aboutsummaryrefslogtreecommitdiff
path: root/gcc/ada/libgnat/s-imageu.adb
diff options
context:
space:
mode:
Diffstat (limited to 'gcc/ada/libgnat/s-imageu.adb')
-rw-r--r--gcc/ada/libgnat/s-imageu.adb274
1 files changed, 0 insertions, 274 deletions
diff --git a/gcc/ada/libgnat/s-imageu.adb b/gcc/ada/libgnat/s-imageu.adb
index 820156b..a6cdfed 100644
--- a/gcc/ada/libgnat/s-imageu.adb
+++ b/gcc/ada/libgnat/s-imageu.adb
@@ -29,79 +29,8 @@
-- --
------------------------------------------------------------------------------
-with Ada.Numerics.Big_Numbers.Big_Integers_Ghost;
-use Ada.Numerics.Big_Numbers.Big_Integers_Ghost;
-with System.Val_Spec;
-
package body System.Image_U is
- -- Ghost code, loop invariants and assertions in this unit are meant for
- -- analysis only, not for run-time checking, as it would be too costly
- -- otherwise. This is enforced by setting the assertion policy to Ignore.
-
- pragma Assertion_Policy (Ghost => Ignore,
- Loop_Invariant => Ignore,
- Assert => Ignore,
- Assert_And_Cut => Ignore,
- Subprogram_Variant => Ignore);
-
- package Unsigned_Conversion is new Unsigned_Conversions (Int => Uns);
-
- function Big (Arg : Uns) return Big_Integer renames
- Unsigned_Conversion.To_Big_Integer;
-
- function From_Big (Arg : Big_Integer) return Uns renames
- Unsigned_Conversion.From_Big_Integer;
-
- Big_10 : constant Big_Integer := Big (10) with Ghost;
-
- ------------------
- -- Local Lemmas --
- ------------------
-
- procedure Lemma_Non_Zero (X : Uns)
- with
- Ghost,
- Pre => X /= 0,
- Post => Big (X) /= 0;
-
- procedure Lemma_Div_Commutation (X, Y : Uns)
- with
- Ghost,
- Pre => Y /= 0,
- Post => Big (X) / Big (Y) = Big (X / Y);
-
- procedure Lemma_Div_Twice (X : Big_Natural; Y, Z : Big_Positive)
- with
- Ghost,
- Post => X / Y / Z = X / (Y * Z);
-
- ---------------------------
- -- Lemma_Div_Commutation --
- ---------------------------
-
- procedure Lemma_Non_Zero (X : Uns) is null;
- procedure Lemma_Div_Commutation (X, Y : Uns) is null;
-
- ---------------------
- -- Lemma_Div_Twice --
- ---------------------
-
- procedure Lemma_Div_Twice (X : Big_Natural; Y, Z : Big_Positive) is
- XY : constant Big_Natural := X / Y;
- YZ : constant Big_Natural := Y * Z;
- XYZ : constant Big_Natural := X / Y / Z;
- R : constant Big_Natural := (XY rem Z) * Y + (X rem Y);
- begin
- pragma Assert (X = XY * Y + (X rem Y));
- pragma Assert (XY = XY / Z * Z + (XY rem Z));
- pragma Assert (X = XYZ * YZ + R);
- pragma Assert ((XY rem Z) * Y <= (Z - 1) * Y);
- pragma Assert (R <= YZ - 1);
- pragma Assert (X / YZ = (XYZ * YZ + R) / YZ);
- pragma Assert (X / YZ = XYZ + R / YZ);
- end Lemma_Div_Twice;
-
--------------------
-- Image_Unsigned --
--------------------
@@ -112,50 +41,10 @@ package body System.Image_U is
P : out Natural)
is
pragma Assert (S'First = 1);
-
- procedure Prove_Value_Unsigned
- with
- Ghost,
- Pre => S'First = 1
- and then S'Last < Integer'Last
- and then P in 2 .. S'Last
- and then S (1) = ' '
- and then U_Spec.Only_Decimal_Ghost (S, From => 2, To => P)
- and then U_Spec.Scan_Based_Number_Ghost (S, From => 2, To => P)
- = U_Spec.Wrap_Option (V),
- Post => not System.Val_Spec.Only_Space_Ghost (S, 1, P)
- and then U_Spec.Is_Unsigned_Ghost (S (1 .. P))
- and then U_Spec.Is_Value_Unsigned_Ghost (S (1 .. P), V);
- -- Ghost lemma to prove the value of Value_Unsigned from the value of
- -- Scan_Based_Number_Ghost on a decimal string.
-
- --------------------------
- -- Prove_Value_Unsigned --
- --------------------------
-
- procedure Prove_Value_Unsigned is
- Str : constant String := S (1 .. P);
- begin
- pragma Assert (Str'First = 1);
- pragma Assert (S (2) /= ' ');
- pragma Assert
- (U_Spec.Only_Decimal_Ghost (Str, From => 2, To => P));
- U_Spec.Prove_Scan_Based_Number_Ghost_Eq
- (S, Str, From => 2, To => P);
- pragma Assert
- (U_Spec.Scan_Based_Number_Ghost (Str, From => 2, To => P)
- = U_Spec.Wrap_Option (V));
- U_Spec.Prove_Scan_Only_Decimal_Ghost (Str, V);
- end Prove_Value_Unsigned;
-
- -- Start of processing for Image_Unsigned
-
begin
S (1) := ' ';
P := 1;
Set_Image_Unsigned (V, S, P);
-
- Prove_Value_Unsigned;
end Image_Unsigned;
------------------------
@@ -169,118 +58,6 @@ package body System.Image_U is
is
Nb_Digits : Natural := 0;
Value : Uns := V;
-
- -- Local ghost variables
-
- Pow : Big_Positive := 1 with Ghost;
- S_Init : constant String := S with Ghost;
- Prev_Value : Uns with Ghost;
- Prev_S : String := S with Ghost;
-
- -- Local ghost lemmas
-
- procedure Prove_Character_Val (R : Uns)
- with
- Ghost,
- Post => R rem 10 in 0 .. 9
- and then Character'Val (48 + R rem 10) in '0' .. '9';
- -- Ghost lemma to prove the value of a character corresponding to the
- -- next figure.
-
- procedure Prove_Euclidian (Val, Quot, Rest : Uns)
- with
- Ghost,
- Pre => Quot = Val / 10
- and then Rest = Val rem 10,
- Post => Uns'Last - Rest >= 10 * Quot and then Val = 10 * Quot + Rest;
- -- Ghost lemma to prove the relation between the quotient/remainder of
- -- division by 10 and the initial value.
-
- procedure Prove_Hexa_To_Unsigned_Ghost (R : Uns)
- with
- Ghost,
- Pre => R in 0 .. 9,
- Post => U_Spec.Hexa_To_Unsigned_Ghost (Character'Val (48 + R)) = R;
- -- Ghost lemma to prove that Hexa_To_Unsigned_Ghost returns the source
- -- figure when applied to the corresponding character.
-
- procedure Prove_Scan_Iter
- (S, Prev_S : String;
- V, Prev_V, Res : Uns;
- P, Max : Natural)
- with
- Ghost,
- Pre =>
- S'First = Prev_S'First and then S'Last = Prev_S'Last
- and then S'Last < Natural'Last and then
- Max in S'Range and then P in S'First .. Max and then
- (for all I in P + 1 .. Max => Prev_S (I) in '0' .. '9')
- and then (for all I in P + 1 .. Max => Prev_S (I) = S (I))
- and then S (P) in '0' .. '9'
- and then V <= Uns'Last / 10
- and then Uns'Last - U_Spec.Hexa_To_Unsigned_Ghost (S (P))
- >= 10 * V
- and then Prev_V =
- V * 10 + U_Spec.Hexa_To_Unsigned_Ghost (S (P))
- and then
- (if P = Max then Prev_V = Res
- else U_Spec.Scan_Based_Number_Ghost
- (Str => Prev_S,
- From => P + 1,
- To => Max,
- Base => 10,
- Acc => Prev_V) = U_Spec.Wrap_Option (Res)),
- Post =>
- (for all I in P .. Max => S (I) in '0' .. '9')
- and then U_Spec.Scan_Based_Number_Ghost
- (Str => S,
- From => P,
- To => Max,
- Base => 10,
- Acc => V) = U_Spec.Wrap_Option (Res);
- -- Ghost lemma to prove that Scan_Based_Number_Ghost is preserved
- -- through an iteration of the loop.
