From: roderick.chapman@googlemail.com
Subject: Re: Newbie question: SPARK verification condition on member of private record
Date: Thu, 2 Apr 2009 11:09:44 -0700 (PDT)
Date: 2009-04-02T11:09:44-07:00 [thread overview]
Message-ID: <fda46992-7b1c-4b6c-a483-acd3b755748c@f19g2000vbf.googlegroups.com> (raw)
In-Reply-To: XQOei4CZgN1JJw9Y@diphi.demon.co.uk
I concur with Phil. It's almost _always_ better to write
aggregate expressions and use the array/record update notation
in postconditions than using field-by-field assignments
and equalities.
e.g.
Do write
A := T'(X, Y, Z);
Don't write
A.F1 := X;
A.F2 := Y;
A.F3 := Z;
Also...for just
A.F1 := X;
the correct post-condition would be
--# post A = A~[F1 => X];
which defines the final value of the whole object, rather than
--# post A.F1 = X;
which defines the final value of A.F1 but leaves the other
2 fields unspecified. Further explanation of all this in the
"Generation of VCs" manual.
- Rod Chapman, SPARK Team
next prev parent reply other threads:[~2009-04-02 18:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-01 19:38 Newbie question: SPARK verification condition on member of private record Tim Rowe
2009-04-01 21:04 ` JP Thornley
2009-04-01 23:50 ` Tim Rowe
2009-04-02 9:00 ` JP Thornley
2009-04-02 12:00 ` Tim Rowe
2009-04-02 15:22 ` JP Thornley
2009-04-02 18:09 ` roderick.chapman [this message]
2009-04-03 11:26 ` Tim Rowe
2009-04-02 23:58 ` Tim Rowe
2009-04-03 13:36 ` JP Thornley
2009-04-06 11:49 ` Tim Rowe
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox