:: SFMASTR2 semantic presentation

set c1 = Int-Locations \/ FinSeq-Locations ;

set c2 = Start-At (insloc 0);

set c3 = the Instruction-Locations of SCM+FSA ;

theorem Th1: :: SFMASTR2:1
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction st b3 is_closed_on Initialize b1 & b3 is_halting_on Initialize b1 & not b2 in UsedIntLoc b3 holds
(IExec b3,b1) . b2 = (Initialize b1) . b2
proof end;

theorem Th2: :: SFMASTR2:2
for b1 being State of SCM+FSA
for b2 being FinSeq-Location
for b3 being Macro-Instruction st b3 is_closed_on Initialize b1 & b3 is_halting_on Initialize b1 & not b2 in UsedInt*Loc b3 holds
(IExec b3,b1) . b2 = (Initialize b1) . b2
proof end;

theorem Th3: :: SFMASTR2:3
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction st ( ( b3 is_closed_on Initialize b1 & b3 is_halting_on Initialize b1 ) or b3 is parahalting ) & ( b1 . (intloc 0) = 1 or not b2 is read-only ) & not b2 in UsedIntLoc b3 holds
(IExec b3,b1) . b2 = b1 . b2
proof end;

theorem Th4: :: SFMASTR2:4
for b1 being State of SCM+FSA
for b2 being Macro-Instruction st b1 . (intloc 0) = 1 holds
( b2 is_closed_on b1 iff b2 is_closed_on Initialize b1 )
proof end;

theorem Th5: :: SFMASTR2:5
for b1 being State of SCM+FSA
for b2 being Macro-Instruction st b1 . (intloc 0) = 1 holds
( b2 is_closed_on b1 & b2 is_halting_on b1 iff ( b2 is_closed_on Initialize b1 & b2 is_halting_on Initialize b1 ) )
proof end;

theorem Th6: :: SFMASTR2:6
for b1, b2 being State of SCM+FSA
for b3 being Subset of Int-Locations
for b4 being Subset of FinSeq-Locations holds
( b1 | (b3 \/ b4) = b2 | (b3 \/ b4) iff ( ( for b5 being Int-Location st b5 in b3 holds
b1 . b5 = b2 . b5 ) & ( for b5 being FinSeq-Location st b5 in b4 holds
b1 . b5 = b2 . b5 ) ) )
proof end;

theorem Th7: :: SFMASTR2:7
for b1, b2 being State of SCM+FSA
for b3 being Subset of Int-Locations holds
( b1 | (b3 \/ FinSeq-Locations ) = b2 | (b3 \/ FinSeq-Locations ) iff ( ( for b4 being Int-Location st b4 in b3 holds
b1 . b4 = b2 . b4 ) & ( for b4 being FinSeq-Location holds b1 . b4 = b2 . b4 ) ) )
proof end;

definition
let c4 be Int-Location ;
let c5 be Macro-Instruction;
set c6 = 1 -stRWNotIn ({c4} \/ (UsedIntLoc c5));
func times c1,c2 -> Macro-Instruction equals :: SFMASTR2:def 1
((1 -stRWNotIn ({a1} \/ (UsedIntLoc a2))) := a1) ';' (while>0 (1 -stRWNotIn ({a1} \/ (UsedIntLoc a2))),(a2 ';' (SubFrom (1 -stRWNotIn ({a1} \/ (UsedIntLoc a2))),(intloc 0))));
correctness
coherence
((1 -stRWNotIn ({c4} \/ (UsedIntLoc c5))) := c4) ';' (while>0 (1 -stRWNotIn ({c4} \/ (UsedIntLoc c5))),(c5 ';' (SubFrom (1 -stRWNotIn ({c4} \/ (UsedIntLoc c5))),(intloc 0)))) is Macro-Instruction;
;
end;

:: deftheorem Def1 defines times SFMASTR2:def 1 :
for b1 being Int-Location
for b2 being Macro-Instruction holds times b1,b2 = ((1 -stRWNotIn ({b1} \/ (UsedIntLoc b2))) := b1) ';' (while>0 (1 -stRWNotIn ({b1} \/ (UsedIntLoc b2))),(b2 ';' (SubFrom (1 -stRWNotIn ({b1} \/ (UsedIntLoc b2))),(intloc 0))));

notation
let c4 be Int-Location ;
let c5 be Macro-Instruction;
synonym c1 times c2 for times c1,c2;
end;

theorem Th8: :: SFMASTR2:8
for b1 being Int-Location
for b2 being Macro-Instruction holds {b1} \/ (UsedIntLoc b2) c= UsedIntLoc (times b1,b2)
proof end;

theorem Th9: :: SFMASTR2:9
for b1 being Int-Location
for b2 being Macro-Instruction holds UsedInt*Loc (times b1,b2) = UsedInt*Loc b2
proof end;

registration
let c4 be good Macro-Instruction;
let c5 be Int-Location ;
cluster times a2,a1 -> good ;
coherence
times c5,c4 is good ;
end;

definition
let c4 be State of SCM+FSA ;
let c5 be Macro-Instruction;
let c6 be Int-Location ;
set c7 = 1 -stRWNotIn ({c6} \/ (UsedIntLoc c5));
func StepTimes c3,c2,c1 -> Function of NAT , product the Object-Kind of SCM+FSA equals :: SFMASTR2:def 2
 StepWhile>0 (1 -stRWNotIn ({a3} \/ (UsedIntLoc a2))),(a2 ';' (SubFrom (1 -stRWNotIn ({a3} \/ (UsedIntLoc a2))),(intloc 0))),(Exec ((1 -stRWNotIn ({a3} \/ (UsedIntLoc a2))) := a3),(Initialize a1));
correctness
coherence
StepWhile>0 (1 -stRWNotIn ({c6} \/ (UsedIntLoc c5))),(c5 ';' (SubFrom (1 -stRWNotIn ({c6} \/ (UsedIntLoc c5))),(intloc 0))),(Exec ((1 -stRWNotIn ({c6} \/ (UsedIntLoc c5))) := c6),(Initialize c4)) is Function of NAT , product the Object-Kind of SCM+FSA ;
;
end;

:: deftheorem Def2 defines StepTimes SFMASTR2:def 2 :
for b1 being State of SCM+FSA
for b2 being Macro-Instruction
for b3 being Int-Location holds StepTimes b3,b2,b1 = StepWhile>0 (1 -stRWNotIn ({b3} \/ (UsedIntLoc b2))),(b2 ';' (SubFrom (1 -stRWNotIn ({b3} \/ (UsedIntLoc b2))),(intloc 0))),(Exec ((1 -stRWNotIn ({b3} \/ (UsedIntLoc b2))) := b3),(Initialize b1));

theorem Th10: :: SFMASTR2:10
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction holds ((StepTimes b2,b3,b1) . 0) . (intloc 0) = 1
proof end;

theorem Th11: :: SFMASTR2:11
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction st ( b1 . (intloc 0) = 1 or not b2 is read-only ) holds
((StepTimes b2,b3,b1) . 0) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3))) = b1 . b2
proof end;

theorem Th12: :: SFMASTR2:12
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction
for b4 being Nat st ((StepTimes b2,b3,b1) . b4) . (intloc 0) = 1 & b3 is_closed_on (StepTimes b2,b3,b1) . b4 & b3 is_halting_on (StepTimes b2,b3,b1) . b4 holds
( ((StepTimes b2,b3,b1) . (b4 + 1)) . (intloc 0) = 1 & ( ((StepTimes b2,b3,b1) . b4) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3))) > 0 implies ((StepTimes b2,b3,b1) . (b4 + 1)) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3))) = (((StepTimes b2,b3,b1) . b4) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3)))) - 1 ) )
proof end;

theorem Th13: :: SFMASTR2:13
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction st ( b1 . (intloc 0) = 1 or not b2 is read-only ) holds
((StepTimes b2,b3,b1) . 0) . b2 = b1 . b2
proof end;

theorem Th14: :: SFMASTR2:14
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being FinSeq-Location
for b4 being Macro-Instruction holds ((StepTimes b2,b4,b1) . 0) . b3 = b1 . b3
proof end;

definition
let c4 be State of SCM+FSA ;
let c5 be Int-Location ;
let c6 be Macro-Instruction;
pred ProperTimesBody c2,c3,c1 means :Def3: :: SFMASTR2:def 3
for b1 being Nat st b1 < a1 . a2 holds
( a3 is_closed_on (StepTimes a2,a3,a1) . b1 & a3 is_halting_on (StepTimes a2,a3,a1) . b1 );
end;

:: deftheorem Def3 defines ProperTimesBody SFMASTR2:def 3 :
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction holds
( ProperTimesBody b2,b3,b1 iff for b4 being Nat st b4 < b1 . b2 holds
( b3 is_closed_on (StepTimes b2,b3,b1) . b4 & b3 is_halting_on (StepTimes b2,b3,b1) . b4 ) );

theorem Th15: :: SFMASTR2:15
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction st b3 is parahalting holds
ProperTimesBody b2,b3,b1
proof end;

theorem Th16: :: SFMASTR2:16
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction st ProperTimesBody b2,b3,b1 holds
for b4 being Nat st b4 <= b1 . b2 holds
((StepTimes b2,b3,b1) . b4) . (intloc 0) = 1
proof end;

theorem Th17: :: SFMASTR2:17
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction st ( b1 . (intloc 0) = 1 or not b2 is read-only ) & ProperTimesBody b2,b3,b1 holds
for b4 being Nat st b4 <= b1 . b2 holds
(((StepTimes b2,b3,b1) . b4) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3)))) + b4 = b1 . b2
proof end;

theorem Th18: :: SFMASTR2:18
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction st ProperTimesBody b2,b3,b1 & 0 <= b1 . b2 & ( b1 . (intloc 0) = 1 or not b2 is read-only ) holds
for b4 being Nat st b4 >= b1 . b2 holds
( ((StepTimes b2,b3,b1) . b4) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3))) = 0 & ((StepTimes b2,b3,b1) . b4) . (intloc 0) = 1 )
proof end;

theorem Th19: :: SFMASTR2:19
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction st b1 . (intloc 0) = 1 holds
((StepTimes b2,b3,b1) . 0) | ((UsedIntLoc b3) \/ FinSeq-Locations ) = b1 | ((UsedIntLoc b3) \/ FinSeq-Locations )
proof end;

theorem Th20: :: SFMASTR2:20
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction
for b4 being Nat st ((StepTimes b2,b3,b1) . b4) . (intloc 0) = 1 & b3 is_halting_on Initialize ((StepTimes b2,b3,b1) . b4) & b3 is_closed_on Initialize ((StepTimes b2,b3,b1) . b4) & ((StepTimes b2,b3,b1) . b4) . (1 -stRWNotIn ({b2} \/ (UsedIntLoc b3))) > 0 holds
((StepTimes b2,b3,b1) . (b4 + 1)) | ((UsedIntLoc b3) \/ FinSeq-Locations ) = (IExec b3,((StepTimes b2,b3,b1) . b4)) | ((UsedIntLoc b3) \/ FinSeq-Locations )
proof end;

theorem Th21: :: SFMASTR2:21
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction
for b4 being Nat st ( ProperTimesBody b2,b3,b1 or b3 is parahalting ) & b4 < b1 . b2 & ( b1 . (intloc 0) = 1 or not b2 is read-only ) holds
((StepTimes b2,b3,b1) . (b4 + 1)) | ((UsedIntLoc b3) \/ FinSeq-Locations ) = (IExec b3,((StepTimes b2,b3,b1) . b4)) | ((UsedIntLoc b3) \/ FinSeq-Locations )
proof end;

theorem Th22: :: SFMASTR2:22
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being Macro-Instruction st b1 . b2 <= 0 & b1 . (intloc 0) = 1 holds
(IExec (times b2,b3),b1) | ((UsedIntLoc b3) \/ FinSeq-Locations ) = b1 | ((UsedIntLoc b3) \/ FinSeq-Locations )
proof end;

theorem Th23: :: SFMASTR2:23
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction
for b4 being Nat st b1 . b2 = b4 & ( ProperTimesBody b2,b3,b1 or b3 is parahalting ) & ( b1 . (intloc 0) = 1 or not b2 is read-only ) holds
(IExec (times b2,b3),b1) | (Int-Locations \/ FinSeq-Locations ) = ((StepTimes b2,b3,b1) . b4) | (Int-Locations \/ FinSeq-Locations )
proof end;

theorem Th24: :: SFMASTR2:24
for b1 being State of SCM+FSA
for b2 being Int-Location
for b3 being good Macro-Instruction st b1 . (intloc 0) = 1 & ( ProperTimesBody b2,b3,b1 or b3 is parahalting ) holds
( times b2,b3 is_closed_on b1 & times b2,b3 is_halting_on b1 )
proof end;

definition
let c4 be read-write Int-Location ;
func triv-times c1 -> Macro-Instruction equals :: SFMASTR2:def 4
 times a1,((while=0 a1,(Macro (a1 := a1))) ';' (SubFrom a1,(intloc 0)));
correctness
coherence
times c4,((while=0 c4,(Macro (c4 := c4))) ';' (SubFrom c4,(intloc 0))) is Macro-Instruction;
;
end;

:: deftheorem Def4 defines triv-times SFMASTR2:def 4 :
for b1 being read-write Int-Location holds triv-times b1 = times b1,((while=0 b1,(Macro (b1 := b1))) ';' (SubFrom b1,(intloc 0)));

theorem Th25: :: SFMASTR2:25
for b1 being State of SCM+FSA
for b2 being read-write Int-Location st b1 . b2 <= 0 holds
(IExec (triv-times b2),b1) . b2 = b1 . b2
proof end;

theorem Th26: :: SFMASTR2:26
for b1 being State of SCM+FSA
for b2 being read-write Int-Location st 0 <= b1 . b2 holds
(IExec (triv-times b2),b1) . b2 = 0
proof end;

definition
let c4, c5 be Int-Location ;
set c6 = 1 -stRWNotIn {c4,c5};
set c7 = 1 -stNotUsed (times c4,((AddTo c5,(1 -stRWNotIn {c4,c5})) ';' (swap c5,(1 -stRWNotIn {c4,c5}))));
func Fib-macro c1,c2 -> Macro-Instruction equals :: SFMASTR2:def 5
(((((1 -stNotUsed (times a1,((AddTo a2,(1 -stRWNotIn {a1,a2})) ';' (swap a2,(1 -stRWNotIn {a1,a2}))))) := a1) ';' (SubFrom a2,a2)) ';' ((1 -stRWNotIn {a1,a2}) := (intloc 0))) ';' (times a1,((AddTo a2,(1 -stRWNotIn {a1,a2})) ';' (swap a2,(1 -stRWNotIn {a1,a2}))))) ';' (a1 := (1 -stNotUsed (times a1,((AddTo a2,(1 -stRWNotIn {a1,a2})) ';' (swap a2,(1 -stRWNotIn {a1,a2}))))));
correctness
coherence
(((((1 -stNotUsed (times c4,((AddTo c5,(1 -stRWNotIn {c4,c5})) ';' (swap c5,(1 -stRWNotIn {c4,c5}))))) := c4) ';' (SubFrom c5,c5)) ';' ((1 -stRWNotIn {c4,c5}) := (intloc 0))) ';' (times c4,((AddTo c5,(1 -stRWNotIn {c4,c5})) ';' (swap c5,(1 -stRWNotIn {c4,c5}))))) ';' (c4 := (1 -stNotUsed (times c4,((AddTo c5,(1 -stRWNotIn {c4,c5})) ';' (swap c5,(1 -stRWNotIn {c4,c5})))))) is Macro-Instruction;
;
end;

:: deftheorem Def5 defines Fib-macro SFMASTR2:def 5 :
for b1, b2 being Int-Location holds Fib-macro b1,b2 = (((((1 -stNotUsed (times b1,((AddTo b2,(1 -stRWNotIn {b1,b2})) ';' (swap b2,(1 -stRWNotIn {b1,b2}))))) := b1) ';' (SubFrom b2,b2)) ';' ((1 -stRWNotIn {b1,b2}) := (intloc 0))) ';' (times b1,((AddTo b2,(1 -stRWNotIn {b1,b2})) ';' (swap b2,(1 -stRWNotIn {b1,b2}))))) ';' (b1 := (1 -stNotUsed (times b1,((AddTo b2,(1 -stRWNotIn {b1,b2})) ';' (swap b2,(1 -stRWNotIn {b1,b2}))))));

theorem Th27: :: SFMASTR2:27
for b1 being State of SCM+FSA
for b2, b3 being read-write Int-Location st b2 <> b3 holds
for b4 being Nat st b4 = b1 . b2 holds
( (IExec (Fib-macro b2,b3),b1) . b3 = Fib b4 & (IExec (Fib-macro b2,b3),b1) . b2 = b1 . b2 )
proof end;