SPARK Functional-Correctness Proof

This post doesn't seem to be getting much attention, so I thought I'd ask again here.

What is it about the type CR that causes this? How can the postcondition be modified to allow SPARK to prove this?

And why do I need to enter at least 220 characters?

Solution

As shown in the comments, using --level=1 proves this.

Trying to compile a simple Ada program, getting GNAT compiling error in OS 14.1 (23B73) on a M2 MBP
Cannot Run GNATStudio - WSL
Cannot build SDL Ada Bindings on OSX Sonoma because of error: missing binary operator before token "("
How can I install the ZFP (Zero Foot Print) RTS (Run Time System) for AVR with the Alire package manager for Ada?
Alire fails with error when building project
Alire mandates use of GitHub account?
Array of single bits in ada?
Ada/Spark: Where is the "platinum" mode in gnatprove?
Alias usage in Ada language
Subtype of string containing only hex characters in Ada
Hiding record from child packages
Builder pattern in Ada
Why is there no multiple or block comment in Ada?
What causes the syntax error in an Ada extension aggregate for a limited type? Commented out sectin gets the syntax error
Byte-wise iteration through an array in generic function in Ada
Ada Generic Linked List and Generic Package Access
Ada - How Can I Get the 'First' and 'Last' Attributes of a Two-Dimensional Array?
Missing libgnat-2020.dylib when using runtime library (MacOS)
Ada: Difference between interface and abstract tagged type?
Constant declaration in Ada
Is it possible to define a numeric range for a field in Protocol Buffer?
Why Ada attribute 'value in this snippet doesn't raise Data_Error but Constraint_Error instead?
How to check the input? Ada language
How to write Recursive GCD program in Ada?
Ada - How to generate a list of package variables from GNAT Pro Studio?
Access constant as subtype of general access type
GUI in Ada programming language
Ada Numeric Literals and Underline
How to conveniently parse a very specific chunk of a plaintext file in Ada?
Howto Re-Index an String in Ada?