From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,FREEMAIL_FROM, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,d144bcd39fd2a06b X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit X-Received: by 10.180.81.40 with SMTP id w8mr9914950wix.0.1356837413783; Sat, 29 Dec 2012 19:16:53 -0800 (PST) Path: i11ni337243wiw.0!nntp.google.com!feeder1.cambriumusenet.nl!82.197.223.103.MISMATCH!feeder3.cambriumusenet.nl!82.197.223.108.MISMATCH!feeder2.cambriumusenet.nl!feed.tweaknews.nl!85.12.40.139.MISMATCH!xlned.com!feeder7.xlned.com!newsfeed10.multikabel.net!multikabel.net!newsfeed20.multikabel.net!border3.nntp.ams.giganews.com!border1.nntp.ams.giganews.com!border4.nntp.ams.giganews.com!border2.nntp.ams.giganews.com!nntp.giganews.com!newsreader4.netcologne.de!news.netcologne.de!news.tele.dk!feed118.news.tele.dk!news.tele.dk!small.news.tele.dk!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!news.stack.nl!zen.net.uk!dedekind.zen.co.uk!reader02.nrc01.news.zen.net.uk.POSTED!not-for-mail From: Phil Thornley Newsgroups: comp.lang.ada Subject: Re: Constraint_Error from arithmetic operations Date: Thu, 27 Dec 2012 15:38:25 -0000 Message-ID: References: <87r4mbrgl8.fsf@mid.deneb.enyo.de> <87wqw3pr8e.fsf@mid.deneb.enyo.de> Reply-To: phil.jpthornley@gmail.com MIME-Version: 1.0 User-Agent: MicroPlanet-Gravity/3.0.4 Organization: Zen Internet NNTP-Posting-Host: 69854686.news.zen.co.uk X-Trace: DXC=Q@44?PjW_eGI>27fALHYIJ]G;bfYi23hD=dR0\ckLKG@WeZ<[7LZNRFiBC[PJ9MgmG6JNOYoB;SJNiD9ME6?=klACD=h;FP In article <87wqw3pr8e.fsf@mid.deneb.enyo.de>, fw@deneb.enyo.de says... > Anyway, I got to the point where I've got useful .siv files, but I've > hit an obstacle: I've got an array > > type Byte is mod 256; > type Data_Array_Index is range 0 .. 2**16 - 1; > type Data_Array is array (Data_Array_Index) of Byte; > > and Data is of type Data_Array_Index, but the Examiner cannot tell > that > > element(data, [offset + 1]) >= 0 > > This comes from an assignment > > Content_Length := Data_Array_Index (Data (Offset + 1)); > > where Content_Length has type Data_Array_Index. > > Should I just avoid modular types? An imported modular value will be assumed to be in range, but because the data are array elements, the hypothesis will be a quantified formula - something like: H1: for_all(i___1 : integer, 0 <= i___1 and i___1 <= 65535 -> 0 <= element(data, [i___1]) and element(data, [i___1]) <= 255) . The Simplifier will only be able to use this to prove element(data, [offset + 1]) >= 0 if it can first prove that offset + 1 is in [0, 65535]. Perhaps this is the problem. Depending on the complexity of the code, it is possible that the conclusion is provable, but not proved by the Simplifier. (If you have Victor and Alt-Ergo included in the distribution then you can try using them to deal with provable VCs that the Simplifier doesn't prove.) If you post SPARKable code then we can give more precise answers. Cheers, Phil