reserve s for State of SCM+FSA,
  I for MacroInstruction of SCM+FSA,
  a for read-write Int-Location;
reserve i,j,k,n for Nat;
reserve P,P1,P2,Q for Instruction-Sequence of SCM+FSA;

theorem
  for I be good InitHalting really-closed MacroInstruction of SCM+FSA,
      a be read-write
Int-Location st ex f being Function of (product the_Values_of SCM+FSA),INT
st (for s,t be State of SCM+FSA,P
 holds (f.s > 0 implies f.IExec(I,P,s) < f.s ) &
  (DataPart s = DataPart t implies f.s=f.t) & ( f.s <= 0 iff s.a <= 0 ) ) holds
  while>0(a,I) is InitHalting
proof
  let I be good InitHalting really-closed MacroInstruction of SCM+FSA,
      a be read-write Int-Location;
  set D = Data-Locations SCM+FSA;
  given f be Function of product the_Values_of SCM+FSA,INT such that
A1: for s,t be State of SCM+FSA,P
  holds (f.s > 0 implies f.IExec(I,P,s) < f
  .s ) & (DataPart s=DataPart t implies f.s=f.t) & ( f.s <= 0 iff s.a <= 0 );
  defpred P[Nat] means
   for t be State of SCM+FSA,Q st f.t <= $1 holds
     while>0(a,I) is_halting_onInit t,Q;
A2: now
    let k be Nat;
    assume
A3: P[k];
    now
      let t be State of SCM+FSA,Q;
      assume
A4:   f.t <= k+1;
      per cases;
      suppose
        f.t<>k+1;
        then f.t < k+1 by A4,XXREAL_0:1;
        hence while>0(a,I) is_halting_onInit t,Q by A3,INT_1:7;
      end;
      suppose
A5:     f.t=k+1;
        set l0=intloc 0;
        set tW0= Initialized t,
            QW = Q +* while>0(a,I),
            t1=Initialized t,
            Q1 = Q +* I,
            Wt= Comput(QW, tW0,(LifeSpan(Q1,t1)) + 2),
            It = Comput(Q1, t1,LifeSpan(Q1,t1));
A6:    I is_halting_onInit t,Q by SCM_HALT:26;
        then
A7:    Q1 halts_on t1;
A8:    not t.a <= 0 by A1,A5;
        then
A9:    DataPart Wt = DataPart It by A6,SCM_HALT:74;
        then
A10:    Wt.l0 =It.l0 by SCMFSA_M:2
          .=(Result(Q1,t1)).l0 by A7,EXTPRO_1:23
          .=(Result(Q1,t1)).l0
          .=IExec(I,Q,t).l0 by SCMFSA6B:def 1
          .=1 by SCM_HALT:9;
        DataPart Wt = DataPart Result(Q1,t1) by A9,A7,EXTPRO_1:23
          .= DataPart(Result(Q1,t1))
          .= DataPart IExec(I,Q,t) by SCMFSA6B:def 1;
        then f.Wt=f.IExec(I,Q,t) by A1;
        then f.Wt < k+1 by A1,A5;
        then while>0(a,I) is_halting_onInit Wt, QW by A3,INT_1:7;
        then
A11:    QW +* while>0(a,I) halts_on Initialized Wt;
        IC Wt= 0 by A8,A6,SCM_HALT:74;
        then
A12:    Initialized Wt = Wt by A10,SCMFSA_M:8;
        now
          consider m be Nat such that
A13:      CurInstr(QW,Comput(QW,Wt,m)) = halt SCM+FSA
              by A12,A11;
          take mm=((LifeSpan(Q1,t1))+ 2)+m;
          thus CurInstr(QW,Comput(QW,tW0,mm))
           = halt SCM+FSA by A13,EXTPRO_1:4;
        end;
        then QW halts_on tW0 by EXTPRO_1:29;
        hence while>0(a,I) is_halting_onInit t,Q;
      end;
    end;
    hence P[k+1];
  end;
A14: P[ 0]
  proof
    let t be State of SCM+FSA,Q;
    assume f.t <= 0;
    then t.a <= 0 by A1;
    hence thesis by SCM_HALT:73;
  end;
A15: for k be Nat holds P[k] from NAT_1:sch 2(A14,A2);
  now
    let t be State of SCM+FSA;
    per cases;
    suppose
      f.t<=0;
      then t.a <= 0 by A1;
      hence while>0(a,I) is_halting_onInit t,Q by SCM_HALT:73;
    end;
    suppose
      f.t>0;
      then reconsider n=f.t as Element of NAT by INT_1:3;
      P[n] by A15;
      hence while>0(a,I) is_halting_onInit t,Q;
    end;
  end;
  hence thesis by SCM_HALT:26;
end;
