reserve s, s1, s2 for State of SCM+FSA,
  p, p1 for Instruction-Sequence of SCM+FSA,
  a, b for Int-Location,
  d for read-write Int-Location,
  f for FinSeq-Location,
  I for MacroInstruction of SCM+FSA,
  J for good MacroInstruction of SCM+FSA,
  k, m for Nat;

theorem
  s.d <= 0 implies IExec(triv-times(d),p,s).d = s.d
proof
  set a = d;
  assume
A1: s.a <= 0;
  set I = while=0(a, Macro(a := a)) ";" SubFrom(a, intloc 0);
  set au = 1-stRWNotIn ({a} \/ UsedILoc I);
  reconsider WH = while>0 ( au, I ";" SubFrom(au, intloc 0) )
    as MacroInstruction of SCM+FSA;
  set s1 = Exec(au := a, Initialized s);
A2: s1.au = (Initialized s).a by SCMFSA_2:63
    .= s.a by SCMFSA_M:37;
  a in {a} by TARSKI:def 1;
  then a in {a} \/ UsedILoc I by XBOOLE_0:def 3;
  then
A3: au <> a by SCMFSA_M:25;
  s1.intloc 0 = (Initialized s).intloc 0 by SCMFSA_2:63
    .= 1 by SCMFSA_M:9;
  then
A4: DataPart IExec(WH,p,s1) = DataPart s1 by A1,A2,SCMFSA9A:35;
A5:  s1 =  IExec(Macro(au:=a),p,s) by SCMFSA6C:5;
  then WH is_halting_on IExec(Macro(au := a),p,s),p by A1,A2,SCMFSA_9:38;
  hence IExec(triv-times(a),p,s).a = IExec(WH,p,s1).a by A5,SFMASTR1:14
    .= s1.a by A4,SCMFSA_M:2
    .= (Initialized s).a by A3,SCMFSA_2:63
    .= s.a by SCMFSA_M:37;
end;
