In Go, assigning arrays copies them. Gobra fails to realize this immediately. I got the following to verify:
func f() {
a1 /*@@@*/ := [1]int{0}
// @ assert acc(&a1)
a2 /*@@@*/ := a1
// @ assert a1[0] == 0 // required for verification
// @ assert &a1 != &a2
}
Removing assert a1[0] == 0 leads to a failure in verification of &a1 != &a2. This seems like unwanted behavior as the semantics of copying arrays and how that affects the respective addresses seem quite fundamental.
In Go, assigning arrays copies them. Gobra fails to realize this immediately. I got the following to verify:
Removing
assert a1[0] == 0leads to a failure in verification of&a1 != &a2. This seems like unwanted behavior as the semantics of copying arrays and how that affects the respective addresses seem quite fundamental.