From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD,
	FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,b36bbdc1595d0665
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,CP1252
Path: 
 g2news1.google.com!news2.google.com!postnews.google.com!k10g2000yqa.googlegroups.com!not-for-mail
From: "cjpsimon@gmail.com" <cjpsimon@gmail.com>
Newsgroups: comp.lang.ada
Subject: Re: SPARK code samples
Date: Thu, 12 Aug 2010 00:16:15 -0700 (PDT)
Organization: http://groups.google.com
Message-ID: 
 <120a78e8-8dfd-48be-bc10-1723982b19b6@k10g2000yqa.googlegroups.com>
References: <1iq8kg021bo4v$.s51i2enx3fzo.dlg@40tude.net>
 <op.vg945ry9xmjfy8@garhos>
	<1lvyv3r0md69x.1cz8ylwiupqva$.dlg@40tude.net> <op.vha0bzhexmjfy8@garhos>
NNTP-Posting-Host: 86.72.218.90
Mime-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1281597375 29507 127.0.0.1 (12 Aug 2010 07:16:15
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Thu, 12 Aug 2010 07:16:15 +0000 (UTC)
Complaints-To: groups-abuse@google.com
Injection-Info: k10g2000yqa.googlegroups.com; posting-host=86.72.218.90;
	posting-account=Iggr9woAAAAgws9p-w0sNB_7y6hLoOxg
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.0; fr; rv:1.9.2.8)
	Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0C),gzip(gfe)
Xref: g2news1.google.com comp.lang.ada:13156
Date: 2010-08-12T00:16:15-07:00
List-Id: <comp.lang.ada>

On 12 ao=FBt, 04:39, Yannick Duch=EAne (Hibou57)
<yannick_duch...@yahoo.fr> wrote:
> Le Wed, 11 Aug 2010 19:33:48 +0200, Dmitry A. Kazakov =A0
> <mail...@dmitry-kazakov.de> a =E9crit:>http://rosettacode.org/wiki/Catego=
ry:Programming_Tasks
>
> > (the first 200 (:-))
>
> > Pick any you wish.
>
> Ok. I choose a first one, the one named A+B:http://rosettacode.org/wiki/A=
%2BB#Ada
>
> I felt it was interesting because it deals with a case of simple I/O, =A0
> which is a first-time issue with SPARK, and because there was the =A0
> opportunity to expose a simple case of validity check.
>
> However, I don't want to post it there straight away, as I came to two =
=A0
> dirty questions. First the implementation I end up with, then the two =A0
> questions.
>
> --------------------------------------------------------------------
>
> with SPARK_IO;
> --# inherit SPARK_IO;
>
> --# main_program;
>
> procedure A_Plus_B
> --# global in out
> --# =A0 =A0SPARK_IO.Inputs,
> --# =A0 =A0SPARK_IO.Outputs;
> --# derives
> --# =A0 =A0SPARK_IO.Inputs from
> --# =A0 =A0 =A0 SPARK_IO.Inputs &
> --# =A0 =A0SPARK_IO.Outputs from
> --# =A0 =A0 =A0 SPARK_IO.Inputs,
> --# =A0 =A0 =A0 SPARK_IO.Outputs;
> is
> =A0 =A0 A =A0 : Integer;
> =A0 =A0 B =A0 : Integer;
> =A0 =A0 Sum : Integer;
>
> =A0 =A0 Process_Is_Valid : Boolean;
> =A0 =A0 Input_Is_OK =A0 =A0 =A0: Boolean;
> =A0 =A0 A_And_B_Sumable =A0: Boolean;
>
> begin
> =A0 =A0 Process_Is_Valid :=3D True;
>
> =A0 =A0 -- Attempt to Read A from Standard Input.
>
> =A0 =A0 SPARK_IO.Get_Integer
> =A0 =A0 =A0 (File =A0=3D> SPARK_IO.Standard_Input,
> =A0 =A0 =A0 =A0Item =A0=3D> A,
> =A0 =A0 =A0 =A0Width =3D> 0,
> =A0 =A0 =A0 =A0Read =A0=3D> Input_Is_OK);
>
> =A0 =A0 if not Input_Is_Ok then
> =A0 =A0 =A0 =A0Process_Is_Valid :=3D False;
> =A0 =A0 end if;
>
> =A0 =A0 -- Attempt to Read B from Standard Input.
>
> =A0 =A0 B :=3D 0;
>
> =A0 =A0 if Process_Is_Valid then
> =A0 =A0 =A0 =A0SPARK_IO.Get_Integer
> =A0 =A0 =A0 =A0 =A0(File =A0=3D> SPARK_IO.Standard_Input,
> =A0 =A0 =A0 =A0 =A0 Item =A0=3D> B,
> =A0 =A0 =A0 =A0 =A0 Width =3D> 0,
> =A0 =A0 =A0 =A0 =A0 Read =A0=3D> Input_Is_OK);
>
> =A0 =A0 =A0 =A0if not Input_Is_Ok then
> =A0 =A0 =A0 =A0 =A0 Process_Is_Valid :=3D False;
> =A0 =A0 =A0 =A0end if;
> =A0 =A0 end if;
>
> =A0 =A0 -- Get A + B checking the sum is valid in the while.
>
> =A0 =A0 Sum :=3D 0;
>
> =A0 =A0 if Process_Is_Valid then
> =A0 =A0 =A0 =A0A_And_B_Sumable :=3D False;
>
> =A0 =A0 =A0 =A0if A >=3D 0 and B >=3D 0 then
> =A0 =A0 =A0 =A0 =A0 if (Integer'Last - A) >=3D B then
> =A0 =A0 =A0 =A0 =A0 =A0 =A0Sum :=3D A + B;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0A_And_B_Sumable :=3D True;
> =A0 =A0 =A0 =A0 =A0 end if;
> =A0 =A0 =A0 =A0elsif A >=3D 0 and B < 0 then
> =A0 =A0 =A0 =A0 =A0 -- Always valid as the sum is
> =A0 =A0 =A0 =A0 =A0 -- in range A..B
> =A0 =A0 =A0 =A0 =A0 Sum :=3D A + B;
> =A0 =A0 =A0 =A0 =A0 A_And_B_Sumable :=3D True;
> =A0 =A0 =A0 =A0elsif A < 0 and B >=3D 0 then
> =A0 =A0 =A0 =A0 =A0 -- Always valid as the sum is
> =A0 =A0 =A0 =A0 =A0 -- in range A..B
> =A0 =A0 =A0 =A0 =A0 Sum :=3D A + B;
> =A0 =A0 =A0 =A0 =A0 A_And_B_Sumable :=3D True;
> =A0 =A0 =A0 =A0elsif A < 0 and B < 0 then
> =A0 =A0 =A0 =A0 =A0 if (Integer'First - A) <=3D B then
> =A0 =A0 =A0 =A0 =A0 =A0 =A0Sum :=3D A + B;
> =A0 =A0 =A0 =A0 =A0 =A0 =A0A_And_B_Sumable :=3D True;
> =A0 =A0 =A0 =A0 =A0 end if;
> =A0 =A0 =A0 =A0end if;
>
> =A0 =A0 =A0 =A0if not A_And_B_Sumable then
> =A0 =A0 =A0 =A0 =A0 Process_Is_Valid :=3D False;
> =A0 =A0 =A0 =A0end if;
> =A0 =A0 end if;
>
> =A0 =A0 -- Write A + B.
>
> =A0 =A0 if Process_Is_Valid then
> =A0 =A0 =A0 =A0SPARK_IO.Put_Integer
> =A0 =A0 =A0 =A0 =A0(File =A0=3D> SPARK_IO.Standard_Output,
> =A0 =A0 =A0 =A0 =A0 Item =A0=3D> Sum,
> =A0 =A0 =A0 =A0 =A0 Width =3D> 0,
> =A0 =A0 =A0 =A0 =A0 Base =A0=3D> 10);
> =A0 =A0 else
> =A0 =A0 =A0 =A0SPARK_IO.Put_Line
> =A0 =A0 =A0 =A0 =A0(File =3D> SPARK_IO.Standard_Output,
> =A0 =A0 =A0 =A0 =A0 Item =3D> "Either the input or the sum was invalid.",
> =A0 =A0 =A0 =A0 =A0 Stop =3D> 0); -- 0 means no extra spaces will be writ=
ten.
> =A0 =A0 end if;
>
> end A_Plus_B;
>
> --------------------------------------------------------------------
>
> Questions:
>
> * The page says the input of both A and B is supposed to be in range =A0
> -1000..+1000. Obviously there is no way to assert this, so I simply =A0
> dropped the assumption. Are you OK ?
>
> * I could have made a test to ensure inputs of A and B is in -1000..+1000=
, =A0
> while this would not avoid the need to check for the sum validity, as =A0
> formally speaking there is no way to assert anything on Integer range. =
=A0
> Second reason to dropped this assumption. OK ?
>

The RM : In an implementation, the range of Integer shall include the
range =962**15+1 .. +2**15=961.

> This case apart, I was thinking giving SPARK examples there, we may not =
=A0
> rely on user defined rules nor on the checker. Things should be provable =
=A0
> as-is.
>
> --
> There is even better than a pragma Assert: a SPARK --# check.
> --# check C and WhoKnowWhat and YouKnowWho;
> --# assert Ada;
> -- =A0i.e. forget about previous premises which leads to conclusion
> -- =A0and start with new conclusion as premise.