Documentation

LeanPool.Lentil.Rules.StatePred

Theorems specialized for state predicates. Their premises are typically pure Lean propositions involving states before/after an action, instead of being in the form of |-tla-.

theorem TLA.state_preds_and {σ : Type u} (p q : σProp) :
(pq) =tla= (fun (s : σ) => p s q s)
theorem TLA.init_invariant {σ : Type u} {init : σProp} {next : action σ} {inv : σProp} (hinit : ∀ (s : σ), init sinv s) (hnext : ∀ (s s' : σ), next s s'inv sinv s') :
(initnext) |-tla- (inv)