Hax promotes a functional style in Rust: it doesn't aim at supporting complex mutation schemes.

We allow:

• &mut arguments on user-defined functions;
• pass &mut arguments to any function or operator;
• use of certain &mut-returning functions.

We disallow:

1. defining &mut-returning functions (see #418);
2. aliasing an &mut-typed variable (i.e. fn f(x: &mut u8) { let y = x; ...}, see #419).