Getting Started with SPARK


Published on

These slides were presented by Rod Chapman during a webinar on SPARK GPL - the high assurance toolset dedicated to the academic and Free Software communities. SPARK GPL combines the proven SPARK Ada language and supporting toolset with AdaCore’s GNAT Programming Studio (GPS) integrated development environment. SPARK is a language specifically designed to support the development of software used in applications where correct operation is vital either for reasons of safety or security. The SPARK Toolset offers static verification that is unrivalled in terms of its soundness, low false-alarm rate, depth and efficiency. The toolset also generates evidence for correctness that can be used to build a constructive assurance case in line with the requirements of industry regulators and certification schemes.

The slides present the concepts behind the Correctness-by-Construction methodology and look at current and potential research topics for the academic community.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Getting Started with SPARK

  1. 1. Getting Started with SPARK Rod Chapman, Praxis High Integrity Systems
  2. 2. Agenda <ul><li>What is SPARK? </li></ul><ul><li>SPARK Pro, GPL and GAP </li></ul><ul><li>Teaching SPARK </li></ul><ul><li>Current research with SPARK </li></ul><ul><li>Demo – visualizing Hoare-Logic with SPARK and GraphViz </li></ul><ul><li>Questions </li></ul>
  3. 3. What is SPARK? <ul><li>SPARK is… </li></ul><ul><ul><li>A programming language, </li></ul></ul><ul><ul><li>A set of static verification tools, </li></ul></ul><ul><ul><li>A design approach for high-assurance software, </li></ul></ul><ul><ul><li>A means of enforcing discipline in software process. </li></ul></ul><ul><li>… All of the above </li></ul>
  4. 4. SPARK <ul><li>What’s special about SPARK? </li></ul><ul><li>SPARK takes the unusual step of designing a programming language from scratch with verification as the primary design goal. </li></ul><ul><li>SPARK has mathematical, formal, and unambiguous semantics, therefore… </li></ul>
  5. 5. SPARK <ul><li>The SPARK tools provide verification which is </li></ul><ul><ul><li>Sound (no “false negatives”) </li></ul></ul><ul><ul><li>Complete (very few “false alarms”) </li></ul></ul><ul><ul><li>Deep (tells you something useful) </li></ul></ul><ul><ul><li>Fast (tells you it now ) </li></ul></ul><ul><ul><li>Modular (for incomplete programs) </li></ul></ul><ul><li>No other language and toolset can offer this combination. </li></ul>
  6. 6. SPARK <ul><li>No other language and toolset can offer this combination. </li></ul><ul><li>How? </li></ul><ul><ul><li>The language design deliberately excludes features that are hard or impossible to analyse. </li></ul></ul><ul><ul><li>The SPARK languages embodies a strict subset of Ada, with a system of contracts that enable modular and efficient verification. </li></ul></ul>
  7. 7. What’s the catch? <ul><li>As ever, there’s no free lunch. </li></ul><ul><li>You must have the discipline to adopt, learn and use SPARK properly. </li></ul><ul><li>SPARK is most suited to high-assurance embedded, critical and real-time systems, not web servers or database applications (yet…) </li></ul>
  8. 8. SPARK Applications <ul><li>SPARK is most widely used in high-assurance embedded systems, such as </li></ul><ul><ul><li>Commercial Avionics (Rolls-Royce, LM C130J…) </li></ul></ul><ul><ul><li>Military Avionics (EuroFighter Typhoon, AerMacchi M346…) </li></ul></ul><ul><ul><li>Rail Signalling (ALSTOM, Invensys…) </li></ul></ul><ul><ul><li>High-Grade Secure Systems (Rockwell-Collins, NSA, CESG, NATO C3 Agency…) </li></ul></ul><ul><li>While SPARK is most commonly associated with safety-critical systems, its roots actually come from the info-sec community (e.g. 1977 CACM paper on info flow by Denning & Denning). </li></ul>
