SPARK 2014

Expanding the boundaries of safe and secure programming.

Learn more about SPARK 2014

Papers and Slides

SPARK for Agile High-Integrity Development in CACM

by Yannick Moy in News, Papers and Slides – September 25, 2017

Rod Chapman, Neil White and Jim Woodcock are describing the processes that Altran has put in place over the years in its use of agile for developing high-integrity software, where automated formal verification with SPARK plays an important role. Read all about it in the latest issue of Communications of the ACM.

Research Corner - Focused Certification of SPARK in Coq

by Yannick Moy in Papers and Slides – July 18, 2017

The SPARK toolset aims at giving guarantees to its users about the properties of the software analyzed, be it absence of runtime errors or more complex properties. But the SPARK toolset being itself a complex tool, it is not free of errors. To get confidence in its results, we have worked with academic partners to establish mathematical evidence of the correctness of a critical part of the SPARK toolset. The part on which we focused is the tagging of nodes requiring run-time checks by the frontend of the SPARK technology. This work has been accepted at SEFM 2017 conference.

Research Corner - Sensitive Data Sanitization for SPARK

by Yannick Moy in Compilation, Formal Verification, Papers and Slides – June 20, 2017

Well-known SPARK expert and advocate Rod Chapman presented at the latest Ada Europe conference a paper on "Sanitizing Sensitive Data: How to get it Right (or at least Less Wrong...)". Rod's work in the latest years has switched to more security-focused topics it seems, and this work is attacking a subtle problem with new ideas. Definitely worth reading.

Research Corner - FLOSS Glider Software in SPARK

by Yannick Moy in Dev Projects, Formal Verification, Papers and Slides – June 11, 2017

Two years ago, we redeveloped the code of a small quadcopter called Crazyflie in SPARK, as a proof-of-concept to show it was possible to prove absence of run-time errors (no buffer overflows, not division by zero, etc.) on such code. The researchers Martin Becker and Emanuel Regnath have raised the bar by developing the code for the autopilot of a small glider in SPARK in three months only. Their paper and slides are available, and they have released their code as FLOSS for others to use/modify/enhance!

Research Corner - Floating-Point Computations in SPARK

by Yannick Moy in Formal Verification, Papers and Slides – June 8, 2017

It is notoriously hard to prove properties of floating-point computations, including the simpler bounding properties that state safe bounds on the values taken by entities in the program. Thanks to the recent changes in SPARK 17, users can now benefit from much better provability for these programs, by combining the capabilities of different provers. For the harder cases, this requires using ghost code to state intermediate assertions proved by one of the provers, to be used by others. This work is described in an article which was accepted at VSTTE 2017 conference.

Frama-C & SPARK Day Slides and Highlights

by Yannick Moy in News, Papers and Slides – June 2, 2017

The Frama-C & SPARK Day this week was a very successful event gathering the people interested in formal program verification for C programs (with Frama-C) and for Ada programs (with SPARK). Here is a summary of what was interesting for SPARK users. We also point to the slides of the presentations.

New Guidance for Adoption of SPARK

by Yannick Moy in Formal Verification, Papers and Slides – May 27, 2017

While SPARK has been used for years in companies like Altran UK, companies without the same know-how may find it intimidating to get started on formal program verification. To help with that process, AdaCore has collaborated with Thales throughout the year 2016 to produce a 70-pages detailed guidance document for the adoption of SPARK. These guidelines are based on five levels of assurance that can be achieved on software, in increasing order of costs and benefits: Stone level (valid SPARK), Bronze level (initialization and correct data flow), Silver level (absence of run-time errors), Gold level (proof of key properties) and Platinum level (full functional correctness). These levels, and their mapping to the Development Assurance Levels (DAL) and Safety Integrity Levels (SIL) used in certification standards, were presented at the recent High Confidence Software and Systems conference.

Research Corner - Auto-active Verification in SPARK

by Claire Dross in Formal Verification, Papers and Slides – March 9, 2017

GNATprove performs auto-active verification, that is, verification is done automatically, but usually requires annotations by the user to succeed. In SPARK, annotations are most often given in the form of contracts (pre and postconditions). But some language features, in particular ghost code, allow proof guidance to be much more involved. In a paper we are presenting at NASA Formal Methods symposium 2017, we describe how an imperative red black tree implementation in SPARK was verified using intensive auto-active verification.