Verification Challenges
Find The Bug I
Find the bug in the following simple implementation of bubble-sort. Provide an example input for which the bug occurs.
public static ListItem bugSort(ListItem x) {
l_1 recordListNodes(x);
l_2 boolean change = true;
l_3 ListItem p, yn, t, y, head;
l_4 if (x == null)
l_5 return null;
l_6 while (change) {
l_7 p = null;
l_8 change = false;
l_9 y = x;
l_10 yn = y.n;
l_11 while (yn != null) {
l_12 if (y.data > yn.data) { // swap y and yn
l_13 change = true;
l_14 t = yn.n;
l_15 y.n = t;
l_16 yn.n = y;
l_17 if (p == null) {
l_18 x = yn;
l_19 } else {
l_20 p.n = y;
l_21 }
l_22 p = yn;
l_23 yn = t;
l_24 } else {
l_25 p = y;
l_26 y = yn;
l_27 yn = y.n;
l_28 }
l_29 }
l_30 }
l_31 assert permutation(x);
l_32 assert ascendingOrder(x);
l_33 return x;
}
|
Solution in the paper Generating Concrete Counterexamples for
Sound Abstract Interpretation, Erez G., Yahav E., and Sagiv M.
We actually never got around to publishing this paper, but you can find a TR version of it here.