:: SCPINVAR semantic presentation

theorem Th1: :: SCPINVAR:1
for b1, b2, b3 being Nat st b1 divides b2 & b1 divides b3 holds
b1 divides b2 - b3
proof end;

theorem Th2: :: SCPINVAR:2
for b1, b2 being Nat holds
( b1 divides b2 iff b1 divides b2 )
proof end;

theorem Th3: :: SCPINVAR:3
for b1, b2 being Nat holds b1 hcf b2 = b1 hcf (abs (b2 - b1))
proof end;

theorem Th4: :: SCPINVAR:4
for b1, b2 being Integer st b1 >= 0 & b2 >= 0 holds
b1 gcd b2 = b1 gcd (b2 - b1)
proof end;

theorem Th5: :: SCPINVAR:5
for b1, b2 being Instruction of SCMPDS
for b3 being Program-block holds
( ((b1 ';' b2) ';' b3) . (inspos 0) = b1 & ((b1 ';' b2) ';' b3) . (inspos 1) = b2 )
proof end;

theorem Th6: :: SCPINVAR:6
for b1, b2 being Int_position ex b3 being Function of product the Object-Kind of SCMPDS , NAT st
for b4 being State of SCMPDS holds
( ( b4 . b1 = b4 . b2 implies b3 . b4 = 0 ) & ( b4 . b1 <> b4 . b2 implies b3 . b4 = max (abs (b4 . b1)),(abs (b4 . b2)) ) )
proof end;

theorem Th7: :: SCPINVAR:7
for b1 being Int_position ex b2 being Function of product the Object-Kind of SCMPDS , NAT st
for b3 being State of SCMPDS holds
( ( b3 . b1 >= 0 implies b2 . b3 = 0 ) & ( b3 . b1 < 0 implies b2 . b3 = - (b3 . b1) ) )
proof end;

set c1 = the Instruction-Locations of SCMPDS ;

set c2 = SCM-Data-Loc ;

scheme :: SCPINVAR:sch 1
s1{ F1( State of SCMPDS ) -> Nat, F2() -> State of SCMPDS , F3() -> shiftable No-StopCode Program-block, F4() -> Int_position , F5() -> Integer, P1[ set ] } :
( F1((Dstate (IExec (while<0 F4(),F5(),F3()),F2()))) = 0 & P1[ Dstate (IExec (while<0 F4(),F5(),F3()),F2())] )
provided
E8: card F3() > 0 and
E9: for b1 being State of SCMPDS st P1[ Dstate b1] holds
( F1((Dstate b1)) = 0 iff b1 . (DataLoc (F2() . F4()),F5()) >= 0 ) and
E10: P1[ Dstate F2()] and
E11: for b1 being State of SCMPDS st P1[ Dstate b1] & b1 . F4() = F2() . F4() & b1 . (DataLoc (F2() . F4()),F5()) < 0 holds
( (IExec F3(),b1) . F4() = b1 . F4() & F3() is_closed_on b1 & F3() is_halting_on b1 & F1((Dstate (IExec F3(),b1))) < F1((Dstate b1)) & P1[ Dstate (IExec F3(),b1)] )
proof end;

set c3 = intpos 1;

set c4 = intpos 2;

set c5 = intpos 3;

definition
let c6, c7 be Nat;
func sum c1,c2 -> Program-block equals :: SCPINVAR:def 1
((((GBP := 0) ';' ((intpos 1) := 0)) ';' ((intpos 2) := (- a1))) ';' ((intpos 3) := (a2 + 1))) ';' (while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)));
coherence
((((GBP := 0) ';' ((intpos 1) := 0)) ';' ((intpos 2) := (- c6))) ';' ((intpos 3) := (c7 + 1))) ';' (while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1))) is Program-block ;
end;

:: deftheorem Def1 defines sum SCPINVAR:def 1 :
for b1, b2 being Nat holds sum b1,b2 = ((((GBP := 0) ';' ((intpos 1) := 0)) ';' ((intpos 2) := (- b1))) ';' ((intpos 3) := (b2 + 1))) ';' (while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)));

theorem Th8: :: SCPINVAR:8
for b1 being State of SCMPDS
for b2 being shiftable No-StopCode Program-block
for b3, b4, b5 being Int_position
for b6, b7, b8 being Nat
for b9 being FinSequence of INT st card b2 > 0 & b9 is_FinSequence_on b1,b8 & len b9 = b6 & b1 . b4 = 0 & b1 . b3 = 0 & b1 . (intpos b7) = - b6 & b1 . b5 = b8 + 1 & ( for b10 being State of SCMPDS st ex b11 being FinSequence of INT st
( b11 is_FinSequence_on b1,b8 & len b11 = (b10 . (intpos b7)) + b6 & b10 . b4 = Sum b11 & b10 . b5 = (b8 + 1) + (len b11) ) & b10 . b3 = 0 & b10 . (intpos b7) < 0 & ( for b11 being Nat st b11 > b8 holds
b10 . (intpos b11) = b1 . (intpos b11) ) holds
( (IExec b2,b10) . b3 = 0 & b2 is_closed_on b10 & b2 is_halting_on b10 & (IExec b2,b10) . (intpos b7) = (b10 . (intpos b7)) + 1 & ex b11 being FinSequence of INT st
( b11 is_FinSequence_on b1,b8 & len b11 = ((b10 . (intpos b7)) + b6) + 1 & (IExec b2,b10) . b5 = (b8 + 1) + (len b11) & (IExec b2,b10) . b4 = Sum b11 ) & ( for b11 being Nat st b11 > b8 holds
(IExec b2,b10) . (intpos b11) = b1 . (intpos b11) ) ) ) holds
( (IExec (while<0 b3,b7,b2),b1) . b4 = Sum b9 & while<0 b3,b7,b2 is_closed_on b1 & while<0 b3,b7,b2 is_halting_on b1 )
proof end;

set c6 = AddTo GBP ,1,(intpos 3),0;

set c7 = AddTo GBP ,2,1;

set c8 = AddTo GBP ,3,1;

set c9 = ((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1);

set c10 = while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1));

Lemma9: for b1 being State of SCMPDS
for b2 being Nat st b1 . GBP = 0 & b1 . (intpos 3) = b2 holds
( (IExec (((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)),b1) . GBP = 0 & (IExec (((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)),b1) . (intpos 1) = (b1 . (intpos 1)) + (b1 . (intpos b2)) & (IExec (((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)),b1) . (intpos 2) = (b1 . (intpos 2)) + 1 & (IExec (((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)),b1) . (intpos 3) = b2 + 1 & ( for b3 being Nat st b3 > 3 holds
(IExec (((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)),b1) . (intpos b3) = b1 . (intpos b3) ) )
proof end;

Lemma10: card (((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)) = 3
proof end;

Lemma11: for b1 being State of SCMPDS
for b2, b3 being Nat
for b4 being FinSequence of INT st b3 >= 3 & b4 is_FinSequence_on b1,b3 & len b4 = b2 & b1 . (intpos 1) = 0 & b1 . GBP = 0 & b1 . (intpos 2) = - b2 & b1 . (intpos 3) = b3 + 1 holds
( (IExec (while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1))),b1) . (intpos 1) = Sum b4 & while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)) is_closed_on b1 & while<0 GBP ,2,(((AddTo GBP ,1,(intpos 3),0) ';' (AddTo GBP ,2,1)) ';' (AddTo GBP ,3,1)) is_halting_on b1 )
proof end;

Lemma12: for b1 being State of SCMPDS
for b2, b3 being Nat
for b4 being FinSequence of INT st b3 >= 3 & b4 is_FinSequence_on b1,b3 & len b4 = b2 holds
( (IExec (sum b2,b3),b1) . (intpos 1) = Sum b4 & sum b2,b3 is_halting_on b1 )
proof end;

theorem Th9: :: SCPINVAR:9
for b1 being State of SCMPDS
for b2, b3 being Nat
for b4 being FinSequence of INT st b3 >= 3 & b4 is_FinSequence_on b1,b3 & len b4 = b2 holds
( (IExec (sum b2,b3),b1) . (intpos 1) = Sum b4 & sum b2,b3 is parahalting )
proof end;

scheme :: SCPINVAR:sch 2
s2{ F1( State of SCMPDS ) -> Nat, F2() -> State of SCMPDS , F3() -> shiftable No-StopCode Program-block, F4() -> Int_position , F5() -> Integer, P1[ set ] } :
( F1((Dstate (IExec (while>0 F4(),F5(),F3()),F2()))) = 0 & P1[ Dstate (IExec (while>0 F4(),F5(),F3()),F2())] )
provided
E13: card F3() > 0 and
E14: for b1 being State of SCMPDS st P1[ Dstate b1] holds
( F1((Dstate b1)) = 0 iff b1 . (DataLoc (F2() . F4()),F5()) <= 0 ) and
E15: P1[ Dstate F2()] and
E16: for b1 being State of SCMPDS st P1[ Dstate b1] & b1 . F4() = F2() . F4() & b1 . (DataLoc (F2() . F4()),F5()) > 0 holds
( (IExec F3(),b1) . F4() = b1 . F4() & F3() is_closed_on b1 & F3() is_halting_on b1 & F1((Dstate (IExec F3(),b1))) < F1((Dstate b1)) & P1[ Dstate (IExec F3(),b1)] )
proof end;

definition
let c11 be Nat;
func Fib-macro c1 -> Program-block equals :: SCPINVAR:def 2
((((GBP := 0) ';' ((intpos 1) := 0)) ';' ((intpos 2) := 1)) ';' ((intpos 3) := a1)) ';' (while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))));
coherence
((((GBP := 0) ';' ((intpos 1) := 0)) ';' ((intpos 2) := 1)) ';' ((intpos 3) := c11)) ';' (while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1)))) is Program-block ;
end;

:: deftheorem Def2 defines Fib-macro SCPINVAR:def 2 :
for b1 being Nat holds Fib-macro b1 = ((((GBP := 0) ';' ((intpos 1) := 0)) ';' ((intpos 2) := 1)) ';' ((intpos 3) := b1)) ';' (while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))));

theorem Th10: :: SCPINVAR:10
for b1 being State of SCMPDS
for b2 being shiftable No-StopCode Program-block
for b3, b4, b5 being Int_position
for b6, b7 being Nat st card b2 > 0 & b1 . b3 = 0 & b1 . b4 = 0 & b1 . b5 = 1 & b1 . (intpos b7) = b6 & ( for b8 being State of SCMPDS
for b9 being Nat st b6 = (b8 . (intpos b7)) + b9 & b8 . b4 = Fib b9 & b8 . b5 = Fib (b9 + 1) & b8 . b3 = 0 & b8 . (intpos b7) > 0 holds
( (IExec b2,b8) . b3 = 0 & b2 is_closed_on b8 & b2 is_halting_on b8 & (IExec b2,b8) . (intpos b7) = (b8 . (intpos b7)) - 1 & (IExec b2,b8) . b4 = Fib (b9 + 1) & (IExec b2,b8) . b5 = Fib ((b9 + 1) + 1) ) ) holds
( (IExec (while>0 b3,b7,b2),b1) . b4 = Fib b6 & (IExec (while>0 b3,b7,b2),b1) . b5 = Fib (b6 + 1) & while>0 b3,b7,b2 is_closed_on b1 & while>0 b3,b7,b2 is_halting_on b1 )
proof end;

set c11 = GBP ,4 := GBP ,2;

set c12 = AddTo GBP ,2,GBP ,1;

set c13 = GBP ,1 := GBP ,4;

set c14 = AddTo GBP ,3,(- 1);

set c15 = (((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1));

set c16 = while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1)));

Lemma14: for b1 being State of SCMPDS st b1 . GBP = 0 holds
( (IExec ((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))),b1) . GBP = 0 & (IExec ((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))),b1) . (intpos 1) = b1 . (intpos 2) & (IExec ((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))),b1) . (intpos 2) = (b1 . (intpos 1)) + (b1 . (intpos 2)) & (IExec ((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))),b1) . (intpos 3) = (b1 . (intpos 3)) - 1 )
proof end;

Lemma15: card ((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))) = 4
proof end;

