The Dafny program below doesn’t verify but should. It seems to be something to do with the translation of user-defined generic types, since if I change the type of MakePtr's return value (ptr) it goes through, as noted in the comment.
At the Boogie level, the ensures of MakePtr tells us, essentially:
```
assume Map#Domain(_module.HostEnvironment.heap($Heap, env#0))[_module.__default.ToU(#$Ptr$T, $Heap, myptr#0)];
```
whereas the assert in test is:
```
assert Map#Domain(_module.HostEnvironment.heap($Heap, env#0))[_module.__default.ToU(#$Ptr, $Heap, myptr#0)];
```
The mismatch comes down the use of `#$Ptr$T` as the argument to ToU in the ensures versus the use of `#$Ptr` in the assertion.
```
type U(==)
function ToU<T>(t:T) : U
type Ptr<T>
class HostEnvironment{
function{:axiom} heap():map<U,U> reads this;
}
method {:axiom} MakePtr<T>(v:T, ghost env:HostEnvironment) returns (ptr:Ptr<T>) // Using int or seq<T> instead of Ptr<T> eliminates the problem
requires env != null;
modifies env;
ensures ToU(ptr) in env.heap();
method test(ghost env:HostEnvironment)
requires env != null;
modifies env;
{
var myptr := MakePtr(0, env);
assert ToU(myptr) in env.heap();
}
```