reserve s for State of SCM+FSA,
  a, c for read-write Int-Location,
  aa, bb, cc,
  dd, x for Int-Location,
  f for FinSeq-Location,
  I, J for MacroInstruction of SCM+FSA,
  Ig for good MacroInstruction of SCM+FSA,
  i, k for Nat,
  p for Instruction-Sequence of SCM+FSA;
reserve I for MacroInstruction of SCM+FSA;

theorem
  for S being State of SCM+FSA st S = IExec(Selection-sort f,p,s)
   holds S.f is_non_decreasing_on 1, len (S.f) &
   ex p being Permutation of dom(s.f) st S.f = (s.f) * p
proof
  set minpos = 2-ndRWNotIn {} Int-Locations;
  set cv = 1-stRWNotIn {} Int-Locations;
  let S be State of SCM+FSA such that
A1: S = IExec(Selection-sort f,p,s);
  set I22 = swap(f, cv, minpos);
  set finish = 1-stNotUsed swap(f, cv, minpos);
  set i1 = finish :=len f;
  set I21 = FinSeqMin(f, cv, finish, minpos);
  set I2B = I21 ";" I22;
  set I2 = for-up ( cv, intloc 0, finish, I2B );
  set s1 = Exec(i1, Initialized s),
      p1 = p;
A2: s1.intloc 0 = (Initialized s).intloc 0 by SCMFSA_2:74
    .= 1 by SCMFSA_M:9;
  cv in {cv, minpos} by TARSKI:def 2;
  then cv <> 1-stRWNotIn {cv, minpos} & cv <> 2-ndRWNotIn{cv, minpos} by
SCMFSA_M:25;
  then
A3: swap(f, cv, minpos) does not destroy cv by Th30;
  set SF = StepForUp(cv, intloc 0, finish, I2B, p1, s1);
A4: s1.finish = len ((Initialized s).f) by SCMFSA_2:74
    .= len (s.f) by SCMFSA_M:37;
  then reconsider n = s1.finish-s1.intloc 0 +1 as Element of NAT by A2;
  defpred P[Nat] means
   $1 <= n implies SF.$1.cv = $1+s1.intloc 0 &
  SF.$1.finish = s1.finish & SF.$1.f is_split_at $1 & SF.$1.f
is_non_decreasing_on 1, $1 & ex p being Permutation of dom(s.f) st SF.$1.f = (s
  .f) * p;
  defpred Q[Nat] means $1 < n implies SF.$1.intloc 0 = 1 &
  I2B is_halting_on SF.$1,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0));
A5: for k being Nat st Q[k] holds Q[k+1]
  proof
    let k be Nat such that
A6: Q[k];
    assume k+1 < n;
    hence
A7: SF.(k+1).intloc 0 = 1 by A6,Th16,NAT_1:13;
    (Initialized SF.(k+1)).intloc 0 = 1 by SCMFSA_M:9;
    then
A8: I21 is_halting_on Initialized
    SF.(k+1),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by Th27;
    I22 is_halting_on IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.(k+1)),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by SCMFSA7B:19;
    then I2B is_halting_on Initialized SF.(k+1),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by SFMASTR1:3,A8;
    hence thesis by A7,SCMFSA8B:42;
  end;
A9: Q[0]
  proof
    (Initialized SF.0).intloc 0 = 1 by SCMFSA_M:9;
    then
A10: I21 is_halting_on Initialized SF.0,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
    by Th27;
    assume 0 < n;
    thus
A11: SF.0.intloc 0 = 1 by A2,Th8;
   I22 is_halting_on IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.0),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by SCMFSA7B:19;
    then I2B is_halting_on Initialized SF.0,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by SFMASTR1:3,A10;
    hence thesis by A11,SCMFSA8B:42;
  end;
A12: for k being Nat holds Q[k] from NAT_1:sch 2(A9, A5);
A13: ProperForUpBody cv, intloc 0, finish, I2B, s1, p1
  by A12;
  then
