Another classic mis-specification

• Postcondition for sorting an array

  • ? i,j • i < j ? a[i] <= a[j]

• for i := 1 to n do a[i] := iendfor

• (? i,j • i < j ? a[i] ? a[j]) ? A = permutation(A’)

  • It’s even more complicated if you want to define a stable sorting specification
    • Stable sorting leaves equal keys in the same order as they were

Previous slide

Next slide

Back to first slide

View graphic version