-
- -----------------------------
- -- Local lemma null bodies --
- -----------------------------
-
- procedure Prove_Character_Val (R : Uns) is null;
- procedure Prove_Euclidian (Val, Quot, Rest : Uns) is null;
- procedure Prove_Hexa_To_Unsigned_Ghost (R : Uns) is null;
-
- ---------------------
- -- Prove_Scan_Iter --
- ---------------------
-
- procedure Prove_Scan_Iter
- (S, Prev_S : String;
- V, Prev_V, Res : Uns;
- P, Max : Natural)
- is
- pragma Unreferenced (Res);
- begin
- U_Spec.Lemma_Scan_Based_Number_Ghost_Step
- (Str => S,
- From => P,
- To => Max,
- Base => 10,
- Acc => V);
- if P < Max then
- U_Spec.Prove_Scan_Based_Number_Ghost_Eq
- (Prev_S, S, P + 1, Max, 10, Prev_V);
- else
- U_Spec.Lemma_Scan_Based_Number_Ghost_Base
- (Str => S,
- From => P + 1,
- To => Max,
- Base => 10,
- Acc => Prev_V);
- end if;
- end Prove_Scan_Iter;
-
- -- Start of processing for Set_Image_Unsigned
-
begin
pragma Assert (P >= S'First - 1 and then P < S'Last and then
P < Natural'Last);
@@ -290,70 +67,19 @@ package body System.Image_U is
-- First we compute the number of characters needed for representing
-- the number.
loop
- Lemma_Div_Commutation (Value, 10);
- Lemma_Div_Twice (Big (V), Big_10 ** Nb_Digits, Big_10);
-
Value := Value / 10;
Nb_Digits := Nb_Digits + 1;
- Pow := Pow * 10;
-
- pragma Loop_Invariant (Nb_Digits in 1 .. Unsigned_Width_Ghost - 1);
- pragma Loop_Invariant (Pow = Big_10 ** Nb_Digits);
- pragma Loop_Invariant (Big (Value) = Big (V) / Pow);
- pragma Loop_Variant (Decreases => Value);
exit when Value = 0;
-
- Lemma_Non_Zero (Value);
- pragma Assert (Pow <= Big (Uns'Last));
end loop;
- pragma Assert (Big (V) / (Big_10 ** Nb_Digits) = 0);
Value := V;
- Pow := 1;
-
- pragma Assert (Value = From_Big (Big (V) / Big_10 ** 0));
-- We now populate digits from the end of the string to the beginning
for J in reverse 1 .. Nb_Digits loop
- Lemma_Div_Commutation (Value, 10);
- Lemma_Div_Twice (Big (V), Big_10 ** (Nb_Digits - J), Big_10);
- Prove_Character_Val (Value);
- Prove_Hexa_To_Unsigned_Ghost (Value rem 10);
-
- Prev_Value := Value;
- Prev_S := S;
- Pow := Pow * 10;
S (P + J) := Character'Val (48 + (Value rem 10));
Value := Value / 10;
-
- Prove_Euclidian
- (Val => Prev_Value,
- Quot => Value,
- Rest => U_Spec.Hexa_To_Unsigned_Ghost (S (P + J)));
-
- Prove_Scan_Iter
- (S, Prev_S, Value, Prev_Value, V, P + J, P + Nb_Digits);
-
- pragma Loop_Invariant (Value <= Uns'Last / 10);
- pragma Loop_Invariant
- (for all K in S'First .. P => S (K) = S_Init (K));
- pragma Loop_Invariant
- (U_Spec.Only_Decimal_Ghost
- (S, From => P + J, To => P + Nb_Digits));
- pragma Loop_Invariant (Pow = Big_10 ** (Nb_Digits - J + 1));
- pragma Loop_Invariant (Big (Value) = Big (V) / Pow);
- pragma Loop_Invariant
- (U_Spec.Scan_Based_Number_Ghost
- (Str => S,
- From => P + J,
- To => P + Nb_Digits,
- Base => 10,
- Acc => Value)
- = U_Spec.Wrap_Option (V));
end loop;
- pragma Assert (Big (Value) = Big (V) / (Big_10 ** Nb_Digits));
- pragma Assert (Value = 0);
P := P + Nb_Digits;
end Set_Image_Unsigned;
generated by cgit v1.1 at 2025-07-02 20:20:32 +0000