAT_1:sch_18(A4); defpred S2[ Nat] means ( $1 + 1 <= m implies ex k being Element of NAT st (StepWhile>0 (a,I,p,s)) . ($1 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),k) ); A7: now__::_thesis:_for_k_being_Element_of_NAT_st_S2[k]_holds_ S2[k_+_1] let k be Element of NAT ; ::_thesis: ( S2[k] implies S2[k + 1] ) assume A8: S2[k] ; ::_thesis: S2[k + 1] now__::_thesis:_(_(k_+_1)_+_1_<=_m_implies_ex_m_being_Element_of_NAT_st_(StepWhile>0_(a,I,p,s))_._((k_+_1)_+_1)_=_Comput_((p_+*_(while>0_(a,I))),(Initialize_s),m)_) set sk1 = (StepWhile>0 (a,I,p,s)) . (k + 1); set sk = (StepWhile>0 (a,I,p,s)) . k; set pk = p +* (while>0 (a,I)); assume A9: (k + 1) + 1 <= m ; ::_thesis: ex m being Element of NAT st (StepWhile>0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),m) k + 0 < k + (1 + 1) by XREAL_1:6; then k < m by A9, XXREAL_0:2; then A10: ((StepWhile>0 (a,I,p,s)) . k) . a > 0 by A6; (k + 1) + 0 < (k + 1) + 1 by XREAL_1:6; then consider n being Element of NAT such that A11: (StepWhile>0 (a,I,p,s)) . (k + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),n) by A8, A9, XXREAL_0:2; A12: (StepWhile>0 (a,I,p,s)) . (k + 1) = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)))) + 3)) by SCMFSA_9:def_5; take m = n + ((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . (k + 1))))) + 3); ::_thesis: (StepWhile>0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),m) ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) by A1, A10; then IC ((StepWhile>0 (a,I,p,s)) . (k + 1)) = 0 by A12, A10, SCMFSA_9:42; hence (StepWhile>0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),m) by A11, SCMFSA_9:45; ::_thesis: verum end; hence S2[k + 1] ; ::_thesis: verum end; A13: S2[ 0 ] proof assume 0 + 1 <= m ; ::_thesis: ex k being Element of NAT st (StepWhile>0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),k) take n = (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3; ::_thesis: (StepWhile>0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),n) thus (StepWhile>0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),n) by SCMFSA_9:44; ::_thesis: verum end; A14: for k being Element of NAT holds S2[k] from NAT_1:sch_1(A13, A7); percases ( m = 0 or m <> 0 ) ; suppose m = 0 ; ::_thesis: ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) then s . a <= 0 by A5, SCMFSA_9:def_5; hence ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) by SCMFSA_9:38; ::_thesis: verum end; supposeA15: m <> 0 ; ::_thesis: ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) set ii = (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3; set sm = (StepWhile>0 (a,I,p,s)) . m; set pm = p +* (while>0 (a,I)); set sm1 = Initialize ((StepWhile>0 (a,I,p,s)) . m); set pm1 = (p +* (while>0 (a,I))) +* (while>0 (a,I)); consider i being Nat such that A16: m = i + 1 by A15, NAT_1:6; reconsider i = i as Element of NAT by ORDINAL1:def_12; set si = (StepWhile>0 (a,I,p,s)) . i; set psi = p +* (while>0 (a,I)); A17: (StepWhile>0 (a,I,p,s)) . m = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . i)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . i)))) + 3)) by A16, SCMFSA_9:def_5; m = i + 1 by A16; then consider n being Element of NAT such that A18: (StepWhile>0 (a,I,p,s)) . m = Comput ((p +* (while>0 (a,I))),(Initialize s),n) by A14; i < m by A16, NAT_1:13; then A19: ((StepWhile>0 (a,I,p,s)) . i) . a > 0 by A6; then ( I is_closed_on (StepWhile>0 (a,I,p,s)) . i,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . i,p +* (while>0 (a,I)) ) by A1; then IC ((StepWhile>0 (a,I,p,s)) . m) = 0 by A17, A19, SCMFSA_9:42; then Start-At (0,SCM+FSA) c= (StepWhile>0 (a,I,p,s)) . m by MEMSTR_0:30; then A20: Initialize ((StepWhile>0 (a,I,p,s)) . m) = (StepWhile>0 (a,I,p,s)) . m by FUNCT_4:98; while>0 (a,I) is_halting_on (StepWhile>0 (a,I,p,s)) . m,p +* (while>0 (a,I)) by A5, SCMFSA_9:38; then (p +* (while>0 (a,I))) +* (while>0 (a,I)) halts_on Initialize ((StepWhile>0 (a,I,p,s)) . m) by SCMFSA7B:def_7; then consider j being Element of NAT such that A21: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . m),j))) = halt SCM+FSA by A20, EXTPRO_1:29; A22: Comput ((p +* (while>0 (a,I))),(Initialize s),(n + j)) = Comput ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),n)),j) by EXTPRO_1:4; CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),(n + j)))) = halt SCM+FSA by A18, A21, A22; then p +* (while>0 (a,I)) halts_on Initialize s by EXTPRO_1:29; hence while>0 (a,I) is_halting_on s,p by SCMFSA7B:def_7; ::_thesis: while>0 (a,I) is_closed_on s,p now__::_thesis:_for_q_being_Element_of_NAT_holds_IC_(Comput_((p_+*_(while>0_(a,I))),(Initialize_s),q))_in_dom_(while>0_(a,I)) let q be Element of NAT ; ::_thesis: IC (Comput ((p +* (while>0 (a,I))),(Initialize s),b1)) in dom (while>0 (a,I)) percases ( q <= (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3 or q > (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3 ) ; supposeA23: q <= (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3 ; ::_thesis: IC (Comput ((p +* (while>0 (a,I))),(Initialize s),b1)) in dom (while>0 (a,I)) A24: (StepWhile>0 (a,I,p,s)) . 0 = s by SCMFSA_9:def_5; then A25: s . a > 0 by A6, A15; then ( I is_closed_on s,p +* (while>0 (a,I)) & I is_halting_on s,p +* (while>0 (a,I)) ) by A1, A24; hence IC (Comput ((p +* (while>0 (a,I))),(Initialize s),q)) in dom (while>0 (a,I)) by A23, A25, A2, SCMFSA_9:42; ::_thesis: verum end; supposeA26: q > (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3 ; ::_thesis: IC (Comput ((p +* (while>0 (a,I))),(Initialize s),b1)) in dom (while>0 (a,I)) A27: now__::_thesis:_ex_k_being_Element_of_NAT_st_ (_(StepWhile>0_(a,I,p,s))_._1_=_Comput_((p_+*_(while>0_(a,I))),(Initialize_s),k)_&_k_<=_q_) take k = (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3; ::_thesis: ( (StepWhile>0 (a,I,p,s)) . 1 = Comput ((p +* (while>0 (a,I))),(Initialize s),k) & k <= q ) thus ( (StepWhile>0 (a,I,p,s)) . 1 = Comput ((p +* (while>0 (a,I))),(Initialize s),k) & k <= q ) by A26, SCMFSA_9:44; ::_thesis: verum end; defpred S3[ Nat] means ( $1 <= m & $1 <> 0 & ex k being Element of NAT st ( (StepWhile>0 (a,I,p,s)) . $1 = Comput ((p +* (while>0 (a,I))),(Initialize s),k) & k <= q ) ); A28: for i being Nat st S3[i] holds i <= m ; 0 + 1 < m + 1 by A15, XREAL_1:6; then 1 <= m by NAT_1:13; then A29: ex k being Nat st S3[k] by A27; consider t being Nat such that A30: ( S3[t] & ( for i being Nat st S3[i] holds i <= t ) ) from NAT_1:sch_6(A28, A29); reconsider t = t as Element of NAT by ORDINAL1:def_12; percases ( t = m or t <> m ) ; suppose t = m ; ::_thesis: IC (Comput ((p +* (while>0 (a,I))),(Initialize s),b1)) in dom (while>0 (a,I)) then consider r being Element of NAT such that A31: (StepWhile>0 (a,I,p,s)) . m = Comput ((p +* (while>0 (a,I))),(Initialize s),r) and A32: r <= q by A30; consider x being Nat such that A33: q = r + x by A32, NAT_1:10; A34: while>0 (a,I) is_closed_on (StepWhile>0 (a,I,p,s)) . m,p +* (while>0 (a,I)) by A5, SCMFSA_9:38; reconsider x = x as Element of NAT by ORDINAL1:def_12; Comput ((p +* (while>0 (a,I))),(Initialize s),q) = Comput ((p +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . m)),x) by A20, A31, A33, EXTPRO_1:4; hence IC (Comput ((p +* (while>0 (a,I))),(Initialize s),q)) in dom (while>0 (a,I)) by A34, A2, SCMFSA7B:def_6; ::_thesis: verum end; supposeA35: t <> m ; ::_thesis: IC (Comput ((p +* (while>0 (a,I))),(Initialize s),b1)) in dom (while>0 (a,I)) set Dt = (StepWhile>0 (a,I,p,s)) . t; set pt = p +* (while>0 (a,I)); consider y being Nat such that A36: t = y + 1 by A30, NAT_1:6; reconsider y = y as Element of NAT by ORDINAL1:def_12; set Dy = (StepWhile>0 (a,I,p,s)) . y; set py = p +* (while>0 (a,I)); A37: (StepWhile>0 (a,I,p,s)) . t = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . y)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . y)))) + 3)) by A36, SCMFSA_9:def_5; y + 0 < t by A36, XREAL_1:6; then y < m by A30, XXREAL_0:2; then A38: ((StepWhile>0 (a,I,p,s)) . y) . a > 0 by A6; then ( I is_closed_on (StepWhile>0 (a,I,p,s)) . y,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . y,p +* (while>0 (a,I)) ) by A1; then A39: IC ((StepWhile>0 (a,I,p,s)) . t) = 0 by A37, A38, SCMFSA_9:42; consider z being Element of NAT such that A40: (StepWhile>0 (a,I,p,s)) . t = Comput ((p +* (while>0 (a,I))),(Initialize s),z) and A41: z <= q by A30; consider w being Nat such that A42: q = z + w by A41, NAT_1:10; reconsider w = w as Element of NAT by ORDINAL1:def_12; A43: (StepWhile>0 (a,I,p,s)) . t = Initialize ((StepWhile>0 (a,I,p,s)) . t) by A40, A39, SCMFSA_9:45; A44: Comput ((p +* (while>0 (a,I))),(Initialize s),q) = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . t)),w) by A43, A40, A42, EXTPRO_1:4; set z2 = z + ((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . t)))) + 3); A45: t < m by A30, A35, XXREAL_0:1; now__::_thesis:_not_z_+_((LifeSpan_(((p_+*_(while>0_(a,I)))_+*_I),(Initialize_((StepWhile>0_(a,I,p,s))_._t))))_+_3)_<=_q assume A46: z + ((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . t)))) + 3) <= q ; ::_thesis: contradiction A47: now__::_thesis:_ex_k_being_Element_of_NAT_st_ (_(StepWhile>0_(a,I,p,s))_._(t_+_1)_=_Comput_((p_+*_(while>0_(a,I))),(Initialize_s),k)_&_k_<=_q_) take k = z + ((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . t)))) + 3); ::_thesis: ( (StepWhile>0 (a,I,p,s)) . (t + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),k) & k <= q ) thus ( (StepWhile>0 (a,I,p,s)) . (t + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),k) & k <= q ) by A40, A39, A46, SCMFSA_9:45; ::_thesis: verum end; t + 1 <= m by A45, NAT_1:13; hence contradiction by A30, A47, XREAL_1:29; ::_thesis: verum end; then A48: w < (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . t)))) + 3 by A42, XREAL_1:6; A49: ((StepWhile>0 (a,I,p,s)) . t) . a > 0 by A6, A45; then ( I is_closed_on (StepWhile>0 (a,I,p,s)) . t,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . t,p +* (while>0 (a,I)) ) by A1; hence IC (Comput ((p +* (while>0 (a,I))),(Initialize s),q)) in dom (while>0 (a,I)) by A48, A44, A49, SCMFSA_9:42; ::_thesis: verum end; end; end; end; end; hence while>0 (a,I) is_closed_on s,p by SCMFSA7B:def_6; ::_thesis: verum end; end; end; theorem Th28: :: SCMFSA9A:28 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA st WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being parahalting Program of SCM+FSA st WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being parahalting Program of SCM+FSA st WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) let a be read-write Int-Location; ::_thesis: for I being parahalting Program of SCM+FSA st WithVariantWhile>0 a,I,s,p holds ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) let I be parahalting Program of SCM+FSA; ::_thesis: ( WithVariantWhile>0 a,I,s,p implies ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) ) assume A1: WithVariantWhile>0 a,I,s,p ; ::_thesis: ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) ProperBodyWhile>0 a,I,s,p proof let k be Element of NAT ; :: according to SCMFSA9A:def_4 ::_thesis: ( ((StepWhile>0 (a,I,p,s)) . k) . a > 0 implies ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) ) assume ((StepWhile>0 (a,I,p,s)) . k) . a > 0 ; ::_thesis: ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) thus ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) by SCMFSA7B:18, SCMFSA7B:19; ::_thesis: verum end; hence ( while>0 (a,I) is_halting_on s,p & while>0 (a,I) is_closed_on s,p ) by A1, Th27; ::_thesis: verum end; theorem Th29: :: SCMFSA9A:29 for p being Instruction-Sequence of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for s being 0 -started State of SCM+FSA st while>0 (a,I) c= p & s . a <= 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for s being 0 -started State of SCM+FSA st while>0 (a,I) c= p & s . a <= 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for s being 0 -started State of SCM+FSA st while>0 (a,I) c= p & s . a <= 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) let I be Program of SCM+FSA; ::_thesis: for s being 0 -started State of SCM+FSA st while>0 (a,I) c= p & s . a <= 0 holds ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) let s be 0 -started State of SCM+FSA; ::_thesis: ( while>0 (a,I) c= p & s . a <= 0 implies ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) ) assume that A1: while>0 (a,I) c= p and A2: s . a <= 0 ; ::_thesis: ( LifeSpan (p,s) = 4 & ( for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s ) ) A3: p +* (while>0 (a,I)) = p by A1, FUNCT_4:98; set i = a >0_goto 4; set p1 = p +* (while>0 (a,I)); A4: while>0 (a,I) c= p +* (while>0 (a,I)) by FUNCT_4:25; A5: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; A6: 1 in dom (while>0 (a,I)) by SCMFSA_9:10; A7: (p +* (while>0 (a,I))) . 1 = (while>0 (a,I)) . 1 by A6, FUNCT_4:13 .= goto 2 by SCMFSA_9:11 ; s = Initialize s by MEMSTR_0:44; then A8: IC s = IC (Start-At (0,SCM+FSA)) by A5, FUNCT_4:13 .= 0 by FUNCOP_1:72 ; A9: (p +* (while>0 (a,I))) /. (IC s) = (p +* (while>0 (a,I))) . (IC s) by PBOOLE:143; 0 in dom (while>0 (a,I)) by SCMFSA_9:10; then (p +* (while>0 (a,I))) . 0 = (while>0 (a,I)) . 0 by FUNCT_4:13 .= a >0_goto 4 by SCMFSA_9:11 ; then A10: CurInstr ((p +* (while>0 (a,I))),s) = a >0_goto 4 by A8, A9; A11: Comput ((p +* (while>0 (a,I))),s,(0 + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,0))) by EXTPRO_1:3 .= Following ((p +* (while>0 (a,I))),s) .= Exec ((a >0_goto 4),s) by A10 ; set loc5 = (card I) + 5; set s5 = Comput ((p +* (while>0 (a,I))),s,4); set s4 = Comput ((p +* (while>0 (a,I))),s,3); set s3 = Comput ((p +* (while>0 (a,I))),s,2); set s2 = Comput ((p +* (while>0 (a,I))),s,1); A12: 2 in dom (while>0 (a,I)) by SCMFSA_9:32; A13: (p +* (while>0 (a,I))) . 2 = (while>0 (a,I)) . 2 by A12, FUNCT_4:13 .= goto 3 by SCMFSA_9:36 ; A14: 3 in dom (while>0 (a,I)) by SCMFSA_9:32; A15: (p +* (while>0 (a,I))) . 3 = (while>0 (a,I)) . 3 by A14, FUNCT_4:13 .= goto ((card I) + 5) by SCMFSA_9:35 ; A16: (card I) + 5 in dom (while>0 (a,I)) by SCMFSA_9:33; A17: (p +* (while>0 (a,I))) . ((card I) + 5) = (while>0 (a,I)) . ((card I) + 5) by A16, A4, GRFUNC_1:2 .= halt SCM+FSA by SCMFSA_9:34 ; A18: ( ( for c being Int-Location holds (Exec ((goto ((card I) + 5)),(Comput ((p +* (while>0 (a,I))),s,3)))) . c = (Comput ((p +* (while>0 (a,I))),s,3)) . c ) & ( for f being FinSeq-Location holds (Exec ((goto ((card I) + 5)),(Comput ((p +* (while>0 (a,I))),s,3)))) . f = (Comput ((p +* (while>0 (a,I))),s,3)) . f ) ) by SCMFSA_2:69; A19: ( ( for c being Int-Location holds (Exec ((goto 2),(Comput ((p +* (while>0 (a,I))),s,1)))) . c = (Comput ((p +* (while>0 (a,I))),s,1)) . c ) & ( for f being FinSeq-Location holds (Exec ((goto 2),(Comput ((p +* (while>0 (a,I))),s,1)))) . f = (Comput ((p +* (while>0 (a,I))),s,1)) . f ) ) by SCMFSA_2:69; A20: (p +* (while>0 (a,I))) /. (IC (Comput ((p +* (while>0 (a,I))),s,1))) = (p +* (while>0 (a,I))) . (IC (Comput ((p +* (while>0 (a,I))),s,1))) by PBOOLE:143; IC (Comput ((p +* (while>0 (a,I))),s,1)) = succ 0 by A2, A8, A11, SCMFSA_2:71 .= 0 + 1 ; then A21: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,1))) = goto 2 by A7, A20; A22: Comput ((p +* (while>0 (a,I))),s,(1 + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,1))) by EXTPRO_1:3 .= Exec ((goto 2),(Comput ((p +* (while>0 (a,I))),s,1))) by A21 ; A23: (p +* (while>0 (a,I))) /. (IC (Comput ((p +* (while>0 (a,I))),s,2))) = (p +* (while>0 (a,I))) . (IC (Comput ((p +* (while>0 (a,I))),s,2))) by PBOOLE:143; IC (Comput ((p +* (while>0 (a,I))),s,2)) = 2 by A22, SCMFSA_2:69; then A24: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,2))) = goto 3 by A13, A23; A25: Comput ((p +* (while>0 (a,I))),s,(2 + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,2))) by EXTPRO_1:3 .= Exec ((goto 3),(Comput ((p +* (while>0 (a,I))),s,2))) by A24 ; A26: (p +* (while>0 (a,I))) /. (IC (Comput ((p +* (while>0 (a,I))),s,3))) = (p +* (while>0 (a,I))) . (IC (Comput ((p +* (while>0 (a,I))),s,3))) by PBOOLE:143; IC (Comput ((p +* (while>0 (a,I))),s,3)) = 3 by A25, SCMFSA_2:69; then A27: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,3))) = goto ((card I) + 5) by A15, A26; A28: Comput ((p +* (while>0 (a,I))),s,(3 + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,3))) by EXTPRO_1:3 .= Exec ((goto ((card I) + 5)),(Comput ((p +* (while>0 (a,I))),s,3))) by A27 ; A29: (p +* (while>0 (a,I))) /. (IC (Comput ((p +* (while>0 (a,I))),s,4))) = (p +* (while>0 (a,I))) . (IC (Comput ((p +* (while>0 (a,I))),s,4))) by PBOOLE:143; IC (Comput ((p +* (while>0 (a,I))),s,4)) = (card I) + 5 by A28, SCMFSA_2:69; then A30: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),s,4))) = halt SCM+FSA by A17, A29; then A31: p +* (while>0 (a,I)) halts_on s by EXTPRO_1:29; now__::_thesis:_for_k_being_Element_of_NAT_st_CurInstr_(p,(Comput_(p,s,k)))_=_halt_SCM+FSA_holds_ not_4_>_k let k be Element of NAT ; ::_thesis: ( CurInstr (p,(Comput (p,s,k))) = halt SCM+FSA implies not 4 > k ) assume A32: CurInstr (p,(Comput (p,s,k))) = halt SCM+FSA ; ::_thesis: not 4 > k assume 4 > k ; ::_thesis: contradiction then 3 + 1 > k ; then A33: k <= 3 by NAT_1:13; percases ( k = 0 or k = 1 or k = 2 or k = 3 ) by A33, NAT_1:27; suppose k = 0 ; ::_thesis: contradiction then Comput (p,s,k) = s by EXTPRO_1:2; hence contradiction by A10, A32, A3; ::_thesis: verum end; suppose k = 1 ; ::_thesis: contradiction hence contradiction by A21, A32, A3; ::_thesis: verum end; suppose k = 2 ; ::_thesis: contradiction hence contradiction by A24, A32, A3; ::_thesis: verum end; suppose k = 3 ; ::_thesis: contradiction hence contradiction by A27, A32, A3; ::_thesis: verum end; end; end; hence A34: LifeSpan (p,s) = 4 by A30, A31, A3, EXTPRO_1:def_15; ::_thesis: for k being Element of NAT holds DataPart (Comput (p,s,k)) = DataPart s A35: ( ( for c being Int-Location holds (Exec ((a >0_goto 4),s)) . c = s . c ) & ( for f being FinSeq-Location holds (Exec ((a >0_goto 4),s)) . f = s . f ) ) by SCMFSA_2:71; then A36: DataPart (Comput (p,s,1)) = DataPart s by A11, A3, SCMFSA_M:2; then A37: DataPart (Comput (p,s,2)) = DataPart s by A22, A19, A3, SCMFSA_M:2; A38: ( ( for c being Int-Location holds (Exec ((goto 3),(Comput ((p +* (while>0 (a,I))),s,2)))) . c = (Comput ((p +* (while>0 (a,I))),s,2)) . c ) & ( for f being FinSeq-Location holds (Exec ((goto 3),(Comput ((p +* (while>0 (a,I))),s,2)))) . f = (Comput ((p +* (while>0 (a,I))),s,2)) . f ) ) by SCMFSA_2:69; then DataPart (Comput (p,s,3)) = DataPart s by A25, A37, A3, SCMFSA_M:2; then A39: DataPart (Comput (p,s,4)) = DataPart s by A28, A18, A3, SCMFSA_M:2; let k be Element of NAT ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s ( k <= 3 or 3 < k ) ; then A40: ( k = 0 or k = 1 or k = 2 or k = 3 or 3 + 1 <= k ) by NAT_1:13, NAT_1:27; percases ( k = 0 or k = 1 or k = 2 or k = 3 or 4 <= k ) by A40; suppose k = 0 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by EXTPRO_1:2; ::_thesis: verum end; suppose k = 1 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by A11, A35, A3, SCMFSA_M:2; ::_thesis: verum end; suppose k = 2 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by A22, A19, A36, A3, SCMFSA_M:2; ::_thesis: verum end; suppose k = 3 ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s hence DataPart (Comput (p,s,k)) = DataPart s by A25, A38, A37, A3, SCMFSA_M:2; ::_thesis: verum end; suppose 4 <= k ; ::_thesis: DataPart (Comput (p,s,k)) = DataPart s then CurInstr (p,(Comput (p,s,k))) = halt SCM+FSA by A31, A34, A3, EXTPRO_1:36; hence DataPart (Comput (p,s,k)) = DataPart s by A34, A39, EXTPRO_1:24; ::_thesis: verum end; end; end; theorem Th30: :: SCMFSA9A:30 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a > 0 holds DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a > 0 holds DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a > 0 holds DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st I is_closed_on s,p & I is_halting_on s,p & s . a > 0 holds DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) let I be Program of SCM+FSA; ::_thesis: ( I is_closed_on s,p & I is_halting_on s,p & s . a > 0 implies DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) ) assume that A1: ( I is_closed_on s,p & I is_halting_on s,p ) and A2: s . a > 0 ; ::_thesis: DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) set sI = Initialize s; set pI = p +* I; set s1 = Initialize s; set p1 = p +* (while>0 (a,I)); A3: while>0 (a,I) c= p +* (while>0 (a,I)) by FUNCT_4:25; defpred S1[ Nat] means ( $1 <= LifeSpan ((p +* I),(Initialize s)) implies ( IC (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + $1))) = (IC (Comput ((p +* I),(Initialize s),$1))) + 4 & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + $1))) = DataPart (Comput ((p +* I),(Initialize s),$1)) ) ); A4: now__::_thesis:_for_k_being_Element_of_NAT_st_S1[k]_holds_ S1[k_+_1] let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A5: S1[k] ; ::_thesis: S1[k + 1] now__::_thesis:_(_k_+_1_<=_LifeSpan_((p_+*_I),(Initialize_s))_implies_(_IC_(Comput_((p_+*_(while>0_(a,I))),(Initialize_s),((1_+_k)_+_1)))_=_(IC_(Comput_((p_+*_I),(Initialize_s),(k_+_1))))_+_4_&_DataPart_(Comput_((p_+*_(while>0_(a,I))),(Initialize_s),((1_+_k)_+_1)))_=_DataPart_(Comput_((p_+*_I),(Initialize_s),(k_+_1)))_)_) A6: k + 0 < k + 1 by XREAL_1:6; assume k + 1 <= LifeSpan ((p +* I),(Initialize s)) ; ::_thesis: ( IC (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + k) + 1))) = (IC (Comput ((p +* I),(Initialize s),(k + 1)))) + 4 & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + k) + 1))) = DataPart (Comput ((p +* I),(Initialize s),(k + 1))) ) then k < LifeSpan ((p +* I),(Initialize s)) by A6, XXREAL_0:2; hence ( IC (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + k) + 1))) = (IC (Comput ((p +* I),(Initialize s),(k + 1)))) + 4 & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + k) + 1))) = DataPart (Comput ((p +* I),(Initialize s),(k + 1))) ) by A1, A5, SCMFSA_9:39; ::_thesis: verum end; hence S1[k + 1] ; ::_thesis: verum end; set i = a >0_goto 4; set s2 = Comput ((p +* (while>0 (a,I))),(Initialize s),1); set p2 = p +* (while>0 (a,I)); A7: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; A8: IC (Initialize s) = IC (Start-At (0,SCM+FSA)) by A7, FUNCT_4:13 .= 0 by FUNCOP_1:72 ; not a in dom (Start-At (0,SCM+FSA)) by SCMFSA_2:102; then A9: (Initialize s) . a = s . a by FUNCT_4:11; set loc4 = (card I) + 4; A10: (p +* (while>0 (a,I))) /. (IC (Initialize s)) = (p +* (while>0 (a,I))) . (IC (Initialize s)) by PBOOLE:143; 0 in dom (while>0 (a,I)) by SCMFSA_9:10; then (p +* (while>0 (a,I))) . 0 = (while>0 (a,I)) . 0 by FUNCT_4:13 .= a >0_goto 4 by SCMFSA_9:11 ; then A11: CurInstr ((p +* (while>0 (a,I))),(Initialize s)) = a >0_goto 4 by A8, A10; A12: Comput ((p +* (while>0 (a,I))),(Initialize s),(0 + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),0))) by EXTPRO_1:3 .= Following ((p +* (while>0 (a,I))),(Initialize s)) .= Exec ((a >0_goto 4),(Initialize s)) by A11 ; then ( ( for c being Int-Location holds (Comput ((p +* (while>0 (a,I))),(Initialize s),1)) . c = (Initialize s) . c ) & ( for f being FinSeq-Location holds (Comput ((p +* (while>0 (a,I))),(Initialize s),1)) . f = (Initialize s) . f ) ) by SCMFSA_2:71; then A13: DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),1)) = DataPart (Initialize s) by SCMFSA_M:2 .= DataPart (Initialize s) ; A14: IC (Comput ((p +* (while>0 (a,I))),(Initialize s),1)) = 4 by A2, A12, A9, SCMFSA_2:71; A15: S1[ 0 ] proof assume 0 <= LifeSpan ((p +* I),(Initialize s)) ; ::_thesis: ( IC (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + 0))) = (IC (Comput ((p +* I),(Initialize s),0))) + 4 & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + 0))) = DataPart (Comput ((p +* I),(Initialize s),0)) ) A16: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; IC (Comput ((p +* I),(Initialize s),0)) = IC (Initialize s) .= IC (Start-At (0,SCM+FSA)) by A16, FUNCT_4:13 .= 0 by FUNCOP_1:72 ; hence ( IC (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + 0))) = (IC (Comput ((p +* I),(Initialize s),0))) + 4 & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + 0))) = DataPart (Comput ((p +* I),(Initialize s),0)) ) by A14, A13; ::_thesis: verum end; for k being Element of NAT holds S1[k] from NAT_1:sch_1(A15, A4); then A17: S1[ LifeSpan ((p +* I),(Initialize s))] ; set s4 = Comput ((p +* (while>0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1)); set p4 = p +* (while>0 (a,I)); set s3 = Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)); set p3 = p +* (while>0 (a,I)); A18: (card I) + 4 in dom (while>0 (a,I)) by SCMFSA_9:33; set s2 = Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))); A19: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))))) = goto ((card I) + 4) by A1, A17, SCMFSA_9:40; A20: Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))))) by EXTPRO_1:3 .= Exec ((goto ((card I) + 4)),(Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s))))))) by A19 ; then A21: ( ( for c being Int-Location holds (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . c = (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s)))))) . c ) & ( for f being FinSeq-Location holds (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . f = (Comput ((p +* (while>0 (a,I))),(Initialize s),(1 + (LifeSpan ((p +* I),(Initialize s)))))) . f ) ) by SCMFSA_2:69; A22: (p +* (while>0 (a,I))) . ((card I) + 4) = (while>0 (a,I)) . ((card I) + 4) by A18, A3, GRFUNC_1:2 .= goto 0 by SCMFSA_9:41 ; A23: (p +* (while>0 (a,I))) /. (IC (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) = (p +* (while>0 (a,I))) . (IC (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) by PBOOLE:143; IC (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) = (card I) + 4 by A20, SCMFSA_2:69; then A24: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) = goto 0 by A22, A23; Comput ((p +* (while>0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1)) = Following ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) by EXTPRO_1:3 .= Exec ((goto 0),(Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1)))) by A24 ; then ( ( for c being Int-Location holds (Comput ((p +* (while>0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1))) . c = (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . c ) & ( for f being FinSeq-Location holds (Comput ((p +* (while>0 (a,I))),(Initialize s),(((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1) + 1))) . f = (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) . f ) ) by SCMFSA_2:69; hence DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((LifeSpan ((p +* I),(Initialize s))) + 3))) = DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),((1 + (LifeSpan ((p +* I),(Initialize s)))) + 1))) by SCMFSA_M:2 .= DataPart (Comput ((p +* I),(Initialize s),(LifeSpan ((p +* I),(Initialize s))))) by A17, A21, SCMFSA_M:2 ; ::_thesis: verum end; theorem Th31: :: SCMFSA9A:31 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let I be Program of SCM+FSA; ::_thesis: for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let k be Element of NAT ; ::_thesis: ( ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 implies DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) assume A1: ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 ; ::_thesis: DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) set SW = StepWhile>0 (a,I,p,s); set PW = p +* (while>0 (a,I)); A2: while>0 (a,I) c= p +* (while>0 (a,I)) by FUNCT_4:25; A3: DataPart (Initialize ((StepWhile>0 (a,I,p,s)) . k)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) by MEMSTR_0:79; then A4: ((StepWhile>0 (a,I,p,s)) . k) . a = (Initialize ((StepWhile>0 (a,I,p,s)) . k)) . a by SCMFSA_M:2; thus DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)))) + 3))) by SCMFSA_9:def_5 .= DataPart ((StepWhile>0 (a,I,p,s)) . k) by A1, A3, A4, Th29, A2 ; ::_thesis: verum end; theorem Th32: :: SCMFSA9A:32 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) & ((StepWhile>0 (a,I,p,s)) . k) . a > 0 & ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) & ((StepWhile>0 (a,I,p,s)) . k) . a > 0 & ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) & ((StepWhile>0 (a,I,p,s)) . k) . a > 0 & ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) & ((StepWhile>0 (a,I,p,s)) . k) . a > 0 & ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) let I be Program of SCM+FSA; ::_thesis: for k being Element of NAT st ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) & ((StepWhile>0 (a,I,p,s)) . k) . a > 0 & ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 holds DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) let k be Element of NAT ; ::_thesis: ( ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) & ((StepWhile>0 (a,I,p,s)) . k) . a > 0 & ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 implies DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) ) set Ins = NAT ; assume that A1: ( ( I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) & I is_closed_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ) or I is parahalting ) and A2: ((StepWhile>0 (a,I,p,s)) . k) . a > 0 and A3: ((StepWhile>0 (a,I,p,s)) . k) . (intloc 0) = 1 ; ::_thesis: DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) set SW = StepWhile>0 (a,I,p,s); set PW = p +* (while>0 (a,I)); set ISWk = Initialized ((StepWhile>0 (a,I,p,s)) . k); set SWkI = Initialized ((StepWhile>0 (a,I,p,s)) . k); set PWI = (p +* (while>0 (a,I))) +* I; DataPart (Initialized ((StepWhile>0 (a,I,p,s)) . k)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) by A3, SCMFSA_M:19; then A4: ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) by A1, SCMFSA7B:18, SCMFSA7B:19, SCMFSA8B:5; I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) by A1, SCMFSA7B:19; then A5: I is_halting_on Initialized ((StepWhile>0 (a,I,p,s)) . k),p +* (while>0 (a,I)) ; Initialized ((StepWhile>0 (a,I,p,s)) . k) = Initialize (Initialized ((StepWhile>0 (a,I,p,s)) . k)) by MEMSTR_0:44; then A6: (p +* (while>0 (a,I))) +* I halts_on Initialized ((StepWhile>0 (a,I,p,s)) . k) by A5, SCMFSA7B:def_7; A7: (p +* (while>0 (a,I))) +* I halts_on Initialized ((StepWhile>0 (a,I,p,s)) . k) by A6; set SWkIS = Initialize ((StepWhile>0 (a,I,p,s)) . k); set PWIS = (p +* (while>0 (a,I))) +* I; A8: Initialized ((StepWhile>0 (a,I,p,s)) . k) = Initialize ((StepWhile>0 (a,I,p,s)) . k) by A3, SCMFSA_M:18; A9: (StepWhile>0 (a,I,p,s)) . (k + 1) = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)))) + 3)) by SCMFSA_9:def_5; A10: DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) = DataPart (Result (((p +* (while>0 (a,I))) +* I),(Initialized ((StepWhile>0 (a,I,p,s)) . k)))) by SCMFSA6B:def_1 .= DataPart (Result (((p +* (while>0 (a,I))) +* I),(Initialized ((StepWhile>0 (a,I,p,s)) . k)))) .= DataPart (Comput (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)),(LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)))))) by A8, A7, EXTPRO_1:23 ; thus DataPart ((StepWhile>0 (a,I,p,s)) . (k + 1)) = DataPart (Comput (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)),(LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)))))) by A2, A4, Th30, A9 .= DataPart (IExec (I,(p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . k))) by A10 ; ::_thesis: verum end; theorem Th33: :: SCMFSA9A:33 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st ( ProperBodyWhile>0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st ( ProperBodyWhile>0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for Ig being good Program of SCM+FSA st ( ProperBodyWhile>0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 let a be read-write Int-Location; ::_thesis: for Ig being good Program of SCM+FSA st ( ProperBodyWhile>0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 holds for k being Element of NAT holds ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 let Ig be good Program of SCM+FSA; ::_thesis: ( ( ProperBodyWhile>0 a,Ig,s,p or Ig is parahalting ) & s . (intloc 0) = 1 implies for k being Element of NAT holds ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 ) set I = Ig; assume that A1: ( ProperBodyWhile>0 a,Ig,s,p or Ig is parahalting ) and A2: s . (intloc 0) = 1 ; ::_thesis: for k being Element of NAT holds ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 set SW = StepWhile>0 (a,Ig,p,s); set PW = p +* (while>0 (a,Ig)); defpred S1[ Nat] means ((StepWhile>0 (a,Ig,p,s)) . $1) . (intloc 0) = 1; A3: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume A4: ((StepWhile>0 (a,Ig,p,s)) . k) . (intloc 0) = 1 ; ::_thesis: S1[k + 1] percases ( ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 or ((StepWhile>0 (a,Ig,p,s)) . k) . a > 0 ) ; suppose ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ; ::_thesis: S1[k + 1] then DataPart ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) by Th31; hence S1[k + 1] by A4, SCMFSA_M:2; ::_thesis: verum end; supposeA5: ((StepWhile>0 (a,Ig,p,s)) . k) . a > 0 ; ::_thesis: S1[k + 1] set SWkI = Initialized ((StepWhile>0 (a,Ig,p,s)) . k); set PWI = (p +* (while>0 (a,Ig))) +* Ig; A6: DataPart ((StepWhile>0 (a,Ig,p,s)) . k) = DataPart (Initialized ((StepWhile>0 (a,Ig,p,s)) . k)) by A4, SCMFSA_M:19; set Ins = NAT ; set SWkIS = Initialize ((StepWhile>0 (a,Ig,p,s)) . k); set PWIS = (p +* (while>0 (a,Ig))) +* Ig; A7: Initialized ((StepWhile>0 (a,Ig,p,s)) . k) = Initialize ((StepWhile>0 (a,Ig,p,s)) . k) by A4, SCMFSA_M:18; A8: ProperBodyWhile>0 a,Ig,s,p by A1, Th26; then A9: Ig is_closed_on (StepWhile>0 (a,Ig,p,s)) . k,p +* (while>0 (a,Ig)) by A5, Def4; Ig is_halting_on (StepWhile>0 (a,Ig,p,s)) . k,p +* (while>0 (a,Ig)) by A5, A8, Def4; then A10: Ig is_halting_on Initialized ((StepWhile>0 (a,Ig,p,s)) . k),p +* (while>0 (a,Ig)) by A9, A6, SCMFSA8B:5; Initialized ((StepWhile>0 (a,Ig,p,s)) . k) = Initialize (Initialized ((StepWhile>0 (a,Ig,p,s)) . k)) by MEMSTR_0:44; then A11: (p +* (while>0 (a,Ig))) +* Ig halts_on Initialized ((StepWhile>0 (a,Ig,p,s)) . k) by A10, SCMFSA7B:def_7; A12: (p +* (while>0 (a,Ig))) +* Ig halts_on Initialized ((StepWhile>0 (a,Ig,p,s)) . k) by A11; A13: DataPart (IExec (Ig,(p +* (while>0 (a,Ig))),((StepWhile>0 (a,Ig,p,s)) . k))) = DataPart (Result (((p +* (while>0 (a,Ig))) +* Ig),(Initialized ((StepWhile>0 (a,Ig,p,s)) . k)))) by SCMFSA6B:def_1 .= DataPart (Result (((p +* (while>0 (a,Ig))) +* Ig),(Initialized ((StepWhile>0 (a,Ig,p,s)) . k)))) .= DataPart (Comput (((p +* (while>0 (a,Ig))) +* Ig),(Initialize ((StepWhile>0 (a,Ig,p,s)) . k)),(LifeSpan (((p +* (while>0 (a,Ig))) +* Ig),(Initialize ((StepWhile>0 (a,Ig,p,s)) . k)))))) by A7, A12, EXTPRO_1:23 ; Ig is_closed_on Initialized ((StepWhile>0 (a,Ig,p,s)) . k),p +* (while>0 (a,Ig)) by A9, A6, SCMFSA8B:3; then DataPart ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) = DataPart (IExec (Ig,(p +* (while>0 (a,Ig))),((StepWhile>0 (a,Ig,p,s)) . k))) by A4, A5, A10, Th32; hence ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) . (intloc 0) = (Comput (((p +* (while>0 (a,Ig))) +* Ig),(Initialize ((StepWhile>0 (a,Ig,p,s)) . k)),(LifeSpan (((p +* (while>0 (a,Ig))) +* Ig),(Initialize ((StepWhile>0 (a,Ig,p,s)) . k)))))) . (intloc 0) by A13, SCMFSA_M:2 .= 1 by A4, A9, SCMFSA8C:68 ; ::_thesis: verum end; end; end; A14: S1[ 0 ] by A2, SCMFSA_9:def_5; thus for k being Element of NAT holds S1[k] from NAT_1:sch_1(A14, A3); ::_thesis: verum end; theorem Th34: :: SCMFSA9A:34 for p1, p2 being Instruction-Sequence of SCM+FSA for s1, s2 being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) proof let p1, p2 be Instruction-Sequence of SCM+FSA; ::_thesis: for s1, s2 being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) let s1, s2 be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st ProperBodyWhile>0 a,I,s1,p1 & DataPart s1 = DataPart s2 holds for k being Element of NAT holds DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) let I be Program of SCM+FSA; ::_thesis: ( ProperBodyWhile>0 a,I,s1,p1 & DataPart s1 = DataPart s2 implies for k being Element of NAT holds DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) ) assume that A1: ProperBodyWhile>0 a,I,s1,p1 and A2: DataPart s1 = DataPart s2 ; ::_thesis: for k being Element of NAT holds DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) set WH = while>0 (a,I); set ST2 = StepWhile>0 (a,I,p2,s2); set PT2 = p2 +* (while>0 (a,I)); set ST1 = StepWhile>0 (a,I,p1,s1); set PT1 = p1 +* (while>0 (a,I)); defpred S1[ Nat] means DataPart ((StepWhile>0 (a,I,p1,s1)) . $1) = DataPart ((StepWhile>0 (a,I,p2,s2)) . $1); A3: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) set ST1kI = Initialize ((StepWhile>0 (a,I,p1,s1)) . k); set PT1I = (p1 +* (while>0 (a,I))) +* I; set ST2kI = Initialize ((StepWhile>0 (a,I,p2,s2)) . k); set PT2I = (p2 +* (while>0 (a,I))) +* I; A4: I c= (p1 +* (while>0 (a,I))) +* I by FUNCT_4:25; A5: I c= (p2 +* (while>0 (a,I))) +* I by FUNCT_4:25; assume A6: DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart ((StepWhile>0 (a,I,p2,s2)) . k) ; ::_thesis: S1[k + 1] then A7: ((StepWhile>0 (a,I,p1,s1)) . k) . a = ((StepWhile>0 (a,I,p2,s2)) . k) . a by SCMFSA_M:2; percases ( ((StepWhile>0 (a,I,p1,s1)) . k) . a <= 0 or ((StepWhile>0 (a,I,p1,s1)) . k) . a > 0 ) ; supposeA8: ((StepWhile>0 (a,I,p1,s1)) . k) . a <= 0 ; ::_thesis: S1[k + 1] hence DataPart ((StepWhile>0 (a,I,p1,s1)) . (k + 1)) = DataPart ((StepWhile>0 (a,I,p1,s1)) . k) by Th31 .= DataPart ((StepWhile>0 (a,I,p2,s2)) . (k + 1)) by A6, A7, A8, Th31 ; ::_thesis: verum end; supposeA9: ((StepWhile>0 (a,I,p1,s1)) . k) . a > 0 ; ::_thesis: S1[k + 1] then A10: I is_closed_on (StepWhile>0 (a,I,p1,s1)) . k,p1 +* (while>0 (a,I)) by A1, Def4; A11: I is_halting_on (StepWhile>0 (a,I,p1,s1)) . k,p1 +* (while>0 (a,I)) by A1, A9, Def4; then A12: ( I is_closed_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) ) by A6, A10, SCMFSA8B:5; A13: DataPart ((StepWhile>0 (a,I,p1,s1)) . (k + 1)) = DataPart (Comput (((p1 +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p1,s1)) . k)),((LifeSpan (((p1 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p1,s1)) . k)))) + 3))) by SCMFSA_9:def_5 .= DataPart (Comput (((p1 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p1,s1)) . k)),(LifeSpan (((p1 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p1,s1)) . k)))))) by A9, A10, A11, Th30 ; A14: DataPart ((StepWhile>0 (a,I,p2,s2)) . (k + 1)) = DataPart (Comput (((p2 +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p2,s2)) . k)),((LifeSpan (((p2 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p2,s2)) . k)))) + 3))) by SCMFSA_9:def_5 .= DataPart (Comput (((p2 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p2,s2)) . k)),(LifeSpan (((p2 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p2,s2)) . k)))))) by A7, A9, A12, Th30 ; A15: DataPart ((StepWhile>0 (a,I,p1,s1)) . k) = DataPart (Initialize ((StepWhile>0 (a,I,p1,s1)) . k)) by MEMSTR_0:79; then A16: I is_closed_on Initialize ((StepWhile>0 (a,I,p1,s1)) . k),(p1 +* (while>0 (a,I))) +* I by A10, SCMFSA8B:3; A17: DataPart (Initialize ((StepWhile>0 (a,I,p1,s1)) . k)) = DataPart ((StepWhile>0 (a,I,p1,s1)) . k) by MEMSTR_0:79 .= DataPart (Initialize ((StepWhile>0 (a,I,p2,s2)) . k)) by A6, MEMSTR_0:79 ; I is_halting_on Initialize ((StepWhile>0 (a,I,p1,s1)) . k),(p1 +* (while>0 (a,I))) +* I by A10, A11, A15, SCMFSA8B:5; then LifeSpan (((p1 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p1,s1)) . k))) = LifeSpan (((p2 +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p2,s2)) . k))) by A10, A17, A15, A4, A5, SCMFSA8B:3, SCMFSA8C:18; hence S1[k + 1] by A13, A14, A17, A16, A4, A5, SCMFSA8C:17; ::_thesis: verum end; end; end; DataPart ((StepWhile>0 (a,I,p1,s1)) . 0) = DataPart s1 by SCMFSA_9:def_5 .= DataPart ((StepWhile>0 (a,I,p2,s2)) . 0) by A2, SCMFSA_9:def_5 ; then A18: S1[ 0 ] ; thus for k being Element of NAT holds S1[k] from NAT_1:sch_1(A18, A3); ::_thesis: verum end; definition let p be Instruction-Sequence of SCM+FSA; let s be State of SCM+FSA; let a be read-write Int-Location; let I be Program of SCM+FSA; assume that A1: ( ProperBodyWhile>0 a,I,s,p or I is parahalting ) and A2: WithVariantWhile>0 a,I,s,p ; func ExitsAtWhile>0 (a,I,p,s) -> Element of NAT means :Def6: :: SCMFSA9A:def 6 ex k being Element of NAT st ( it = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ); existence ex b1, k being Element of NAT st ( b1 = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) proof set S = Initialize s; set P = p +* (while>0 (a,I)); set SW = StepWhile>0 (a,I,p,s); set PW = p +* (while>0 (a,I)); A3: while>0 (a,I) c= p +* (while>0 (a,I)) by FUNCT_4:25; defpred S1[ Nat] means ((StepWhile>0 (a,I,p,s)) . $1) . a <= 0 ; consider f being Function of (product (the_Values_of SCM+FSA)),NAT such that A4: for k being Element of NAT holds ( f . ((StepWhile>0 (a,I,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,I,p,s)) . k) or S1[k] ) by A2, Def5; deffunc H1( Nat) -> Element of NAT = f . ((StepWhile>0 (a,I,p,s)) . $1); A5: for k being Element of NAT holds ( H1(k + 1) < H1(k) or S1[k] ) by A4; consider m being Element of NAT such that A6: S1[m] and A7: for n being Element of NAT st S1[n] holds m <= n from NAT_1:sch_18(A5); take m ; ::_thesis: ex k being Element of NAT st ( m = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) take m ; ::_thesis: ( m = m & ((StepWhile>0 (a,I,p,s)) . m) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds m <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) ) thus m = m ; ::_thesis: ( ((StepWhile>0 (a,I,p,s)) . m) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds m <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) ) thus ((StepWhile>0 (a,I,p,s)) . m) . a <= 0 by A6; ::_thesis: ( ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds m <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) ) thus for n being Element of NAT st ((StepWhile>0 (a,I,p,s)) . n) . a <= 0 holds m <= n by A7; ::_thesis: DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) defpred S2[ Nat] means ( $1 + 1 <= m implies ex k being Element of NAT st (StepWhile>0 (a,I,p,s)) . ($1 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),k) ); A8: ProperBodyWhile>0 a,I,s,p by A1, Th26; A9: now__::_thesis:_for_k_being_Element_of_NAT_st_S2[k]_holds_ S2[k_+_1] let k be Element of NAT ; ::_thesis: ( S2[k] implies S2[k + 1] ) assume A10: S2[k] ; ::_thesis: S2[k + 1] now__::_thesis:_(_(k_+_1)_+_1_<=_m_implies_ex_m_being_Element_of_NAT_st_(StepWhile>0_(a,I,p,s))_._((k_+_1)_+_1)_=_Comput_((p_+*_(while>0_(a,I))),(Initialize_s),m)_) set sk1 = (StepWhile>0 (a,I,p,s)) . (k + 1); set sk = (StepWhile>0 (a,I,p,s)) . k; set pk = p +* (while>0 (a,I)); assume A11: (k + 1) + 1 <= m ; ::_thesis: ex m being Element of NAT st (StepWhile>0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),m) k + 0 < k + (1 + 1) by XREAL_1:6; then k < m by A11, XXREAL_0:2; then A12: ((StepWhile>0 (a,I,p,s)) . k) . a > 0 by A7; (k + 1) + 0 < (k + 1) + 1 by XREAL_1:6; then consider n being Element of NAT such that A13: (StepWhile>0 (a,I,p,s)) . (k + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),n) by A10, A11, XXREAL_0:2; A14: (StepWhile>0 (a,I,p,s)) . (k + 1) = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . k)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . k)))) + 3)) by SCMFSA_9:def_5; take m = n + ((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . (k + 1))))) + 3); ::_thesis: (StepWhile>0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),m) ( I is_closed_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . k,p +* (while>0 (a,I)) ) by A8, A12, Def4; then IC ((StepWhile>0 (a,I,p,s)) . (k + 1)) = 0 by A14, A12, SCMFSA_9:42; hence (StepWhile>0 (a,I,p,s)) . ((k + 1) + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),m) by A13, SCMFSA_9:45; ::_thesis: verum end; hence S2[k + 1] ; ::_thesis: verum end; A15: IC in dom (Start-At (0,SCM+FSA)) by MEMSTR_0:15; A16: S2[ 0 ] proof assume 0 + 1 <= m ; ::_thesis: ex k being Element of NAT st (StepWhile>0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),k) take n = (LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize s))) + 3; ::_thesis: (StepWhile>0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),n) thus (StepWhile>0 (a,I,p,s)) . (0 + 1) = Comput ((p +* (while>0 (a,I))),(Initialize s),n) by SCMFSA_9:44; ::_thesis: verum end; A17: for k being Element of NAT holds S2[k] from NAT_1:sch_1(A16, A9); percases ( m = 0 or m <> 0 ) ; supposeA18: m = 0 ; ::_thesis: DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) A19: DataPart (Initialize s) = DataPart s by MEMSTR_0:79 .= DataPart ((StepWhile>0 (a,I,p,s)) . m) by A18, SCMFSA_9:def_5 ; then (Initialize s) . a = ((StepWhile>0 (a,I,p,s)) . m) . a by SCMFSA_M:2; hence DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) by A6, A19, Th29, A3; ::_thesis: verum end; supposeA20: m <> 0 ; ::_thesis: DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) set sm = (StepWhile>0 (a,I,p,s)) . m; set pm = p +* (while>0 (a,I)); set sm1 = Initialize ((StepWhile>0 (a,I,p,s)) . m); set pm1 = (p +* (while>0 (a,I))) +* (while>0 (a,I)); consider i being Nat such that A21: m = i + 1 by A20, NAT_1:6; reconsider i = i as Element of NAT by ORDINAL1:def_12; set si = (StepWhile>0 (a,I,p,s)) . i; set psi = p +* (while>0 (a,I)); A22: (StepWhile>0 (a,I,p,s)) . m = Comput (((p +* (while>0 (a,I))) +* (while>0 (a,I))),(Initialize ((StepWhile>0 (a,I,p,s)) . i)),((LifeSpan (((p +* (while>0 (a,I))) +* I),(Initialize ((StepWhile>0 (a,I,p,s)) . i)))) + 3)) by A21, SCMFSA_9:def_5; m = i + 1 by A21; then consider n being Element of NAT such that A23: (StepWhile>0 (a,I,p,s)) . m = Comput ((p +* (while>0 (a,I))),(Initialize s),n) by A17; i < m by A21, NAT_1:13; then A24: ((StepWhile>0 (a,I,p,s)) . i) . a > 0 by A7; then ( I is_closed_on (StepWhile>0 (a,I,p,s)) . i,p +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p,s)) . i,p +* (while>0 (a,I)) ) by A8, Def4; then A25: IC ((StepWhile>0 (a,I,p,s)) . m) = 0 by A22, A24, SCMFSA_9:42; A26: IC (Initialize ((StepWhile>0 (a,I,p,s)) . m)) = IC (Start-At (0,SCM+FSA)) by A15, FUNCT_4:13 .= IC ((StepWhile>0 (a,I,p,s)) . m) by A25, FUNCOP_1:72 ; DataPart (Initialize ((StepWhile>0 (a,I,p,s)) . m)) = DataPart ((StepWhile>0 (a,I,p,s)) . m) by MEMSTR_0:79; then A27: Initialize ((StepWhile>0 (a,I,p,s)) . m) = (StepWhile>0 (a,I,p,s)) . m by A26, MEMSTR_0:78; while>0 (a,I) is_halting_on (StepWhile>0 (a,I,p,s)) . m,p +* (while>0 (a,I)) by A6, SCMFSA_9:38; then (p +* (while>0 (a,I))) +* (while>0 (a,I)) halts_on Initialize ((StepWhile>0 (a,I,p,s)) . m) by SCMFSA7B:def_7; then consider j being Element of NAT such that A28: CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . m),j))) = halt SCM+FSA by A27, EXTPRO_1:29; A29: Comput ((p +* (while>0 (a,I))),(Initialize s),(n + j)) = Comput ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),n)),j) by EXTPRO_1:4; CurInstr ((p +* (while>0 (a,I))),(Comput ((p +* (while>0 (a,I))),(Initialize s),(n + j)))) = halt SCM+FSA by A23, A28, A29; then A30: Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s)))) = Comput ((p +* (while>0 (a,I))),(Initialize s),(n + j)) by EXTPRO_1:24 .= Comput ((p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . m),j) by A23, EXTPRO_1:4 .= Comput ((p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . m),(LifeSpan ((p +* (while>0 (a,I))),((StepWhile>0 (a,I,p,s)) . m)))) by A28, EXTPRO_1:24 ; Start-At (0,SCM+FSA) c= (StepWhile>0 (a,I,p,s)) . m by A27, FUNCT_4:25; then (StepWhile>0 (a,I,p,s)) . m is 0 -started by MEMSTR_0:29; hence DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . m) by A6, A30, Th29, A3; ::_thesis: verum end; end; end; uniqueness for b1, b2 being Element of NAT st ex k being Element of NAT st ( b1 = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) & ex k being Element of NAT st ( b2 = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) holds b1 = b2 proof let it1, it2 be Element of NAT ; ::_thesis: ( ex k being Element of NAT st ( it1 = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) & ex k being Element of NAT st ( it2 = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) implies it1 = it2 ) given k1 being Element of NAT such that A31: it1 = k1 and A32: ( ((StepWhile>0 (a,I,p,s)) . k1) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k1 <= i ) ) and DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k1) ; ::_thesis: ( for k being Element of NAT holds ( not it2 = k or not ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 or ex i being Element of NAT st ( ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 & not k <= i ) or not DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) or it1 = it2 ) given k2 being Element of NAT such that A33: it2 = k2 and A34: ( ((StepWhile>0 (a,I,p,s)) . k2) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k2 <= i ) ) and DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k2) ; ::_thesis: it1 = it2 ( k1 <= k2 & k2 <= k1 ) by A32, A34; hence it1 = it2 by A31, A33, XXREAL_0:1; ::_thesis: verum end; end; :: deftheorem Def6 defines ExitsAtWhile>0 SCMFSA9A:def_6_:_ for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile>0 a,I,s,p or I is parahalting ) & WithVariantWhile>0 a,I,s,p holds for b5 being Element of NAT holds ( b5 = ExitsAtWhile>0 (a,I,p,s) iff ex k being Element of NAT st ( b5 = k & ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,s)) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize s),(LifeSpan ((p +* (while>0 (a,I))),(Initialize s))))) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) ); theorem :: SCMFSA9A:35 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <= 0 holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart s proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <= 0 holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart s let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <= 0 holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart s let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st s . (intloc 0) = 1 & s . a <= 0 holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart s let I be Program of SCM+FSA; ::_thesis: ( s . (intloc 0) = 1 & s . a <= 0 implies DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart s ) assume that A1: s . (intloc 0) = 1 and A2: s . a <= 0 ; ::_thesis: DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart s set WH = while>0 (a,I); set Is = Initialized s; set pds = p +* (while>0 (a,I)); A3: while>0 (a,I) c= p +* (while>0 (a,I)) by FUNCT_4:25; A4: Initialized s = Initialize (Initialized s) by MEMSTR_0:44; (Initialized s) . a = s . a by SCMFSA_M:37; then while>0 (a,I) is_halting_on Initialized s,p by A2, SCMFSA_9:38; then A5: p +* (while>0 (a,I)) halts_on Initialized s by A4, SCMFSA7B:def_7; A6: (Initialized s) . a = (Initialized s) . a .= s . a by SCMFSA_M:37 ; thus DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart (Result ((p +* (while>0 (a,I))),(Initialized s))) by SCMFSA6B:def_1 .= DataPart (Comput ((p +* (while>0 (a,I))),(Initialized s),(LifeSpan ((p +* (while>0 (a,I))),(Initialized s))))) by A5, EXTPRO_1:23 .= DataPart (Initialized s) by A2, A6, Th29, A3 .= DataPart s by A1, SCMFSA_M:19 ; ::_thesis: verum end; theorem Th36: :: SCMFSA9A:36 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile>0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile>0 a,I, Initialized s,p holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile>0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile>0 a,I, Initialized s,p holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st ( ProperBodyWhile>0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile>0 a,I, Initialized s,p holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st ( ProperBodyWhile>0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile>0 a,I, Initialized s,p holds DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) let I be Program of SCM+FSA; ::_thesis: ( ( ProperBodyWhile>0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile>0 a,I, Initialized s,p implies DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) ) set Ins = NAT ; set WH = while>0 (a,I); set Is = Initialized s; set pds = p +* (while>0 (a,I)); A1: Initialized s = Initialize (Initialized s) by MEMSTR_0:44; assume A2: ( ( ProperBodyWhile>0 a,I, Initialized s,p or I is parahalting ) & WithVariantWhile>0 a,I, Initialized s,p ) ; ::_thesis: DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) then A3: ex k being Element of NAT st ( ExitsAtWhile>0 (a,I,p,(Initialized s)) = k & ((StepWhile>0 (a,I,p,(Initialized s))) . k) . a <= 0 & ( for i being Element of NAT st ((StepWhile>0 (a,I,p,(Initialized s))) . i) . a <= 0 holds k <= i ) & DataPart (Comput ((p +* (while>0 (a,I))),(Initialize (Initialized s)),(LifeSpan ((p +* (while>0 (a,I))),(Initialize (Initialized s)))))) = DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . k) ) by Def6; while>0 (a,I) is_halting_on Initialized s,p by A2, Th27, Th28; then A4: p +* (while>0 (a,I)) halts_on Initialized s by A1, SCMFSA7B:def_7; thus DataPart (IExec ((while>0 (a,I)),p,s)) = DataPart (Result ((p +* (while>0 (a,I))),(Initialized s))) by SCMFSA6B:def_1 .= DataPart ((StepWhile>0 (a,I,p,(Initialized s))) . (ExitsAtWhile>0 (a,I,p,(Initialized s)))) by A1, A4, A3, EXTPRO_1:23 ; ::_thesis: verum end; theorem Th37: :: SCMFSA9A:37 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let I be Program of SCM+FSA; ::_thesis: for k being Element of NAT st ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 holds for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) let k be Element of NAT ; ::_thesis: ( ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 implies for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ) set SW = StepWhile>0 (a,I,p,s); set PW = p +* (while>0 (a,I)); defpred S1[ Nat] means ( k <= $1 implies DataPart ((StepWhile>0 (a,I,p,s)) . $1) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ); assume A1: ((StepWhile>0 (a,I,p,s)) . k) . a <= 0 ; ::_thesis: for n being Element of NAT st k <= n holds DataPart ((StepWhile>0 (a,I,p,s)) . n) = DataPart ((StepWhile>0 (a,I,p,s)) . k) A2: now__::_thesis:_for_n_being_Element_of_NAT_st_S1[n]_holds_ S1[n_+_1] let n be Element of NAT ; ::_thesis: ( S1[n] implies S1[n + 1] ) assume A3: S1[n] ; ::_thesis: S1[n + 1] thus S1[n + 1] ::_thesis: verum proof assume A4: k <= n + 1 ; ::_thesis: DataPart ((StepWhile>0 (a,I,p,s)) . (n + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) percases ( k <= n or k = n + 1 ) by A4, NAT_1:8; supposeA5: k <= n ; ::_thesis: DataPart ((StepWhile>0 (a,I,p,s)) . (n + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) then ((StepWhile>0 (a,I,p,s)) . n) . a <= 0 by A1, A3, SCMFSA_M:2; hence DataPart ((StepWhile>0 (a,I,p,s)) . (n + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) by A3, A5, Th31; ::_thesis: verum end; suppose k = n + 1 ; ::_thesis: DataPart ((StepWhile>0 (a,I,p,s)) . (n + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) hence DataPart ((StepWhile>0 (a,I,p,s)) . (n + 1)) = DataPart ((StepWhile>0 (a,I,p,s)) . k) ; ::_thesis: verum end; end; end; end; A6: S1[ 0 ] ; thus for n being Element of NAT holds S1[n] from NAT_1:sch_1(A6, A2); ::_thesis: verum end; theorem :: SCMFSA9A:38 for p1, p2 being Instruction-Sequence of SCM+FSA for s1, s2 being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,I,s1,p1 holds ProperBodyWhile>0 a,I,s2,p2 proof let p1, p2 be Instruction-Sequence of SCM+FSA; ::_thesis: for s1, s2 being State of SCM+FSA for a being read-write Int-Location for I being Program of SCM+FSA st DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,I,s1,p1 holds ProperBodyWhile>0 a,I,s2,p2 let s1, s2 be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for I being Program of SCM+FSA st DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,I,s1,p1 holds ProperBodyWhile>0 a,I,s2,p2 let a be read-write Int-Location; ::_thesis: for I being Program of SCM+FSA st DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,I,s1,p1 holds ProperBodyWhile>0 a,I,s2,p2 let I be Program of SCM+FSA; ::_thesis: ( DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,I,s1,p1 implies ProperBodyWhile>0 a,I,s2,p2 ) assume that A1: DataPart s1 = DataPart s2 and A2: ProperBodyWhile>0 a,I,s1,p1 ; ::_thesis: ProperBodyWhile>0 a,I,s2,p2 let k be Element of NAT ; :: according to SCMFSA9A:def_4 ::_thesis: ( ((StepWhile>0 (a,I,p2,s2)) . k) . a > 0 implies ( I is_closed_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) ) ) assume A3: ((StepWhile>0 (a,I,p2,s2)) . k) . a > 0 ; ::_thesis: ( I is_closed_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) ) A4: DataPart ((StepWhile>0 (a,I,p2,s2)) . k) = DataPart ((StepWhile>0 (a,I,p1,s1)) . k) by A1, A2, Th34; then ((StepWhile>0 (a,I,p1,s1)) . k) . a > 0 by A3, SCMFSA_M:2; then ( I is_closed_on (StepWhile>0 (a,I,p1,s1)) . k,p1 +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p1,s1)) . k,p1 +* (while>0 (a,I)) ) by A2, Def4; hence ( I is_closed_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) & I is_halting_on (StepWhile>0 (a,I,p2,s2)) . k,p2 +* (while>0 (a,I)) ) by A4, SCMFSA8B:5; ::_thesis: verum end; Lm7: for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for I being Program of SCM+FSA st s . (intloc 0) = 1 holds ( I is_closed_on s,p iff I is_closed_on Initialized s,p ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for I being Program of SCM+FSA st s . (intloc 0) = 1 holds ( I is_closed_on s,p iff I is_closed_on Initialized s,p ) let s be State of SCM+FSA; ::_thesis: for I being Program of SCM+FSA st s . (intloc 0) = 1 holds ( I is_closed_on s,p iff I is_closed_on Initialized s,p ) let I be Program of SCM+FSA; ::_thesis: ( s . (intloc 0) = 1 implies ( I is_closed_on s,p iff I is_closed_on Initialized s,p ) ) assume s . (intloc 0) = 1 ; ::_thesis: ( I is_closed_on s,p iff I is_closed_on Initialized s,p ) then DataPart (Initialized s) = DataPart s by SCMFSA_M:19; hence ( I is_closed_on s,p iff I is_closed_on Initialized s,p ) by SCMFSA8B:3; ::_thesis: verum end; Lm8: for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for I being Program of SCM+FSA st s . (intloc 0) = 1 holds ( I is_closed_on s,p & I is_halting_on s,p iff ( I is_closed_on Initialized s,p & I is_halting_on Initialized s,p ) ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for I being Program of SCM+FSA st s . (intloc 0) = 1 holds ( I is_closed_on s,p & I is_halting_on s,p iff ( I is_closed_on Initialized s,p & I is_halting_on Initialized s,p ) ) let s be State of SCM+FSA; ::_thesis: for I being Program of SCM+FSA st s . (intloc 0) = 1 holds ( I is_closed_on s,p & I is_halting_on s,p iff ( I is_closed_on Initialized s,p & I is_halting_on Initialized s,p ) ) let I be Program of SCM+FSA; ::_thesis: ( s . (intloc 0) = 1 implies ( I is_closed_on s,p & I is_halting_on s,p iff ( I is_closed_on Initialized s,p & I is_halting_on Initialized s,p ) ) ) assume s . (intloc 0) = 1 ; ::_thesis: ( I is_closed_on s,p & I is_halting_on s,p iff ( I is_closed_on Initialized s,p & I is_halting_on Initialized s,p ) ) then DataPart (Initialized s) = DataPart s by SCMFSA_M:19; hence ( I is_closed_on s,p & I is_halting_on s,p iff ( I is_closed_on Initialized s,p & I is_halting_on Initialized s,p ) ) by SCMFSA8B:5; ::_thesis: verum end; theorem Th39: :: SCMFSA9A:39 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds for i, j being Element of NAT st i <> j & i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) holds ( (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j & DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds for i, j being Element of NAT st i <> j & i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) holds ( (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j & DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds for i, j being Element of NAT st i <> j & i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) holds ( (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j & DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) let a be read-write Int-Location; ::_thesis: for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds for i, j being Element of NAT st i <> j & i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) holds ( (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j & DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) let Ig be good Program of SCM+FSA; ::_thesis: ( s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p implies for i, j being Element of NAT st i <> j & i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) holds ( (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j & DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) ) set I = Ig; assume that A1: s . (intloc 0) = 1 and A2: ProperBodyWhile>0 a,Ig,s,p and A3: WithVariantWhile>0 a,Ig,s,p ; ::_thesis: for i, j being Element of NAT st i <> j & i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) holds ( (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j & DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) set SW = StepWhile>0 (a,Ig,p,s); set PW = p +* (while>0 (a,Ig)); consider K being Element of NAT such that A4: ExitsAtWhile>0 (a,Ig,p,s) = K and A5: ((StepWhile>0 (a,Ig,p,s)) . K) . a <= 0 and A6: for i being Element of NAT st ((StepWhile>0 (a,Ig,p,s)) . i) . a <= 0 holds K <= i and DataPart (Comput ((p +* (while>0 (a,Ig))),(Initialize s),(LifeSpan ((p +* (while>0 (a,Ig))),(s +* (Start-At (0,SCM+FSA))))))) = DataPart ((StepWhile>0 (a,Ig,p,s)) . K) by A2, A3, Def6; consider f being Function of (product (the_Values_of SCM+FSA)),NAT such that A7: for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) by A3, Def5; A8: for i, j being Element of NAT st i < j & i <= K & j <= K holds DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) proof let i, j be Element of NAT ; ::_thesis: ( i < j & i <= K & j <= K implies DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) assume that A9: i < j and i <= K and A10: j <= K ; ::_thesis: DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) percases ( j = K or j < K ) by A10, XXREAL_0:1; supposeA11: j = K ; ::_thesis: DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) assume DataPart ((StepWhile>0 (a,Ig,p,s)) . i) = DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ; ::_thesis: contradiction then ((StepWhile>0 (a,Ig,p,s)) . i) . a <= 0 by A5, A11, SCMFSA_M:2; hence contradiction by A6, A9, A11; ::_thesis: verum end; supposeA12: j < K ; ::_thesis: DataPart ((StepWhile>0 (a,Ig,p,s)) . i) <> DataPart ((StepWhile>0 (a,Ig,p,s)) . j) defpred S1[ Nat] means ( j + $1 <= K implies DataPart ((StepWhile>0 (a,Ig,p,s)) . (i + $1)) = DataPart ((StepWhile>0 (a,Ig,p,s)) . (j + $1)) ); A13: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume that A14: ( j + k <= K implies DataPart ((StepWhile>0 (a,Ig,p,s)) . (i + k)) = DataPart ((StepWhile>0 (a,Ig,p,s)) . (j + k)) ) and A15: j + (k + 1) <= K ; ::_thesis: DataPart ((StepWhile>0 (a,Ig,p,s)) . (i + (k + 1))) = DataPart ((StepWhile>0 (a,Ig,p,s)) . (j + (k + 1))) A16: ((StepWhile>0 (a,Ig,p,s)) . (j + k)) . (intloc 0) = 1 by A1, A2, Th33; A17: j + k < (j + k) + 1 by XREAL_1:29; then A18: j + k < K by A15, XXREAL_0:2; then A19: ((StepWhile>0 (a,Ig,p,s)) . (j + k)) . a > 0 by A6; then A20: Ig is_closed_on (StepWhile>0 (a,Ig,p,s)) . (j + k),p +* (while>0 (a,Ig)) by A2, Def4; then A21: Ig is_closed_on Initialized ((StepWhile>0 (a,Ig,p,s)) . (j + k)),p +* (while>0 (a,Ig)) by A16, Lm7; A22: Ig is_halting_on (StepWhile>0 (a,Ig,p,s)) . (j + k),p +* (while>0 (a,Ig)) by A2, A19, Def4; then A23: Ig is_halting_on Initialized ((StepWhile>0 (a,Ig,p,s)) . (j + k)),p +* (while>0 (a,Ig)) by A16, A20, Lm8; A24: ((StepWhile>0 (a,Ig,p,s)) . (i + k)) . (intloc 0) = 1 by A1, A2, Th33; A25: ((StepWhile>0 (a,Ig,p,s)) . (i + k)) . a > 0 proof assume not ((StepWhile>0 (a,Ig,p,s)) . (i + k)) . a > 0 ; ::_thesis: contradiction then A26: K <= i + k by A6; i + k < j + k by A9, XREAL_1:6; hence contradiction by A18, A26, XXREAL_0:2; ::_thesis: verum end; then A27: Ig is_closed_on (StepWhile>0 (a,Ig,p,s)) . (i + k),p +* (while>0 (a,Ig)) by A2, Def4; then A28: Ig is_closed_on Initialized ((StepWhile>0 (a,Ig,p,s)) . (i + k)),p +* (while>0 (a,Ig)) by A24, Lm7; Ig is_halting_on (StepWhile>0 (a,Ig,p,s)) . (i + k),p +* (while>0 (a,Ig)) by A2, A25, Def4; then A29: Ig is_halting_on Initialized ((StepWhile>0 (a,Ig,p,s)) . (i + k)),p +* (while>0 (a,Ig)) by A24, A27, Lm8; thus DataPart ((StepWhile>0 (a,Ig,p,s)) . (i + (k + 1))) = DataPart ((StepWhile>0 (a,Ig,p,s)) . ((i + k) + 1)) .= DataPart (IExec (Ig,(p +* (while>0 (a,Ig))),((StepWhile>0 (a,Ig,p,s)) . (i + k)))) by A24, A25, A28, A29, Th32 .= DataPart (IExec (Ig,(p +* (while>0 (a,Ig))),((StepWhile>0 (a,Ig,p,s)) . (j + k)))) by A14, A15, A17, A16, A20, A22, SCMFSA8C:20, XXREAL_0:2 .= DataPart ((StepWhile>0 (a,Ig,p,s)) . ((j + k) + 1)) by A16, A19, A21, A23, Th32 .