Exercise 1
Consider the program
#include <assert.h>
int __BLAST_NONDET;
void swap1(int *a, int *b) {
int tmp = *a;
*a = *b;
*b = tmp;
}
void* malloc(int k);
void main () {
int *i, *j;
int v1, v2;
i = malloc(4);
j = malloc(4);
*i = v1;
*j = v2;
swap1 (i, j);
swap1 (i, j);
assert ( *i == v1 && *j == v2 );
}
-
Run Blast with
pblast.opt foo.i -craig 1 -predH 7
There is an error trace because Blast does not consider the aliasing
among the variables.
Now run Blastwith
pblast.opt -alias bdd foo.i -craig 1 -predH 7
Blast says that the system is safe.
- Now comment out the second call to swap1 in main.
Check that Blast produces an error trace.
- Now add a second swap routine
void swap2(int *a, int *b) {
*a = *a + *b;
*b = *a - *b;
*a = *a - *b;
}
Replace one of the calls to swap1 with swap2.
Verify that Blast still proves the program correct.
- Consider the following variant of main.
void main () {
int *i, *j;
int v1, v2;
i = malloc(4);
j = malloc(4);
*i = v1;
swap1 (i, i);
assert ( *i == v1 );
}
Does the assertion hold? What happens if you replace swap1 with swap2?
Run Blast and verify in each case.