Re: SPARK : surprising failure with implication

comp.lang.ada
 help / color / mirror / Atom feed

From: "Yannick Duchêne (Hibou57)" <yannick_duchene@yahoo.fr>
Subject: Re: SPARK : surprising failure with implication
Date: Thu, 03 Jun 2010 11:06:55 +0200
Date: 2010-06-03T11:06:55+02:00	[thread overview]
Message-ID: <op.vdpvltt1ule2fv@garhos> (raw)
In-Reply-To: op.vdpu1pw0xmjfy8@garhos

Le Thu, 03 Jun 2010 10:54:51 +0200, Yannick Duchêne (Hibou57)  
<yannick_duchene@yahoo.fr> a écrit:
> I suspect it to see Result - 1, standing for the value of Result in the  
> Assert clause (and thus as the actual expression standing for Result),  
> as a monolithic subexpression. If this is really what happens, then it  
> would not see (Result + 1 + 1) as (Result - 1 + 1 + 1), and instead as  
> ((Result - 1) + 1 + 1), then see 1 + 1 as an expression, which is  
> simplifies to 2, getting ((Result - 1) + 2), which it could not simplify  
> any more, as it could not see -1 + 2 as a simplifiable expression,  
> because -1 belongs to a subexpression.

Note for readers : if you are not aware of how SPARK and Simplifier works,  
reading “see (Result + 1 + 1) as (Result - 1 + 1 + 1)”, you may believe  
I'm crazy ;) So here is how you should understand it : in the first  
expression, Result stands for its actual value, in the line starting with  
“--# check”. If you read carefully, you may notice between the line  
starting with “--# assert” and the one starting with “--# check”, the is a  
line “Result := Result + 1”. So, the previous value of Result, in terms of  
its actual one, is “Result - 1”. In the proofs, SPARK sees Result as an  
expression which is equivalent to its actual value. This expression is  
relative the value of Result in the line starting with “--# assert”. So  
(Result + 1 + 1) is an expression in the terms of the actual value of  
Result, as the program see it would see, and (Result - 1 + 1 + 1) is the  
same expression as SPARK see it. You may also, for better understanding,  
read it as (previous-value-of-Result - 1 + 1 + 1).

Hope this note helped readers to understand the likely strange things they  
may feel to have read here ;)

-- 
There is even better than a pragma Assert: a SPARK --# check.
--# check C and WhoKnowWhat and YouKnowWho;
--# assert Ada;
--  i.e. forget about previous premises which leads to conclusion
--  and start with new conclusion as premise.

next prev parent reply	other threads:[~2010-06-03  9:06 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-06-01 18:51 SPARK : surprising failure with implication Yannick Duchêne (Hibou57)
2010-06-02  4:34 ` Yannick Duchêne (Hibou57)
2010-06-02  7:42   ` Dmitry A. Kazakov
2010-06-02  7:56     ` Yannick Duchêne (Hibou57)
2010-06-02  8:55       ` Dmitry A. Kazakov
2010-06-02  8:59         ` Yannick Duchêne (Hibou57)
2010-06-02  8:50 ` Yannick Duchêne (Hibou57)
2010-06-03  8:54   ` Yannick Duchêne (Hibou57)
2010-06-03  9:06     ` Yannick Duchêne (Hibou57) [this message]
2010-06-03 11:19     ` Yannick Duchêne (Hibou57)
2010-06-03 16:45   ` Yannick Duchêne (Hibou57)

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox