Thm: If H;s has no negative constants and 
H;s -->* H';s',
then H';s' has no negative constants.

For all H, s, and n.
If noneg(H) and noneg(s) and H;s -->n H';s'
then noneg(H') and noneg(s').

Proof by induction on n:

If n = 0, then H' = H and s' = s. check.

If n > 0, then by induction H;s --> n-1 H''; s'' for some H''; s''
such that noneg(H'') and noneg(s'').

So it suffices to show that if noneg(H'') and noneg(s'') and H'';s''
-> H';s' then noneg(H') and noneg(s').

Lemma: If noneg(H) and noneg(s) and H;s->H';s' then
noneg(H') and noneg(s').

Proof by induction on the height of the derivation thatn H;s -> H';s'.

height = 1
  then one of these rules is at the bottom:
  * while
    then s has the form while e s'' and noneg(e) and noneg(s'').
    furthermore H' = H and s' = if e (s; while e s'') skip
    so noneg(H') and noneg(s')
  * assign rule: just need a lemma:
    If noneg(H) and noneg(e) and H;e V c,
    then noneg(c).
  * if, seq1 are straightforward.
height = n > 1
  then seq2 is the bottommost rule
  so s = s1;s2 and s' = s1';s2
  and H;s1 -> H';s1' by a height n-1 derivation
  so by induction noneg(H') and noneg(s1')
  by assumption noneg(s2) so noneg(s1';s2)

    If noneg(H) and noneg(e) and H;e V c,
    then noneg(c).

  By induction on height of H;e V c.
 
  height = 0 ...

  height = 1 ...

Thm: (If for all H, H;s1 terminates and
H;s2 terminates), then H;(s1;s2) terminates.

That means (if for all H, there exists an n such 
that H;s1 -->n H';skip and
for all H''), then there exists an m such 
H'';s2 -->m H3; skip.

Then using lemma, H;(s1;s2) -->n H';(skip;s2)
Then using seq1 H';(skip;s2) -->1 H';s2
Then using assumption H';s2 -->m H'';skip
and n+1+m is finite.

So lemma: If H;s1 -->n H';s1', then
H;(s1;s2) -->n H'; (s1';s2)

Induction on n:
n=0; then s1=s1'
n >0 then H;s1 -->n-1 H'';s1'' and by induction
that means H;(s1;s2) -->n-1 H'';(s1'';s2).
We also know H'';s1'' --> H';s1'.
So with the previous 2 lines and SEQ2 we're done.