• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Getting Started with SPARK
 

Getting Started with SPARK

on

  • 2,065 views

These slides were presented by Rod Chapman during a webinar on SPARK GPL - the high assurance toolset dedicated to the academic and Free Software communities. SPARK GPL combines the proven SPARK Ada ...

These slides were presented by Rod Chapman during a webinar on SPARK GPL - the high assurance toolset dedicated to the academic and Free Software communities. SPARK GPL combines the proven SPARK Ada language and supporting toolset with AdaCore’s GNAT Programming Studio (GPS) integrated development environment. SPARK is a language specifically designed to support the development of software used in applications where correct operation is vital either for reasons of safety or security. The SPARK Toolset offers static verification that is unrivalled in terms of its soundness, low false-alarm rate, depth and efficiency. The toolset also generates evidence for correctness that can be used to build a constructive assurance case in line with the requirements of industry regulators and certification schemes.

The slides present the concepts behind the Correctness-by-Construction methodology and look at current and potential research topics for the academic community.

Statistics

Views

Total Views
2,065
Views on SlideShare
2,059
Embed Views
6

Actions

Likes
0
Downloads
18
Comments
0

1 Embed 6

http://www.slideshare.net 6

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Getting Started with SPARK Getting Started with SPARK Presentation Transcript

    • Getting Started with SPARK Rod Chapman, Praxis High Integrity Systems
    • Agenda
      • What is SPARK?
      • SPARK Pro, GPL and GAP
      • Teaching SPARK
      • Current research with SPARK
      • Demo – visualizing Hoare-Logic with SPARK and GraphViz
      • Questions
    • What is SPARK?
      • SPARK is…
        • A programming language,
        • A set of static verification tools,
        • A design approach for high-assurance software,
        • A means of enforcing discipline in software process.
      • … All of the above
    • SPARK
      • What’s special about SPARK?
      • SPARK takes the unusual step of designing a programming language from scratch with verification as the primary design goal.
      • SPARK has mathematical, formal, and unambiguous semantics, therefore…
    • SPARK
      • The SPARK tools provide verification which is
        • Sound (no “false negatives”)
        • Complete (very few “false alarms”)
        • Deep (tells you something useful)
        • Fast (tells you it now )
        • Modular (for incomplete programs)
      • No other language and toolset can offer this combination.
    • SPARK
      • No other language and toolset can offer this combination.
      • How?
        • The language design deliberately excludes features that are hard or impossible to analyse.
        • The SPARK languages embodies a strict subset of Ada, with a system of contracts that enable modular and efficient verification.
    • What’s the catch?
      • As ever, there’s no free lunch.
      • You must have the discipline to adopt, learn and use SPARK properly.
      • SPARK is most suited to high-assurance embedded, critical and real-time systems, not web servers or database applications (yet…)
    • SPARK Applications
      • SPARK is most widely used in high-assurance embedded systems, such as
        • Commercial Avionics (Rolls-Royce, LM C130J…)
        • Military Avionics (EuroFighter Typhoon, AerMacchi M346…)
        • Rail Signalling (ALSTOM, Invensys…)
        • High-Grade Secure Systems (Rockwell-Collins, NSA, CESG, NATO C3 Agency…)
      • While SPARK is most commonly associated with safety-critical systems, its roots actually come from the info-sec community (e.g. 1977 CACM paper on info flow by Denning & Denning).
    • SPARK Pro, GPL and GAP
      • There are two major releases of the technology, aimed at three communities:
        • SPARK Pro is the professional, supported product from the AdaCore/Praxis partnership.
        • SPARK GPL is aimed at the open-source community. No formal support.
        • The AdaCore GAP Programme offers support to academic faculty using GNAT and/or SPARK GPL in teaching and research.
        • All available with the GPL licence, so full availability of sources.
    • SPARK Pro, GPL and GAP
      • This webinar will concentrate on the use of SPARK in the academic and open-source communities.
    • Teaching SPARK…
      • So why teach SPARK?
      • Well…SPARK can be seen as a vehicle for teaching:
        • Safety-Critical Software Engineering
        • Security-Critical Software Engineering
        • Design-by-Contract™
        • Embedded and Real-Time Systems
        • “ Formal Methods”
        • Semantics and “Proof” of Programs
        • Programming Language Design
      • Oh…and there’s a good book…
    • Teaching SPARK…
      • Examples:
        • Manchester University, UK – SPARK used in first year undergraduate course to teach design-by-contract style programming. (Dr Kung-Kiu Lau).
        • Kansas State University – Critical Systems course (Prof John Hatcliff).
        • University of York, UK – SPARK used in post-graduate MSc in Safety-Critical Systems Engineering (Prof John McDermid and others).
    • Research with SPARK…
      • SPARK provides a formal basis for many interesting research problems.
        • As a target language for formal refinement.
        • Theorem-Proving (e.g. SAT and SMTLib style provers).
        • Counter-example finding.
        • Automatic test-case generation.
        • “ Hard” language issues (e.g. generics, interfaces) currently beyond the SPARK subset.
        • Proof of floating-point algorithms.
        • Program slicing and visualization.
        • Any many many more things that we haven’t even thought of yet…
    • Research with SPARK…
      • Prior to SPARK GPL, it was difficult to use SPARK in research:
        • Proprietary nature of tools
        • Very little publicly visible SPARK code
      • But…times have changed:
        • GPL release of technology.
        • “ Open Source” Release of Tokeneer project as a model-example of SPARK code for research challenges.
    • Some current research projects
      • Specification refinement from PVS (Prof John Knight, Virginia).
      • Model-checking of Tokeneer security properties and (Prof Jim Woodcock, Uni of York).
      • Program slicing and value-dependent information flow analysis (Prof John Hatcliff, KSU).
      • SMTLib prover interface (Dr Paul Jackson, Uni of Edinburgh).
      • Decision procedures for non-linear arithmetic in CVC3 prover (Dr Clark Barrett, NYU).
    • Demo – Visualizing Hoare-Logic with SPARK and GraphViz
      • Teaching program verification can be kinda dull…especially if done “pencil and paper” style.
      • Students like to have tools and pictures…
      • SPARK GPL provides a means to visualize the semantics of SPARK and the action of the Verification Condition Generator using the GraphViz package.
      • Demo time…
    • Questions and Answers
      • Contact details
      • GAP: [email_address]
      • www.adacore.com/home/academia
      • Tokeneer reports and downloads
      • www.adacore.com/tokeneer
      • SPARK Pro: [email_address]
      • www.adacore.com/home/products/sparkpro