From: Robert Dewar <robert_dewar@my-deja.com>
Subject: Re: Help with Atomic_Components and whole array assignment
Date: Thu, 01 Feb 2001 18:10:47 GMT
Date: 2001-02-01T18:10:47+00:00 [thread overview]
Message-ID: <95c8qu$1nb$1@nnrp1.deja.com> (raw)
In-Reply-To: 95bb20$7jb$1@nnrp1.deja.com
In article <95bb20$7jb$1@nnrp1.deja.com>,
Rod Chapman <r_c_chapman@my-deja.com> wrote:
> This is what we call the "array update anomaly" in SPARK.
Consider
> the simple assignment statement
> A(1) := 0;
> This has information flow "derives A from A" since
> 1 element of A is changed and all the others are preserved,
and
> "0" is a literal constant.
This makes perfectly good sense to me, The array update
notation in these kinds of languages is just a short hand
for
A := A with (1 => 0)
or somesuch, and in that form, it becomes clear that this
derives A from A
>
> The info. flow for a loop is formed (see the maths in Barnes
> or in the Bergeretti/Carre ACM TOPLAS paper) from the
transitive
> closure of the info. flow for its body, so the loop above
does
> indeed have info. flow "derives A from A".
>
> In _general_, the Examiner is not capable of determining that
> all the elements of an array just happen to have been updated
> by a sequence or loop of such statements, and the Examiner
> does not attempt to spot any such special cases.
> (Such as analysis _is_ possible for record fields, though...)
>
> Consider an array A with only 2 elements, and the statements
> A(I) := 0
> A(J) := 1;
> where I and J are variables.
>
> Have we updated all the elements of A? Don't know, so we
have
> to be conservative. (Flow analysis is essentially syntax
driven -
> we do not attempt to solve proof problems during flow
analysis!)
>
> In real life, if we really need a loop to initialise, then
we'd
> do
>
> procedure Init ( A : out A_Type );
> --# derives A from ;
>
> procedure Init ( A : out A_Type )
> is
> --# hide Init;
> begin
> ... -- as before...
> end Init;
>
> instructing the Examiner to believe the spec. and to ignore
the
> body.
> - Rod
>
> Sent via Deja.com
> http://www.deja.com/
>
Sent via Deja.com
http://www.deja.com/
next prev parent reply other threads:[~2001-02-01 18:10 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-01-22 11:22 Help with Atomic_Components and whole array assignment r_c_chapman
2001-01-22 12:51 ` Stuart Palin
2001-01-22 14:16 ` mark_lundquist
2001-01-22 16:09 ` Pat Rogers
2001-01-22 16:29 ` Robert Dewar
2001-01-22 19:52 ` Mark Lundquist
2001-01-30 15:54 ` Tucker Taft
2001-01-30 18:20 ` Robert Dewar
2001-01-31 5:08 ` DuckE
2001-01-31 5:57 ` Robert Dewar
2001-02-01 3:31 ` DuckE
2001-02-02 21:38 ` Mark Lundquist
2001-02-02 23:08 ` Robert Dewar
2001-02-03 1:39 ` tmoran
2001-01-22 16:21 ` Robert Dewar
2001-01-22 16:39 ` r_c_chapman
2001-01-30 15:57 ` Tucker Taft
2001-01-30 18:26 ` Robert Dewar
2001-01-30 21:30 ` Simon Wright
2001-02-01 6:11 ` Robert Dewar
2001-02-06 0:32 ` Richard Kenner
2001-02-06 3:15 ` Robert Dewar
2001-01-31 10:09 ` Rod Chapman
2001-01-31 21:41 ` Tucker Taft
2001-02-01 5:33 ` Robert Dewar
2001-02-01 9:42 ` Rod Chapman
2001-02-01 18:10 ` Robert Dewar [this message]
2001-02-01 13:14 ` SPARK flow analysis (was Help with Atomic_Components and whole array assignment) Stuart Palin
2001-02-01 23:38 ` Help with Atomic_Components and whole array assignment Nick Roberts
2001-02-02 3:45 ` Robert Dewar
2001-02-07 21:40 ` Nick Williams
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox