From: "Frédéric Praca" <frederic.praca@free.fr>
Subject: [Spark] Proving GCD
Date: 16 Mar 2017 20:31:55 GMT
Date: 2017-03-16T21:31:55+01:00 [thread overview]
Message-ID: <58caf63b$0$24793$426a74cc@news.free.fr> (raw)
Hi guys,
sorry for the first message, I clicked on the wrong button :D
I'm trying to train myself on Spark and I tried to see if a simple
function like GCD could be proved.
I created the following :
GCD_Package is
pragma SPARK_Mode;
pragma Assertion_Policy(Check);
function gcd (A : Natural; B : Positive) return Natural
with
Global => null,
Depends => (gcd'Result => (A,B)),
Post => gcd'Result <= A and A mod gcd'Result = 0 and B mod
gcd'Result = 0 ;
end GCD_Package;
package body GCD_Package is
pragma SPARK_Mode;
function gcd (A : Natural; B : Positive) return Natural is
Value : Natural;
Temp : Natural; Local_B : Natural := B;
Local_A : Natural := A;
begin
if A = 0 then
value := B;
else
while Local_B > 0 loop
pragma Loop_Variant (Decreases => Local_B);
Temp := Local_B;
Local_B := Local_A mod Local_B;
Local_A := Temp;
end loop;
value := Local_A;
end if;
return value;
end Gcd;
end GCD_Package;
The answer is always "postcondition might fail" and I don't know what to
do.
Do you have an idea on how to discharge all VCs and thus prove this code ?
Thanks
Fred
next reply other threads:[~2017-03-16 20:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-16 20:31 Frédéric Praca [this message]
2017-03-17 1:20 ` [Spark] Proving GCD Brian Kolden
2017-03-17 9:07 ` Frédéric PRACA
2017-04-05 23:52 ` moy
-- strict thread matches above, loose matches on Subject: below --
2017-03-16 20:27 Frédéric Praca
2017-03-17 9:33 ` Frédéric PRACA
2017-03-17 13:00 ` Phil Thornley
2017-03-17 13:24 ` Frédéric PRACA
2017-03-17 13:28 ` Frédéric PRACA
2017-03-17 17:16 ` Phil Thornley
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox