Closed n-osborne closed 10 months ago
Good catch!
I wonder if we should add a list of prohibited variables to the subst_term
function, in order to detect if one of the returned values appears in a term that is a candidate for next_state
. Would that make sense? It could be cleaner to just define another function for that very purpose.
In the following example, which gospel typecheck, we mention the returned value in the postcondition describing the new state.
will happily generate a next-state function pattern matching on the returned value that is not in scope: