From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00,
	FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: a07f3367d7,78ff7923606282ea,start
X-Google-Attributes: gida07f3367d7,public,usenet
X-Google-NewGroupId: yes
X-Google-Language: ENGLISH,ASCII-7-bit
X-Received: by 10.224.217.195 with SMTP id hn3mr7338170qab.5.1366272846893;
        Thu, 18 Apr 2013 01:14:06 -0700 (PDT)
X-Received: by 10.49.127.145 with SMTP id ng17mr1003593qeb.9.1366272846872;
 Thu, 18 Apr 2013 01:14:06 -0700 (PDT)
Path: 
 ef9ni9qab.0!nntp.google.com!cj1no4064882qab.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
Newsgroups: comp.lang.ada
Date: Thu, 18 Apr 2013 01:14:06 -0700 (PDT)
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com;
 posting-host=195.182.34.201;
 posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S
NNTP-Posting-Host: 195.182.34.201
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <0dbac307-0c0c-4883-8644-d1ffc25419f8@googlegroups.com>
Subject: SPARK - division by zero problem
From: Maciej Sobczak <see.my.homepage@gmail.com>
Injection-Date: Thu, 18 Apr 2013 08:14:06 +0000
Content-Type: text/plain; charset=ISO-8859-1
Date: 2013-04-18T01:14:06-07:00
List-Id: <comp.lang.ada>

While playing with SPARK (I also agree that comp.lang.ada is adequate for SPARK content) I have found a problem that can be shown in the following stripped-down example:

<my_package.ads>
package My_Package is

    procedure Divide (X : in Integer; Y : in Integer; Z : out Integer);
    --# derives Z from X, Y;
    --# pre Y /= 0;
    --# post Z = X / Y;

end My_Package;

<my_package.adb>
package body My_Package is

    procedure Divide (X : in Integer; Y : in Integer; Z : out Integer) is
    begin
        Z := X / Y;  -- this is line 5
    end Divide;

end My_Package;

In this example I would expect the VC associated with rtc on line 5 above to be discharged based on the hypothesis from Divide's precondition: that is, Y is known to be non-zero, so division by zero in line 5 cannot happen.

Tools are invoked in the following order:

$ sparkmake
$ spark -index_file=spark.idx -vcg -config_file=config.cfg -output_dir=spark my_package.adb
$ sparksimp
$ pogs

The summary says that the VC in question in undischarged.
Is there anything missing?

The tools come from Ubuntu packages and announce themselves as GPL 2011.

-- 
Maciej Sobczak * http://www.msobczak.com * http://www.inspirel.com