From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,103b49cd5a4719fd X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,UTF8 Path: g2news1.google.com!news2.google.com!goblin1!goblin3!goblin2!goblin.stu.neva.ru!aioe.org!not-for-mail From: =?utf-8?Q?Yannick_Duch=C3=AAne_=28Hibou57?= =?utf-8?Q?=29?= Newsgroups: comp.lang.ada Subject: Re: SPARK - Bubble Sort on Rosetta Code Date: Thu, 26 Aug 2010 23:40:04 +0200 Organization: Ada @ Home Message-ID: References: <5688938b-2047-4fef-9ea2-730abb761d07@g17g2000yqe.googlegroups.com> NNTP-Posting-Host: M7h/q8CwRLjYoxj9M2D3+Q.user.speranza.aioe.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes Content-Transfer-Encoding: Quoted-Printable X-Complaints-To: abuse@aioe.org X-Notice: Filtered by postfilter v. 0.8.2 User-Agent: Opera Mail/10.61 (Win32) Xref: g2news1.google.com comp.lang.ada:13764 Date: 2010-08-26T23:40:04+02:00 List-Id: Le Thu, 26 Aug 2010 11:18:20 +0200, Phil Thornley = a =C3=A9crit: > I've put some SPARK code for the Bubble Sort task on Rosetta Code and > I would welcome opinions on whether they make a good showcase for > SPARK Personal opinion: I still do not feel user rules are nice (and this case= = confirms my opinion to me). But in the large, I agree, except with the length and the weight of user= = rules of the last examples compared to the source. Just a tiny detail and a less tiny =E2=80=9C--# derives A from A;=E2=80=9D may be clearer than =E2=80=9C--#= derives A from *;=E2=80=9D May be nice to say there are two level of usage of SPARK: proof of = semantic and proof of runtime-error free. It is implicit in the first ca= se = (as it talks about free of runtime error), but this may be nice to tell = = about it explicitly. May be this would be better to state this in the page you created about = = the proof process. In the page The SPARK Proof Process =E2=80=9CThe verification conditions generated depend on the annotations= that have = been specified in the SPARK source and the properties that they specify.= =E2=80=9D. This miss to tell about validation condition created based on the type = system. This does not requires annotations. =E2=80=9CThis normally proves 95-99% of all verification conditions.=E2=80= =9D This is more likely to be true only when only free-of-runtime-error is a= = concern. The distinction should be made here. I like what you did for the bubble sort, but I am really afraid when I = compare the length of the whole SPARK example to the others. May be the = = one with the Sorted postcondition would be enough. And indeed, this sing= le = one would make the SPARK example not much longer than the Ada one. Well,= = after all, both the one with the sorted postcondition and the one with = free of runtime error only. Just feel this would be nice to state the = first one is not strictly less complete than the second one in some = regards, just that the target is not the same. Here are, this was my feelings. Have a nice day -- = * 3 lines of concise statements is readable, 10 pages of concise = statements is unreadable ; * 3 lines of verbose statements may looks unuseful, 10 pages of verbose = = statements will never looks too much pedantic