Formal verification in Scala with Leon