From: Simon Wright <simon@pushface.org>
Subject: SPARK 2014 and protected objects
Date: Tue, 30 Aug 2016 11:34:03 +0100
Date: 2016-08-30T11:34:03+01:00 [thread overview]
Message-ID: <ly1t16k0kk.fsf@pushface.org> (raw)
I'm struggling with a package whose spec has subprograms whose bodies
call a PO declared in the package body, which governs access to volatile
data (an SPI-connected device). gnatprove (2016) wants me to use
Abstract_State and (sometimes) Part_Of, but I can't get the syntax
right. Does anyone have any worked examples?
What I have so far is at http://pastebin.com/HGpH4xL4; the error I get
is
1. package body PO
2. with Refined_State => (State => (Protected_Value,
|
>>> non-external state "State" cannot contain external constituents in refinement
3. Impl))
4. is
5.
6. Protected_Value : Integer := 0
7. with Volatile;
8.
9. protected Impl is
10. procedure Set (Value : Integer);
11. procedure Get (Value : out Integer);
12. end Impl;
If I don't include Impl in the refined state then I get
1. package body PO
|
>>> body of package "PO" has unused hidden states
>>> variable "Impl" defined at line 8
2. with Refined_State => (State => (Protected_Value))
|
>>> non-external state "State" cannot contain external constituents in refinement
3. is
4.
5. Protected_Value : Integer := 0
6. with Volatile;
7.
(I've looked at AdaCore's Certyflie[1], but it looks as though all the
POs are in packages that they don't prove)
[1] https://github.com/AdaCore/Certyflie
next reply other threads:[~2016-08-30 10:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-30 10:34 Simon Wright [this message]
2016-08-30 14:45 ` SPARK 2014 and protected objects Shark8
2016-08-30 15:33 ` Simon Wright
2016-08-30 18:42 ` Simon Wright
2016-08-30 18:47 ` Simon Wright
2016-08-31 0:11 ` Shark8
2016-08-31 7:42 ` Simon Wright
2016-08-31 15:41 ` Shark8
2016-08-31 20:55 ` Simon Wright
2016-09-01 20:07 ` Shark8
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox