Static verification and extreme programming
Proceedings of the 2003 annual ACM SIGAda international conference on Ada: the engineering of correct and reliable software for real-time & distributed systems using ada and related technologies
Static analysis of Ravenscar programs
IRTAW '03 Proceedings of the 12th international workshop on Real-time Ada
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report
IEEE Security and Privacy
Re-engineering global variables in Ada
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
Enforcing security and safety models with an information flow analysis tool
Proceedings of the 2004 annual ACM SIGAda international conference on Ada: The engineering of correct and reliable software for real-time & distributed systems using Ada and related technologies
We've been working on the railroad: a laboratory for real-time embedded systems
Proceedings of the 36th SIGCSE technical symposium on Computer science education
High-integrity extreme programming
Proceedings of the 2005 ACM symposium on Applied computing
Echo: a practical approach to formal verification
Proceedings of the 10th international workshop on Formal methods for industrial critical systems
Developing critical systems with PLD components
Proceedings of the 10th international workshop on Formal methods for industrial critical systems
Modeling SPARK systems with UML
Proceedings of the 2005 annual ACM SIGAda international conference on Ada: The Engineering of Correct and Reliable Software for Real-Time & Distributed Systems using Ada and Related Technologies
Optimizing the SPARK program slicer
Proceedings of the 2005 annual ACM SIGAda international conference on Ada: The Engineering of Correct and Reliable Software for Real-Time & Distributed Systems using Ada and Related Technologies
Combining Proof Plans with Partial Order Planning for Imperative Program Synthesis
Automated Software Engineering
Logical Foundations of Program Assertions: What do Practitioners Want?
SEFM '05 Proceedings of the Third IEEE International Conference on Software Engineering and Formal Methods
The echo approach to formal verification
Proceedings of the 28th international conference on Software engineering
Correctness by construction: a manifesto for high integrity software
SCS '05 Proceedings of the 10th Australian workshop on Safety critical systems and software - Volume 55
Roadmap for enhanced languages and methods to aid verification
Proceedings of the 5th international conference on Generative programming and component engineering
Proceedings of the 13th ACM conference on Computer and communications security
Early detection of JML specification errors using ESC/Java2
Proceedings of the 2006 conference on Specification and verification of component-based systems
Developing safety critical software for an unmanned aerial vehicle situational awareness tool
Proceedings of the 2006 annual ACM SIGAda international conference on Ada
An Integrated Approach to High Integrity Software Verification
Journal of Automated Reasoning
Generating good pseudo-random numbers
Computational Statistics & Data Analysis
Active learning sheets for a beginner's course on reasoning about imperative programs
Proceedings of the 38th SIGCSE technical symposium on Computer science education
A Sound Assertion Semantics for the Dependable Systems Evolution Verifying Compiler
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Languages for Safety-Critical Software: Issues and Assessment
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Designing software components to tolerances
ACM SIGSOFT Software Engineering Notes
Verified component-based software in SPARK: experimental results for a missile guidance system
Proceedings of the 2007 ACM international conference on SIGAda annual international conference
Using SPARK for a beginner's course on reasoning about imperative programs
Proceedings of the 2007 ACM international conference on SIGAda annual international conference
Towards a demonstrably-correct ada compiler
Proceedings of the 2007 ACM international conference on SIGAda annual international conference
Building high-integrity distributed systems with Ravenscar restrictions
IRTAW '07 Proceedings of the 13th international workshop on Real-time Ada
Cooperative reasoning for automatic software verification
Proceedings of the second workshop on Automated formal methods
Using SMT solvers to verify high-integrity programs
Proceedings of the second workshop on Automated formal methods
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
A Mechanical Analysis of Program Verification Strategies
Journal of Automated Reasoning
Tool Integration for Reasoned Programming
Verified Software: Theories, Tools, Experiments
A Perspective on Program Verification
Verified Software: Theories, Tools, Experiments
Languages, Ambiguity, and Verification
Verified Software: Theories, Tools, Experiments
Specification and Checking of Software Contracts for Conditional Information Flow
FM '08 Proceedings of the 15th international symposium on Formal Methods
Can We Increase the Usability of Real Time Scheduling Theory? The Cheddar Project
Ada-Europe '08 Proceedings of the 13th Ada-Europe international conference on Reliable Software Technologies
Formal Verification by Reverse Synthesis
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
JML4: Towards an Industrial Grade IVE for Java and Next Generation Research Platform for JML
VSTTE '08 Proceedings of the 2nd international conference on Verified Software: Theories, Tools, Experiments
Verifiable functional purity in java
Proceedings of the 15th ACM conference on Computer and communications security
Termination-Insensitive Noninterference Leaks More Than Just a Bit
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Programming language elements for correctness proofs
Acta Cybernetica
Valigator: A Verification Tool with Bound and Invariant Generation
LPAR '08 Proceedings of the 15th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning
Hoare type theory, polymorphism and separation1
Journal of Functional Programming
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Point/counterpoint: CS education in the U.S.: heading in the wrong direction?
