From: Peter Amey <peter.amey@praxis-cs.co.uk>
Subject: subtypes and preconditions (was: subtype of enumeration type)
Date: Tue, 21 Mar 2006 08:37:15 +0000
Date: 2006-03-21T08:37:15+00:00 [thread overview]
Message-ID: <489s9rFhkfqdU1@individual.net> (raw)
In-Reply-To: <skFTf.835639$x96.281917@attbi_s72>
Jeff,
Jeffrey R. Carter wrote:
[snip]
> However, using subtypes is cleaner. I much prefer
>
> function F (A : Natural);
>
> to
>
> function F (A : Integer);
> --# pre A >= 0;
>
> which is often seen in SPARK.
>
I strongly agree. Thoughtful use of subtypes is one of the most useful
things to do in SPARK programs, it greatly assists with exception
freedom proofs.
I suspect the latter form of your function arises because, many years
ago, the SPARK Examiner did not carry type information into verification
conditions. In those far-off days it wouldn't have known that A was >=
0 even if the subype Natural was given. Since about the mid 90s the
Examiner makes full use of all the information deducible from type and
subtype ranges.
[snip]
Peter
next prev parent reply other threads:[~2006-03-21 8:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-20 13:31 subtype of enumeration type Maciej Sobczak
2006-03-20 14:26 ` Larry Kilgallen
2006-03-20 15:18 ` Maciej Sobczak
2006-03-20 15:37 ` Robert A Duff
2006-03-20 20:29 ` Björn Persson
2006-03-20 21:41 ` Jeffrey R. Carter
2006-03-21 8:37 ` Peter Amey [this message]
2006-03-21 17:42 ` subtypes and preconditions Jeffrey R. Carter
2006-03-21 19:00 ` Georg Bauhaus
2006-03-22 1:54 ` Jeffrey R. Carter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox