From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=AC_FROM_MANY_DOTS,BAYES_00, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Received: by 10.140.195.2 with SMTP id q2mr10521733qha.5.1444390713004; Fri, 09 Oct 2015 04:38:33 -0700 (PDT) X-Received: by 10.182.24.105 with SMTP id t9mr76868obf.16.1444390712971; Fri, 09 Oct 2015 04:38:32 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!mx02.eternal-september.org!feeder.eternal-september.org!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!peer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!5no74624qgg.0!news-out.google.com!z4ni15803ign.0!nntp.google.com!kq10no16953102igb.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Fri, 9 Oct 2015 04:38:32 -0700 (PDT) Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=95.172.74.53; posting-account=bMuEOQoAAACUUr_ghL3RBIi5neBZ5w_S NNTP-Posting-Host: 95.172.74.53 User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: SPARK: missing case value From: Maciej Sobczak Injection-Date: Fri, 09 Oct 2015 11:38:32 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Received-Bytes: 2274 X-Received-Body-CRC: 2581655908 Xref: news.eternal-september.org comp.lang.ada:27944 Date: 2015-10-09T04:38:32-07:00 List-Id: Consider: type Enum is (A, B, C); procedure Test (E : in Enum) with Pre =3D> E /=3D C is begin case E is when A =3D> null; when B =3D> null; end case; end Test; The Pre contract says that C is never used as a value for E. Still, GNATPro= ve complains about missing case value C in the case statement. The compiler= complains, too. An appropriate subtype (subtype SEnum is Enum range A .. B) can solve this,= but it shows some asymmetry between subtypes and contracts, where I would = expect that the same subsetting effect can be achieved in both ways. Appare= ntly (and according to AARM), the case statement does not take contracts in= to account, but my understanding of the rules is that it would not be again= st the spirit of "covering values that satisfy the predicate". On the other hand, SPARK is supposed to be a subset of Ada, so even if the = above is feasible from the SPARK point of view, it should compile as regula= r Ada as well and compilers are not required to do this level of static ana= lysis. So, SPARK does not do it, because Ada might not be able to keep the = pace. What are your thoughts on this? --=20 Maciej Sobczak * http://www.inspirel.com