A14: DataPart IExec(I2,p1,s1) = DataPart SF.n by A2,Th23;
  I2 is_halting_on s1,p1 by A2,A13,Th24;
  then
A15: S.f = IExec(I2,p1,s1).f by A1,SFMASTR1:15
    .= SF.n.f by A14,SCMFSA_M:2;
  FinSeqMin(f, cv, finish, minpos) does not destroy cv by Th25,SCMFSA_M:26;
  then
A16: I2B does not destroy cv by A3,SCMFSA8C:52;
A17: for k being Nat st P[k] holds P[k+1]
  proof
    let k be Nat such that
A18: P[k];
A19: now
      assume
A20:  k < n;
      hence
A21:  SF.k.intloc 0 = 1 by A12;
      I2B is_halting_on SF.k,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
      by A12,A20;
      hence I2B is_halting_on Initialized SF.k,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by A21,SCMFSA8B:42;
      thus SF.k.cv = k+s1.intloc 0 by A18,A20;
      thus SF.k.finish = s1.finish by A18,A20;
      thus SF.k.cv <= s1.finish by A2,A18,A20,NAT_1:13;
      thus SF.(k+1) | ({cv, intloc 0, finish} \/ (UsedILoc I2B) \/
FinSeq-Locations) = IExec(I2B ";" AddTo(cv,intloc 0),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k) |
       ({cv, intloc 0,
      finish} \/ (UsedILoc I2B) \/ FinSeq-Locations) by A2,A13,A20,Th19;
    end;
    set F = SF.k.f, F1 = SF.(k+1).f;
    assume
A22: k+1 <= n;
    then consider pp being Permutation of dom(s.f) such that
A23: F = (s.f) * pp by A18,NAT_1:13;
    thus SF.(k+1).cv = (k+1)+s1.intloc 0 by A16,A2,A13,A22,Th17;
A24: I22 is_halting_on
    Initialized IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
       by SCMFSA7B:19;
A25: finish = 1-stRWNotIn UsedILoc I22 by SFMASTR1:def 4;
    set ma = min_at(F, k+1, len F);
A26: dom(s.f) = Seg len(s.f) by FINSEQ_1:def 3;
    then
A27: len F = len (s.f) by A23,FINSEQ_2:43;
A28: 1 <= k+1 by NAT_1:12;
    then
A29: k+1 <= ma by A2,A4,A22,A27,FINSEQ_6:161;
    then
A30: 1 <= ma by A28,XXREAL_0:2;
    ma <= len F by A2,A4,A22,A27,A28,FINSEQ_6:161;
    then
A31: ma in dom F by A30,FINSEQ_3:25;
A32: {cv, minpos} c= UsedILoc I22 by Th33;
    minpos in {cv, minpos} by TARSKI:def 2;
    then
A33: finish <> minpos by A25,A32,SCMFSA_M:25;
    cv in {cv, minpos} by TARSKI:def 2;
    then
A34: cv <> finish by A25,A32,SCMFSA_M:25;
A35: cv <> minpos by SCMFSA_M:26;
    (Initialized SF.k).intloc 0 = 1 by SCMFSA_M:9;
    then
A36: I21 is_halting_on Initialized SF.k,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0))
    by Th27;
A37: F1 = F+*(k+1, F.ma)+*(ma, F.(k+1))
    proof
      set S2 = IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k);
A38:  len F = |.len F.| by ABSVALUE:def 1;
      SF.k.finish = len F & k+1 = |.k+1.| by A4,A19,A22,A23,A26,ABSVALUE:def 1
,FINSEQ_2:43,NAT_1:13;
      then
A39:  S2.minpos = ma by A2,A19,A22,A33,A35,A28,A38,Th29,NAT_1:13;
      then
A40:  1 <= S2.minpos by A28,A29,XXREAL_0:2;
A41:  S2.f = F by A19,A22,A33,A35,Th28,NAT_1:13;
      then
A42:  S2.minpos <= len (S2.f) by A2,A4,A22,A27,A28,A39,FINSEQ_6:161;
A43:  S2.cv = k+1 & S2.intloc 0 = 1 by A2,A19,A22,A36,A33,A35,Th28,NAT_1:13
,SCMFSA8C:67;
      thus F1 = IExec(I2B ";" AddTo(cv, intloc 0),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k).f
       by A19,A22,NAT_1:13,SCMFSA_M:28
        .= Exec(AddTo(cv, intloc 0), IExec(I2B,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k)).f