Communications of the ACM - Barbara Liskov: ACM's A.M. Turing Award Winner
Catch me if you can: permissive yet secure error handling
Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Analysis for Security
Formal methods: Practice and experience
ACM Computing Surveys (CSUR)
On the Role of Formal Methods in Software Certification: An Experience Report
Electronic Notes in Theoretical Computer Science (ENTCS)
A Precise Yet Efficient Memory Model For C
Electronic Notes in Theoretical Computer Science (ENTCS)
Automatic Inference of Frame Axioms Using Static Analysis
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Assessing the impact of global variables on program dependence and dependence clusters
Journal of Systems and Software
HOL-Boogie--An Interactive Prover-Backend for the Verifying C Compiler
Journal of Automated Reasoning
Ada-Europe'03 Proceedings of the 8th Ada-Europe international conference on Reliable software technologies
Security of multithreaded programs by compilation
ACM Transactions on Information and System Security (TISSEC)
Towards Ada 2012: an interim report
Proceedings of the ACM SIGAda annual international conference on SIGAda
Using static analysis in space: why doing so?
SAS'10 Proceedings of the 17th international conference on Static analysis
Derivational software engineering
Proceedings of the FSE/SDP workshop on Future of software engineering research
Development of high-integrity software product lines using model transformation
SAFECOMP'10 Proceedings of the 29th international conference on Computer safety, reliability, and security
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Specification and verification: the Spec# experience
Communications of the ACM
Bakar Kiasan: flexible contract checking for critical systems using symbolic execution
NFM'11 Proceedings of the Third international conference on NASA Formal methods
The safety-critical Java memory model: a formal account
FM'11 Proceedings of the 17th international conference on Formal methods
ITP'11 Proceedings of the Second international conference on Interactive theorem proving
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Software vulnerabilities precluded by spark
SIGAda '11 Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language
Enhancing spark's contract checking facilities using symbolic execution
SIGAda '11 Proceedings of the 2011 ACM annual international conference on Special interest group on the ada programming language
A software component model and its preliminary formalisation
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Boogie: a modular reusable verifier for object-oriented programs
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
Static detection of access anomalies in ada95
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
SPARK annotations within executable UML
Ada-Europe'06 Proceedings of the 11th Ada-Europe international conference on Reliable Software Technologies
Proving functional equivalence for program slicing in SPARKTM
Ada-Europe'05 Proceedings of the 10th Ada-Europe international conference on Reliable Software Technologies
Smart certification of mixed criticality systems
Ada-Europe'05 Proceedings of the 10th Ada-Europe international conference on Reliable Software Technologies
GNAT pro for on-board mission-critical space applications
Ada-Europe'05 Proceedings of the 10th Ada-Europe international conference on Reliable Software Technologies
The spec# programming system: an overview
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Sicstus prolog-the first 25 years
Theory and Practice of Logic Programming - Prolog Systems
Exogenous connectors for software components
CBSE'05 Proceedings of the 8th international conference on Component-Based Software Engineering
Program verification in SPARK and ACSL: a comparative case study
Ada-Europe'10 Proceedings of the 15th Ada-Europe international conference on Reliable Software Technologies
Towards ada 2012: an interim report
Ada-Europe'10 Proceedings of the 15th Ada-Europe international conference on Reliable Software Technologies
Cost effective software engineering for security
FM'06 Proceedings of the 14th international conference on Formal Methods
Limiting information leakage in event-based communication
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Are practitioners writing contracts?
