From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: The future of Spark . Spark 2014 : a wreckage
Date: Thu, 11 Jul 2013 19:21:16 -0500
Date: 2013-07-11T19:21:16-05:00 [thread overview]
Message-ID: <krni5s$uum$1@loke.gir.dk> (raw)
In-Reply-To: alpine.DEB.2.10.1307112112110.8707@debian
<Stefan.Lucks@uni-weimar.de> wrote in message
news:alpine.DEB.2.10.1307112112110.8707@debian...
On Wed, 10 Jul 2013, Randy Brukardt wrote:
...
>> ... (detailed and possibly interesting examples of Depends removed)
>>
>> ...
>>> Without "Depends", your cool analysis tool verifying all pre- and
>>> postconditions will not catch this bug.
>>
>> Sure, but so what? It's a fools game to try to catch all bugs, it not
>> even a
>> worthwhile goal. (That's essentially where Spark goes wrong, in my view.)
>
>Who said, catch all bugs? I didn't.
You want to catch this very unlikely bug, and add a giant pile of extra junk
annotations for this purpose. My contention is that it won't catch enough
bugs by itself to be worth the complication.
>> What I care about is extending what Ada already does well: catch the
>> low-hanging fruit of bugs.
>
>By my own experience, having worked occasionally with SPARK, information
>flow analysis actually catches a lot of errors -- even without having
>specified any pre- or postconditions. In other words, SPARK's information
>flow analysis actually gives you the low-hanging fruits you mention.
Preconditions (and constraints) come first. You write them before you write
any bodies, before you write any comments even - they're an integral part of
the specification of a subprogram. So the situation you speak of isn't even
possible.
Moreover, the vast majority of the information in "Depends" is already in
the Ada subprogram specification (once you include its pre and
postconditions). The question is how much it adds to already properly
annotated subprograms, not what happens when the tools are misused.
I don't care at all about "after-the-fact" addition of these things. Hardly
anyone is going to be adding annotations to existing packages (it's not
clear whether we're ever going to do that for the language-defined
packages).
>The fruits (well, bugs) you catch by employing pre- and postconditions are
>a bit higher, actually. At least, that is what I gather from my own
>experience YMMV.
Your experience seems to have been on annotating existing code, and doing it
backwards ("depends" first). I can see why you might have annotated existing
code that way, but that's not a goal or concern of mine. I'm only interested
in new code, and code that's written properly (that is, the parameter modes
tell one the data flow).
>Did you ever actually work with SPARK?
No, there wasn't a free version when I was interested. And now that there is
a free version, I'm no longer interested because it is too restricted to be
useful in any of my code. And it tries to do too much as well.
Randy.
next prev parent reply other threads:[~2013-07-12 0:21 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-08 17:56 The future of Spark . Spark 2014 : a wreckage vincent.diemunsch
2013-07-08 19:24 ` Simon Wright
2013-07-08 20:59 ` Florian Weimer
2013-07-09 7:40 ` Dmitry A. Kazakov
2013-07-09 8:30 ` Georg Bauhaus
2013-07-09 8:58 ` Dmitry A. Kazakov
2013-07-09 10:27 ` G.B.
2013-07-09 11:13 ` G.B.
2013-07-09 15:14 ` Adam Beneschan
2013-07-09 22:51 ` Robert A Duff
2013-07-10 7:49 ` Dmitry A. Kazakov
2013-07-10 8:21 ` Georg Bauhaus
2013-07-08 21:32 ` Randy Brukardt
2013-07-09 7:28 ` Dmitry A. Kazakov
2013-07-09 11:29 ` Simon Wright
2013-07-09 12:22 ` Dmitry A. Kazakov
2013-07-09 20:37 ` Randy Brukardt
2013-07-10 10:03 ` Dmitry A. Kazakov
2013-07-10 23:21 ` Randy Brukardt
2013-07-11 7:44 ` Dmitry A. Kazakov
2013-07-11 22:28 ` Randy Brukardt
2013-07-12 8:02 ` Dmitry A. Kazakov
2013-07-12 21:16 ` Randy Brukardt
2013-07-14 10:19 ` Dmitry A. Kazakov
2013-07-14 15:57 ` Georg Bauhaus
2013-07-16 0:16 ` Randy Brukardt
2013-07-17 1:30 ` Shark8
2013-07-17 23:08 ` Randy Brukardt
2013-07-18 7:19 ` Dmitry A. Kazakov
2013-07-19 4:36 ` Randy Brukardt
2013-07-16 0:13 ` Randy Brukardt
2013-07-16 8:37 ` Dmitry A. Kazakov
2013-07-16 22:13 ` Randy Brukardt
2013-07-17 7:59 ` Dmitry A. Kazakov
2013-07-17 23:26 ` Randy Brukardt
2013-07-18 7:37 ` Dmitry A. Kazakov
2013-07-19 4:32 ` Randy Brukardt
2013-07-19 7:16 ` Dmitry A. Kazakov
2013-07-20 5:32 ` Randy Brukardt
2013-07-20 9:06 ` Dmitry A. Kazakov
2013-07-12 1:01 ` Slow? Ada?? Bill Findlay
2013-07-09 7:57 ` The future of Spark . Spark 2014 : a wreckage Stefan.Lucks
2013-07-09 20:46 ` Randy Brukardt
2013-07-10 8:03 ` Stefan.Lucks
2013-07-10 12:46 ` Simon Wright
2013-07-10 23:10 ` Randy Brukardt
2013-07-11 19:23 ` Stefan.Lucks
2013-07-12 0:21 ` Randy Brukardt [this message]
2013-07-12 9:12 ` Stefan.Lucks
2013-07-12 20:47 ` Randy Brukardt
2013-08-05 5:43 ` Paul Rubin
2013-07-10 12:19 ` vincent.diemunsch
2013-07-10 16:02 ` Simon Wright
2013-07-11 0:36 ` Randy Brukardt
2013-07-11 6:19 ` Simon Wright
2013-07-11 23:11 ` Randy Brukardt
2013-07-11 10:10 ` vincent.diemunsch
2013-07-11 14:23 ` Dmitry A. Kazakov
2013-07-12 0:07 ` Randy Brukardt
2013-07-12 0:00 ` Randy Brukardt
2013-07-12 7:25 ` Simon Wright
2013-07-12 20:07 ` Randy Brukardt
2013-07-12 14:23 ` Robert A Duff
2013-07-12 20:14 ` Randy Brukardt
2013-07-11 23:50 ` Shark8
2013-07-08 23:18 ` Peter C. Chapin
2013-07-09 7:34 ` Stefan.Lucks
2013-07-09 15:21 ` Adam Beneschan
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox