Re: Rust's temporal safety for Ada/SPARK

comp.lang.ada
 help / color / mirror / Atom feed

From: moy@adacore.com
Subject: Re: Rust's temporal safety for Ada/SPARK
Date: Wed, 17 May 2017 14:21:47 -0700 (PDT)
Date: 2017-05-17T14:21:47-07:00	[thread overview]
Message-ID: <b6445ff1-1708-4c92-b7b6-5e07144f887c@googlegroups.com> (raw)
In-Reply-To: <lyd1bahray.fsf@pushface.org>

On Monday, May 15, 2017 at 9:07:49 PM UTC+2, Simon Wright wrote:
> (where we have alternate paths to the variable Dest); but SPARK is happy
> and the runtime check isn't triggered, so I suppose the ARM supports
> this (by copy-out?).

Hi Simon, SPARK is happy because there is no problematic aliasing with the code you posted. Since N is of scalar type, it is always passed by copy. Since N is also of mode 'in', it is only copied on entry, not copied back. So the contract you wrote on Add is still valid even if you call it on Dest and Dest. But the postcondition only holds upon returning from Add, not after the call statement. Between these two, the value returned in parameter Dest is copied back in local variable Dest. This is how both the GNAT compiler and the GNATprove analyzer understand it.

> Still, the usage shouldn't pass code review, I think.

I guess it depends on the meaning of the code. If the use of the same value in different parameters is confusing, indeed not. Otherwise, there is nothing wrong with that code.

next prev parent reply	other threads:[~2017-05-17 21:21 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-13 20:33 Rust's temporal safety for Ada/SPARK digitalkevlar
2017-05-13 21:19 ` Jeffrey R. Carter
2017-05-14 10:19   ` Niklas Holsti
2017-05-15 19:07   ` Simon Wright
2017-05-15 19:30     ` Jeffrey R. Carter
2017-05-17 21:21     ` moy [this message]
2017-05-14  3:24 ` Robert Eachus
2017-05-14 16:46 ` digitalkevlar
2017-05-14 17:18   ` Dmitry A. Kazakov
2017-05-14 17:36   ` Jeffrey R. Carter
2017-05-14 19:59     ` Niklas Holsti
2017-05-14 20:43       ` Simon Wright
2017-05-15  7:27         ` Dmitry A. Kazakov
2017-05-14 22:20       ` Dennis Lee Bieber
2017-05-15 16:23       ` Jeffrey R. Carter
2017-05-15 23:19     ` Randy Brukardt
2017-05-16 16:45       ` Shark8
2017-05-16 21:36         ` Randy Brukardt
2017-05-16 23:37           ` Shark8
2017-05-14 21:28 ` moy
2017-05-15 22:59 ` digitalkevlar

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox