Ada SPARK | 2. Proof

Laufzeitfehlererkennung

procedure Increment(X:in out Integer)
	with Pre => (x < Integer'Last)
is 
begin
	X:=X+1;
end Increment;

Grundlegende Routine-Oriented Contracts

Pre- und Postconditions

procedure Turn_on(speed: in out Integer) with 
	Pre => speed = 0;
	Post => speed < 200;

Spezielle Attribute

• Old-Attribute

procedure Increment(x: in out Integer)
	with Pre => x < Integer'Last,
		Post => x = x'Old + 1;

• Result-Attribute

function Euclid (A, B : Integer) return Integer
	with Pre => A > 0 and B > 0,
		Post => IS_GCD(A, B, Euclid'Result)

Quantified Expressions

Pre => (for some a of age => a > 25)
Pre => (for all a of age => a > 25)

Conditional Expression

with Post => (if K in List'Range then X(K) = 0)

Contract Cases

function Sqrt (X: Float) return Float with
	Post =>
	(if x > 1.0 then Sqrt'Result <= X) or 
	(if x = 1.0 then Sqrt'Result = X) // =, not ==

Schleifen beweisen

procedure Increment_Loop(X: in out Integer; N: Natural ) with
	Pre => X <= Integer'Last - N,
	Post => X = X'Old + N
is 
begin
	for K in 1 .. N loop
		X := X + 1;
		prama Loop_Invariant(X = X'Loop_Entry + K);
	end loop;
end Increment_Loop;

Loop_Variant

Y : Natural;
begin 
	Y := 0;
	while X - Y >= 3 loop
		 Y := Y + 3;
		 pragma Loop_Variant(Increases => Y);
	end loop;