From: Tim Rowe <spamtrap@tgrowe.plus.net>
Subject: Re: Newbie question: SPARK verification condition on member of private record
Date: Mon, 06 Apr 2009 12:49:07 +0100
Date: 2009-04-06T12:49:07+01:00 [thread overview]
Message-ID: <xeWdnT1GbMelcUTUnZ2dnUVZ8t2WnZ2d@posted.plusnet> (raw)
In-Reply-To: <vsCQtXDoDh1JJwZV@diphi.demon.co.uk>
JP Thornley wrote:
> An alternative that sometimes works when updating arrays is to move the
> update into a local operation (it's completely non-intuitive code but
> often creates easier proofs).
Correct on both counts -- it greatly simplifies the VCs (each one now
reads quite naturally) and it is completely non-intuitive :-)
I'll go and scratch my head for a while to figure uoit how this works --
which I think mainly comes down to figuring out why the fields of the
private type are visible for the postcondition of the local operation
when they weren't visible for annotations of the enclosing operation.
Thanks for your help, anyway -- clearly I still have a long way to go,
but I feel that with your (and Rod's) help I'm making good progress.
prev parent reply other threads:[~2009-04-06 11:49 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-01 19:38 Newbie question: SPARK verification condition on member of private record Tim Rowe
2009-04-01 21:04 ` JP Thornley
2009-04-01 23:50 ` Tim Rowe
2009-04-02 9:00 ` JP Thornley
2009-04-02 12:00 ` Tim Rowe
2009-04-02 15:22 ` JP Thornley
2009-04-02 18:09 ` roderick.chapman
2009-04-03 11:26 ` Tim Rowe
2009-04-02 23:58 ` Tim Rowe
2009-04-03 13:36 ` JP Thornley
2009-04-06 11:49 ` Tim Rowe [this message]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox