There is currently no explicit support for invariants on pieces of your model. Most significantly, there's no way to declare invariants on state attached to ghost variables. While you can assert the invariant you want explicitly on every precondition and postcondition, doing so is error-prone.

It is not immediately obvious how we want to do this. I'm creating this issue to have a place to discuss it.

One of the concerns/complications is that ghost variables don't have a type until you store something in them. One could change that, but it would probably create a lot of fallout. Another concern is that sometimes invariants are universal and sometimes they need to be established during program intialization.