From: Phil Thornley <phil.jpthornley@gmail.com>
Subject: Re: SPARK : third example for Roesetta - reviewers welcome
Date: Sun, 15 Aug 2010 22:51:42 -0700 (PDT)
Date: 2010-08-15T22:51:42-07:00 [thread overview]
Message-ID: <b9add87d-ce8b-4db8-a0df-5157b610e3ff@y11g2000yqm.googlegroups.com> (raw)
In-Reply-To: op.vhh2zekiule2fv@garhos
On 15 Aug, 23:19, Yannick Duchêne (Hibou57) <yannick_duch...@yahoo.fr>
wrote:
> Le Sun, 15 Aug 2010 22:57:21 +0200, Yannick Duchêne (Hibou57)
> <yannick_duch...@yahoo.fr> a écrit:> I saw something wrong in this version.
>
> Half false alarm, half True alarm: there is not way to have an empty array
> in SPARK. But I don't really enjoy the lack of a test for the empty array
> case, as a SPARK program is always a valid Ada program, and may be
> compiled ignoring any SPARK error as well. This is perfectly possible to
> compile this passing Search an empty array. I would prefer SPARK allow
> empty array, and thus end into the creation of more robust units.
>
> So whatever SPARK says about it, I will get back the test for the empty
> array case.
But if you put that test back in you are going to get flow errors for
the added path - because Position will be exported but no value will
be assigned to it.
There's an interesting general point here - the 'SPARK' assumption is
that the complete program is SPARK, so an empty array can't happen (it
would require a index subtype with 'First > 'Last, which is a semantic
error).
However, if we start to see individual packages being put into the
public domain then the calling program could well be just Ada, so an
empty array becomes a possibility.
My personal view is against changing the code of SPARK operations to
handle non-SPARK constructs, because it will cause all sorts of
problems (like the flow error in this case).
For the examples in Rosetta Code we should just state that assumption
in the accompanying text, since these code samples are for
demonstrating language features rather than providing a source code
library.
But there is still a problem in the real world. Perhaps what is needed
is an 'Ada to SPARK' interface to check for violations. One
possiblity would be for the SPARK operation to become internal to the
package and the body of the visible operation to check that the array
is non-null and only call the internal operation if it's OK (the code
of that operation will probably have to be hidden from the Examiner).
Cheers,
Phil
next prev parent reply other threads:[~2010-08-16 5:51 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-15 6:17 SPARK : third example for Roesetta - reviewers welcome Yannick Duchêne (Hibou57)
2010-08-15 6:27 ` Yannick Duchêne (Hibou57)
2010-08-15 6:35 ` Jeffrey Carter
2010-08-15 6:39 ` Yannick Duchêne (Hibou57)
2010-08-15 18:42 ` Phil Thornley
2010-08-15 19:32 ` Yannick Duchêne (Hibou57)
2010-08-15 20:12 ` Phil Thornley
2010-08-16 10:08 ` Jacob Sparre Andersen
2010-08-15 19:57 ` Yannick Duchêne (Hibou57)
2010-08-15 20:07 ` Yannick Duchêne (Hibou57)
2010-08-15 20:57 ` Yannick Duchêne (Hibou57)
2010-08-15 22:19 ` Yannick Duchêne (Hibou57)
2010-08-16 5:51 ` Phil Thornley [this message]
2010-08-16 16:42 ` Yannick Duchêne (Hibou57)
2010-08-16 17:07 ` Mark Lorenzen
2010-08-15 22:09 ` Jeffrey Carter
2010-08-15 22:27 ` Yannick Duchêne (Hibou57)
2010-08-16 4:58 ` Phil Thornley
2010-08-16 7:50 ` Stephen Leake
2010-08-16 8:37 ` Phil Thornley
2010-08-16 16:55 ` Yannick Duchêne (Hibou57)
2010-08-16 20:40 ` Peter C. Chapin
2010-08-16 22:38 ` Yannick Duchêne (Hibou57)
2010-08-16 23:43 ` Peter C. Chapin
2010-08-17 9:15 ` Phil Thornley
2010-08-17 10:32 ` Peter C. Chapin
2010-08-17 19:53 ` Phil Thornley
2010-08-17 22:15 ` Dmitry A. Kazakov
2010-08-18 10:44 ` Phil Thornley
2010-08-18 16:33 ` Dmitry A. Kazakov
2010-08-19 6:19 ` Categories for SPARK on Rosetta Code (Was: SPARK : third example for Roesetta - reviewers welcome) Jacob Sparre Andersen
2010-08-20 8:40 ` Phil Thornley
2010-08-20 9:15 ` J-P. Rosen
2010-08-20 9:23 ` Dmitry A. Kazakov
2010-08-20 9:55 ` J-P. Rosen
2010-08-20 10:24 ` Dmitry A. Kazakov
2010-08-20 11:36 ` J-P. Rosen
2010-08-20 12:25 ` Dmitry A. Kazakov
2010-08-20 13:28 ` J-P. Rosen
2010-08-20 14:05 ` Dmitry A. Kazakov
2010-08-20 16:23 ` J-P. Rosen
2010-08-20 16:41 ` Dmitry A. Kazakov
2010-08-20 15:34 ` (see below)
2010-08-20 16:42 ` Dmitry A. Kazakov
2010-08-22 8:11 ` Categories for SPARK on Rosetta Code Jacob Sparre Andersen
2010-08-22 8:53 ` Dmitry A. Kazakov
2010-08-20 8:37 ` SPARK : third example for Roesetta - reviewers welcome Phil Thornley
2010-08-17 8:16 ` How to structure examples for Rosetta Code (Was: SPARK : third example for Roesetta - reviewers welcome) Jacob Sparre Andersen
2010-08-17 19:16 ` How to structure examples for Rosetta Code Simon Wright
2010-08-17 20:53 ` Peter C. Chapin
2010-08-17 21:24 ` Simon Wright
2010-08-17 2:07 ` SPARK : third example for Roesetta - reviewers welcome Stephen Leake
2010-08-16 4:41 ` Phil Thornley
2010-08-16 17:03 ` Yannick Duchêne (Hibou57)
2010-08-15 20:04 ` Jacob Sparre Andersen
2010-08-15 20:19 ` Yannick Duchêne (Hibou57)
2010-08-15 21:40 ` Jeffrey Carter
2010-08-15 22:13 ` Yannick Duchêne (Hibou57)
2010-08-16 4:29 ` Phil Thornley
2010-08-16 17:11 ` Phil Thornley
2010-08-20 9:06 ` Phil Thornley
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox