reserve s, s1, s2 for State of SCM+FSA,
  p, p1 for Instruction-Sequence of SCM+FSA,
  a, b for Int-Location,
  d for read-write Int-Location,
  f for FinSeq-Location,
  I for MacroInstruction of SCM+FSA,
  J for good MacroInstruction of SCM+FSA,
  k, m for Nat;

theorem
 for I being really-closed MacroInstruction of SCM+FSA holds
  s.a <= 0 & s.intloc 0 = 1 implies IExec(times(a, I),p,s) | ((UsedILoc
  I) \/ FinSeq-Locations) = s | ((UsedILoc I) \/ FinSeq-Locations)
proof let I be really-closed MacroInstruction of SCM+FSA;
  set FSL = FinSeq-Locations;
  assume that
A1: s.a <= 0 and
A2: s.intloc 0 = 1;
  set UILI = UsedILoc I;
  set au = 1-stRWNotIn ({a} \/ UsedILoc I);
  set WH = while>0 ( au, I ";" SubFrom(au, intloc 0) );
  set s1 = Exec(au := a, Initialized s);
A3: a = intloc 0 or a is read-write by SCMFSA_M:def 2;
A4:  s1 =  IExec(Macro(au:=a),p,s) by SCMFSA6C:5;
A5: s1.au = (Initialized s).a by SCMFSA_2:63
    .= s.a by A2,A3,SCMFSA_M:9,37;
  then
A6:  WH is_halting_on IExec(Macro(au:=a),p,s),p
     by A1,A4,SCMFSA_9:38;
  s1.intloc 0 = (Initialized s).intloc 0 by SCMFSA_2:63
    .= 1 by SCMFSA_M:9;
  then
A7: DataPart IExec(WH,p,s1) = DataPart s1 by A1,A5,SCMFSA9A:35;
A8: now
    let x be FinSeq-Location;
    assume x in FSL;
    thus IExec(times(a,I),p,s).x
       = IExec(WH,p,s1).x by A4,SFMASTR1:15,A6
      .= s1.x by A7,SCMFSA_M:2
      .= (Initialized s).x by SCMFSA_2:63
      .= s.x by SCMFSA_M:37;
  end;
A9: DataPart s = DataPart Initialized s by A2,SCMFSA_M:19;
A10: now
    let x be Int-Location;
A11: not au in {a} \/ UILI by SCMFSA_M:25;
    assume x in UILI;
    then
A12: au <> x by A11,XBOOLE_0:def 3;
    thus IExec(times(a,I),p,s).x
       = IExec(WH,p,s1).x by A4,SFMASTR1:14,A6
      .= s1.x by A7,SCMFSA_M:2
      .= (Initialized s).x by A12,SCMFSA_2:63
      .= s.x by A9,SCMFSA_M:2;
  end;
  [#] FSL = FSL;
  hence thesis by A10,A8,SCMFSA_M:27;
end;
