Function leads_to_stable
Source pub proof fn leads_to_stable<T>(
spec: TempPred<T>,
next: TempPred<T>,
p: TempPred<T>,
q: TempPred<T>,
)
Expand description
requiresspec.entails(always(q.and(next).implies(later(q)))),
spec.entails(always(next)),
spec.entails(p.leads_to(q)),
ensuresspec.entails(p.leads_to(always(q))),
Prove p ⇝ □q by showing that q is preserved.
§Preconditions
spec ⊧ □(q ∧ next ⇒ q')spec ⊧ □nextspec ⊧ p ⇝ q
§Postconditions