From: Maciej Sobczak <see.my.homepage@gmail.com>
Subject: Re: SPARK internal error?
Date: Tue, 3 Mar 2015 07:33:09 -0800 (PST)
Date: 2015-03-03T07:33:09-08:00 [thread overview]
Message-ID: <cf7fc6ed-d27c-4739-8a3d-3f2b039cdf6c@googlegroups.com> (raw)
In-Reply-To: <md4b3s$suf$1@dont-email.me>
> The following passes and makes gnatprove produce
> warning addressing range/pre/post/loop_invariant:
>
> procedure Sort (A : in out My_Array) is
> begin
> for I in A'Range loop
> declare
> X : My_Array (I .. A'Last) := (others => 0);
Yes, in the line above. But why? We have a precondition that guarantees there are no empty slices here - and even without it, the fact that we are within the for loop over A'Range should already guarantee that both I and A'Last have safe values. Something is wrong here.
And of course, partially sorting a temporary array does not help in the proof that the main array becomes sorted as well...
--
Maciej Sobczak * http://www.inspirel.com/
next prev parent reply other threads:[~2015-03-03 15:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-03 9:54 SPARK internal error? Maciej Sobczak
2015-03-03 12:17 ` G.B.
2015-03-03 12:58 ` G.B.
2015-03-03 15:33 ` Maciej Sobczak [this message]
2015-03-04 8:05 ` Georg Bauhaus
2015-03-04 14:47 ` joakim.strandberg
2015-03-04 22:42 ` Peter Chapin
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox