From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00,FREEMAIL_FROM, FREEMAIL_REPLYTO,REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,78ff7923606282ea X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit X-Received: by 10.180.106.232 with SMTP id gx8mr172711wib.2.1366858345917; Wed, 24 Apr 2013 19:52:25 -0700 (PDT) Path: hg5ni24017wib.1!nntp.google.com!feeder1.cambriumusenet.nl!feed.tweaknews.nl!194.109.133.81.MISMATCH!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!border4.nntp.ams.giganews.com!border2.nntp.ams.giganews.com!border3.nntp.ams.giganews.com!border1.nntp.ams.giganews.com!nntp.giganews.com!rt.uk.eu.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!newsfeed.eweka.nl!eweka.nl!feeder3.eweka.nl!212.23.6.68.MISMATCH!zen.net.uk!hamilton.zen.co.uk!reader01.nrc01.news.zen.net.uk.POSTED!not-for-mail From: Phil Thornley Newsgroups: comp.lang.ada Subject: Re: SPARK - division by zero problem Date: Thu, 18 Apr 2013 09:35:48 +0100 Message-ID: References: <0dbac307-0c0c-4883-8644-d1ffc25419f8@googlegroups.com> Reply-To: phil.jpthornley@gmail.com MIME-Version: 1.0 User-Agent: MicroPlanet-Gravity/3.0.4 Organization: Zen Internet NNTP-Posting-Host: 70bc4af4.news.zen.co.uk X-Trace: DXC=[UcCf57aB8bIgV_m`EU;eoa0UP_O8AJol=dR0\ckLKG`WeZ<[7LZNRf1IKCnlfP7odUhLi?]0KG=k>9Ld44A[H=k30FehBjPbWa X-Complaints-To: abuse@zen.co.uk Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Date: 2013-04-18T09:35:48+01:00 List-Id: In article <0dbac307-0c0c-4883-8644-d1ffc25419f8@googlegroups.com>, see.my.homepage@gmail.com says... > > While playing with SPARK (I also agree that comp.lang.ada is adequate for SPARK content) I have found a problem that can be shown in the following stripped-down example: > > > package My_Package is > > procedure Divide (X : in Integer; Y : in Integer; Z : out Integer); > --# derives Z from X, Y; > --# pre Y /= 0; > --# post Z = X / Y; > > end My_Package; > > > package body My_Package is > > procedure Divide (X : in Integer; Y : in Integer; Z : out Integer) is > begin > Z := X / Y; -- this is line 5 > end Divide; > > end My_Package; > > In this example I would expect the VC associated with rtc on line 5 above to be discharged based on the hypothesis from Divide's precondition: that is, Y is known to be non-zero, so division by zero in line 5 cannot happen. > > Tools are invoked in the following order: > > $ sparkmake > $ spark -index_file=spark.idx -vcg -config_file=config.cfg -output_dir=spark my_package.adb > $ sparksimp > $ pogs > > The summary says that the VC in question in undischarged. > Is there anything missing? > > The tools come from Ubuntu packages and announce themselves as GPL 2011. The undischarged VC I get is: procedure_divide_1. H1: y <> 0 . H2: x >= - 2147483648 . H3: x <= 2147483647 . H4: y >= - 2147483648 . H5: y <= 2147483647 . H6: integer__size >= 0 . -> C1: x div y <= 2147483647 . which is false for x = -2147483648, y = -1 Cheers, Phil