reserve s for State of SCM+FSA,
  a, c for read-write Int-Location,
  aa, bb, cc,
  dd, x for Int-Location,
  f for FinSeq-Location,
  I, J for MacroInstruction of SCM+FSA,
  Ig for good MacroInstruction of SCM+FSA,
  i, k for Nat,
  p for Instruction-Sequence of SCM+FSA;

theorem Th17:
 for Ig being good really-closed MacroInstruction of SCM+FSA holds
  s.intloc 0 = 1 & ProperForUpBody a,bb,cc,Ig,s,p implies for k
  st k <= s.cc-s.bb+1 holds StepForUp(a,bb,cc,Ig,p,s).k.intloc 0 = 1 & (Ig
does not destroy a implies StepForUp(a,bb,cc,Ig,p,s).k.a = k+s.bb &
 StepForUp(a, bb, cc, Ig,p, s).k.a <= s.cc+1) &
 StepForUp(a,bb,cc,Ig,p,s).k.(1-stRWNotIn
  ({a, bb, cc} \/ UsedILoc Ig)) + k = s.cc-s.bb+1
proof let Ig be good really-closed MacroInstruction of SCM+FSA;
  set I = Ig;
  assume that
A1: s.intloc 0 = 1 and
A2: ProperForUpBody a,bb,cc,I,s,p;
  set scb1 = s.cc-s.bb+1;
  set aux = (1-stRWNotIn ({a, bb, cc} \/ UsedILoc I));
  set SF = StepForUp(a,bb,cc,I,p,s);
  set IB = I ";" AddTo(a, intloc 0) ";" SubFrom(aux, intloc 0);
  set s2 = s+*(aux, s.cc-s.bb+1)+*(a, s.bb),
      p2 = p;
  set SW2 = StepWhile>0(aux,IB,p2,s2);
A3: IB = I ";"(AddTo(a, intloc 0) ";" SubFrom(aux, intloc 0)) by SCMFSA6A:28;
  defpred P[Nat] means $1 <= scb1 implies SF.$1.intloc 0 = 1 & (I
does not destroy a implies SF.$1.a = $1+s.bb & SF.$1.a <= s.cc+1) & SF.$1.aux +
  $1 = scb1;
  a in {a, bb, cc} by ENUMSET1:def 1;
  then a in {a, bb, cc} \/ UsedILoc I by XBOOLE_0:def 3;
  then
A4: aux <> a by SCMFSA_M:25;
A5: for k st P[k] holds P[k+1]
  proof
    let k such that
A6: P[k];
    thus P[k+1]
    proof
A7:   not aux in UsedILoc I
      proof
        assume not thesis;
        then aux in {a, bb, cc} \/ UsedILoc I by XBOOLE_0:def 3;
        hence contradiction by SCMFSA_M:25;
      end;
      set k1 = k+1;
      assume
A8:   k+1 <= scb1;
A9:   k < k+1 by XREAL_1:29;
      then
A10:  SW2.k.aux > 0 by A6,A8,XREAL_1:8,XXREAL_0:2;
A11:  k < scb1 by A8,A9,XXREAL_0:2;
A12:  I is_halting_on SF.k,
       p +* while>0(1-stRWNotIn ({a, bb, cc} \/ UsedILoc I),
       I ";" AddTo(a, intloc 0) ";"
       SubFrom(1-stRWNotIn ({a, bb, cc} \/ UsedILoc I), intloc 0))
      by A2,A11;
      then
A13:  I is_halting_on Initialized SW2.k, p+*while>0(aux,IB)
        by A6,A8,A9,SCMFSA8B:42,XXREAL_0:2;
      thus SF.k1.intloc 0 = 1 by A6,A8,A9,A12,Th16,XXREAL_0:2;
      AddTo(a, intloc 0) ";" SubFrom(aux, intloc 0) is_halting_on
        IExec(I,p+*while>0(aux,IB),SW2.k), p+*while>0(aux,IB) by SCMFSA7B:19;
      then IB is_halting_on Initialized SW2.k, p+*while>0(aux,IB)
          by A3,A13,SFMASTR1:3;
      then
A14:  DataPart SW2.(k+1) = DataPart IExec(IB,p+*while>0(aux,IB),SW2.k)
 by A6,A8,A9,A10,SCMFSA9A:32,XXREAL_0:2;
      hereby
        assume
A15:    I does not destroy a;
A16:    IExec(IB,p+*while>0(aux,IB),SW2.k).a
         = IExec(AddTo(a, intloc 0) ";" SubFrom(aux,intloc 0),
          p+*while>0(aux,IB),IExec(I,p+*while>0(aux,IB),SW2.k)).a
         by A3,A13,SFMASTR1:7
          .= Exec(SubFrom(aux, intloc 0), Exec(AddTo(a, intloc 0),
        Initialized IExec(I,p+*while>0(aux,IB),SW2.k))).a by SCMFSA6C:8
          .= Exec(AddTo(a, intloc 0),
           Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).a by A4,SCMFSA_2:65
          .= (Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).a +
           (Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).
        intloc 0 by SCMFSA_2:64
          .= (Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).a +1
                by SCMFSA_M:9
          .= IExec(I,p+*while>0(aux,IB),SW2.k).a +1 by SCMFSA_M:37
          .= (Initialized SW2.k).a +1 by A13,A15,SCMFSA8C:95
          .= SW2.k.a +1 by SCMFSA_M:37;
        hence SF.k1.a = k1+s.bb by A6,A8,A9,A14,A15,SCMFSA_M:2,XXREAL_0:2;
        k1+s.bb <= s.cc+1-s.bb+s.bb by A8,XREAL_1:6;
        hence SF.k1.a <= s.cc+1 by A6,A8,A9,A14,A15,A16,SCMFSA_M:2,XXREAL_0:2;
      end;
      IExec(IB,p+*while>0(aux,IB),SW2.k).aux
       = IExec(AddTo(a, intloc 0) ";" SubFrom(aux,
      intloc 0), p+*while>0(aux,IB),IExec(I,p+*while>0(aux,IB),SW2.k)).aux
       by A3,A13,SFMASTR1:7
        .= Exec(SubFrom(aux, intloc 0), Exec(AddTo(a, intloc 0), Initialized
      IExec(I,p+*while>0(aux,IB),SW2.k))).aux by SCMFSA6C:8
        .= Exec(AddTo(a, intloc 0),
        Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).aux - Exec(
      AddTo(a, intloc 0),
      Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).intloc 0 by SCMFSA_2:65
        .= Exec(AddTo(a, intloc 0),
        Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).aux - (
      Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).intloc 0 by SCMFSA_2:64
        .= Exec(AddTo(a, intloc 0),
        Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).aux - 1 by SCMFSA_M:9
        .= (Initialized IExec(I,p+*while>0(aux,IB),SW2.k)).aux -1
         by A4,SCMFSA_2:64
        .= IExec(I,p+*while>0(aux,IB),SW2.k).aux -1 by SCMFSA_M:37
        .= (Initialized SW2.k).aux -1 by A13,A7,SCMFSA8C:95,SFMASTR1:1
        .= SW2.k.aux -1 by SCMFSA_M:37;
      hence SF.k1.aux + k1 = SW2.k.aux-1+k1 by A14,SCMFSA_M:2
        .= scb1 by A6,A8,A9,XXREAL_0:2;
    end;
  end;
A17: a in dom (s+*(aux, s.cc-s.bb+1)) by SCMFSA_2:42;
A18: aux in dom s by SCMFSA_2:42;
A19: P[0]
  proof
    assume
A20: 0 <= scb1;
A21: SW2.0 = s2 by SCMFSA_9:def 5;
    hence SF.0.intloc 0 = (s+*(aux, s.cc-s.bb+1)).intloc 0 by FUNCT_7:32
      .= 1 by A1,FUNCT_7:32;
    hereby
      assume I does not destroy a;
      thus SF.0.a = 0+s.bb by A17,A21,FUNCT_7:31;
      0+s.bb <= s.cc+1-s.bb+s.bb by A20,XREAL_1:6;
      hence SF.0.a <= s.cc+1 by A17,A21,FUNCT_7:31;
    end;
    thus SF.0.aux + 0 = (s+*(aux, s.cc-s.bb+1)).aux by A4,A21,FUNCT_7:32
      .= scb1 by A18,FUNCT_7:31;
  end;
  thus for k holds P[k] from NAT_1:sch 2(A19, A5);
end;
