reserve s, s1, s2 for State of SCM+FSA,
  p, p1 for Instruction-Sequence of SCM+FSA,
  a, b for Int-Location,
  d for read-write Int-Location,
  f for FinSeq-Location,
  I for MacroInstruction of SCM+FSA,
  J for good MacroInstruction of SCM+FSA,
  k, m for Nat;

theorem
  0 <= s.d implies IExec(triv-times(d),p,s).d = 0
proof
  set a = d;
  set I1 = while=0(a, Macro(a := a));
  set i2 = SubFrom(a, intloc 0);
  set I = I1 ";" i2;
  set au = 1-stRWNotIn ({a} \/ UsedILoc I);
  set ST = StepTimes(a,I,p,s);
  defpred X[Nat] means ($1 < s.a implies
   I is_halting_on ST.$1,p+*times*(a,I) & ST.$1.intloc 0 = 1) &
 ($1 <= s.a implies ST.$1.a+$1 = s.a
  & ST.$1.au = ST.$1.a);
  a in {a, intloc 0} by TARSKI:def 2;
  then a in UsedIntLoc SubFrom(a, intloc 0) by SF_MASTR:14;
  then a in (UsedILoc while=0(a, Macro(a := a))) \/ UsedIntLoc SubFrom(a,
  intloc 0) by XBOOLE_0:def 3;
  then
A1: a in UsedILoc I by SF_MASTR:30;
A2: for k st X[k] holds X[k+1]
  proof
    let k;
    assume that
A3: k < s.a implies
        I is_halting_on ST.k,p+*times*(a,I) &
        ST.k.intloc 0 = 1 and
A4: k <= s.a implies ST.k.a+k = s.a & ST.k.au = ST.k.a;
A5: now
      assume
A6:   k < s.a;
      then
A7:   ST.k.a <> 0 by A4;
      then
A8:   DataPart IExec(I1,p+*times*(a,I),ST.k) = DataPart ST.k
        by A3,A6,SCMFSA9A:22;
      I1 is_halting_on ST.k,p+*times*(a,I) by A7,SCMFSA_9:18;
      then
A9:  I1 is_halting_on Initialized ST.k,p+*times*(a,I) by A3,A6,SCMFSA8B:42;
A10:  k-k < s.a-k by A6,XREAL_1:9;
      hence ST.k.au > 0 by A4,A6;
      I is_halting_on Initialized ST.k,p+*times*(a,I) by A3,A6,SCMFSA8B:42;
      then ST.(k+1) | ((UsedILoc I) \/ FinSeq-Locations)
      = IExec(I,p+*times*(a,I),ST.k) | ((UsedILoc I) \/ FinSeq-Locations)
       by A3,A4,A6,A10,Th16;
      then ST.(k+1).a = IExec(I,p+*times*(a,I),ST.k).a by A1,SCMFSA_M:28
        .= Exec(i2, IExec(I1,p+*times*(a,I),ST.k)).a by A9,SFMASTR1:11
        .= IExec(I1,p+*times*(a,I),ST.k).a -
             IExec(I1,p+*times*(a,I),ST.k).intloc 0 by SCMFSA_2:65
        .= ST.k.a - IExec(I1,p+*times*(a,I),ST.k).intloc 0 by A8,SCMFSA_M:2
        .= ST.k.a - 1 by A3,A6,A8,SCMFSA_M:2;
      hence ST.(k+1).a+(k+1) = s.a by A4,A6;
    end;
    hereby
      assume
A11:  k+1 < s.a;
      then reconsider sa = s.a as Element of NAT by INT_1:3;
A12:  k < sa by A11,NAT_1:12;
      then
A13:  ST.(k+1).intloc 0 = 1 by A3,Th8;
A14:  ST.(k+1).a <> 0 by A5,A11,A12;
      I1 is_halting_on ST.(k+1),p+*times*(a,I) by A14,SCMFSA_9:18;
      then
A15:  I1 is_halting_on Initialized ST.(k+1),p+*times*(a,I) by A13,SCMFSA8B:42;
      Macro i2 is_halting_on IExec(I1,p+*times*(a,I),ST.(k+1)),p+*times*(a,I)
            by SCMFSA7B:19;
      then I is_halting_on Initialized ST.(k+1),p+*times*(a,I)
          by A15,SFMASTR1:3;
      hence I is_halting_on ST.(k+1),p+*times*(a,I) by A13,SCMFSA8B:42;
      thus ST.(k+1).intloc 0 =1 by A3,A12,Th8;
    end;
A16: k < k+1 by NAT_1:13;
    assume
A17: k+1 <= s.a;
    hence ST.(k+1).a+(k+1) = s.a by A5,A16,XXREAL_0:2;
    ST.(k+1).au = ST.k.a - 1 by A3,A4,A5,A17,A16,Th8,XXREAL_0:2;
    hence thesis by A4,A5,A17,A16,XXREAL_0:2;
  end;
A18: X[0]
  proof
    hereby
      assume 0 < s.a;
      then
A19:  ST.0.a <> 0 by Th9;
A20:  ST.0.intloc 0 = 1 by Th6;
      I1 is_halting_on ST.0,p+*times*(a,I) by A19,SCMFSA_9:18;
      then
A21:  I1 is_halting_on Initialized ST.0,p+*times*(a,I) by A20,SCMFSA8B:42;
      Macro i2 is_halting_on IExec(I1,p+*times*(a,I),ST.0),p+*times*(a,I)
       by SCMFSA7B:19;
      then I is_halting_on Initialized ST.0,p+*times*(a,I)
            by A21,SFMASTR1:3;
      hence I is_halting_on ST.0,p+*times*(a,I) by A20,SCMFSA8B:42;
      thus ST.0.intloc 0 = 1 by Th6;
    end;
    assume 0 <= s.a;
    thus ST.0.a+0 = s.a by Th9;
    ST.0.a = s.a by Th9;
    hence thesis by Th7;
  end;
A22: for k holds X[k] from NAT_1:sch 2(A18, A2);
A23: ProperTimesBody a,I,s,p
  by A22;
  assume 0 <= s.a;
  then reconsider k = s.a as Element of NAT by INT_1:3;
A24: StepTimes(a,I,p,s).k.a+k = s.a by A22;
   DataPart IExec(times(a,I),p,s) =
  DataPart StepTimes(a,I,p,s).k
      by A23,Th19;
  hence thesis by A24,SCMFSA_M:2;
end;
