Re: SPARK again : for-loop vs single loop - a strange case

comp.lang.ada
 help / color / mirror / Atom feed

From: "Yannick Duchêne (Hibou57)" <yannick_duchene@yahoo.fr>
Subject: Re: SPARK again : for-loop vs single loop - a strange case
Date: Fri, 28 May 2010 01:21:27 +0200
Date: 2010-05-28T01:21:27+02:00	[thread overview]
Message-ID: <op.vdd0h1kuule2fv@garhos> (raw)
In-Reply-To: 40qtv5pfcsomupgedmd5iait1bnbtmdlg8@4ax.com

Le Thu, 27 May 2010 23:50:06 +0200, Brian Drummond  
<brian_drummond@btconnect.com> a écrit:
Hi Brian,

> Is it relevant here that the range of L is known in the first loop, and
> can (presumably) be shown to be less than T'Size?
>
> Perhaps L in the second example can be declared of a subtype with
> appropriate range? (If it already is, that wasn't shown in the posted
> code)
Yes, sorry, I forget it. In the simple loop case, L is of the same type,  
that is, it is declared as of type T and T'First is equal to 1. So the  
declaration of L in the for-loop and the declaration of L with the simple  
loop, are the same. N is obviously of type T too.

What puzzles me, is that the expression in the Check clause, does not  
depend on any context, it is purely mathematical, thus it should be as  
provable with the simple loop as it is with the for-loop.

I've just done a test a few seconds ago. If I copy the same Check clause  
between the “L := 1;” statement and the begin of the loop, that is:

    L := 1;

    --# check (2 ** (T'Pos (L) + 1)) = ((2 ** T'Pos (L)) * 2);

    loop
       ...
       --# assert ...;
       ...
       --# check (2 ** (T'Pos (L) + 1)) = ((2 ** T'Pos (L)) * 2);
       exit when L = Length;
       L := L + 1;
       ...
    end loop;

then the first occurrence of the Check, at the first location, is proved  
right away by the simplifier, and the second occurrence, is still not  
proved.

Really funny, as the expression does not depends on any context and all  
numbers/expression which appears in, are Universal_Integer [ARM 2005 Annex  
K (175)], so there should be no matter about any range of any kind. Note:  
T'Last is small, it is actually 8.

Will try some others things later. I believe this is an interesting topic  
(unless I did a gentle clumsy thing which I have not already figured).

Have a nice day/night.

-- 
There is even better than a pragma Assert: a SPARK --# check.
--# check C and WhoKnowWhat and YouKnowWho;
--# assert Ada;
--  i.e. forget about previous premises which leads to conclusion
--  and start with new conclusion as premise.

next prev parent reply	other threads:[~2010-05-27 23:21 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-27 19:36 SPARK again : for-loop vs single loop - a strange case Yannick Duchêne (Hibou57)
2010-05-27 21:50 ` Brian Drummond
2010-05-27 23:21   ` Yannick Duchêne (Hibou57) [this message]
2010-05-28  8:14 ` Phil Thornley
2010-05-28  9:00   ` Yannick Duchêne (Hibou57)
2010-05-28 11:50     ` Phil Thornley
2010-05-28 15:13       ` Phil Thornley
2010-05-28 22:46         ` Yannick Duchêne (Hibou57)
2010-05-28 22:41       ` Yannick Duchêne (Hibou57)
2010-05-28  9:04   ` Yannick Duchêne (Hibou57)
2010-05-28 12:17     ` stefan-lucks
2010-05-28 22:52       ` Yannick Duchêne (Hibou57)

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox