From: Tim Rowe <spamtrap@tgrowe.plus.net>
Subject: Re: Newbie question: SPARK verification condition on member of private record
Date: Fri, 03 Apr 2009 12:26:14 +0100
Date: 2009-04-03T12:26:14+01:00 [thread overview]
Message-ID: <9fGdnfSS-7PEb0jUnZ2dnUVZ8umdnZ2d@posted.plusnet> (raw)
In-Reply-To: <fda46992-7b1c-4b6c-a483-acd3b755748c@f19g2000vbf.googlegroups.com>
roderick.chapman@googlemail.com wrote:
> I concur with Phil. It's almost _always_ better to write
> aggregate expressions and use the array/record update notation
> in postconditions than using field-by-field assignments
> and equalities.
>
> e.g.
>
> Do write
>
> A := T'(X, Y, Z);
>
> Don't write
>
> A.F1 := X;
> A.F2 := Y;
> A.F3 := Z;
Except in this case that makes the VCs a lot more complicated. You
covered that by saying /almost/ always, of course.
> Also...for just
>
> A.F1 := X;
>
> the correct post-condition would be
>
> --# post A = A~[F1 => X];
Except that in this case the type of A is private, so I can't (as far as
I can tell) access its fields from a postcondition.
next prev parent reply other threads:[~2009-04-03 11:26 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-01 19:38 Newbie question: SPARK verification condition on member of private record Tim Rowe
2009-04-01 21:04 ` JP Thornley
2009-04-01 23:50 ` Tim Rowe
2009-04-02 9:00 ` JP Thornley
2009-04-02 12:00 ` Tim Rowe
2009-04-02 15:22 ` JP Thornley
2009-04-02 18:09 ` roderick.chapman
2009-04-03 11:26 ` Tim Rowe [this message]
2009-04-02 23:58 ` Tim Rowe
2009-04-03 13:36 ` JP Thornley
2009-04-06 11:49 ` Tim Rowe
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox