Skip to content

Commit 7fdafd2

Browse files
onoxonox
committed
Add postcondition state of generator has changed to procedure Next
It does not prove that value generated by S is different than the value generated by S'Old. Signed-off-by: onox <denkpadje@gmail.com>
1 parent d645562 commit 7fdafd2

File tree

2 files changed

+20
-4
lines changed

2 files changed

+20
-4
lines changed

src/xoshiro128.ads

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,12 +30,17 @@ package Xoshiro128 with SPARK_Mode => On is
3030
Global => null,
3131
Depends => (To_Float'Result => Value);
3232

33-
type Generator is limited private;
33+
type Generator is private;
34+
35+
function Is_Initialized (S : Generator) return Boolean
36+
with Ghost;
3437

3538
procedure Next (S : in out Generator; Value : out Unsigned_32)
3639
with Inline_Always,
3740
Global => null,
38-
Depends => (S => S, Value => S);
41+
Depends => (S => S, Value => S),
42+
Pre => Is_Initialized (S),
43+
Post => Is_Initialized (S) and S'Old /= S;
3944

4045
procedure Reset (S : out Generator; Seed : Unsigned_64)
4146
with Global => null,
@@ -47,4 +52,7 @@ private
4752
type Generator is array (0 .. 3) of Unsigned_32
4853
with Default_Component_Value => 0;
4954

55+
function Is_Initialized (S : Generator) return Boolean is
56+
(for some I in S'Range => S (I) /= 0);
57+
5058
end Xoshiro128;

src/xoshiro256.ads

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,12 +27,17 @@ package Xoshiro256 with SPARK_Mode => On is
2727
Global => null,
2828
Depends => (To_Float'Result => Value);
2929

30-
type Generator is limited private;
30+
type Generator is private;
31+
32+
function Is_Initialized (S : Generator) return Boolean
33+
with Ghost;
3134

3235
procedure Next (S : in out Generator; Value : out Unsigned_64)
3336
with Inline_Always,
3437
Global => null,
35-
Depends => (S => S, Value => S);
38+
Depends => (S => S, Value => S),
39+
Pre => Is_Initialized (S),
40+
Post => Is_Initialized (S) and S'Old /= S;
3641

3742
procedure Reset (S : out Generator; Seed : Unsigned_64)
3843
with Global => null,
@@ -44,4 +49,7 @@ private
4449
type Generator is array (0 .. 3) of Unsigned_64
4550
with Default_Component_Value => 0;
4651

52+
function Is_Initialized (S : Generator) return Boolean is
53+
(for some I in S'Range => S (I) /= 0);
54+
4755
end Xoshiro256;

0 commit comments

Comments
 (0)