Rigorous Development of Complex Fault-Tolerant Systems
Why programming languages still matter
Rigorous Development of Complex Fault-Tolerant Systems
From dynamic to static and back: riding the roller coaster of information-flow control research
PSI'09 Proceedings of the 7th international Andrei Ershov Memorial conference on Perspectives of Systems Informatics
SPARKSkein: a formal and fast reference implementation of skein
SBMF'11 Proceedings of the 14th Brazilian conference on Formal Methods: foundations and Applications
Dependable and Historic Computing
A lightweight technique for distributed and incremental program verification
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Verification conditions for single-assignment programs
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Efficient symbolic execution of value-based data structures for critical systems
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Verification of hardware interaction properties of software
ABZ'12 Proceedings of the Third international conference on Abstract State Machines, Alloy, B, VDM, and Z
An intuitive approach to determine test adequacy in safety-critical software
ACM SIGSOFT Software Engineering Notes
Source code as the key artifact in requirement-based development: the case of ada 2012
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
An approach to model checking ada programs
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
Precise enforcement of progress-sensitive security
Proceedings of the 2012 ACM conference on Computer and communications security
The art and science of software architecture
ECSA'07 Proceedings of the First European conference on Software Architecture
Hi-Lite: the convergence of compiler technology and program verification
Proceedings of the 2012 ACM conference on High integrity language technology
Information and Software Technology
Past expression: encapsulating pre-states at post-conditions by means of AOP
Proceedings of the 12th annual international conference on Aspect-oriented software development
Explicating symbolic execution (xSymExe): an evidence-based verification framework
Proceedings of the 2013 International Conference on Software Engineering
Safety-critical Java level 2: motivations, example applications and issues
Proceedings of the 11th International Workshop on Java Technologies for Real-time and Embedded Systems
Practical specification and verification with code contracts
Proceedings of the 2013 ACM SIGAda annual conference on High integrity language technology
Hi-index | 0.02 |
From the Book:This book is about programming in Spark--a language highly suited for writing programs that need to be reliable, and thus particularly relevant to those application areas where safety or security are important. It is a major revision of the previous book which was entitled High Integrity Ada.Spark is sometimes regarded as being just a subset of Ada with various annotations that you have to write as Ada comments. This is mechanically correct but is not at all the proper view to take. Spark should be seen as a distinct language in its own right and that is one reason why the title was changed in this edition.Spark has just those features required for writing reliable software: not so austere as to be a pain, but not so rich as to make program analysis out of the question. But it is sensible to share compiler technology with some other standard language and it so happens that Ada provides a better framework than many other languages. In fact, Ada seems to be the only language that has good lexical support for the concept of programming by contract by separating the ability to describe a software interface (the contract) from its implementation (the code) and enabling these to be analysed and compiled separately. The Eiffel language has created a strong interest in the concept of programming by contract which Spark has embodied since its inception in the late 1980s.There has recently also been interest in reliable software in areas other than those that have traditionally cared about reliability (avionics and railroads). It is now beginning to be realized that reliable software matters in other areas, such as finance, communications, medicine and motorcars.Accordingly, I have changed the presentation with the goal that no knowledge of Ada is required to understand the discussion. However, there are some remarks comparing Spark and Ada which will be helpful to those who do know Ada. Most of these are confined to the ends of sections and are in a different font but just a few are embedded in the text in square brackets. Either way they should not impede the discussion for the general reader.I have always been interested in techniques for writing reliable software, if only (presumably like most programmers) because I would like my programs to work without spending ages debugging the wretched things.Perhaps my first realization that the tools used really mattered came with my experience of using Algol 60 when I was a programmer in the chemical industry. It was a delight to use a compiler that stopped me violating the bounds of arrays; it seemed such an advance over Fortran and other even more primitive languages which allowed programs to violate themselves in an arbitrary manner.On the other hand I have always been slightly doubtful of the practicality of the formal theorists who like to define everything in some turgid specification language before contemplating the process known as programming. It has always seemed to me that formal specifications were pretty obscure to all but a few and might perhaps even make a program less reliable in a global sense by increasing the problem of communication between client and programmer.Nevertheless, I have often felt that underlying mathematical