SPARK 2014 - Future directions
description
Transcript of SPARK 2014 - Future directions
Stuart Matthews
Future Directions of the SPARK Technology
High Assurance Software Symposium
SPARK – A Distinguished Track Record • The origins of SPARK are in research started over 25
years ago …
SPARK’s Success
• SPARK has achieved success across industry
domains …
• and in high-profile mission-critical systems …
SPARK Evolution
• The SPARK language has evolved over the years:
SPARK‘83, ’95, 2005 – and RavenSPARK
• In 2009 the release of SPARK Pro provided an
updated interface to the tool environment:
•GNAT Tracker
•GPS & GNATbench IDEs
Current Context & Influences • Our desire to innovate and extend SPARK’s
capabilities continues today
• Strong links with academic and research
communities:
•Collaborative research
•SPARK community projects
• Opportunities and challenges in the high-assurance
software domain …
Challenges & Opportunities
• Requirement for more efficient assurance tools &
techniques for high-grade secure software
• Increasing demand for security in safety & mission-
critical software
• Ada 2012 – contract-based programming
• Success of Hi-Lite project – combination of unit
testing and formal proof
The Next Generation SPARK Technology • Now under development …
• A new framework for high assurance software
development, comprising:
•Updated SPARK Language
•Powerful Verification Toolset
•Software Engineering Method
•Training for software engineers
Next Generation SPARK Language • Convergence with Ada 2012 syntax …
package Ex05
--# own Counter;
--# initializes Counter;
is
procedure Exchange (X, Y : in out Integer);
--# global in out Counter;
--# derives X from Y &
--# Y from X &
--# Counter from Counter;
--# pre X /= Y;
--# post X = Y~ and Y = X~;
end Ex05;
package Ex14
with Abstract_State => Counter,
Initializes => Counter
is
procedure Exchange (X, Y : in out Integer)
with Global => (In_Out => Counter),
Depends => (X => Y,
Y => X,
Counter => Counter),
Pre => X /= Y,
Post => X = Y'Old and Y = X'Old;
end Ex14;
• Support for executable and mathematical/provable
contracts
Next Generation SPARK
• Bigger Language Subset …
Next Gen.
SPARK
•Early subprogram
returns
•More OO support
Profiles •Discriminant
records
New Toolset Features:
• Replacement of unit and robustness testing by
automated proof
• A Formal Analysis compatible with D0-333
• Formal container library
• …
Advanced Information Flow Analysis
• Designed to support secure systems assurance
• Visualisation of information flows
• Increased refinement of information flow contracts
procedure Q (X, Y, Z in : Integer;
A, B, C, D, E : out Integer);
Generative Mode
• A generative mode for data and information flow
analysis
procedure Q (X, Y, Z in : Integer;
A, B, C, D, E : out Integer)
with Depends => ((A, B) => (X, Y),
C => (X, Z),
D => Y,
E => null);
Powerful Verification Tools
• Higher levels of automation for proof of functional
properties
• Improved diagnostics for unproved VCs
• Interactive path display
• Counter example
generation
*** Found a counter-example to
function_example_1_1, conclusion C2:
(For path(s) from start to run-time check
associated with statement of line 30:)
This conclusion is false if:
x = -2147483648
Next Generation SPARK Will Be … • Released in Q1 of 2014
• Available alongside the current SPARK and SPARK
Pro toolsets
• Developed in collaboration with research partners
and an industrial advisory panel
• Previewed in a β-Release for SPARK Pro customers in
2013
Further Information
• Questions
• SPARK Team members are available today!
• For further detailed information, please contact
•Michaël Friess [email protected]
or
•Stuart Matthews stuart.matthews@altran-
praxis.com
Altran Praxis Limited
22 St Lawrence Street
Bath BA1 1AN
United Kingdom
+44 (0) 1225 466991
+44 (0) 1225 469006
altran-praxis.com
Telephone
Facsimile
Website