New Post: Beginner question

Your problem appears to relate to this function:

function method {:verify true}  somaDecimal(cs: Decimal, ds: Decimal): Option<Decimal>
  ensures 
    forall cs :: 
      forall ds :: 
        exists bs ::
          Some(bs) == somaDecimal(cs, ds) && 
          conversaoDecimal(bs) == somaNatural(conversaoDecimal(cs), conversaoDecimal(ds))  
{
  match somaDecimalAux(alinhamento(cs, ds), ds) {
    case None => None
    case Some(BooleanoDecimal(b, bs)) =>
      match b {
        case Falso => Some(bs)
        case Verdadeiro => Some(Coeficiente(D1, bs))
      }
  }
}

I think that the ensures clause does not mean what you intended it to. I'm not quite sure what it should mean, but it should probably be more like

datatype Option<T> = None | Some(val:T)
[...]
ensures somaDecimal(cs, ds).Some? ==> conversaoDecimal(somaDecimal(cs, ds).val) == somaNatural(conversaoDecimal(cs), conversaoDecimal(ds))

You can think of the parameters as being implicity universally quantified, so you don't need to quantify them again, The result of a function can be refered to in the postcondition by simply calling the function - i.e. somaDecimal(cs, ds) stands for the result of the function.