From: Mark Wilson <markwilson@wilsonnet.technology>
Subject: Re: Postcondition on Strings.Maps.To_Sequence
Date: Fri, 3 Sep 2021 05:05:29 -0700 (PDT) [thread overview]
Message-ID: <4b5164f1-71da-4581-8e02-2480e24520b9n@googlegroups.com> (raw)
In-Reply-To: <86r1e80zu2.fsf@stephe-leake.org>
On Wednesday, September 1, 2021 at 10:07:41 PM UTC+1, Stephen Leake wrote:
> My guess is neither; Spark is simply not smart enough yet. You'll have
> to add some additional intermediate assertions in the body of
> To_Sequence, especially one that relates the size of On_Input to the
> size of the result string.
No problem at all reasoning about Lengths in Spark. Here, we add the postcondition that if the result has a length of zero then the set is empty, too.
--------------------------------------------------------------------------------
function To_Sequence
(Set : in Character_Set)
return Character_Sequence
with
Global => null,
Depends => (To_Sequence'Result => (Set)),
Post => ((if To_Sequence'Result'Length = 0 then
(for all k in Character'Range =>
Element (Set, k) = False)) and
(for all m in Character'Range =>
(if Element (Set, m) then
(for some n in To_Sequence'Result'Range =>
To_Sequence'Result(n) = m))));
--------------------------------------------------------------------------------
function To_Sequence
(Set : in Character_Set)
return Character_Sequence
is
Result : String (1 .. Character'Pos (Character'Last) + 1)
with Relaxed_Initialization;
Count : Natural := 0;
begin
for Char in Set'Range loop
pragma Warnings (Off);
pragma Loop_Invariant
(Count <= Character'Pos (Char));
pragma Loop_Invariant
(Result (Result'First .. Count)'Initialized);
pragma Loop_Invariant
(if Char > Set'First then
(for all m in Set'First .. Character'Pred (Char) =>
(if Element (Set, m) then
(for some n in Result'First .. Count =>
Result(n) = m))));
pragma Loop_Invariant
(if Result'Length = 0 then
(for all k in Set'First .. Char =>
Set(k) = False));
pragma Warnings (On);
if Set(Char) then
Count := Count + 1;
Result(Count) := Char;
end if;
end loop;
return Result (1 .. Count);
end To_Sequence;
--------------------------------------------------------------------------------
prev parent reply other threads:[~2021-09-03 12:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-29 9:38 Postcondition on Strings.Maps.To_Sequence mockturtle
2021-09-01 21:07 ` Stephen Leake
2021-09-02 19:17 ` mockturtle
2021-09-03 11:46 ` Mark Wilson
2021-09-03 11:53 ` Mark Wilson
2021-09-03 12:05 ` Mark Wilson [this message]
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox