Re: Lost in translation (with SPARK user rules)

comp.lang.ada
 help / color / mirror / Atom feed

From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Subject: Re: Lost in translation (with SPARK user rules)
Date: Wed, 26 May 2010 22:14:48 +0200
Date: 2010-05-26T22:14:45+02:00	[thread overview]
Message-ID: <1jo6gjejsy828$.e9dx6txqbazd$.dlg@40tude.net> (raw)
In-Reply-To: op.vdbu2ksqxmjfy8@garhos

On Wed, 26 May 2010 21:28:58 +0200, Yannick Duchï¿½ne (Hibou57) wrote:

> Le Wed, 26 May 2010 16:28:20 +0200, Dmitry A. Kazakov  
> <mailbox@dmitry-kazakov.de> a ï¿½crit:
>> Yes. I think this could be a direction in which Ada should evolve. It
>> should have a modular part equivalent to SPARK, which can be used with
>> certain compilation units. So that the programmer could choose the level  
>> of
>> safety he is ready to invest into.
> 
> Please, tell more : you mean a kind of pragma or compiler option like the  
> ones there is for runtime checks ?

No run time checks, but an option to tell more about the contract, with
enforced static checks, that this indeed hold. If you have no time, no
guts, or when the algorithm does not allow certain proofs, you just do not
make promises you cannot keep and go further.

> By the way, that's an opportunity for two other ideas : why not integrate  
> the SPARK language definition in the Ada standard ? We may have wordings  
> in the Ada reference or the annotated reference, stating that is and that  
> is allowed or disallowed with SPARK.

I think it should be more than just two levels. But yes, each language
construct and each library operation shall have a contract.

> Actually, how can you test an compiler  
> compliance with SPARK ? I feel you can do it only for full Ada.

Likely yes, because there exist legal Ada programs, such that no Ada
compiler could compile.

>> It would be nice to be able to start the project at some middle level (a
>> bit higher than of present Ada, but lower than SPARK), and then gradually
>> adjust it, as the project evolves.

> Like ensuring it is written in a valid SPARK syntax before we know if this  
> part will really be semantically checked or not ?

Rather by refining the contracts. When you feel that the implementation is
mature, you can add more promises to the contract of and see if they hold
(=provable). If they don't you could try to re-implement some parts of it.
When you feel that it takes too much time, is impossible to prove, you can
drop the idea to do it formally. You will sill have a gain of deeper
understanding how the thing works and could document why do you think it is
correct, even if that is not formally provable.

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de

next prev parent reply	other threads:[~2010-05-26 20:14 UTC|newest]

Thread overview: 46+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-26 10:09 Lost in translation (with SPARK user rules) Yannick Duchêne (Hibou57)
2010-05-26 10:38 ` Phil Thornley
2010-05-26 10:57   ` Yannick Duchêne (Hibou57)
2010-05-26 14:15     ` Pascal Obry
2010-05-26 14:28       ` Dmitry A. Kazakov
2010-05-26 19:28         ` Yannick Duchêne (Hibou57)
2010-05-26 20:14           ` Dmitry A. Kazakov [this message]
2010-05-26 21:14             ` Yannick Duchêne (Hibou57)
2010-05-26 21:15               ` Yannick Duchêne (Hibou57)
2010-05-26 22:01             ` Peter C. Chapin
2010-05-27 12:32               ` Mark Lorenzen
2010-05-27 18:34               ` Pascal Obry
2010-05-27 19:18                 ` Yannick Duchêne (Hibou57)
2010-05-28  9:39                 ` Maciej Sobczak
2010-05-28 11:57                 ` SPARK and testing. Was: " Peter C. Chapin
2010-05-28 12:59                   ` SPARK and testing Peter C. Chapin
2010-05-28 23:06                     ` Yannick Duchêne (Hibou57)
2010-05-26 19:16       ` Lost in translation (with SPARK user rules) Yannick Duchêne (Hibou57)
2010-05-26 19:32         ` Pascal Obry
2010-05-26 20:56           ` Yannick Duchêne (Hibou57)
2010-05-26 22:06           ` Peter C. Chapin
2010-05-27 18:39             ` Pascal Obry
2010-05-26 22:17         ` Peter C. Chapin
2010-05-27 10:11       ` Sockets package in SPARK (Was: Lost in translation (with SPARK user rules)) Jacob Sparre Andersen
2010-05-27 18:41         ` Pascal Obry
2010-05-27 19:20           ` Yannick Duchêne (Hibou57)
2010-05-28  7:43             ` Sockets package in SPARK Jacob Sparre Andersen
2010-05-27  8:13     ` Lost in translation (with SPARK user rules) Yannick Duchêne (Hibou57)
2010-05-27 10:55       ` Yannick Duchêne (Hibou57)
2010-05-27 11:32         ` Yannick Duchêne (Hibou57)
2010-05-27 11:41           ` Phil Thornley
2010-05-27 12:42             ` Yannick Duchêne (Hibou57)
2010-05-27 12:22         ` stefan-lucks
2010-05-27 11:37           ` Yannick Duchêne (Hibou57)
2010-05-27 11:57           ` Phil Thornley
2010-05-27 12:36             ` Yannick Duchêne (Hibou57)
2010-05-27 13:38               ` Phil Thornley
2010-06-03  2:44                 ` Yannick Duchêne (Hibou57)
2010-05-27 19:53 ` Warren
2010-05-29 23:03 ` Yannick Duchêne (Hibou57)
2010-05-30  6:55   ` Yannick Duchêne (Hibou57)
2010-05-30  9:30     ` Phil Thornley
2010-05-30  9:46       ` Yannick Duchêne (Hibou57)
2010-05-30  9:26   ` Phil Thornley
2010-05-30  9:57     ` Yannick Duchêne (Hibou57)
2010-06-01  5:42 ` Yannick Duchêne (Hibou57)

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox