From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: a07f3367d7,14da4c08f1736a33,start X-Google-Attributes: gida07f3367d7,public,usenet X-Google-NewGroupId: yes X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!postnews.google.com!v20g2000yqb.googlegroups.com!not-for-mail From: "Peter C. Chapin" Newsgroups: comp.lang.ada Subject: Array initialization in SPARK Date: Thu, 28 Oct 2010 03:13:02 -0700 (PDT) Organization: http://groups.google.com Message-ID: NNTP-Posting-Host: 67.142.175.24 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Trace: posting.google.com 1288260783 21957 127.0.0.1 (28 Oct 2010 10:13:03 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Thu, 28 Oct 2010 10:13:03 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: v20g2000yqb.googlegroups.com; posting-host=67.142.175.24; posting-account=nNN2XAoAAAAvavi7GAVEB_yDQjB_6tZb User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.41 Safari/534.7,gzip(gfe) Xref: g2news1.google.com comp.lang.ada:14889 Date: 2010-10-28T03:13:02-07:00 List-Id: Hello! Consider the following type definition: type Matrix is array(Natural range <>, Natural range <>) of Types.Float8; Now consider the following "obvious" implementation of a matrix transpose procedure: procedure Matrix_Transpose(In_Matrix : in Matrix; Out_Matrix : out Matrix) is begin for I in Natural range Out_Matrix'Range(1) loop for J in Natural range Out_Matrix'Range(2) loop Out_Matrix(I, J) := In_Matrix(J, I); end loop; end loop; end Matrix_Transpose; This procedure makes assumptions about the relative sizes of the two matrix objects. I intend to assert those assumptions using preconditions. However, my question right now is about the initialization of Out_Matrix. As written the Examiner complains that the "initial undefined value of Out_Matrix is used in the definition of Out_Matrix" (or words to that effect). I understand the issue. The assignment inside the loop only assigns to a single matrix element at a time. Thus, for example, the first time it executes the resulting value of Out_Matrix has only one defined element; the rest of the matrix has its "initial undefined value." I understand that SPARK works this way because it can't be expected to track individual array elements because array indexes are dynamic constructs. In the past when I've had this problem I've just used an aggregate to initialize the array. In full Ada I can do Out_Matrix := (others => (others => 0.0)); However, SPARK isn't happy with this. I'm having trouble figuring out what would make SPARK happy here. Actually it would be even better if I could convince the Examiner that the overall effect of the two loops is to initialize the entire Out_Matrix. I'm not keen about spending execution time with an aggregate initialization only to overwrite the initial values anyway. In fact, SPARK complains about doing that sort of thing with scalar values so it certainly doesn't seem like the "SPARK way." Peter