From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,744136b4fae1ff3e
X-Google-Attributes: gid103376,public
X-Google-ArrivalTime: 2003-03-11 12:48:43 PST
Path: 
 archiver1.google.com!news1.google.com!newsfeed.stanford.edu!logbridge.uoregon.edu!kibo.news.demon.net!news.demon.co.uk!demon!diphi.demon.co.uk!jpt
From: JP Thornley <jpt@diphi.demon.co.uk>
Newsgroups: comp.lang.ada
Subject: Re: [Spark] Converting Arrays
Date: Tue, 11 Mar 2003 20:46:20 +0000
Message-ID: <ON9GtiBcskb+IwAh@diphi.demon.co.uk>
References: <slrnb6phge.1gd.lutz@taranis.iks-jena.de>
 <cf2c6063.0303110214.5c978575@posting.google.com>
 <slrnb6rfur.nq.lutz@taranis.iks-jena.de>
NNTP-Posting-Host: diphi.demon.co.uk
Mime-Version: 1.0
Content-Type: text/plain;charset=us-ascii;format=flowed
X-Trace: news.demon.co.uk 1047415722 21671 158.152.212.133 (11 Mar 2003
 20:48:42 GMT)
X-Complaints-To: abuse@demon.net
NNTP-Posting-Date: Tue, 11 Mar 2003 20:48:42 +0000 (UTC)
User-Agent: Turnpike/6.01-S (<Ntoynor5XlNy6FCXNwag1Cjtdc>)
Xref: archiver1.google.com comp.lang.ada:35226
Date: 2003-03-11T20:46:20+00:00
List-Id: <comp.lang.ada>

In article <slrnb6rfur.nq.lutz@taranis.iks-jena.de>, Lutz Donnerhacke 
<lutz@iks-jena.de> writes
[snip]
>
>But how can I write the required pre conditions?
>
>          *******************************************************
>                           Listing of SPARK Text
>       SPARK95 Examiner with VC and RTC Generator Release 6.3 / 11.02
>                           Demonstration Version
>          *******************************************************
>
>
>                       DATE : 11-MAR-2003 11:49:13.68
>
>Line
>   1  with Kernel.Linux_i86;
>   2  --# inherit Kernel, Kernel.Linux_i86;
>   3
>   4  package Kernel.IO is
>   5     pragma Pure;
>   6
>   7     subtype long is Linux_i86.long;
>   8
>   9     type Fullpath is array(Positive range <>) of Character;
>  10     procedure To_Fullpath (s : String; path : out Fullpath);
>  11     --# derives path from s;
>  12     --# pre s'Length < path'Length;
>                            ^1
>*** ( 1) Semantic Error:322: Only imports may be referenced in pre-conditions
>         or return expressions.
>
>  13     pragma Inline (To_Fullpath);
>  14     pragma Inline_Always (To_Fullpath);
>[...]
>5 summarised warning(s), comprising:
>     5 pragma(s)*
>(*Note: the above warnings may affect the validity of the analysis.)
>
>
>

Since you can't write it immediately, the only way is probably to 
declare a proof function:
    --# function Length_Of_Path return Integer;

then the precondition can be
    --# pre s'Length < Length_Of_Path;

You can then write the proof rule for Length_Of_Path:
    to_fullpath_rules(100): length_of_path may_be_replaced_by
                            path__last - path__first + 1 .

Append this to the generated rule file before running the Simplifier.
(The rule number needs to be larger than the highest rule number 
generated by the Examiner).

Cheers,

Phil

-- 
JP Thornley