From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.66.119.174 with SMTP id kv14mr31586621pab.21.1425375693796; Tue, 03 Mar 2015 01:41:33 -0800 (PST) X-Received: by 10.140.32.34 with SMTP id g31mr73538qgg.21.1425375693707; Tue, 03 Mar 2015 01:41:33 -0800 (PST) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!feeder.erje.net!eu.feeder.erje.net!news.ripco.com!news.glorb.com!hl2no3209440igb.0!news-out.google.com!n6ni190qar.0!nntp.google.com!j7no10453116qaq.1!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 3 Mar 2015 01:41:33 -0800 (PST) In-Reply-To: <56938449-64e8-4e9c-89ef-8d7fa914c9eb@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=31.186.238.53; posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S NNTP-Posting-Host: 31.186.238.53 References: <56938449-64e8-4e9c-89ef-8d7fa914c9eb@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <00de73ba-0430-4528-9f10-cf664a70fa02@googlegroups.com> Subject: Re: SPARK problem with unconstrained arrays From: Maciej Sobczak Injection-Date: Tue, 03 Mar 2015 09:41:33 +0000 Content-Type: text/plain; charset=ISO-8859-1 Xref: news.eternal-september.org comp.lang.ada:25083 Date: 2015-03-03T01:41:33-08:00 List-Id: > Adding this just before line 8 helps: > > pragma Assume (A'First in A'Range); After some exploration I can answer my own question: empty slices. Solution: add precondition to the Find_Min procedure: procedure Find_Min (A : in My_Array; I : out Index) with Pre => A'First <= A'Last, -- ... The earliest added value of formal methods (and SPARK in particular) is in showing us how much we assume of what might not be actually true... -- Maciej Sobczak * http://www.inspirel.com/