Lemma16: for b1 being State of SCMPDS
for b2 being Nat st b1 . GBP = 0 & b1 . (intpos 1) = 0 & b1 . (intpos 2) = 1 & b1 . (intpos 3) = b2 holds
( (IExec (while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1)))),b1) . (intpos 1) = Fib b2 & (IExec (while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1)))),b1) . (intpos 2) = Fib (b2 + 1) & while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))) is_closed_on b1 & while>0 GBP ,3,((((GBP ,4 := GBP ,2) ';' (AddTo GBP ,2,GBP ,1)) ';' (GBP ,1 := GBP ,4)) ';' (AddTo GBP ,3,(- 1))) is_halting_on b1 )
proof end;

Lemma17: for b1 being State of SCMPDS
for b2 being Nat holds
( (IExec (Fib-macro b2),b1) . (intpos 1) = Fib b2 & (IExec (Fib-macro b2),b1) . (intpos 2) = Fib (b2 + 1) & Fib-macro b2 is_halting_on b1 )
proof end;

theorem Th11: :: SCPINVAR:11
for b1 being State of SCMPDS
for b2 being Nat holds
( (IExec (Fib-macro b2),b1) . (intpos 1) = Fib b2 & (IExec (Fib-macro b2),b1) . (intpos 2) = Fib (b2 + 1) & Fib-macro b2 is parahalting )
proof end;

definition
let c17 be Int_position ;
let c18 be Integer;
let c19 be Program-block;
func while<>0 c1,c2,c3 -> Program-block equals :: SCPINVAR:def 3
(((a1,a2 <>0_goto 2) ';' (goto ((card a3) + 2))) ';' a3) ';' (goto (- ((card a3) + 2)));
coherence
(((c17,c18 <>0_goto 2) ';' (goto ((card c19) + 2))) ';' c19) ';' (goto (- ((card c19) + 2))) is Program-block ;
end;

:: deftheorem Def3 defines while<>0 SCPINVAR:def 3 :
for b1 being Int_position
for b2 being Integer
for b3 being Program-block holds while<>0 b1,b2,b3 = (((b1,b2 <>0_goto 2) ';' (goto ((card b3) + 2))) ';' b3) ';' (goto (- ((card b3) + 2)));

theorem Th12: :: SCPINVAR:12
for b1 being Int_position
for b2 being Integer
for b3 being Program-block holds card (while<>0 b1,b2,b3) = (card b3) + 3
proof end;

Lemma19: for b1 being Int_position
for b2 being Integer
for b3 being Program-block holds card (stop (while<>0 b1,b2,b3)) = (card b3) + 4
proof end;

theorem Th13: :: SCPINVAR:13
for b1 being Int_position
for b2 being Integer
for b3 being Nat
for b4 being Program-block holds
( b3 < (card b4) + 3 iff inspos b3 in dom (while<>0 b1,b2,b4) )
proof end;

theorem Th14: :: SCPINVAR:14
for b1 being Int_position
for b2 being Integer
for b3 being Program-block holds
( inspos 0 in dom (while<>0 b1,b2,b3) & inspos 1 in dom (while<>0 b1,b2,b3) )
proof end;

theorem Th15: :: SCPINVAR:15
for b1 being Int_position
for b2 being Integer
for b3 being Program-block holds
( (while<>0 b1,b2,b3) . (inspos 0) = b1,b2 <>0_goto 2 & (while<>0 b1,b2,b3) . (inspos 1) = goto ((card b3) + 2) & (while<>0 b1,b2,b3) . (inspos ((card b3) + 2)) = goto (- ((card b3) + 2)) )
proof end;

Lemma23: for b1 being Int_position
for b2 being Integer
for b3 being Program-block holds while<>0 b1,b2,b3 = (b1,b2 <>0_goto 2) ';' (((goto ((card b3) + 2)) ';' b3) ';' (goto (- ((card b3) + 2))))
proof end;

theorem Th16: :: SCPINVAR:16
for b1 being State of SCMPDS
for b2 being Program-block
for b3 being Int_position
for b4 being Integer st b1 . (DataLoc (b1 . b3),b4) = 0 holds
( while<>0 b3,b4,b2 is_closed_on b1 & while<>0 b3,b4,b2 is_halting_on b1 )
proof end;

theorem Th17: :: SCPINVAR:17
for b1 being State of SCMPDS
for b2 being Program-block
for b3, b4 being Int_position
for b5 being Integer st b1 . (DataLoc (b1 . b3),b5) = 0 holds
IExec (while<>0 b3,b5,b2),b1 = b1 +* (Start-At (inspos ((card b2) + 3)))
proof end;

theorem Th18: :: SCPINVAR:18
for b1 being State of SCMPDS
for b2 being Program-block
for b3 being Int_position
for b4 being Integer st b1 . (DataLoc (b1 . b3),b4) = 0 holds
IC (IExec (while<>0 b3,b4,b2),b1) = inspos ((card b2) + 3)
proof end;

theorem Th19: :: SCPINVAR:19
for b1 being State of SCMPDS
for b2 being Program-block
for b3, b4 being Int_position
for b5 being Integer st b1 . (DataLoc (b1 . b3),b5) = 0 holds
(IExec (while<>0 b3,b5,b2),b1) . b4 = b1 . b4
proof end;

Lemma27: for b1 being Program-block
for b2 being Int_position
for b3 being Integer holds Shift b1,2 c= while<>0 b2,b3,b1
proof end;

registration
let c17 be shiftable Program-block;
let c18 be Int_position ;
let c19 be Integer;
cluster while<>0 a2,a3,a1 -> shiftable ;
correctness
coherence
while<>0 c18,c19,c17 is shiftable;
proof end;
end;

registration
let c17 be No-StopCode Program-block;
let c18 be Int_position ;
let c19 be Integer;
cluster while<>0 a2,a3,a1 -> No-StopCode ;
correctness
coherence
while<>0 c18,c19,c17 is No-StopCode;
proof end;
end;

scheme :: SCPINVAR:sch 3
s3{ F1( State of SCMPDS ) -> Nat, F2() -> State of SCMPDS , F3() -> shiftable No-StopCode Program-block, F4() -> Int_position , F5() -> Integer, P1[ set ] } :
( while<>0 F4(),F5(),F3() is_closed_on F2() & while<>0 F4(),F5(),F3() is_halting_on F2() )
provided
E28: card F3() > 0 and
E29: for b1 being State of SCMPDS st P1[ Dstate b1] & F1((Dstate b1)) = 0 holds
b1 . (DataLoc (F2() . F4()),F5()) = 0 and
E30: P1[ Dstate F2()] and
E31: for b1 being State of SCMPDS st P1[ Dstate b1] & b1 . F4() = F2() . F4() & b1 . (DataLoc (F2() . F4()),F5()) <> 0 holds
( (IExec F3(),b1) . F4() = b1 . F4() & F3() is_closed_on b1 & F3() is_halting_on b1 & F1((Dstate (IExec F3(),b1))) < F1((Dstate b1)) & P1[ Dstate (IExec F3(),b1)] )
proof end;

scheme :: SCPINVAR:sch 4
s4{ F1( State of SCMPDS ) -> Nat, F2() -> State of SCMPDS , F3() -> shiftable No-StopCode Program-block, F4() -> Int_position , F5() -> Integer, P1[ set ] } :
IExec (while<>0 F4(),F5(),F3()),F2() = IExec (while<>0 F4(),F5(),F3()),(IExec F3(),F2())
provided
E28: card F3() > 0 and
E29: F2() . (DataLoc (F2() . F4()),F5()) <> 0 and
E30: for b1 being State of SCMPDS st P1[ Dstate b1] & F1((Dstate b1)) = 0 holds
b1 . (DataLoc (F2() . F4()),F5()) = 0 and
E31: P1[ Dstate F2()] and
E32: for b1 being State of SCMPDS st P1[ Dstate b1] & b1 . F4() = F2() . F4() & b1 . (DataLoc (F2() . F4()),F5()) <> 0 holds
( (IExec F3(),b1) . F4() = b1 . F4() & F3() is_closed_on b1 & F3() is_halting_on b1 & F1((Dstate (IExec F3(),b1))) < F1((Dstate b1)) & P1[ Dstate (IExec F3(),b1)] )
proof end;

