
Unsoundness of partial-correctness CALL/INVOKE rule; ideas for alternatives
===========================================================================

** Restricting class of predicates for this rule, e.g. by having
   predicates over some visible part of the state.

** Counterexamples:
    -- maxstack  for INVOKE
    -- other counterexamples
    
** Addition of predicates whose interpretation is defined inside
   the Hoare rules?

** Using the small-step semantics, temporal-style properties?
   
[ Current strategy: add pieces to state so that we can express
assertions desirable either directly or by computing from the
state. ]