Support for invariants on ghost state #2053
Labels
needs design
Technical design work is needed for issue to progress
type: feature request
Issues requesting a new feature or capability
Comments
sauclovian-g
added
needs design
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is currently no explicit support for invariants on pieces of your model. Most significantly, there's no way to declare invariants on state attached to ghost variables. While you can assert the invariant you want explicitly on every precondition and postcondition, doing so is error-prone.
It is not immediately obvious how we want to do this. I'm creating this issue to have a place to discuss it.
One of the concerns/complications is that ghost variables don't have a type until you store something in them. One could change that, but it would probably create a lot of fallout. Another concern is that sometimes invariants are universal and sometimes they need to be established during program intialization.
The text was updated successfully, but these errors were encountered: