Clarification for SPARK postconditions on hidden subprograms.

comp.lang.ada
 help / color / mirror / Atom feed

From: xorque <xorquewasp@googlemail.com>
Subject: Clarification for SPARK postconditions on hidden subprograms.
Date: Thu, 25 Jun 2009 18:43:05 -0700 (PDT)
Date: 2009-06-25T18:43:05-07:00	[thread overview]
Message-ID: <898abcf6-7315-4015-9d73-d9365a870294@v2g2000vbb.googlegroups.com> (raw)

Hello.

I'm trying to work out what should be happening regarding the
postcondition
on a function with a hidden body:

  function C_Open_Boundary
    (File_Name : in String;
     Flags     : in Open_Flag_Integer_t;
     Mode      : in Permissions.Mode_Integer_t) return Descriptor_t
  is
    --# hide C_Open_Boundary
    --# return D => (D  = -1 -> Error.Get_Error /= Error.Error_None)
or
    --#             (D /= -1 -> Error.Get_Error  = Error.Error_None);
    ...
  end C_Open_Boundary;

Is a postcondition on a hidden subprogram always assumed to have
been satisfied?

I ask because a subprogram that calls C_Open_Boundary and then
checks the return value against -1 can't seem to work out that
Error.Get_Error won't be equal to Error.Error_None when the value
is equal to -1.

Is it an error in my postcondition?

I will post more of the implementation if necessary, I just don't want
to spam the list with a 100 lines of VCGs...

next             reply	other threads:[~2009-06-26  1:43 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-06-26  1:43 xorque [this message]
2009-06-26  7:55 ` Clarification for SPARK postconditions on hidden subprograms Phil Thornley
2009-06-26  9:29   ` xorque
2009-06-26 10:28     ` Rod Chapman
2009-06-26 10:41       ` xorque
2009-06-26 10:32     ` Phil Thornley

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox