SPARK left/right shift.

comp.lang.ada
 help / color / mirror / Atom feed

* SPARK left/right shift.
@ 2009-07-21  9:07 xorque
  2009-07-21  9:21 ` Rod Chapman
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: xorque @ 2009-07-21  9:07 UTC (permalink / raw)


Hi.

What's the "correct" way to get access to left/right shift operations
for modular types in SPARK? I see from the Checker manual that
the proof language is capable of modelling them but then I also see
that the Interfaces package isn't predefined.



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21  9:07 SPARK left/right shift xorque
@ 2009-07-21  9:21 ` Rod Chapman
  2009-07-21  9:31 ` Rod Chapman
  2009-07-21  9:54 ` Rod Chapman
  2 siblings, 0 replies; 9+ messages in thread
From: Rod Chapman @ 2009-07-21  9:21 UTC (permalink / raw)


On Jul 21, 10:07 am, xorque <xorquew...@googlemail.com> wrote:
> Hi.
>
> What's the "correct" way to get access to left/right shift operations
> for modular types in SPARK?

The standard shift/rotate functions in Interfaces
are overloaded, so not legal SPARK.  The way round this is
to declare a "shadow" package that de-overloads them for SPARK.
I'll post an example of how to do it in a minute...
 - Rod



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21  9:07 SPARK left/right shift xorque
  2009-07-21  9:21 ` Rod Chapman
@ 2009-07-21  9:31 ` Rod Chapman
  2009-07-21  9:38   ` xorque
  2009-07-21  9:54 ` Rod Chapman
  2 siblings, 1 reply; 9+ messages in thread
From: Rod Chapman @ 2009-07-21  9:31 UTC (permalink / raw)


OK - it's done as follows.  We create a SPARK "shadow" specification
of
package Interfaces and a new package SPARK_Interfaces for which there
is an Ada version (for the compiler) and a shadow version (for the
Examiner.)

1) Add the following to your Examiner index file:

interfaces spec is in interfaces.shs
spark_interfaces spec is in spark_interfaces.shs

2) interfaces.shs contains

package Interfaces
is
   type Unsigned_32 is mod 2**32;
   -- ... and similarly for other Unsigned_XX types
end Interfaces;

3) spark_interfaces.shs contains

with Interfaces;
--# inherit Interfaces;
package SPARK_Interfaces
is
   function Rotate_Left_32
     (Value  : Interfaces.Unsigned_32;
      Amount : Natural) return Interfaces.Unsigned_32;

end SPARK_Interfaces;

(note this removes the overloading, and declares the function so it's
legal SPARK)

4) spark_interfaces.ads contains

with Interfaces;
package SPARK_Interfaces
is
   function Rotate_Left_32
     (Value  : Interfaces.Unsigned_32;
      Amount : Natural) return Interfaces.Unsigned_32 renames
Interfaces.Rotate_Left;

end SPARK_Interfaces;

(note this _renames_ the original function from Interfaces, so you
still
get the efficiency of the Intrinsic version.)

OK?
 - Rod




^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21  9:31 ` Rod Chapman
@ 2009-07-21  9:38   ` xorque
  0 siblings, 0 replies; 9+ messages in thread
From: xorque @ 2009-07-21  9:38 UTC (permalink / raw)


Rod Chapman wrote:
> OK - it's done as follows...

Looks good.

Thanks very much!



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21  9:07 SPARK left/right shift xorque
  2009-07-21  9:21 ` Rod Chapman
  2009-07-21  9:31 ` Rod Chapman
@ 2009-07-21  9:54 ` Rod Chapman
  2009-07-21 10:00   ` xorque
  2 siblings, 1 reply; 9+ messages in thread
From: Rod Chapman @ 2009-07-21  9:54 UTC (permalink / raw)


xorque,
 If it's not a dumb question: what exactly are you trying to
implement with SPARK?  It seems rather ambitious - you've
been pushing the boundaries a fair bit....
 - Rod Chapman, SPARK Team



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21  9:54 ` Rod Chapman
@ 2009-07-21 10:00   ` xorque
  2009-07-21 10:40     ` Georg Bauhaus
  2009-07-21 10:46     ` Jean-Pierre Rosen
  0 siblings, 2 replies; 9+ messages in thread
From: xorque @ 2009-07-21 10:00 UTC (permalink / raw)

Rod Chapman wrote:
> xorque,
>  If it's not a dumb question: what exactly are you trying to
> implement with SPARK?  It seems rather ambitious - you've
> been pushing the boundaries a fair bit....

Currently, a UTF-8 encoder/decoder.

Quite a few questions I've posted on here have been related
to "toy" projects testing what can be done sanely with this
degree of verification in Ada. I've rarely been disappointed.

I'm not currently writing anything that could be described
as "high-integrity" but I try to use SPARK wherever possible
as I do care deeply about software quality.

^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21 10:00   ` xorque
@ 2009-07-21 10:40     ` Georg Bauhaus
  2009-07-21 10:46     ` Jean-Pierre Rosen
  1 sibling, 0 replies; 9+ messages in thread
From: Georg Bauhaus @ 2009-07-21 10:40 UTC (permalink / raw)


xorque schrieb:

> I'm not currently writing anything that could be described
> as "high-integrity" but I try to use SPARK wherever possible
> as I do care deeply about software quality.

Can I second this?  In writing a double buffer properly,
in particular when varying length characters need to be
handled, SPARK is really helpful, if only to sort out
and document the author's assumptions, omissions, and errors.

Same for a live topsorted structure that is waiting on
my shelf to be finished.



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21 10:00   ` xorque
  2009-07-21 10:40     ` Georg Bauhaus
@ 2009-07-21 10:46     ` Jean-Pierre Rosen
  2009-07-21 11:33       ` xorque
  1 sibling, 1 reply; 9+ messages in thread
From: Jean-Pierre Rosen @ 2009-07-21 10:46 UTC (permalink / raw)


xorque a ï¿½crit :
> Rod Chapman wrote:
>> xorque,
>>  If it's not a dumb question: what exactly are you trying to
>> implement with SPARK?  It seems rather ambitious - you've
>> been pushing the boundaries a fair bit....
> 
> Currently, a UTF-8 encoder/decoder.
> 
FYI:
Rather than inventing your own interface, there is currently a proposal
for coding/decoding functions, see AI05-0137.


-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Visit Adalog's web site at http://www.adalog.fr



^ permalink raw reply	[flat|nested] 9+ messages in thread

* Re: SPARK left/right shift.
  2009-07-21 10:46     ` Jean-Pierre Rosen
@ 2009-07-21 11:33       ` xorque
  0 siblings, 0 replies; 9+ messages in thread
From: xorque @ 2009-07-21 11:33 UTC (permalink / raw)


> Rather than inventing your own interface, there is currently a proposal
> for coding/decoding functions, see AI05-0137.

Unfortunately, in it's current state, that interface isn't possible to
implement in SPARK directly (without a non-SPARK wrapper)
It uses exceptions, returns unconstrained arrays, etc.



^ permalink raw reply	[flat|nested] 9+ messages in thread

end of thread, other threads:[~2009-07-21 11:33 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-07-21  9:07 SPARK left/right shift xorque
2009-07-21  9:21 ` Rod Chapman
2009-07-21  9:31 ` Rod Chapman
2009-07-21  9:38   ` xorque
2009-07-21  9:54 ` Rod Chapman
2009-07-21 10:00   ` xorque
2009-07-21 10:40     ` Georg Bauhaus
2009-07-21 10:46     ` Jean-Pierre Rosen
2009-07-21 11:33       ` xorque

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox