From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,e6cf7d66027047db,start
X-Google-Attributes: gid103376,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news1.google.com!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!cyclone1.gnilink.net!gnilink.net!nx01.iad.newshosting.com!newshosting.com!216.196.98.140.MISMATCH!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!backlog2.nntp.dca.giganews.com!nntp.posted.plusnet!news.posted.plusnet.POSTED!not-for-mail
NNTP-Posting-Date: Wed, 01 Apr 2009 14:38:37 -0500
Date: Wed, 01 Apr 2009 20:38:35 +0100
From: Tim Rowe <spamtrap@tgrowe.plus.net>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
Newsgroups: comp.lang.ada
Subject: Newbie question: SPARK verification condition on member of private
 record
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Message-ID: <jsudnfEigqAgX07UnZ2dnUVZ8ridnZ2d@posted.plusnet>
X-Usenet-Provider: http://www.giganews.com
X-Trace: 
 sv3-uPHWp/RKjgD+EFfGucdjc+uAyJcDyuKo+FF8aBG2hceO98Rx5B5KeGef+VB2a/SKaI08DhcYEsGUdn0!Br18KuLCt7JscVlaD2C6nuzk7eai25u68GwcZ1v0G6SYeFLhBz61ztHZIIOeakov/l27tnv28zKn!VrDsb5tbNzYq
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint
 properly
X-Postfilter: 1.3.39
X-Original-Bytes: 2311
Xref: g2news2.google.com comp.lang.ada:5366
Date: 2009-04-01T20:38:35+01:00
List-Id: <comp.lang.ada>

Ok, I've been busily reading all of the spark documentation, and there's 
just one thing I'm stuck on at the moment.

I have:
    subtype Array_Index is Integer range 1..5000;
    type Foo is private;
    function Get_Order(This: in Foo) return Array_Index;
    -- other specifications

and in the private part I have
    type Foo is record
       Highest_Valid_Index: Array_Index;
       -- other definitions
    end record;

The body of Get_Order is simply
    function Get_Order(This: in Foo) return Array_Index is
    begin
       return This.Highest_Valid_Index;
    end Get_Order;

My problem is that I'm getting a proof obligation
H1:    get_order(this) < 5000 .
C1:    fld_highest_valid_index(this) <= 4999 .
If I'm reading that correctly then it's clearly true, but I would like 
to be able to annotate the code so that Examiner knows that 
get_order(this) = fld_highest_valid_index(this). My instinct is to 
annotate Get_Order with
    --# return This.Highest_Valid_Index;
but that's not allowed (" Semantic Error    :  9: Selected components 
are not allowed for This.")

So how should I annotate or restructure the code to make the 
relationship between Get_Order(This) and This.Highest_Valid_Index?

Thanks,

Tim Rowe