[Ada] Proof of Ada.Characters.Handling

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: Pierre-Marie de Rodat <derodat@adacore.com>
To: gcc-patches@gcc.gnu.org
Cc: Yannick Moy <moy@adacore.com>
Subject: [Ada] Proof of Ada.Characters.Handling
Date: Tue, 5 Oct 2021 08:26:26 +0000	[thread overview]
Message-ID: <20211005082626.GA2693302@adacore.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1200 bytes --]

Complete functional specification of this unit based on the Ada RM
requirements in Ada RM A.3.2. This includes also obsolete subprograms
moved to Ada.Characters.Conversions in Ada 2005.

GNATprove proves both absence of runtime errors and that the code
correctly implements the specified contracts.

We add a ghost type and ghost function to the public interface of
Ada.Strings.Maps to be able to express the specification of Value.  In
order to minimize the risk of a naming conflict when Ada.Strings.Maps is
with'ed/use'd, we prefix the name of such ghost entities with
"SPARK_Proof".

Tested on x86_64-pc-linux-gnu, committed on trunk

gcc/ada/

	* libgnat/a-chahan.adb: Add loop invariants as needed to prove
	subprograms.  Also use extended return statements where
	appropriate and not done already.  Mark data with
	Relaxed_Initialization where needed for initialization by parts.
	Convert regular functions to expression functions where needed
	for proof.
	* libgnat/a-chahan.ads: Add postconditions.
	* libgnat/a-strmap.ads (Model): New ghost function to create a
	publicly visible model of the private data Character_Mapping,
	needed in order to prove subprograms in Ada.Characters.Handling.

[-- Attachment #2: patch.diff.gz --]
[-- Type: application/gzip, Size: 5359 bytes --]

                 reply	other threads:[~2021-10-05  8:26 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211005082626.GA2693302@adacore.com \
    --to=derodat@adacore.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=moy@adacore.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).