search

OpenJML / OpenJML

This is the primary repository for the source code of the OpenJML project. The source code is licensed under GPLv2 because it derives from OpenJDK which is so licensed. The active issues list for OpenJML development is here and the wiki contains information relevant to development. Public documentation for users is at the project website:
http://www.openjml.org
143 stars 33 forks source link

Issues in both ESC and RAC for quantified expressions #766

Open itlchriss opened 2 years ago

itlchriss commented 2 years ago

Hi David,

I am working on a topic of using quantified expressions in verification. In order to use JML, OpenJML has caught my attention. However, I found that there are weird cases in using quantified expressions. First of all, I provide my expressions below,

/*@ensures (\exists boolean x1; x1 == \result; \exists boolean z1; z1 == true; x1 == z1)
            ==>
            (\exists int x2; x2 == number; \exists int z2; (z2 % 2 == 0); x2 == z2);
@*/
/*@ensures (\exists boolean x1; x1 == \result; \exists boolean z1; z1 == false; x1 == z1)
            ==>
            (\exists int x2; x2 == number; \exists int z2; !(z2 % 2 == 0); x2 == z2);
@*/
  1. I found these cases are not always proved to be correct. I have tried them on Mac, they are always correct for ESC, but not in Ubuntu. I hope there can be a reason.
  2. These expressions cannot be used in RAC, the warnings told the current versions may not support the functionality on these expressions. Are there any plan on this :)?
  3. Maybe I am wrong, these expressions may have the same meanings as the following, //@ ensures \result == true ==> number %2 == 0; //@ ensures \result == false ==> !(number %2 == 0); Nevertheless, the quantified expressions are not always working, and these later conditions are always worked.

Thanks and Best Regards, Sincerely, Chriss IT. Leong

davidcok commented 8 months ago

A few comments: