high integrity ada with spark
play

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and - PowerPoint PPT Presentation

High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner What is SPARK? A sub-language of Ada 83 and 95 with particular properties that make it ideally suited to the most critical of applications: completely


  1. High Integrity Ada with SPARK Praxis Critical Systems 1 SPARK and the SPARK Examiner

  2. What is SPARK? • A sub-language of Ada 83 and 95 with particular properties that make it ideally suited to the most critical of applications: – completely unambiguous – all rule violations are detectable – formally defined – tool supported • SPARK facilitates Correctness by Construction • SPARK allows proof of program properties 2 SPARK and the SPARK Examiner

  3. “… one could communicate with these machines in any language provided it was an exact language …” “… the system should resemble normal mathematical procedure closely, but at the same time should be as unambiguous as possible.” Alan Turing, 1948 3 SPARK and the SPARK Examiner

  4. Producing Safety-Critical Software • Not just a question of “being more careful” • The need to be able to show, before there is any service experience, that a system will be safe enough requires a qualitatively different approach • V&V costs dominate this process: – typical, critical, aerospace projects spend 80% of their time downstream of system integration – this is the area where re-work is most expensive – so early reasoning saves time and money 4 SPARK and the SPARK Examiner

  5. Static Analysis - the SPARK Examiner } • Language subset compliance “free” • System-wide data flow analysis • Information flow analysis • Demonstration, prior to execution, that a program is “exception free” • Formal verification including proof of safety properties 5 SPARK and the SPARK Examiner

  6. SPARK – a Proven Solution • Lockheed C130J – certified to DO178B level A – 80% saving in certification test costs – very large, independently-measured quality enhancements • SHOLIS – first full Def Stan 00-55 project – zero defects in acceptance and sea trials – (see IEEE Transactions reprint at the Praxis booth) • MULTOS CA – financial system to ITSEC E6 6 SPARK and the SPARK Examiner

  7. Release 5.0 • The SPARK Examiner is over 10 years old – mature technology but with continuous development • Release 5.0 includes: – greatly enhanced proof facilities: e.g. • proof of programs with “abstract state” • quantifiers – browsable HTML output – large number of detailed improvements 7 SPARK and the SPARK Examiner

  8. Future Plans • Enhanced support for educational use of SPARK – a free academic Examiner release is now available • Support for Ravenscar Profile • Re-issue and update of Barnes “High Integrity Ada - the SPARK Approach” 8 SPARK and the SPARK Examiner

  9. Key Message • Because getting it right first time will always be quicker than simply speeding up an iterative process SPARK saves time and money. • SPARK reduces project risk by bringing error detection forward. • SPARK helps eliminate the V&V bottleneck. 9 SPARK and the SPARK Examiner

  10. “SPARK and the Examiner represent the leading edge in pragmatic, rigorous, software engineering” http://www.praxis-cs.co.uk/ under SPARK 10 SPARK and the SPARK Examiner

Recommend


More recommend