From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,5aa1f17e1cbe0afb,start
X-Google-Attributes: gid103376,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!postnews.google.com!y21g2000hsf.googlegroups.com!not-for-mail
From: Jacob Sparre Andersen <jspa@nykredit.dk>
Newsgroups: comp.lang.ada
Subject: SPARK and static unit checking?
Date: Fri, 11 Apr 2008 02:59:20 -0700 (PDT)
Organization: http://groups.google.com
Message-ID: 
 <af9b42f7-b24c-4ca5-8a49-1ea9c15e1f37@y21g2000hsf.googlegroups.com>
NNTP-Posting-Host: 195.249.127.231
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Trace: posting.google.com 1207907961 10621 127.0.0.1 (11 Apr 2008 09:59:21
 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Fri, 11 Apr 2008 09:59:21 +0000 (UTC)
Complaints-To: groups-abuse@google.com
Injection-Info: y21g2000hsf.googlegroups.com; posting-host=195.249.127.231;
	posting-account=UqUC7goAAAAaIopcWPSUmIYxkLwIeB6X
User-Agent: G2/1.0
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
 .NET
	CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1; .NET CLR 3.0.04506.648;
 .NET CLR
	3.5.21022),gzip(gfe),gzip(gfe)
Xref: g2news1.google.com comp.lang.ada:20877
Date: 2008-04-11T02:59:20-07:00
List-Id: <comp.lang.ada>

I have found a rather annoying (but in some ways very reasonable) rule
in SPARK:

   You are not allowed to (re)declare operators for a type.

This prevents me from using my standard trick for static unit type
checking:

   type Length is private;
   function "+" (L, R : Length) return Length; -- not SPARK
   ...
   Meter : constant Length;

   type Area is private;
   function "*" (L, R : Length) return Area; -- not SPARK
   ...

I have an idea for a (clumsy) solution:  Generate two packages with
the same types (name-wise).  The one as above, the other simply as:

   type Length is new Float;
   type Area is new Float;

Then I can use the liberal version with the SPARK tools, and swap the
restrictive in for the proper compilation.

Any proposals for an elegant solution?

Jacob
--
[ I left my signature generator at home. ]