reserve a, b, c, a1, a2, b1, b2 for Int-Location,
  l, l1, l2 for Nat,
  f, g, f1, f2 for FinSeq-Location,
  i, j for Instruction of SCM+FSA,
  X, Y for set;
reserve p, r for preProgram of SCM+FSA,
  I, J for Program of SCM+FSA,
  k, m, n for Nat;
reserve L for finite Subset of Int-Locations;
reserve L for finite Subset of FinSeq-Locations;
reserve s, t for State of SCM+FSA;
reserve P for Instruction-Sequence of SCM+FSA;

theorem
  I c= P &
   (for m st m < n holds IC Comput(P,s,m) in dom I) &
    not a in UsedILoc I implies Comput(P,s,n).a = s.a
proof
  assume that
A1: I c= P and
A2: for m st m < n holds IC Comput(P,s,m) in dom I and
A3: not a in UsedILoc I;
  defpred X[Nat] means $1 <= n implies Comput(P,s,$1).a = s.a;
A4: for m st X[m] holds X[m+1]
  proof
    let m;
    set sm = Comput(P,s,m);
    assume
A5: m <= n implies sm.a = s.a;
    assume
A6: m+1 <= n;
    then m < n by NAT_1:13;
    then
A7: IC sm in dom I by A2;
    then
A8: I.IC sm in rng I by FUNCT_1:def 3;
    dom P = NAT by PARTFUN1:def 2;
    then
A9:  (P)/.IC sm = P.IC sm by PARTFUN1:def 6;
    I.IC sm = P.IC sm by A7,A1,GRFUNC_1:2;
    then UsedIntLoc P.IC sm c= UsedILoc I by A8,Th19;
    then
A10: not a in UsedIntLoc P.IC sm by A3;
    thus Comput(P,s,m+1).a = (Following(P,sm)).a by EXTPRO_1:3
      .= s.a by A5,A6,A10,Th60,A9,NAT_1:13;
  end;
A11: X[0];
  for m holds X[m] from NAT_1:sch 2(A11, A4);
  hence thesis;
end;
