:: SFMASTR1 semantic presentation

definition
let c1 be Instruction of SCM+FSA ;
attr a1 is good means :Def1: :: SFMASTR1:def 1
 Macro a1 is good;
end;

:: deftheorem Def1 defines good SFMASTR1:def 1 :
for b1 being Instruction of SCM+FSA holds
( b1 is good iff Macro b1 is good );

registration
let c1 be read-write Int-Location ;
let c2 be Int-Location ;
cluster a1 := a2 -> good ;
coherence
c1 := c2 is good
proof end;
cluster AddTo a1,a2 -> good ;
coherence
AddTo c1,c2 is good
proof end;
cluster SubFrom a1,a2 -> good ;
coherence
SubFrom c1,c2 is good
proof end;
cluster MultBy a1,a2 -> good ;
coherence
MultBy c1,c2 is good
proof end;
end;

registration
cluster parahalting good Element of the Instructions of SCM+FSA ;
existence
ex b1 being Instruction of SCM+FSA st
( b1 is good & b1 is parahalting )
proof end;
end;

registration
let c1, c2 be read-write Int-Location ;
cluster Divide a1,a2 -> good ;
coherence
Divide c1,c2 is good
proof end;
end;

registration
let c1 be Instruction-Location of SCM+FSA ;
cluster goto a1 -> good ;
coherence
goto c1 is good
proof end;
end;

registration
let c1 be Int-Location ;
let c2 be Instruction-Location of SCM+FSA ;
cluster a1 =0_goto a2 -> good ;
coherence
c1 =0_goto c2 is good
proof end;
cluster a1 >0_goto a2 -> good ;
coherence
c1 >0_goto c2 is good
proof end;
end;

registration
let c1 be Int-Location ;
let c2 be FinSeq-Location ;
let c3 be read-write Int-Location ;
cluster a3 := a2,a1 -> good ;
coherence
c3 := c2,c1 is good
proof end;
end;

registration
let c1 be FinSeq-Location ;
let c2 be read-write Int-Location ;
cluster a2 :=len a1 -> good ;
coherence
c2 :=len c1 is good
proof end;
end;

registration
let c1 be FinSeq-Location ;
let c2 be Int-Location ;
cluster a1 :=<0,...,0> a2 -> good ;
coherence
c1 :=<0,...,0> c2 is good
proof end;
let c3 be Int-Location ;
cluster a1,a2 := a3 -> good ;
coherence
c1,c2 := c3 is good
proof end;
end;

registration
cluster good Element of the Instructions of SCM+FSA ;
existence
ex b1 being Instruction of SCM+FSA st b1 is good
proof end;
end;

registration
let c1 be good Instruction of SCM+FSA ;
cluster Macro a1 -> good ;
coherence
Macro c1 is good by Def1;
end;

registration
let c1, c2 be good Instruction of SCM+FSA ;
cluster a1 ';' a2 -> good ;
coherence
c1 ';' c2 is good
proof end;
end;

registration
let c1 be good Instruction of SCM+FSA ;
let c2 be good Macro-Instruction;
cluster a1 ';' a2 -> good ;
coherence
c1 ';' c2 is good
proof end;
cluster a2 ';' a1 -> good ;
coherence
c2 ';' c1 is good
proof end;
end;

registration
let c1, c2 be read-write Int-Location ;
cluster swap a1,a2 -> good ;
coherence
swap c1,c2 is good
proof end;
end;

registration
let c1 be good Macro-Instruction;
let c2 be read-write Int-Location ;
cluster Times a2,a1 -> good ;
coherence
Times c2,c1 is good
proof end;
end;

theorem Th1: :: SFMASTR1:1
for b1 being Int-Location
for b2 being Macro-Instruction st not b1 in UsedIntLoc b2 holds
b2 does_not_destroy b1
proof end;

set c1 = Int-Locations \/ FinSeq-Locations ;

theorem Th2: :: SFMASTR1:2
for b1 being Macro-Instruction holds (b1 +* (Start-At (insloc 0))) | (Int-Locations \/ FinSeq-Locations ) = {}
proof end;

theorem Th3: :: SFMASTR1:3
for b1 being State of SCM+FSA
for b2, b3 being Macro-Instruction st b2 is_halting_on Initialize b1 & b2 is_closed_on Initialize b1 & b3 is_closed_on IExec b2,b1 holds
b2 ';' b3 is_closed_on Initialize b1
proof end;

theorem Th4: :: SFMASTR1:4
for b1 being State of SCM+FSA
for b2, b3 being Macro-Instruction st b2 is_halting_on Initialize b1 & b3 is_halting_on IExec b2,b1 & b2 is_closed_on Initialize b1 & b3 is_closed_on IExec b2,b1 holds
b2 ';' b3 is_halting_on Initialize b1
proof end;

theorem Th5: :: SFMASTR1:5
for b1 being State of SCM+FSA
for b2, b3 being Macro-Instruction st b2 is_closed_on b1 & b2 +* (Start-At (insloc 0)) c= b1 & b1 is halting holds
for b4 being Nat st b4 <= LifeSpan b1 holds
(Computation b1) . b4,(Computation (b1 +* (b2 ';' b3))) . b4 equal_outside the Instruction-Locations of SCM+FSA
proof end;

Lemma7: for b1 being good Macro-Instruction
for b2 being Macro-Instruction
for b3 being State of SCM+FSA st b3 . (intloc 0) = 1 & b1 is_halting_on b3 & b2 is_halting_on IExec b1,b3 & b1 is_closed_on b3 & b2 is_closed_on IExec b1,b3 & Initialized (b1 ';' b2) c= b3 holds
( IC ((Computation b3) . ((LifeSpan (b3 +* b1)) + 1)) = insloc (card b1) & ((Computation b3) . ((LifeSpan (b3 +* b1)) + 1)) | (Int-Locations \/ FinSeq-Locations ) = (((Computation (b3 +* b1)) . (LifeSpan (b3 +* b1))) +* (Initialized b2)) | (Int-Locations \/ FinSeq-Locations ) & ProgramPart (Relocated b2,(card b1)) c= (Computation b3) . ((LifeSpan (b3 +* b1)) + 1) & ((Computation b3) . ((LifeSpan (b3 +* b1)) + 1)) . (intloc 0) = 1 & b3 is halting & LifeSpan b3 = ((LifeSpan (b3 +* b1)) + 1) + (LifeSpan ((Result (b3 +* b1)) +* (Initialized b2))) & ( b2 is good implies (Result b3) . (intloc 0) = 1 ) )
proof end;

theorem Th6: :: SFMASTR1:6
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being good Macro-Instruction st b3 is_halting_on Initialize b1 & b2 is_halting_on IExec b3,b1 & b3 is_closed_on Initialize b1 & b2 is_closed_on IExec b3,b1 holds
LifeSpan (b1 +* (Initialized (b3 ';' b2))) = ((LifeSpan (b1 +* (Initialized b3))) + 1) + (LifeSpan ((Result (b1 +* (Initialized b3))) +* (Initialized b2)))
proof end;

theorem Th7: :: SFMASTR1:7
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being good Macro-Instruction st b3 is_halting_on Initialize b1 & b2 is_halting_on IExec b3,b1 & b3 is_closed_on Initialize b1 & b2 is_closed_on IExec b3,b1 holds
IExec (b3 ';' b2),b1 = (IExec b2,(IExec b3,b1)) +* (Start-At ((IC (IExec b2,(IExec b3,b1))) + (card b3)))
proof end;

E10: now
let c2 be Macro-Instruction;
assume c2 is parahalting ;
then reconsider c3 = c2 as parahalting Macro-Instruction ;
c3 is paraclosed ;
hence c2 is paraclosed ;
end;

theorem Th8: :: SFMASTR1:8
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being good Macro-Instruction
for b4 being Int-Location st ( b3 is parahalting or ( b3 is_halting_on Initialize b1 & b3 is_closed_on Initialize b1 ) ) & ( b2 is parahalting or ( b2 is_halting_on IExec b3,b1 & b2 is_closed_on IExec b3,b1 ) ) holds
(IExec (b3 ';' b2),b1) . b4 = (IExec b2,(IExec b3,b1)) . b4
proof end;

theorem Th9: :: SFMASTR1:9
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being good Macro-Instruction
for b4 being FinSeq-Location st ( b3 is parahalting or ( b3 is_halting_on Initialize b1 & b3 is_closed_on Initialize b1 ) ) & ( b2 is parahalting or ( b2 is_halting_on IExec b3,b1 & b2 is_closed_on IExec b3,b1 ) ) holds
(IExec (b3 ';' b2),b1) . b4 = (IExec b2,(IExec b3,b1)) . b4
proof end;

theorem Th10: :: SFMASTR1:10
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being good Macro-Instruction st ( b3 is parahalting or ( b3 is_halting_on Initialize b1 & b3 is_closed_on Initialize b1 ) ) & ( b2 is parahalting or ( b2 is_halting_on IExec b3,b1 & b2 is_closed_on IExec b3,b1 ) ) holds
(IExec (b3 ';' b2),b1) | (Int-Locations \/ FinSeq-Locations ) = (IExec b2,(IExec b3,b1)) | (Int-Locations \/ FinSeq-Locations )
proof end;

theorem Th11: :: SFMASTR1:11
for b1 being State of SCM+FSA
for b2 being good Macro-Instruction st ( b2 is parahalting or ( b2 is_closed_on Initialize b1 & b2 is_halting_on Initialize b1 ) ) holds
(Initialize (IExec b2,b1)) | (Int-Locations \/ FinSeq-Locations ) = (IExec b2,b1) | (Int-Locations \/ FinSeq-Locations )
proof end;

theorem Th12: :: SFMASTR1:12
for b1 being State of SCM+FSA
for b2 being good Macro-Instruction
for b3 being parahalting Instruction of SCM+FSA
for b4 being Int-Location st ( b2 is parahalting or ( b2 is_halting_on Initialize b1 & b2 is_closed_on Initialize b1 ) ) holds
(IExec (b2 ';' b3),b1) . b4 = (Exec b3,(IExec b2,b1)) . b4
proof end;

theorem Th13: :: SFMASTR1:13
for b1 being State of SCM+FSA
for b2 being good Macro-Instruction
for b3 being parahalting Instruction of SCM+FSA
for b4 being FinSeq-Location st ( b2 is parahalting or ( b2 is_halting_on Initialize b1 & b2 is_closed_on Initialize b1 ) ) holds
(IExec (b2 ';' b3),b1) . b4 = (Exec b3,(IExec b2,b1)) . b4
proof end;

theorem Th14: :: SFMASTR1:14
for b1 being State of SCM+FSA
for b2 being good Macro-Instruction
for b3 being parahalting Instruction of SCM+FSA st ( b2 is parahalting or ( b2 is_halting_on Initialize b1 & b2 is_closed_on Initialize b1 ) ) holds
(IExec (b2 ';' b3),b1) | (Int-Locations \/ FinSeq-Locations ) = (Exec b3,(IExec b2,b1)) | (Int-Locations \/ FinSeq-Locations )
proof end;

theorem Th15: :: SFMASTR1:15
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being parahalting good Instruction of SCM+FSA
for b4 being Int-Location st ( b2 is parahalting or ( b2 is_halting_on Exec b3,(Initialize b1) & b2 is_closed_on Exec b3,(Initialize b1) ) ) holds
(IExec (b3 ';' b2),b1) . b4 = (IExec b2,(Exec b3,(Initialize b1))) . b4
proof end;

theorem Th16: :: SFMASTR1:16
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being parahalting good Instruction of SCM+FSA
for b4 being FinSeq-Location st ( b2 is parahalting or ( b2 is_halting_on Exec b3,(Initialize b1) & b2 is_closed_on Exec b3,(Initialize b1) ) ) holds
(IExec (b3 ';' b2),b1) . b4 = (IExec b2,(Exec b3,(Initialize b1))) . b4
proof end;

theorem Th17: :: SFMASTR1:17
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being parahalting good Instruction of SCM+FSA st ( b2 is parahalting or ( b2 is_halting_on Exec b3,(Initialize b1) & b2 is_closed_on Exec b3,(Initialize b1) ) ) holds
(IExec (b3 ';' b2),b1) | (Int-Locations \/ FinSeq-Locations ) = (IExec b2,(Exec b3,(Initialize b1))) | (Int-Locations \/ FinSeq-Locations )
proof end;

definition
let c2 be Int-Location ;
redefine func { as {c1} -> Subset of Int-Locations ;
coherence
{c2} is Subset of Int-Locations
proof end;
let c3 be Int-Location ;
redefine func { as {c1,c2} -> Subset of Int-Locations ;
coherence
{c2,c3} is Subset of Int-Locations
proof end;
let c4 be Int-Location ;
redefine func { as {c1,c2,c3} -> Subset of Int-Locations ;
coherence
{c2,c3,c4} is Subset of Int-Locations
proof end;
let c5 be Int-Location ;
redefine func { as {c1,c2,c3,c4} -> Subset of Int-Locations ;
coherence
{c2,c3,c4,c5} is Subset of Int-Locations
proof end;
end;

Lemma18: for b1 being set st not b1 is finite holds
not b1 is empty
proof end;

definition
let c2 be finite Subset of Int-Locations ;
func RWNotIn-seq c1 -> Function of NAT , bool NAT means :Def2: :: SFMASTR1:def 2
( a2 . 0 = { b1 where B is Nat : ( not intloc b1 in a1 & b1 <> 0 ) } & ( for b1 being Nat
for b2 being non empty Subset of NAT st a2 . b1 = b2 holds
a2 . (b1 + 1) = b2 \ {(min b2)} ) & ( for b1 being Nat holds not a2 . b1 is finite ) );
existence
ex b1 being Function of NAT , bool NAT st
( b1 . 0 = { b2 where B is Nat : ( not intloc b2 in c2 & b2 <> 0 ) } & ( for b2 being Nat
for b3 being non empty Subset of NAT st b1 . b2 = b3 holds
b1 . (b2 + 1) = b3 \ {(min b3)} ) & ( for b2 being Nat holds not b1 . b2 is finite ) )
proof end;
uniqueness
for b1, b2 being Function of NAT , bool NAT st b1 . 0 = { b3 where B is Nat : ( not intloc b3 in c2 & b3 <> 0 ) } & ( for b3 being Nat
for b4 being non empty Subset of NAT st b1 . b3 = b4 holds
b1 . (b3 + 1) = b4 \ {(min b4)} ) & ( for b3 being Nat holds not b1 . b3 is finite ) & b2 . 0 = { b3 where B is Nat : ( not intloc b3 in c2 & b3 <> 0 ) } & ( for b3 being Nat
for b4 being non empty Subset of NAT st b2 . b3 = b4 holds
b2 . (b3 + 1) = b4 \ {(min b4)} ) & ( for b3 being Nat holds not b2 . b3 is finite ) holds
b1 = b2
proof end;
end;