       by A19,A22,NAT_1:13,SFMASTR1:12
        .= IExec(I2B,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k).f
       by SCMFSA_2:64
        .= IExec(I22,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
      intloc 0)), SF.k)).f by A36,SFMASTR1:8
        .= F+*(k+1, F.ma)+*(ma, F.(k+1)) by A2,A4,A22,A27,A28,A41,A39,A40,A42
,A43,Th31;
    end;
    k+1 in dom F by A2,A4,A22,A27,A28,FINSEQ_3:25;
    then consider p1 being Permutation of dom F such that
A44: F1 = F*p1 by A31,A37,FUNCT_7:111;
    {cv, finish, minpos} c= UsedILoc I21 & finish in {cv, finish,
    minpos} by Th26,ENUMSET1:def 1;
    then finish in (UsedILoc I21) \/ UsedILoc I22 by XBOOLE_0:def 3;
    then finish in UsedILoc I2B by SF_MASTR:27;
    then finish in {cv, intloc 0, finish} \/ UsedILoc I2B by XBOOLE_0:def 3;
    hence SF.(k+1).finish = IExec(I2B ";" AddTo(cv,intloc 0),
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k).finish by A19,A22,NAT_1:13,SCMFSA_M:28
      .= Exec(AddTo(cv, intloc 0), IExec(I2B,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k)).finish by A19,A22,NAT_1:13,SFMASTR1:11
      .= IExec(I2B,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k).finish by A34,SCMFSA_2:64
      .= IExec(I22,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
      intloc 0)), SF.k)).finish by A36,SFMASTR1:7
      .= (Initialized IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k)).finish
      by A25,A24,SCMFSA_M:25,SFMASTR2:1
      .= IExec(I21,
   p +* while>0(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B),
     I2B ";" AddTo(cv,intloc 0) ";"
      SubFrom(1-stRWNotIn ({cv,intloc 0,finish} \/ UsedILoc I2B), intloc 0)),
      SF.k).finish by SCMFSA_M:37
      .= s1.finish by A19,A22,A33,A35,Th28,NAT_1:13;
    thus SF.(k+1).f is_split_at (k+1) by A2,A4,A18,A22,A27,A37,FINSEQ_6:164
,NAT_1:13;
    thus SF.(k+1).f is_non_decreasing_on 1, (k+1) by A2,A4,A18,A22,A27,A37,
FINSEQ_6:163,NAT_1:13;
    dom F = dom(s.f) by A27,FINSEQ_3:29;
    then reconsider p1 as Permutation of dom(s.f);
    reconsider ppp = pp*p1 as Permutation of dom(s.f);
    take ppp;
    thus thesis by A23,A44,RELAT_1:36;
  end;
A45: dom(s.f) = Seg len(s.f) by FINSEQ_1:def 3;
A46: cv in {cv, minpos} by TARSKI:def 2;
  finish = 1-stRWNotIn UsedILoc I22 & {cv, minpos} c= UsedILoc I22 by Th33,
SFMASTR1:def 4;
  then
A47: cv <> finish by A46,SCMFSA_M:25;
A48: P[0]
  proof
    assume 0 <= n;
    thus SF.0.cv = 0+s1.intloc 0 by Th9;
    thus SF.0.finish = s1.finish by A47,Th11;
    thus SF.0.f is_split_at 0;
    thus SF.0.f is_non_decreasing_on 1, 0;
    dom(s.f) = Seg len(s.f) by FINSEQ_1:def 3;
    then reconsider p = idseq len (s.f) as Permutation of dom(s.f) by
FINSEQ_2:55;
    take p;
    SF.0.f = s1.f by Th13
      .= (Initialized s).f by SCMFSA_2:74
      .= s.f by SCMFSA_M:37;
    hence thesis by FINSEQ_2:54;
  end;
A49: for k being Nat holds P[k] from NAT_1:sch 2(A48, A17);
  then ex p being Permutation of dom(s.f) st SF.n.f = (s.f) * p;
  then len (S.f) = n by A2,A4,A15,A45,FINSEQ_2:43;
  hence S.f is_non_decreasing_on 1, len (S.f) by A49,A15;
  thus thesis by A49,A15;
end;
