Function leads_to_by_borrowing_inv

pub proof fn leads_to_by_borrowing_inv<T>(
    spec: TempPred<T>,
    p: TempPred<T>,
    q: TempPred<T>,
    inv: TempPred<T>,
)

Expand description

requires

spec.entails(p.and(inv).leads_to(q)),

spec.entails(always(inv)),

ensures

spec.entails(p.leads_to(q)),

Proving p ⇝ q by borrowing the inv.

leads_to_by_borrowing_inv