reserve m,n for Nat,
  I for Program of SCM+FSA,
  s,s1,s2 for State of SCM+FSA,
  a for Int-Location,
  f for FinSeq-Location,
  p,p1,p2 for Instruction-Sequence of SCM+FSA;

theorem
  for s be State of SCM+FSA,
  I be keepInt0_1 InitHalting really-closed Program of
  SCM+FSA, a being read-write Int-Location st I does not destroy a holds
Comput(p +* (I ";" SubFrom(a,intloc 0)),
 Initialize Initialized s,
 LifeSpan(p +* (I ";" SubFrom(a,intloc 0)),
 Initialize Initialized s)).a
  = s.a - 1
proof
  let s be State of SCM+FSA,
      I be keepInt0_1 InitHalting really-closed Program of SCM+FSA;
  let a be read-write Int-Location;
  assume
A1: I does not destroy a;
  set s0 = Initialized s,
      p0 = p;
  set s1 = Initialize s0,
      p1 = p0 +* (I ";" SubFrom(a,intloc 0));
A2: a <> IC SCM+FSA by SCMFSA_2:56;
A3: not a in dom SA0 by A2,TARSKI:def 1;
  IExec(I ";" SubFrom(a,intloc 0),p,s).a
   = Exec(SubFrom(a,intloc 0),IExec(I,p,s)).a by Th21
    .= IExec(I,p,s).a - IExec(I,p,s).intloc 0 by SCMFSA_2:65
    .= IExec(I,p,s).a - 1 by Th7
    .= Comput(p0 +* I, (Initialize s0),0).a - 1
    by A1,Th43
    .= (Initialize s0).a - 1
    .= s0.a - 1 by A3,FUNCT_4:11;
  hence Comput(p1, s1,LifeSpan(p1,s1)).a = s0.a - 1 by Th42
    .= s.a - 1 by SCMFSA_M:37;
end;