= DataPart ((StepWhile>0 (a,Ig,p,s)) . (j + (k + 1))) ; ::_thesis: verum end; consider p being Element of NAT such that A30: K = j + p and 1 <= p by A12, FINSEQ_4:84; assume DataPart ((StepWhile>0 (a,Ig,p,s)) . i) = DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ; ::_thesis: contradiction then A31: S1[ 0 ] ; for k being Element of NAT holds S1[k] from NAT_1:sch_1(A31, A13); then DataPart ((StepWhile>0 (a,Ig,p,s)) . (i + p)) = DataPart ((StepWhile>0 (a,Ig,p,s)) . K) by A30; then A32: ((StepWhile>0 (a,Ig,p,s)) . (i + p)) . a <= 0 by A5, SCMFSA_M:2; i + p < K by A9, A30, XREAL_1:6; hence contradiction by A6, A32; ::_thesis: verum end; end; end; A33: for i, j being Element of NAT st i < j & i <= K & j <= K holds (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j proof let i, j be Element of NAT ; ::_thesis: ( i < j & i <= K & j <= K implies (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j ) assume that A34: i < j and i <= K and A35: j <= K ; ::_thesis: (StepWhile>0 (a,Ig,p,s)) . i <> (StepWhile>0 (a,Ig,p,s)) . j defpred S1[ Nat] means ( i < $1 & $1 <= j implies f . ((StepWhile>0 (a,Ig,p,s)) . $1) < f . ((StepWhile>0 (a,Ig,p,s)) . i) ); A36: i < K by A34, A35, XXREAL_0:2; A37: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) assume that A38: ( i < k & k <= j implies f . ((StepWhile>0 (a,Ig,p,s)) . k) < f . ((StepWhile>0 (a,Ig,p,s)) . i) ) and A39: i < k + 1 and A40: k + 1 <= j ; ::_thesis: f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . i) A41: i <= k by A39, NAT_1:13; percases ( i = k or i < k ) by A41, XXREAL_0:1; supposeA42: i = k ; ::_thesis: f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . i) not ((StepWhile>0 (a,Ig,p,s)) . i) . a <= 0 by A6, A36; hence f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . i) by A7, A42; ::_thesis: verum end; supposeA43: i < k ; ::_thesis: f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . i) A44: k < j by A40, NAT_1:13; now__::_thesis:_not_((StepWhile>0_(a,Ig,p,s))_._k)_._a_<=_0 assume ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ; ::_thesis: contradiction then K <= k by A6; hence contradiction by A35, A44, XXREAL_0:2; ::_thesis: verum end; then f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) by A7; hence f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . i) by A38, A40, A43, NAT_1:13, XXREAL_0:2; ::_thesis: verum end; end; end; assume A45: (StepWhile>0 (a,Ig,p,s)) . i = (StepWhile>0 (a,Ig,p,s)) . j ; ::_thesis: contradiction A46: S1[ 0 ] ; for k being Element of NAT holds S1[k] from NAT_1:sch_1(A46, A37); hence contradiction by A34, A45; ::_thesis: verum end; given i, j being Element of NAT such that A47: i <> j and A48: ( i <= ExitsAtWhile>0 (a,Ig,p,s) & j <= ExitsAtWhile>0 (a,Ig,p,s) & ( (StepWhile>0 (a,Ig,p,s)) . i = (StepWhile>0 (a,Ig,p,s)) . j or DataPart ((StepWhile>0 (a,Ig,p,s)) . i) = DataPart ((StepWhile>0 (a,Ig,p,s)) . j) ) ) ; ::_thesis: contradiction ( i < j or j < i ) by A47, XXREAL_0:1; hence contradiction by A4, A33, A8, A48; ::_thesis: verum end; definition canceled; end; :: deftheorem SCMFSA9A:def_7_:_ canceled; theorem Th40: :: SCMFSA9A:40 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds ex f being Function of (product (the_Values_of SCM+FSA)),NAT st ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds ex f being Function of (product (the_Values_of SCM+FSA)),NAT st ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) let s be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds ex f being Function of (product (the_Values_of SCM+FSA)),NAT st ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) let a be read-write Int-Location; ::_thesis: for Ig being good Program of SCM+FSA st s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p holds ex f being Function of (product (the_Values_of SCM+FSA)),NAT st ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) let Ig be good Program of SCM+FSA; ::_thesis: ( s . (intloc 0) = 1 & ProperBodyWhile>0 a,Ig,s,p & WithVariantWhile>0 a,Ig,s,p implies ex f being Function of (product (the_Values_of SCM+FSA)),NAT st ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) ) set I = Ig; assume that A1: s . (intloc 0) = 1 and A2: ProperBodyWhile>0 a,Ig,s,p and A3: WithVariantWhile>0 a,Ig,s,p ; ::_thesis: ex f being Function of (product (the_Values_of SCM+FSA)),NAT st ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) set SW = StepWhile>0 (a,Ig,p,s); set PW = p +* (while>0 (a,Ig)); consider K being Element of NAT such that A4: ExitsAtWhile>0 (a,Ig,p,s) = K and A5: ((StepWhile>0 (a,Ig,p,s)) . K) . a <= 0 and for i being Element of NAT st ((StepWhile>0 (a,Ig,p,s)) . i) . a <= 0 holds K <= i and DataPart (Comput ((p +* (while>0 (a,Ig))),(Initialize s),(LifeSpan ((p +* (while>0 (a,Ig))),(Initialize s))))) = DataPart ((StepWhile>0 (a,Ig,p,s)) . K) by A2, A3, Def6; consider g being Function of (product (the_Values_of SCM+FSA)),NAT such that A6: for k being Element of NAT holds ( g . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < g . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) by A3, Def5; defpred S1[ State of SCM+FSA, set ] means ( ex k being Element of NAT st ( k <= K & DataPart $1 = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) & $2 = g . ((StepWhile>0 (a,Ig,p,s)) . k) ) or ( ( for k being Element of NAT holds ( not k <= K or not DataPart $1 = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) ) ) & $2 = 0 ) ); A7: for x being Element of product (the_Values_of SCM+FSA) ex y being Element of NAT st S1[x,y] proof let x be Element of product (the_Values_of SCM+FSA); ::_thesis: ex y being Element of NAT st S1[x,y] percases ( ex k being Element of NAT st ( k <= K & DataPart x = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) ) or for k being Element of NAT holds ( not k <= K or not DataPart x = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) ) ) ; suppose ex k being Element of NAT st ( k <= K & DataPart x = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) ) ; ::_thesis: ex y being Element of NAT st S1[x,y] then consider k being Element of NAT such that A8: ( k <= K & DataPart x = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) ) ; take g . ((StepWhile>0 (a,Ig,p,s)) . k) ; ::_thesis: S1[x,g . ((StepWhile>0 (a,Ig,p,s)) . k)] thus S1[x,g . ((StepWhile>0 (a,Ig,p,s)) . k)] by A8; ::_thesis: verum end; supposeA9: for k being Element of NAT holds ( not k <= K or not DataPart x = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) ) ; ::_thesis: ex y being Element of NAT st S1[x,y] take 0 ; ::_thesis: S1[x, 0 ] thus S1[x, 0 ] by A9; ::_thesis: verum end; end; end; consider f being Function of (product (the_Values_of SCM+FSA)),NAT such that A10: for x being Element of product (the_Values_of SCM+FSA) holds S1[x,f . x] from FUNCT_2:sch_3(A7); take f ; ::_thesis: ( f is on_data_only & ( for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) ) ) hereby :: according to MEMSTR_0:def_18 ::_thesis: for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) let s1, s2 be State of SCM+FSA; ::_thesis: ( DataPart s1 = DataPart s2 implies f . s1 = f . s2 ) assume A11: DataPart s1 = DataPart s2 ; ::_thesis: f . s1 = f . s2 reconsider ss1 = s1, ss2 = s2 as Element of product (the_Values_of SCM+FSA) by CARD_3:107; ( S1[ss1,f . ss1] & S1[ss2,f . ss2] ) by A10; hence f . s1 = f . s2 by A1, A2, A3, A4, A11, Th39; ::_thesis: verum end; let k be Element of NAT ; ::_thesis: ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) percases ( k < K or K <= k ) ; supposeA12: k < K ; ::_thesis: ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) then A13: k + 1 <= K by NAT_1:13; then consider kk1 being Element of NAT such that A14: ( kk1 <= K & DataPart ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) = DataPart ((StepWhile>0 (a,Ig,p,s)) . kk1) ) and A15: f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) = g . ((StepWhile>0 (a,Ig,p,s)) . kk1) by A10; A16: k + 1 = kk1 by A1, A2, A3, A4, A13, A14, Th39; consider kk being Element of NAT such that A17: ( kk <= K & DataPart ((StepWhile>0 (a,Ig,p,s)) . k) = DataPart ((StepWhile>0 (a,Ig,p,s)) . kk) ) and A18: f . ((StepWhile>0 (a,Ig,p,s)) . k) = g . ((StepWhile>0 (a,Ig,p,s)) . kk) by A10, A12; k = kk by A1, A2, A3, A4, A12, A17, Th39; hence ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) by A6, A18, A15, A16; ::_thesis: verum end; suppose K <= k ; ::_thesis: ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) then DataPart ((StepWhile>0 (a,Ig,p,s)) . K) = DataPart ((StepWhile>0 (a,Ig,p,s)) . k) by A5, Th37; hence ( f . ((StepWhile>0 (a,Ig,p,s)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p,s)) . k) or ((StepWhile>0 (a,Ig,p,s)) . k) . a <= 0 ) by A5, SCMFSA_M:2; ::_thesis: verum end; end; end; theorem :: SCMFSA9A:41 for p1, p2 being Instruction-Sequence of SCM+FSA for s1, s2 being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st s1 . (intloc 0) = 1 & DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,Ig,s1,p1 & WithVariantWhile>0 a,Ig,s1,p1 holds WithVariantWhile>0 a,Ig,s2,p2 proof let p1, p2 be Instruction-Sequence of SCM+FSA; ::_thesis: for s1, s2 being State of SCM+FSA for a being read-write Int-Location for Ig being good Program of SCM+FSA st s1 . (intloc 0) = 1 & DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,Ig,s1,p1 & WithVariantWhile>0 a,Ig,s1,p1 holds WithVariantWhile>0 a,Ig,s2,p2 let s1, s2 be State of SCM+FSA; ::_thesis: for a being read-write Int-Location for Ig being good Program of SCM+FSA st s1 . (intloc 0) = 1 & DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,Ig,s1,p1 & WithVariantWhile>0 a,Ig,s1,p1 holds WithVariantWhile>0 a,Ig,s2,p2 let a be read-write Int-Location; ::_thesis: for Ig being good Program of SCM+FSA st s1 . (intloc 0) = 1 & DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,Ig,s1,p1 & WithVariantWhile>0 a,Ig,s1,p1 holds WithVariantWhile>0 a,Ig,s2,p2 let Ig be good Program of SCM+FSA; ::_thesis: ( s1 . (intloc 0) = 1 & DataPart s1 = DataPart s2 & ProperBodyWhile>0 a,Ig,s1,p1 & WithVariantWhile>0 a,Ig,s1,p1 implies WithVariantWhile>0 a,Ig,s2,p2 ) set I = Ig; assume that A1: s1 . (intloc 0) = 1 and A2: DataPart s1 = DataPart s2 and A3: ProperBodyWhile>0 a,Ig,s1,p1 and A4: WithVariantWhile>0 a,Ig,s1,p1 ; ::_thesis: WithVariantWhile>0 a,Ig,s2,p2 set SW1 = StepWhile>0 (a,Ig,p1,s1); consider f being Function of (product (the_Values_of SCM+FSA)),NAT such that A5: f is on_data_only and A6: for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p1,s1)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p1,s1)) . k) or ((StepWhile>0 (a,Ig,p1,s1)) . k) . a <= 0 ) by A1, A3, A4, Th40; take f ; :: according to SCMFSA9A:def_5 ::_thesis: for k being Element of NAT holds ( f . ((StepWhile>0 (a,Ig,p2,s2)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p2,s2)) . k) or ((StepWhile>0 (a,Ig,p2,s2)) . k) . a <= 0 ) let k be Element of NAT ; ::_thesis: ( f . ((StepWhile>0 (a,Ig,p2,s2)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p2,s2)) . k) or ((StepWhile>0 (a,Ig,p2,s2)) . k) . a <= 0 ) set SW2 = StepWhile>0 (a,Ig,p2,s2); DataPart ((StepWhile>0 (a,Ig,p1,s1)) . (k + 1)) = DataPart ((StepWhile>0 (a,Ig,p2,s2)) . (k + 1)) by A2, A3, Th34; then A7: f . ((StepWhile>0 (a,Ig,p1,s1)) . (k + 1)) = f . ((StepWhile>0 (a,Ig,p2,s2)) . (k + 1)) by A5, MEMSTR_0:def_18; A8: DataPart ((StepWhile>0 (a,Ig,p1,s1)) . k) = DataPart ((StepWhile>0 (a,Ig,p2,s2)) . k) by A2, A3, Th34; then A9: ((StepWhile>0 (a,Ig,p1,s1)) . k) . a = ((StepWhile>0 (a,Ig,p2,s2)) . k) . a by SCMFSA_M:2; f . ((StepWhile>0 (a,Ig,p1,s1)) . k) = f . ((StepWhile>0 (a,Ig,p2,s2)) . k) by A5, A8, MEMSTR_0:def_18; hence ( f . ((StepWhile>0 (a,Ig,p2,s2)) . (k + 1)) < f . ((StepWhile>0 (a,Ig,p2,s2)) . k) or ((StepWhile>0 (a,Ig,p2,s2)) . k) . a <= 0 ) by A6, A9, A7; ::_thesis: verum end; begin definition let N, result be Int-Location; func Fusc_macro (N,result) -> Program of SCM+FSA equals :: SCMFSA9A:def 8 (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)) ";" (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))); correctness coherence (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)) ";" (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))) is Program of SCM+FSA; ; end; :: deftheorem defines Fusc_macro SCMFSA9A:def_8_:_ for N, result being Int-Location holds Fusc_macro (N,result) = (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)) ";" (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))); theorem :: SCMFSA9A:42 for p being Instruction-Sequence of SCM+FSA for s being State of SCM+FSA for N, result being read-write Int-Location st N <> result holds for n being Element of NAT st n = s . N holds ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) proof let p be Instruction-Sequence of SCM+FSA; ::_thesis: for s being State of SCM+FSA for N, result being read-write Int-Location st N <> result holds for n being Element of NAT st n = s . N holds ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) let s be State of SCM+FSA; ::_thesis: for N, result being read-write Int-Location st N <> result holds for n being Element of NAT st n = s . N holds ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) let N, result be read-write Int-Location; ::_thesis: ( N <> result implies for n being Element of NAT st n = s . N holds ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) ) assume A1: N <> result ; ::_thesis: for n being Element of NAT st n = s . N holds ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) set i0 = SubFrom (result,result); set rem2 = 3 -rdRWNotIn {N,result}; set aux = 2 -ndRWNotIn {N,result}; set next = 1 -stRWNotIn {N,result}; set I3i0 = (3 -rdRWNotIn {N,result}) := 2; set I3i1 = Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})); set I3I2I0 = Macro (AddTo ((1 -stRWNotIn {N,result}),result)); set I3I2I1 = Macro (AddTo (result,(1 -stRWNotIn {N,result}))); set I3I2 = if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))); set I = (((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))); let n be Element of NAT ; ::_thesis: ( n = s . N implies ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) ) assume A2: n = s . N ; ::_thesis: ( (IExec ((Fusc_macro (N,result)),p,s)) . result = Fusc n & (IExec ((Fusc_macro (N,result)),p,s)) . N = n ) A3: 1 -stRWNotIn {N,result} <> 3 -rdRWNotIn {N,result} by SCMFSA_M:26; A4: 2 -ndRWNotIn {N,result} <> 1 -stRWNotIn {N,result} by SCMFSA_M:26; set I3 = while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))); deffunc H1( Element of product (the_Values_of SCM+FSA)) -> Element of NAT = abs ($1 . (2 -ndRWNotIn {N,result})); set i2 = (2 -ndRWNotIn {N,result}) := N; set i1 = (1 -stRWNotIn {N,result}) := (intloc 0); set t = IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s); set q = p; set It = Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)); set SWt = StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))); set PWt = p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))); defpred S1[ Nat] means ex au, ne, re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . $1) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . $1) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . $1) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . $1) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ); consider f being Function of (product (the_Values_of SCM+FSA)),NAT such that A5: for x being Element of product (the_Values_of SCM+FSA) holds f . x = H1(x) from FUNCT_2:sch_4(); A6: N in {N,result} by TARSKI:def_2; then A7: N <> 1 -stRWNotIn {N,result} by SCMFSA_M:25; A8: result in {N,result} by TARSKI:def_2; then A9: 2 -ndRWNotIn {N,result} <> result by SCMFSA_M:25; A10: result <> 3 -rdRWNotIn {N,result} by A8, SCMFSA_M:25; A11: 1 -stRWNotIn {N,result} <> result by A8, SCMFSA_M:25; A12: N <> 3 -rdRWNotIn {N,result} by A6, SCMFSA_M:25; A13: N <> 2 -ndRWNotIn {N,result} by A6, SCMFSA_M:25; A14: 2 -ndRWNotIn {N,result} <> 3 -rdRWNotIn {N,result} by SCMFSA_M:26; A15: for u being State of SCM+FSA for h being Instruction-Sequence of SCM+FSA st ex au, ne, re being Element of NAT st ( u . (2 -ndRWNotIn {N,result}) = au & u . (1 -stRWNotIn {N,result}) = ne & u . result = re & u . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) holds ex au1, ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) proof let u be State of SCM+FSA; ::_thesis: for h being Instruction-Sequence of SCM+FSA st ex au, ne, re being Element of NAT st ( u . (2 -ndRWNotIn {N,result}) = au & u . (1 -stRWNotIn {N,result}) = ne & u . result = re & u . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) holds ex au1, ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) let h be Instruction-Sequence of SCM+FSA; ::_thesis: ( ex au, ne, re being Element of NAT st ( u . (2 -ndRWNotIn {N,result}) = au & u . (1 -stRWNotIn {N,result}) = ne & u . result = re & u . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) implies ex au1, ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) ) given au, ne, re being Element of NAT such that A16: u . (2 -ndRWNotIn {N,result}) = au and A17: u . (1 -stRWNotIn {N,result}) = ne and A18: u . result = re and A19: u . N = n and A20: Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ; ::_thesis: ex au1, ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) A21: (Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))) . (1 -stRWNotIn {N,result}) = (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)) . (1 -stRWNotIn {N,result}) by SCMFSA_M:37 .= (Exec ((Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result}))),(IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:6 .= (IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (1 -stRWNotIn {N,result}) by A4, A3, SCMFSA_2:67 .= ne by A17, SCMFSA7B:3, SCMFSA_M:26 ; A22: (Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))) . (2 -ndRWNotIn {N,result}) = (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)) . (2 -ndRWNotIn {N,result}) by SCMFSA_M:37 .= (Exec ((Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result}))),(IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)))) . (2 -ndRWNotIn {N,result}) by SCMFSA6C:6 .= ((IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (2 -ndRWNotIn {N,result})) div ((IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (3 -rdRWNotIn {N,result})) by A14, SCMFSA_2:67 .= (u . (2 -ndRWNotIn {N,result})) div ((IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (3 -rdRWNotIn {N,result})) by SCMFSA7B:3, SCMFSA_M:26 .= (u . (2 -ndRWNotIn {N,result})) div 2 by SCMFSA7B:3 ; A23: (Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))) . result = (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)) . result by SCMFSA_M:37 .= (Exec ((Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result}))),(IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)))) . result by SCMFSA6C:6 .= (IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . result by A9, A10, SCMFSA_2:67 .= re by A10, A18, SCMFSA7B:3 ; A24: (Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))) . N = (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)) . N by SCMFSA_M:37 .= (Exec ((Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result}))),(IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)))) . N by SCMFSA6C:6 .= (IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . N by A12, A13, SCMFSA_2:67 .= n by A12, A19, SCMFSA7B:3 ; A25: (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)) . (3 -rdRWNotIn {N,result}) = (Exec ((Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result}))),(IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)))) . (3 -rdRWNotIn {N,result}) by SCMFSA6C:6 .= ((IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (2 -ndRWNotIn {N,result})) mod ((IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (3 -rdRWNotIn {N,result})) by SCMFSA_2:67 .= (u . (2 -ndRWNotIn {N,result})) mod ((IExec (((3 -rdRWNotIn {N,result}) := 2),h,u)) . (3 -rdRWNotIn {N,result})) by SCMFSA7B:3, SCMFSA_M:26 .= (u . (2 -ndRWNotIn {N,result})) mod 2 by SCMFSA7B:3 ; percases ( au is even or au is odd ) ; supposeA26: au is even ; ::_thesis: ex au1, ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) reconsider ne1 = ne + re as Element of NAT ; reconsider au1 = (u . (2 -ndRWNotIn {N,result})) div 2 as Element of NAT by A16, INT_1:3, INT_1:55; take au1 ; ::_thesis: ex ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) take ne1 ; ::_thesis: ex re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) take re ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) consider k being Element of NAT such that A27: au = 2 * k by A26, ABIAN:def_2; A28: (u . (2 -ndRWNotIn {N,result})) mod 2 = ((2 * k) + 0) mod 2 by A16, A27 .= 0 mod 2 by NAT_D:21 .= 0 by NAT_D:26 ; (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (2 -ndRWNotIn {N,result}) by SCMFSA6C:1 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (2 -ndRWNotIn {N,result}) by A25, A28, SCMFSA8B:18 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (2 -ndRWNotIn {N,result}) .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (2 -ndRWNotIn {N,result}) by SCMFSA6C:5 .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (2 -ndRWNotIn {N,result}) .= (u . (2 -ndRWNotIn {N,result})) div 2 by A4, A22, SCMFSA_2:64 ; hence (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) thus (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:1 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (1 -stRWNotIn {N,result}) by A25, A28, SCMFSA8B:18 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (1 -stRWNotIn {N,result}) .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:5 .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (1 -stRWNotIn {N,result}) .= ne1 by A21, A23, SCMFSA_2:64 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) thus (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . result by SCMFSA6C:1 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . result by A25, A28, SCMFSA8B:18 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . result .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . result by SCMFSA6C:5 .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . result .= re by A11, A23, SCMFSA_2:64 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) thus (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . N by SCMFSA6C:1 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . N by A25, A28, SCMFSA8B:18 .= (IExec ((Macro (AddTo ((1 -stRWNotIn {N,result}),result))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . N .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . N by SCMFSA6C:5 .= (Exec ((AddTo ((1 -stRWNotIn {N,result}),result)),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . N .= n by A7, A24, SCMFSA_2:64 ; ::_thesis: ( Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) au1 = k by A16, A27, NAT_D:20; hence Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) by A20, A27, PRE_FF:20; ::_thesis: au1 = (u . (2 -ndRWNotIn {N,result})) div 2 thus au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ; ::_thesis: verum end; supposeA29: au is odd ; ::_thesis: ex au1, ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) reconsider re1 = ne + re as Element of NAT ; reconsider au1 = (u . (2 -ndRWNotIn {N,result})) div 2 as Element of NAT by A16, INT_1:3, INT_1:55; take au1 ; ::_thesis: ex ne1, re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) take ne ; ::_thesis: ex re1 being Element of NAT st ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) take re1 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) consider k being Element of NAT such that A30: au = (2 * k) + 1 by A29, ABIAN:9; A31: (u . (2 -ndRWNotIn {N,result})) mod 2 = 1 mod 2 by A16, A30, NAT_D:21 .= 1 by NAT_D:24 ; (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (2 -ndRWNotIn {N,result}) by SCMFSA6C:1 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (2 -ndRWNotIn {N,result}) by A25, A31, SCMFSA8B:18 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (2 -ndRWNotIn {N,result}) .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (2 -ndRWNotIn {N,result}) by SCMFSA6C:5 .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (2 -ndRWNotIn {N,result}) .= (u . (2 -ndRWNotIn {N,result})) div 2 by A9, A22, SCMFSA_2:64 ; hence (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (2 -ndRWNotIn {N,result}) = au1 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = ne & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) thus (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . (1 -stRWNotIn {N,result}) = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:1 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (1 -stRWNotIn {N,result}) by A25, A31, SCMFSA8B:18 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . (1 -stRWNotIn {N,result}) .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:5 .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . (1 -stRWNotIn {N,result}) .= ne by A11, A21, SCMFSA_2:64 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = re1 & (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) thus (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . result = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . result by SCMFSA6C:1 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . result by A25, A31, SCMFSA8B:18 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . result .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . result by SCMFSA6C:5 .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . result .= re1 by A21, A23, SCMFSA_2:64 ; ::_thesis: ( (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = n & Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) thus (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),h,u)) . N = (IExec ((if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . N by SCMFSA6C:1 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . N by A25, A31, SCMFSA8B:18 .= (IExec ((Macro (AddTo (result,(1 -stRWNotIn {N,result})))),h,(IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u)))) . N .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . N by SCMFSA6C:5 .= (Exec ((AddTo (result,(1 -stRWNotIn {N,result}))),(Initialized (IExec ((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))),h,u))))) . N .= n by A1, A24, SCMFSA_2:64 ; ::_thesis: ( Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) & au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ) au1 = (2 * k) div 2 by A16, A30, NAT_2:26 .= k by NAT_D:20 ; hence Fusc n = (ne * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) by A20, A30, PRE_FF:19; ::_thesis: au1 = (u . (2 -ndRWNotIn {N,result})) div 2 thus au1 = (u . (2 -ndRWNotIn {N,result})) div 2 ; ::_thesis: verum end; end; end; A32: (Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))) . (intloc 0) = 1 by SCMFSA_M:9; A33: for k being Element of NAT st S1[k] holds S1[k + 1] proof let k be Element of NAT ; ::_thesis: ( S1[k] implies S1[k + 1] ) given au, ne, re being Element of NAT such that A34: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) = au and A35: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (1 -stRWNotIn {N,result}) = ne and A36: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . result = re and A37: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . N = n and A38: Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ; ::_thesis: S1[k + 1] A39: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (intloc 0) = 1 by A32, Th33; percases ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) > 0 or ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) <= 0 ) ; supposeA40: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) > 0 ; ::_thesis: S1[k + 1] consider au1, ne1, re1 being Element of NAT such that A41: (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . (2 -ndRWNotIn {N,result}) = au1 and A42: (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . (1 -stRWNotIn {N,result}) = ne1 and A43: (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . result = re1 and A44: (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . N = n and A45: Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) and au1 = (((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result})) div 2 by A15, A34, A35, A36, A37, A38; take au1 ; ::_thesis: ex ne, re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au1)) + (re * (Fusc (au1 + 1))) ) take ne1 ; ::_thesis: ex re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re * (Fusc (au1 + 1))) ) take re1 ; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) ) A46: DataPart ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) = DataPart (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) by A39, A40, Th32; hence ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au1 by A41, SCMFSA_M:2; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne1 by A46, A42, SCMFSA_M:2; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re1 & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re1 by A46, A43, SCMFSA_M:2; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n by A46, A44, SCMFSA_M:2; ::_thesis: Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) thus Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) by A45; ::_thesis: verum end; supposeA47: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) <= 0 ; ::_thesis: S1[k + 1] take au ; ::_thesis: ex ne, re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) take ne ; ::_thesis: ex re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) take re ; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) A48: DataPart ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) = DataPart ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) by A47, Th31; hence ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au by A34, SCMFSA_M:2; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (1 -stRWNotIn {N,result}) = ne by A35, A48, SCMFSA_M:2; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . result = re by A36, A48, SCMFSA_M:2; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . N = n by A37, A48, SCMFSA_M:2; ::_thesis: Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) thus Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) by A38; ::_thesis: verum end; end; end; (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) . (intloc 0) = 1 by SCMFSA6B:11; then A49: DataPart (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) = DataPart (Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))) by SCMFSA_M:19; A50: S1[ 0 ] proof take au = n; ::_thesis: ex ne, re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) take ne = 1; ::_thesis: ex re being Element of NAT st ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) take re = 0 ; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (2 -ndRWNotIn {N,result}) = au & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) A51: (StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0 = Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) by SCMFSA_9:def_5; hence ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (2 -ndRWNotIn {N,result}) = (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) . (2 -ndRWNotIn {N,result}) by A49, SCMFSA_M:2 .= (Exec (((2 -ndRWNotIn {N,result}) := N),(IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)))) . (2 -ndRWNotIn {N,result}) by SCMFSA6C:6 .= (IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)) . N by SCMFSA_2:63 .= (Exec (((1 -stRWNotIn {N,result}) := (intloc 0)),(Exec ((SubFrom (result,result)),(Initialized s))))) . N by SCMFSA6C:8 .= (Exec ((SubFrom (result,result)),(Initialized s))) . N by A7, SCMFSA_2:63 .= (Initialized s) . N by A1, SCMFSA_2:65 .= au by A2, SCMFSA_M:37 ; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . (1 -stRWNotIn {N,result}) = (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) . (1 -stRWNotIn {N,result}) by A49, A51, SCMFSA_M:2 .= (Exec (((2 -ndRWNotIn {N,result}) := N),(IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:6 .= (IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)) . (1 -stRWNotIn {N,result}) by A4, SCMFSA_2:63 .= (Exec (((1 -stRWNotIn {N,result}) := (intloc 0)),(Exec ((SubFrom (result,result)),(Initialized s))))) . (1 -stRWNotIn {N,result}) by SCMFSA6C:8 .= (Exec ((SubFrom (result,result)),(Initialized s))) . (intloc 0) by SCMFSA_2:63 .= (Initialized s) . (intloc 0) by SCMFSA_2:65 .= ne by SCMFSA_M:9 ; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . result = (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) . result by A49, A51, SCMFSA_M:2 .= (Exec (((2 -ndRWNotIn {N,result}) := N),(IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)))) . result by SCMFSA6C:6 .= (IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)) . result by A9, SCMFSA_2:63 .= (Exec (((1 -stRWNotIn {N,result}) := (intloc 0)),(Exec ((SubFrom (result,result)),(Initialized s))))) . result by SCMFSA6C:8 .= (Exec ((SubFrom (result,result)),(Initialized s))) . result by A11, SCMFSA_2:63 .= ((Initialized s) . result) - ((Initialized s) . result) by SCMFSA_2:65 .= re ; ::_thesis: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) thus ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . 0) . N = (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)) . N by A49, A51, SCMFSA_M:2 .= (Exec (((2 -ndRWNotIn {N,result}) := N),(IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)))) . N by SCMFSA6C:6 .= (IExec (((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))),p,s)) . N by A13, SCMFSA_2:63 .= (Exec (((1 -stRWNotIn {N,result}) := (intloc 0)),(Exec ((SubFrom (result,result)),(Initialized s))))) . N by SCMFSA6C:8 .= (Exec ((SubFrom (result,result)),(Initialized s))) . N by A7, SCMFSA_2:63 .= (Initialized s) . N by A1, SCMFSA_2:65 .= n by A2, SCMFSA_M:37 ; ::_thesis: Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) thus Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ; ::_thesis: verum end; A52: for k being Element of NAT holds S1[k] from NAT_1:sch_1(A50, A33); for k being Element of NAT holds ( f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) < f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) or ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) <= 0 ) proof let k be Element of NAT ; ::_thesis: ( f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) < f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) or ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) <= 0 ) consider au, ne, re being Element of NAT such that A53: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) = au and A54: ( ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (1 -stRWNotIn {N,result}) = ne & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . result = re & ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . N = n & Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) ) by A52; A55: f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) = abs (((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result})) by A5 .= au by A53, ABSVALUE:def_1 ; now__::_thesis:_(_au_>_0_implies_f_._((StepWhile>0_((2_-ndRWNotIn_{N,result}),((((3_-rdRWNotIn_{N,result})_:=_2)_";"_(Divide_((2_-ndRWNotIn_{N,result}),(3_-rdRWNotIn_{N,result}))))_";"_(if=0_((3_-rdRWNotIn_{N,result}),(Macro_(AddTo_((1_-stRWNotIn_{N,result}),result))),(Macro_(AddTo_(result,(1_-stRWNotIn_{N,result}))))))),p,(Initialized_(IExec_((((SubFrom_(result,result))_";"_((1_-stRWNotIn_{N,result})_:=_(intloc_0)))_";"_((2_-ndRWNotIn_{N,result})_:=_N)),p,s)))))_._(k_+_1))_<_f_._((StepWhile>0_((2_-ndRWNotIn_{N,result}),((((3_-rdRWNotIn_{N,result})_:=_2)_";"_(Divide_((2_-ndRWNotIn_{N,result}),(3_-rdRWNotIn_{N,result}))))_";"_(if=0_((3_-rdRWNotIn_{N,result}),(Macro_(AddTo_((1_-stRWNotIn_{N,result}),result))),(Macro_(AddTo_(result,(1_-stRWNotIn_{N,result}))))))),p,(Initialized_(IExec_((((SubFrom_(result,result))_";"_((1_-stRWNotIn_{N,result})_:=_(intloc_0)))_";"_((2_-ndRWNotIn_{N,result})_:=_N)),p,s)))))_._k)_) consider au1, ne1, re1 being Element of NAT such that A56: (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . (2 -ndRWNotIn {N,result}) = au1 and (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . (1 -stRWNotIn {N,result}) = ne1 and (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . result = re1 and (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) . N = n and Fusc n = (ne1 * (Fusc au1)) + (re1 * (Fusc (au1 + 1))) and A57: au1 = (((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result})) div 2 by A15, A53, A54; assume A58: au > 0 ; ::_thesis: f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) < f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (intloc 0) = 1 by A32, Th33; then DataPart ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) = DataPart (IExec (((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),(p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k))) by A53, A58, Th32; then A59: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result}) = au1 by A56, SCMFSA_M:2; f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) = abs (((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) . (2 -ndRWNotIn {N,result})) by A5 .= au1 by A59, ABSVALUE:def_1 ; hence f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) < f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) by A53, A55, A58, A57, INT_1:56; ::_thesis: verum end; hence ( f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . (k + 1)) < f . ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) or ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) <= 0 ) by A53; ::_thesis: verum end; then A60: WithVariantWhile>0 2 -ndRWNotIn {N,result},(((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))), Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)),p by Def5; then consider k being Element of NAT such that A61: ExitsAtWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))) = k and A62: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) <= 0 and for i being Element of NAT st ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . i) . (2 -ndRWNotIn {N,result}) <= 0 holds k <= i and DataPart (Comput ((p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),(Initialize (Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))),(LifeSpan ((p +* (while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))))),(Initialize (Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))))))) = DataPart ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) by Def6; A63: DataPart (IExec ((while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))),p,(IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))) = DataPart ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) by A60, A61, Th36; consider au, ne, re being Element of NAT such that A64: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (2 -ndRWNotIn {N,result}) = au and ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . (1 -stRWNotIn {N,result}) = ne and A65: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . result = re and A66: ((StepWhile>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))),p,(Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s))))) . k) . N = n and A67: Fusc n = (ne * (Fusc au)) + (re * (Fusc (au + 1))) by A52; A68: au = 0 by A62, A64; ( while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))) is_closed_on Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)),p & while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))) is_halting_on Initialized (IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)),p ) by A60, Th28; then A69: ( while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))) is_closed_on IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s),p & while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result})))))))) is_halting_on IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s),p ) by A49, SCMFSA8B:5; hence (IExec ((Fusc_macro (N,result)),p,s)) . result = (IExec ((while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))),p,(IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))) . result by SFMASTR1:7 .= Fusc n by A65, A67, A68, A63, PRE_FF:15, SCMFSA_M:2 ; ::_thesis: (IExec ((Fusc_macro (N,result)),p,s)) . N = n thus (IExec ((Fusc_macro (N,result)),p,s)) . N = (IExec ((while>0 ((2 -ndRWNotIn {N,result}),((((3 -rdRWNotIn {N,result}) := 2) ";" (Divide ((2 -ndRWNotIn {N,result}),(3 -rdRWNotIn {N,result})))) ";" (if=0 ((3 -rdRWNotIn {N,result}),(Macro (AddTo ((1 -stRWNotIn {N,result}),result))),(Macro (AddTo (result,(1 -stRWNotIn {N,result}))))))))),p,(IExec ((((SubFrom (result,result)) ";" ((1 -stRWNotIn {N,result}) := (intloc 0))) ";" ((2 -ndRWNotIn {N,result}) := N)),p,s)))) . N by A69, SFMASTR1:7 .= n by A66, A63, SCMFSA_M:2 ; ::_thesis: verum end;