Re: The future of Spark . Spark 2014 : a wreckage

[Simon Wright <simon@pushface.org>]

vincent.diemunsch@gmail.com writes:

> Same specification in Spark 2014 :
>    procedure Swap
>       with Global  => (In_Out => (X, Y)),
>            Depends => (X => Y,   -- to be read as "X depends on Y"
>                        Y => X);  -- to be read as "Y depends on X"
>
> How are we supposed to guess that "X => Y" means X depends on Y, if
> the arrow goes from X to Y ? In the literature, Flow analysis use
> always Information Flow where arrows follows the real move of
> information. See for instance "SPARK the proven approach of High
> Integrity Software" from John Barn page 311 or the "Dragon Book"
> (Compilers : principles, techniques and tools).

Maybe, but a UML dependency would be read the way that you have quoted.
I don't expect users would guess, I expect they'd RTFM.

> - the syntax makes a complete confusion between a precondition and a
> test : Preconditions are SPECIFICATIONS that insures that the runtime
> tests that the Ada compiler puts in the code will pass. What's the use
> of testing at the entry of a procedure what will be tested in the
> procedure ? Doing the test twice won't impove correctness ! That is
> why proconditions and postconditions must stay as comments.

I assume that after one has done a successful proof of correctness with
SPARK 2014 one will build with a configuration that says that assertions
and predicates are to be ignored (ARM 11.4.2). I suspect that for many
real-time systems you'd need to do this to get timely operation anyway;
nice if the compiler could ensure the Note, "Normally, the boolean
expression in a pragma Assert should not call functions that have
significant side effects when the result of the expression is True, so
that the particular assertion policy in effect will not affect normal
operation of the program.", but that's probably equivalent to the
halting problem.

I wonder whether the same consideration should apply to predicates?

> Expressions functions break the Ada Specification

Expression functions are *in* the Ada Specification! (assuming you mean
the ARM?)