reserve m,n for Nat,
  I for Program of SCM+FSA,
  s,s1,s2 for State of SCM+FSA,
  a for Int-Location,
  f for FinSeq-Location,
  p,p1,p2 for Instruction-Sequence of SCM+FSA;

theorem
  for s being State of SCM+FSA, I being really-closed Program of SCM+FSA, a
being Int-Location st I does not destroy a &
:::I is_closed_onInit s,p &
 Initialize ((intloc 0) .--> 1) c= s & I c= p
   holds for k being Nat holds Comput(p,s,k).a = s.a
proof
  let s be State of SCM+FSA,
      I be really-closed Program of SCM+FSA,a be Int-Location;
  assume
A1: I does not destroy a;
  defpred P[Nat] means Comput(p,s,$1).a = s.a;
  assume iS c= s;
  then
A2: Initialized s = s by FUNCT_4:98;
  assume
A3: I c= p;
A4: now
    let k be Nat;
    assume
A5: P[k];
    set l = IC Comput(p,s,k);
    IC s = 0 by A2,MEMSTR_0:def 11;
    then IC s in dom I by AFINSQ_1:65;
    then
A6: l in dom I by AMISTD_1:21,A3;
    then p.l = I.l by A3,GRFUNC_1:2;
    then p.l in rng I by A6,FUNCT_1:def 3;
    then
A7: p.l does not destroy a by A1;
    Comput(p, s,k + 1).a = (Following(p,
    Comput(p,s,k))).a by EXTPRO_1:3
      .= Exec(p.l,Comput(p,s,k)).a by PBOOLE:143
      .= s.a by A5,A7,SCMFSA7B:20;
    hence P[k+1];
  end;
A8: P[0];
  thus for k being Nat holds P[k] from NAT_1:sch 2(A8,A4);
end;
