reserve s for State of SCM+FSA,
  a, c for read-write Int-Location,
  aa, bb, cc,
  dd, x for Int-Location,
  f for FinSeq-Location,
  I, J for MacroInstruction of SCM+FSA,
  Ig for good MacroInstruction of SCM+FSA,
  i, k for Nat,
  p for Instruction-Sequence of SCM+FSA;
reserve I for MacroInstruction of SCM+FSA;

theorem
  UsedI*Loc swap(f, aa, bb) = {f}
proof
  set a = aa, b = bb;
  set aux1 = 1-stRWNotIn {a, b};
  set aux2 = 2-ndRWNotIn {a, b};
  thus UsedI*Loc swap(f, a, b) = UsedI*Loc (aux1 := (f,a) ";" (aux2 := (f,
  b)) ";" ((f,a) := aux2)) \/ UsedInt*Loc ((f,b) := aux1) by SF_MASTR:46
    .= UsedI*Loc (aux1 := (f,a) ";" (aux2 := (f,b)) ";" ((f,a) := aux2))
  \/ {f} by SF_MASTR:33
    .= UsedI*Loc (aux1 := (f,a) ";" (aux2 := (f,b))) \/ (UsedInt*Loc ((f,a
  ) := aux2)) \/ {f} by SF_MASTR:46
    .= UsedI*Loc (aux1 := (f,a) ";" (aux2 := (f,b))) \/ {f} \/ {f} by
SF_MASTR:33
    .= (UsedInt*Loc (aux1 := (f,a)) \/ (UsedInt*Loc (aux2 := (f,b)))) \/ {f}
  \/ {f} by SF_MASTR:47
    .= {f} \/ (UsedInt*Loc (aux2 := (f,b))) \/ {f} \/ {f} by SF_MASTR:33
    .= {f} \/ {f} \/ {f} by SF_MASTR:33
    .= {f};
end;