:: deftheorem Def2 defines RWNotIn-seq SFMASTR1:def 2 :
for b1 being finite Subset of Int-Locations
for b2 being Function of NAT , bool NAT holds
( b2 = RWNotIn-seq b1 iff ( b2 . 0 = { b3 where B is Nat : ( not intloc b3 in b1 & b3 <> 0 ) } & ( for b3 being Nat
for b4 being non empty Subset of NAT st b2 . b3 = b4 holds
b2 . (b3 + 1) = b4 \ {(min b4)} ) & ( for b3 being Nat holds not b2 . b3 is finite ) ) );

registration
let c2 be finite Subset of Int-Locations ;
let c3 be Nat;
cluster (RWNotIn-seq a1) . a2 -> non empty ;
coherence
not (RWNotIn-seq c2) . c3 is empty by Def2;
end;

theorem Th18: :: SFMASTR1:18
for b1 being finite Subset of Int-Locations
for b2 being Nat holds
( not 0 in (RWNotIn-seq b1) . b2 & ( for b3 being Nat st b3 in (RWNotIn-seq b1) . b2 holds
not intloc b3 in b1 ) )
proof end;

theorem Th19: :: SFMASTR1:19
for b1 being finite Subset of Int-Locations
for b2 being Nat holds min ((RWNotIn-seq b1) . b2) < min ((RWNotIn-seq b1) . (b2 + 1))
proof end;

theorem Th20: :: SFMASTR1:20
for b1 being finite Subset of Int-Locations
for b2, b3 being Nat st b2 < b3 holds
min ((RWNotIn-seq b1) . b2) < min ((RWNotIn-seq b1) . b3)
proof end;

definition
let c2 be Nat;
let c3 be finite Subset of Int-Locations ;
func c1 -thRWNotIn c2 -> Int-Location equals :: SFMASTR1:def 3
 intloc (min ((RWNotIn-seq a2) . a1));
correctness
coherence
intloc (min ((RWNotIn-seq c3) . c2)) is Int-Location ;
;
end;

:: deftheorem Def3 defines -thRWNotIn SFMASTR1:def 3 :
for b1 being Nat
for b2 being finite Subset of Int-Locations holds b1 -thRWNotIn b2 = intloc (min ((RWNotIn-seq b2) . b1));

notation
let c2 be Nat;
let c3 be finite Subset of Int-Locations ;
synonym c1 -stRWNotIn c2 for c1 -thRWNotIn c2;
synonym c1 -ndRWNotIn c2 for c1 -thRWNotIn c2;
synonym c1 -rdRWNotIn c2 for c1 -thRWNotIn c2;
end;

registration
let c2 be Nat;
let c3 be finite Subset of Int-Locations ;
cluster a1 -thRWNotIn a2 -> read-write ;
coherence
not c2 -thRWNotIn c3 is read-only
proof end;
end;

theorem Th21: :: SFMASTR1:21
for b1 being finite Subset of Int-Locations
for b2 being Nat holds not b2 -thRWNotIn b1 in b1
proof end;

theorem Th22: :: SFMASTR1:22
for b1 being finite Subset of Int-Locations
for b2, b3 being Nat st b2 <> b3 holds
b2 -thRWNotIn b1 <> b3 -thRWNotIn b1
proof end;

definition
let c2 be Nat;
let c3 be programmed FinPartState of SCM+FSA ;
func c1 -thNotUsed c2 -> Int-Location equals :: SFMASTR1:def 4
a1 -thRWNotIn (UsedIntLoc a2);
correctness
coherence
c2 -thRWNotIn (UsedIntLoc c3) is Int-Location ;
;
end;

:: deftheorem Def4 defines -thNotUsed SFMASTR1:def 4 :
for b1 being Nat
for b2 being programmed FinPartState of SCM+FSA holds b1 -thNotUsed b2 = b1 -thRWNotIn (UsedIntLoc b2);

notation
let c2 be Nat;
let c3 be programmed FinPartState of SCM+FSA ;
synonym c1 -stNotUsed c2 for c1 -thNotUsed c2;
synonym c1 -ndNotUsed c2 for c1 -thNotUsed c2;
synonym c1 -rdNotUsed c2 for c1 -thNotUsed c2;
end;

registration
let c2 be Nat;
let c3 be programmed FinPartState of SCM+FSA ;
cluster a1 -thNotUsed a2 -> read-write ;
coherence
not c2 -thNotUsed c3 is read-only ;
end;

theorem Th23: :: SFMASTR1:23
for b1, b2 being Int-Location holds
( b1 in UsedIntLoc (swap b1,b2) & b2 in UsedIntLoc (swap b1,b2) )
proof end;

definition
let c2, c3 be Int-Location ;
set c4 = 1 -stRWNotIn {c2,c3};
set c5 = 1 -stRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3})));
set c6 = 2 -ndRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3})));
func Fib_macro c1,c2 -> Macro-Instruction equals :: SFMASTR1:def 5
((((((2 -ndRWNotIn (UsedIntLoc (swap a2,(1 -stRWNotIn {a1,a2})))) := a1) ';' (SubFrom a2,a2)) ';' ((1 -stRWNotIn {a1,a2}) := (intloc 0))) ';' ((1 -stRWNotIn (UsedIntLoc (swap a2,(1 -stRWNotIn {a1,a2})))) := (2 -ndRWNotIn (UsedIntLoc (swap a2,(1 -stRWNotIn {a1,a2})))))) ';' (Times (1 -stRWNotIn (UsedIntLoc (swap a2,(1 -stRWNotIn {a1,a2})))),((AddTo a2,(1 -stRWNotIn {a1,a2})) ';' (swap a2,(1 -stRWNotIn {a1,a2}))))) ';' (a1 := (2 -ndRWNotIn (UsedIntLoc (swap a2,(1 -stRWNotIn {a1,a2})))));
correctness
coherence
((((((2 -ndRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3})))) := c2) ';' (SubFrom c3,c3)) ';' ((1 -stRWNotIn {c2,c3}) := (intloc 0))) ';' ((1 -stRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3})))) := (2 -ndRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3})))))) ';' (Times (1 -stRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3})))),((AddTo c3,(1 -stRWNotIn {c2,c3})) ';' (swap c3,(1 -stRWNotIn {c2,c3}))))) ';' (c2 := (2 -ndRWNotIn (UsedIntLoc (swap c3,(1 -stRWNotIn {c2,c3}))))) is Macro-Instruction;
;
end;

:: deftheorem Def5 defines Fib_macro SFMASTR1:def 5 :
for b1, b2 being Int-Location holds Fib_macro b1,b2 = ((((((2 -ndRWNotIn (UsedIntLoc (swap b2,(1 -stRWNotIn {b1,b2})))) := b1) ';' (SubFrom b2,b2)) ';' ((1 -stRWNotIn {b1,b2}) := (intloc 0))) ';' ((1 -stRWNotIn (UsedIntLoc (swap b2,(1 -stRWNotIn {b1,b2})))) := (2 -ndRWNotIn (UsedIntLoc (swap b2,(1 -stRWNotIn {b1,b2})))))) ';' (Times (1 -stRWNotIn (UsedIntLoc (swap b2,(1 -stRWNotIn {b1,b2})))),((AddTo b2,(1 -stRWNotIn {b1,b2})) ';' (swap b2,(1 -stRWNotIn {b1,b2}))))) ';' (b1 := (2 -ndRWNotIn (UsedIntLoc (swap b2,(1 -stRWNotIn {b1,b2})))));

theorem Th24: :: SFMASTR1:24
for b1 being State of SCM+FSA
for b2, b3 being read-write Int-Location st b2 <> b3 holds
for b4 being Nat st b4 = b1 . b2 holds
( (IExec (Fib_macro b2,b3),b1) . b3 = Fib b4 & (IExec (Fib_macro b2,b3),b1) . b2 = b1 . b2 )
proof end;