scheme :: SCPINVAR:sch 5
s5{ F1( State of SCMPDS ) -> Nat, F2() -> State of SCMPDS , F3() -> shiftable No-StopCode Program-block, F4() -> Int_position , F5() -> Integer, P1[ set ] } :
( F1((Dstate (IExec (while<>0 F4(),F5(),F3()),F2()))) = 0 & P1[ Dstate (IExec (while<>0 F4(),F5(),F3()),F2())] )
provided
E28: card F3() > 0 and
E29: for b1 being State of SCMPDS st P1[ Dstate b1] holds
( F1((Dstate b1)) = 0 iff b1 . (DataLoc (F2() . F4()),F5()) = 0 ) and
E30: P1[ Dstate F2()] and
E31: for b1 being State of SCMPDS st P1[ Dstate b1] & b1 . F4() = F2() . F4() & b1 . (DataLoc (F2() . F4()),F5()) <> 0 holds
( (IExec F3(),b1) . F4() = b1 . F4() & F3() is_closed_on b1 & F3() is_halting_on b1 & F1((Dstate (IExec F3(),b1))) < F1((Dstate b1)) & P1[ Dstate (IExec F3(),b1)] )
proof end;

theorem Th20: :: SCPINVAR:20
for b1 being State of SCMPDS
for b2 being shiftable No-StopCode Program-block
for b3, b4, b5 being Int_position
for b6, b7 being Integer st card b2 > 0 & b1 . b3 = b7 & b1 . b4 > 0 & b1 . b5 > 0 & b1 . (DataLoc b7,b6) = (b1 . b4) - (b1 . b5) & ( for b8 being State of SCMPDS st b8 . b4 > 0 & b8 . b5 > 0 & b8 . b3 = b7 & b8 . (DataLoc b7,b6) = (b8 . b4) - (b8 . b5) & b8 . b4 <> b8 . b5 holds
( (IExec b2,b8) . b3 = b7 & b2 is_closed_on b8 & b2 is_halting_on b8 & ( b8 . b4 > b8 . b5 implies ( (IExec b2,b8) . b4 = (b8 . b4) - (b8 . b5) & (IExec b2,b8) . b5 = b8 . b5 ) ) & ( b8 . b4 <= b8 . b5 implies ( (IExec b2,b8) . b5 = (b8 . b5) - (b8 . b4) & (IExec b2,b8) . b4 = b8 . b4 ) ) & (IExec b2,b8) . (DataLoc b7,b6) = ((IExec b2,b8) . b4) - ((IExec b2,b8) . b5) ) ) holds
( while<>0 b3,b6,b2 is_closed_on b1 & while<>0 b3,b6,b2 is_halting_on b1 & ( b1 . (DataLoc (b1 . b3),b6) <> 0 implies IExec (while<>0 b3,b6,b2),b1 = IExec (while<>0 b3,b6,b2),(IExec b2,b1) ) )
proof end;

definition
func GCD-Algorithm -> Program-block equals :: SCPINVAR:def 4
(((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)));
coherence
(((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2))) is Program-block ;
end;

:: deftheorem Def4 defines GCD-Algorithm SCPINVAR:def 4 :
GCD-Algorithm = (((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)));

theorem Th21: :: SCPINVAR:21
for b1 being State of SCMPDS
for b2 being shiftable No-StopCode Program-block
for b3, b4, b5 being Int_position
for b6, b7 being Integer st card b2 > 0 & b1 . b3 = b7 & b1 . b4 > 0 & b1 . b5 > 0 & b1 . (DataLoc b7,b6) = (b1 . b4) - (b1 . b5) & ( for b8 being State of SCMPDS st b8 . b4 > 0 & b8 . b5 > 0 & b8 . b3 = b7 & b8 . (DataLoc b7,b6) = (b8 . b4) - (b8 . b5) & b8 . b4 <> b8 . b5 holds
( (IExec b2,b8) . b3 = b7 & b2 is_closed_on b8 & b2 is_halting_on b8 & ( b8 . b4 > b8 . b5 implies ( (IExec b2,b8) . b4 = (b8 . b4) - (b8 . b5) & (IExec b2,b8) . b5 = b8 . b5 ) ) & ( b8 . b4 <= b8 . b5 implies ( (IExec b2,b8) . b5 = (b8 . b5) - (b8 . b4) & (IExec b2,b8) . b4 = b8 . b4 ) ) & (IExec b2,b8) . (DataLoc b7,b6) = ((IExec b2,b8) . b4) - ((IExec b2,b8) . b5) ) ) holds
( (IExec (while<>0 b3,b6,b2),b1) . b4 = (b1 . b4) gcd (b1 . b5) & (IExec (while<>0 b3,b6,b2),b1) . b5 = (b1 . b4) gcd (b1 . b5) )
proof end;

set c17 = GBP := 0;

set c18 = GBP ,3 := GBP ,1;

set c19 = SubFrom GBP ,3,GBP ,2;

set c20 = Load (SubFrom GBP ,1,GBP ,2);

set c21 = Load (SubFrom GBP ,2,GBP ,1);

set c22 = if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1));

set c23 = GBP ,3 := GBP ,1;

set c24 = SubFrom GBP ,3,GBP ,2;

set c25 = ((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2);

set c26 = while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2));

Lemma30: card (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) = 6
proof end;

Lemma31: card (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2))) = 9
proof end;

theorem Th22: :: SCPINVAR:22
card GCD-Algorithm = 12
proof end;

Lemma32: for b1 being State of SCMPDS st b1 . GBP = 0 holds
( ( b1 . (intpos 3) > 0 implies ( (IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 1) = (b1 . (intpos 1)) - (b1 . (intpos 2)) & (IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 2) = b1 . (intpos 2) ) ) & ( b1 . (intpos 3) <= 0 implies ( (IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 2) = (b1 . (intpos 2)) - (b1 . (intpos 1)) & (IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 1) = b1 . (intpos 1) ) ) & (IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . GBP = 0 & (IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 3) = ((IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 1)) - ((IExec (((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)),b1) . (intpos 2)) )
proof end;

Lemma33: for b1 being State of SCMPDS st b1 . GBP = 0 & b1 . (intpos 1) > 0 & b1 . (intpos 2) > 0 & b1 . (intpos 3) = (b1 . (intpos 1)) - (b1 . (intpos 2)) holds
( (IExec (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2))),b1) . (intpos 1) = (b1 . (intpos 1)) gcd (b1 . (intpos 2)) & (IExec (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2))),b1) . (intpos 2) = (b1 . (intpos 1)) gcd (b1 . (intpos 2)) & while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) is_closed_on b1 & while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) is_halting_on b1 )
proof end;

set c27 = (((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)));

Lemma34: for b1 being State of SCMPDS st b1 . (intpos 1) > 0 & b1 . (intpos 2) > 0 holds
( (IExec ((((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)))),b1) . (intpos 1) = (b1 . (intpos 1)) gcd (b1 . (intpos 2)) & (IExec ((((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)))),b1) . (intpos 2) = (b1 . (intpos 1)) gcd (b1 . (intpos 2)) & (((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2))) is_closed_on b1 & (((GBP := 0) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2)) ';' (while<>0 GBP ,3,(((if>0 GBP ,3,(Load (SubFrom GBP ,1,GBP ,2)),(Load (SubFrom GBP ,2,GBP ,1))) ';' (GBP ,3 := GBP ,1)) ';' (SubFrom GBP ,3,GBP ,2))) is_halting_on b1 )
proof end;

theorem Th23: :: SCPINVAR:23
for b1 being State of SCMPDS
for b2, b3 being Integer st b1 . (intpos 1) = b2 & b1 . (intpos 2) = b3 & b2 > 0 & b3 > 0 holds
( (IExec GCD-Algorithm ,b1) . (intpos 1) = b2 gcd b3 & (IExec GCD-Algorithm ,b1) . (intpos 2) = b2 gcd b3 & GCD-Algorithm is_closed_on b1 & GCD-Algorithm is_halting_on b1 ) by Lemma34;