From: Simon Wright <simon@pushface.org>
Subject: Re: SPARK and integer arithmetic
Date: Sun, 18 Sep 2016 16:37:44 +0100
Date: 2016-09-18T16:37:44+01:00 [thread overview]
Message-ID: <lyy42p1anr.fsf@pushface.org> (raw)
In-Reply-To: 87poo1a57p.fsf@mid.deneb.enyo.de
Florian Weimer <fw@deneb.enyo.de> writes:
> I'm trying to find out the capabilities of the SPARK when it comes to
> verifying the correctness of integer arithmetic (and absence of
> constraint errors).
>
> The Barnes book (in the 2006 edition) is not really that helpful. I'm
> not even using the current SPARK tools, but the SPARK 2012 GPL
> edition, but the command line options still are different from those
> described in the book.
With SPARK 2016 GPL, which of course uses different syntax, the
correctness of this piece of arithmetic is indeed verified.
package Sum
with SPARK_Mode
is
function Add (A, B : Integer) return Integer
with
Pre => (A in 0 .. 10) and (B in 0 .. 10),
Post => Add'Result = A + B;
end Sum;
package body Sum
with SPARK_Mode
is
function Add (A, B : Integer) return Integer is
begin
return A - B; -- note the error!
end Add;
end Sum;
$ gnatprove -P sum
Phase 1 of 2: generation of Global contracts ...
Phase 2 of 2: flow analysis and proof ...
sum.ads:8:14: medium: postcondition might fail, cannot prove Add'Result = A + B (e.g. when A = 0 and Add'Result = -1 and B = 1)
(I'm surprised gnatprove is so tentative!)
The proof succeeds with the proper operator.
next prev parent reply other threads:[~2016-09-18 15:37 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-18 10:10 SPARK and integer arithmetic Florian Weimer
2016-09-18 15:37 ` Simon Wright [this message]
2016-09-18 18:01 ` Florian Weimer
2016-09-18 19:33 ` Paul Rubin
2016-09-18 19:49 ` Florian Weimer
2016-09-19 7:14 ` Paul Rubin
2017-08-09 19:47 ` moy
2016-10-03 10:09 ` Mark Lorenzen
2016-10-03 15:39 ` Florian Weimer
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox