From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,FORGED_GMAIL_RCVD, FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c3f4071dbfa958f X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!postnews.google.com!x27g2000yqb.googlegroups.com!not-for-mail From: Phil Thornley Newsgroups: comp.lang.ada Subject: Re: Question about SPARK flow error. Date: Sat, 19 Jun 2010 11:03:01 -0700 (PDT) Organization: http://groups.google.com Message-ID: References: <4c1cf6a3$0$30803$4d3efbfe@news.sover.net> NNTP-Posting-Host: 80.177.171.182 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 X-Trace: posting.google.com 1276970581 17421 127.0.0.1 (19 Jun 2010 18:03:01 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Sat, 19 Jun 2010 18:03:01 +0000 (UTC) Complaints-To: groups-abuse@google.com Injection-Info: x27g2000yqb.googlegroups.com; posting-host=80.177.171.182; posting-account=Fz1-yAoAAACc1SDCr-Py2qBj8xQ-qC2q User-Agent: G2/1.0 X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0),gzip(gfe) Xref: g2news2.google.com comp.lang.ada:12791 Date: 2010-06-19T11:03:01-07:00 List-Id: On 19 June, 17:58, "Peter C. Chapin" wrote: [...] > However, if I'm not mistaken that can't actually happen. If the conditional > statement inside the loop never runs, Found will still be False and the > second conditional will definitely execute. Index will receive a value either > inside the loop or later. > > Am I missing something or is this reasoning outside of the abilities of > SPARK's flow analysis? Is there some other idiomatic way I should be handling > this sort of situation? This is, really, outside what the Examiner does in flow analysis - it doesn't look at the executability of paths when reporting flow errors. (That's why the error says "... may be used ...".) So there is a path through the flow graph of the procedure, even though it can never be executed in practice. One way to get rid of the error is to introduce a 'Local_Index' that is set in the loop; then set Index to that value after the loop if Found is True (and your existing code if False). Alternatively, you can add an accept annotation for the error. There shouldn't be any risk of the accept annotation allowing an error through as, if there is a 'real' path through the code that doesn't set Index then there should be an unprovable VC generated by the exit run-time check VC for that path. So the non-existence of an unprovable VC supports the accept annotation. (However I want to try this on some real code before making a firm statement, Ill try that sometime soon.) Cheers, Phil