  9. 9. SPARK Pro, GPL and GAP <ul><li>There are two major releases of the technology, aimed at three communities: </li></ul><ul><ul><li>SPARK Pro is the professional, supported product from the AdaCore/Praxis partnership. </li></ul></ul><ul><ul><li>SPARK GPL is aimed at the open-source community. No formal support. </li></ul></ul><ul><ul><li>The AdaCore GAP Programme offers support to academic faculty using GNAT and/or SPARK GPL in teaching and research. </li></ul></ul><ul><ul><li>All available with the GPL licence, so full availability of sources. </li></ul></ul>
  10. 10. SPARK Pro, GPL and GAP <ul><li>This webinar will concentrate on the use of SPARK in the academic and open-source communities. </li></ul>
  11. 11. Teaching SPARK… <ul><li>So why teach SPARK? </li></ul><ul><li>Well…SPARK can be seen as a vehicle for teaching: </li></ul><ul><ul><li>Safety-Critical Software Engineering </li></ul></ul><ul><ul><li>Security-Critical Software Engineering </li></ul></ul><ul><ul><li>Design-by-Contract™ </li></ul></ul><ul><ul><li>Embedded and Real-Time Systems </li></ul></ul><ul><ul><li>“ Formal Methods” </li></ul></ul><ul><ul><li>Semantics and “Proof” of Programs </li></ul></ul><ul><ul><li>Programming Language Design </li></ul></ul><ul><li>Oh…and there’s a good book… </li></ul>
  12. 12. Teaching SPARK… <ul><li>Examples: </li></ul><ul><ul><li>Manchester University, UK – SPARK used in first year undergraduate course to teach design-by-contract style programming. (Dr Kung-Kiu Lau). </li></ul></ul><ul><ul><li>Kansas State University – Critical Systems course (Prof John Hatcliff). </li></ul></ul><ul><ul><li>University of York, UK – SPARK used in post-graduate MSc in Safety-Critical Systems Engineering (Prof John McDermid and others). </li></ul></ul>
  13. 13. Research with SPARK… <ul><li>SPARK provides a formal basis for many interesting research problems. </li></ul><ul><ul><li>As a target language for formal refinement. </li></ul></ul><ul><ul><li>Theorem-Proving (e.g. SAT and SMTLib style provers). </li></ul></ul><ul><ul><li>Counter-example finding. </li></ul></ul><ul><ul><li>Automatic test-case generation. </li></ul></ul><ul><ul><li>“ Hard” language issues (e.g. generics, interfaces) currently beyond the SPARK subset. </li></ul></ul><ul><ul><li>Proof of floating-point algorithms. </li></ul></ul><ul><ul><li>Program slicing and visualization. </li></ul></ul><ul><ul><li>Any many many more things that we haven’t even thought of yet… </li></ul></ul>
  14. 14. Research with SPARK… <ul><li>Prior to SPARK GPL, it was difficult to use SPARK in research: </li></ul><ul><ul><li>Proprietary nature of tools </li></ul></ul><ul><ul><li>Very little publicly visible SPARK code </li></ul></ul><ul><li>But…times have changed: </li></ul><ul><ul><li>GPL release of technology. </li></ul></ul><ul><ul><li>“ Open Source” Release of Tokeneer project as a model-example of SPARK code for research challenges. </li></ul></ul>
  15. 15. Some current research projects <ul><li>Specification refinement from PVS (Prof John Knight, Virginia). </li></ul><ul><li>Model-checking of Tokeneer security properties and (Prof Jim Woodcock, Uni of York). </li></ul><ul><li>Program slicing and value-dependent information flow analysis (Prof John Hatcliff, KSU). </li></ul><ul><li>SMTLib prover interface (Dr Paul Jackson, Uni of Edinburgh). </li></ul><ul><li>Decision procedures for non-linear arithmetic in CVC3 prover (Dr Clark Barrett, NYU). </li></ul>
  16. 16. Demo – Visualizing Hoare-Logic with SPARK and GraphViz <ul><li>Teaching program verification can be kinda dull…especially if done “pencil and paper” style. </li></ul><ul><li>Students like to have tools and pictures… </li></ul><ul><li>SPARK GPL provides a means to visualize the semantics of SPARK and the action of the Verification Condition Generator using the GraphViz package. </li></ul><ul><li>Demo time… </li></ul>
  17. 17. Questions and Answers <ul><li>Contact details </li></ul><ul><li>GAP: [email_address] </li></ul><ul><li> </li></ul><ul><li>Tokeneer reports and downloads </li></ul><ul><li> </li></ul><ul><li>SPARK Pro: [email_address] </li></ul><ul><li> </li></ul>