foundations can provide us with better tools even if the mathematical nature is somewhat hidden by a more practical facade. For example, enumeration types are really about sets but a deep understanding of set theory is not necessary in order to obtain the benefits of strong typing by realizing that a set of apples is not the same as a set of oranges.Spark has this flavour of practical helpfulness underpinned by solid mathematical foundations. You don't have to understand the theorems of Boehm and Jacopini in order to obtain the benefits of good flow structure. Equally, Spark does not require esoteric annotations of a formal kind but quite simple affirmations of access and visibility which enable the Spark Examiner to effectively 'look over your shoulder' and identify inconsistencies between what you said you were going to do in the annotations and what you actually did in the code.One of the advantages of Spark is that it may be used at various levels. At the simplest level of data flow analysis, the annotations ensure that problems of mistaken identity do not arise, that undefined values are not used and other similar flow errors are trapped. The next level of information flow analysis gives additional assurance regarding the inter-dependence between variables and can highlight unexpected relationships indicative of poorly organized data.For certain applications, formal proof may be useful and Spark provides a third level in which formal preconditions, postconditions and other assertions enable proofs to be established with the aid of the Spark tools.However, formal proof is easily oversold; the effort involved in developing a proof can be high and in many cases might well be spent more effectively on other aspects of ensuring that a program is fit for its purpose. So the ability to apply Spark at various levels according to the application is extremely valuable.A simple use of proof is in showing that a program is free from exceptions due to run-time errors such as those caused by overflow or writing outside an array. This can be done in a straightforward manner and does not require the addition of the more detailed annotations required for proof in general.The various levels of analysis might even be mixed in a single program. The fine detail of key algorithms might be formally proved, higher organizational parts might benefit from information flow analysis, whereas the overall driving routines could well need only data flow analysis. And proof of freedom from run-time errors might be applied to the whole program.I must say a little about the background to this book. I first encountered the foundation work done by Bob Phillips at Malvern when a consultant to the British Government and tasked with monitoring the usefulness of various research activities. I remember feeling that the flow analysis he was investigating was potentially good stuff but needed practical user interfaces.That was twenty-five years ago. The current language and tools reflect the enormous energy put into the topic since then by Bernard Carre and his colleagues, first at Southampton University, then at Program Validation Limited and later at Praxis Critical Systems. The original approach was for the analysis of existing programs but now the emphasis is much more on writing the programs correctly in the first place.However, it always seemed to me that although the tools and techniques were gaining steady acceptance, nevertheless both the tools and indeed the world of programmers deserved a more accessible description than that found in conference papers and user manuals.A big impetus to actually do something was when my daughter Janet and I were invited by Program Validation Limited to join in a review of the formal definition of Spark and its further development. This resulted in a report familiarly known as Janet and John go a-Sparking (non-British readers should note that there is a series of children's books concerning the activities of Janet and John). Being involved in the review strengthened my feeling that a book would be very appropriate and, thanks to the support of Praxis, led to the first version of this book in 1997.Since then, Spark and its tools have evolved further to include the safe parts of object oriented programming, a better means of interfacing to other parts of a system, a simpler means of showing that a program is free from exceptions, and more auditable means of proving that a program is correct. The various tools are also greatly improved both in terms of speed and quality of reporting.These improvements justified this new book and I am most grateful for the support of Praxis in enabling me to write it. The CD at the back includes the latest demonstration versions of the major tools and electronic copies of a great deal of further documentation as well as the exercises and answers. More information regarding Praxis and Spark will be found at www.sparkada.com.I must now thank all those who have helped in many different ways. The external reviewers included Kung-Kiu Lau, George Romanski, Jim Sutton, Tucker Taft and Phil Thornley; their comments were extremely valuable in ensuring that the book met its main objectives. I was greatly assisted by a number of staff of Praxis Critical Systems and I am especially grateful to Peter Amey, Rod Chapman, Jonathan Hammond and Adrian Hilton for their detailed comments and encouragement.I must also continue to thank Bernard Carre for his vision in getting it all going; Bernard has now retired to warmer climes but his good work lives on.Finally, many thanks to my wife Barbara for her help in typesetting and proofreading, to friends at Addison-Wesley for their continued guidance and to Sheila Chatten for her help in the final stages of production.John BarnesCaversham, EnglandDecember 2002