Remove taking the address of local variables

[isubasinghe]

This is a change needed to verify the code (see this page on C parser restrictions), instead of taking the address of local variables we should take the address of a global variable and then copy it over to a local variable. This copy itself isn't really needed, but makes the proof somewhat nicer to express.