From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,8d7393f07c06c5e9 X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII Path: g2news1.google.com!postnews.google.com!f6g2000yqa.googlegroups.com!not-for-mail From: Phil Thornley Newsgroups: comp.lang.ada Subject: Re: Another question about fixed point types. Date: Sun, 29 Aug 2010 10:50:38 -0700 (PDT) Organization: http://groups.google.com Message-ID: <5bb7f0f6-b9f1-42ee-a092-44cc781618d0@f6g2000yqa.googlegroups.com> References: <4c7991c8$0$2375$4d3efbfe@news.sover.net> <62f49eaf-ed47-47c7-a13a-96ca5750b4e8@y11g2000yqm.googlegroups.com> <4c7a44d1$0$2390$4d3efbfe@news.sover.net> <4c7a6d04$0$2390$4d3efbfe@news.sover.net> NNTP-Posting-Host: 80.177.171.182 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: posting.google.com 1283104239 32080 127.0.0.1 (29 Aug 2010 17:50:39 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Sun, 29 Aug 2010 17:50:39 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: f6g2000yqa.googlegroups.com; posting-host=80.177.171.182; posting-account=Fz1-yAoAAACc1SDCr-Py2qBj8xQ-qC2q User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C),gzip(gfe) Xref: g2news1.google.com comp.lang.ada:13821 Date: 2010-08-29T10:50:38-07:00 List-Id: On 29 Aug, 15:20, "Peter C. Chapin" wrote: > On 2010-08-29 08:31, Phil Thornley wrote: > > > I was referring to the SPARK annotation that tells the Examiner which > > predefined type the compiler will use as the base type of a type > > declaration - it's needed for overflow checks and looks like: > > > =A0 =A0type An_Int is range -10_000 .. 10_000; > > =A0 =A0--# assert An_Int'Base is Short_Integer; > > > where the range for Short_Integer is defined in the SPARK > > configuration file > > I see, okay. So am I right in saying that one should provide one of > these annotations for every scalar type definition in a SPARK program? > I'm guessing that by doing so SPARK could prove more automatically since > it would have more information. On the other hand it then becomes my > responsibility to get the base type right. It's all about completing the proofs of overflow checks - where the Simplifier needs to know the range of the base type. Up to and including version 8.1.1 of last year, it was optional whether to include these checks when VCs were generated for run-time checks (generated only if you used the -exp qualifier for the Examiner). But in the recent 2010 version the overflow checks have become mandatory and can't be turned off. It's certainly a good idea to put them in - the coding standards of last project I worked on required a base type assertion for every new integer or floating point type declared. You do have to get them right - OTOH it's always safe to use the smallest possible range for the base type as it doesn't matter if you prove the checks for a more restricted range. For some compilers it's possible to check that the actual base type is what you expected it to be. Cheers, Phil