Below is the entry for a KeY Dynamic Logic problem file (.key). The file is prooved when I run in using the KeY theorem proover. Why does this KeY dynamic logic problem get prooved, surely incrementing a java int of 2147483647 by 1 should be -2147483648?
\programVariables {
int i;
}
\problem {
{i:=Integer.MAX_VALUE}
\<{
i++;
}\> i=2147483648
}
On
KeY allows more options for integer overflow. They are accessible with Options-> Taclet Options -> intRules (or probably something similar in other versions).
One option, the default one in my case, ignores overflow and proved the problem, the other two warn about overflow or behave exactly like java and didn't prove the problem. I tried this with version 2.6.3 (otherwise it could still be a bug in your version or one not always triggering, but this seems unlikely).
The solution is to make adjustments to both the Taclet Options and Proof Search Strategy.
Options -> Taclet Options -> intRules -> intRules:javaSemantics
Proof Search Strategy (tab) -> Arithmatic Treatment -> Model Search OR DefOps
I feel the default configuration should extactly reflect Java semantics as the whole point to do verification on Java. I understand there would be some specific scenarios where it would be useful to deviate from the actual Java semantics however this should not be the default case.