The document summarizes the future directions of the SPARK technology. It discusses how SPARK has evolved over 25+ years with successes across different domains. The next generation SPARK will include an updated language, powerful verification tools, and training for engineers. It will have features like support for executable and mathematical contracts, a formal analysis compatible with standards, and increased automation for proof of functional properties. The new version is targeted for release in early 2014.

1. High Assurance Software Symposium
Future Directions of the
SPARK Technology
Stuart Matthews

2. SPARK – A Distinguished
Track Record
• The origins of SPARK are in research started over 25
years ago …

3. SPARK’s Success
• SPARK has achieved success across industry
domains …
• and in high-profile mission-critical systems …

4. SPARK Evolution
• The SPARK language has evolved over the years:
SPARK‘83, ’95, 2005 – and RavenSPARK
• In 2009 the release of SPARK Pro provided an
updated interface to the tool environment:
•GNAT Tracker
•GPS & GNATbench IDEs

5. Current Context &
Influences
• Our desire to innovate and extend SPARK’s
capabilities continues today
• Strong links with academic and research
communities:
•Collaborative research
•SPARK community projects
• Opportunities and challenges in the high-assurance
software domain …

6. Challenges & Opportunities
• Requirement for more efficient assurance tools &
techniques for high-grade secure software
• Increasing demand for security in safety & mission-
critical software
• Ada 2012 – contract-based programming
• Success of Hi-Lite project – combination of unit
testing and formal proof

7. The Next Generation
SPARK Technology
• Now under development …
• A new framework for high assurance software
development, comprising:
•Updated SPARK Language
•Powerful Verification Toolset
•Software Engineering Method
•Training for software engineers

8. Next Generation SPARK
Language
• Convergence with Ada 2012 syntax …
package Ex05 package Ex14
--# own Counter; with Abstract_State => Counter,
--# initializes Counter; Initializes => Counter
is is
procedure Exchange (X, Y : in out Integer); procedure Exchange (X, Y : in out Integer)
--# global in out Counter; with Global => (In_Out => Counter),
--# derives X from Y & Depends => (X => Y,
--# Y from X & Y => X,
--# Counter from Counter; Counter => Counter),
--# pre X /= Y; Pre => X /= Y,
--# post X = Y~ and Y = X~; Post => X = Y'Old and Y = X'Old;
end Ex05; end Ex14;
• Support for executable and mathematical/provable
contracts

9. Next Generation SPARK
• Bigger Language Subset …
Next Gen.
SPARK
Profiles
•Discriminant
records
•Early subprogram
returns
•More OO support

10. New Toolset Features:
• Replacement of unit and robustness testing by
automated proof
• A Formal Analysis compatible with D0-333
• Formal container library
•…

11. Advanced Information Flow
Analysis
• Designed to support secure systems assurance
• Visualisation of information flows
• Increased refinement of information flow contracts

12. Generative Mode
• A generative mode for data and information flow
analysis
procedure Q (X, Y, Z in : Integer;
A, B, C, D, E : out Integer);
Integer)
with Depends => ((A, B) => (X, Y),
C => (X, Z),
D => Y,
E => null);

13. Powerful Verification Tools
• Higher levels of automation for proof of functional
properties
• Improved diagnostics for unproved VCs
• Interactive path display
• Counter example
generation
*** Found a counter-example to
function_example_1_1, conclusion C2:
(For path(s) from start to run-time check
associated with statement of line 30:)
This conclusion is false if:
x = -2147483648

14. Next Generation SPARK
Will Be …
• Released in Q1 of 2014
• Available alongside the current SPARK and SPARK
Pro toolsets
• Developed in collaboration with research partners
and an industrial advisory panel
• Previewed in a β-Release for SPARK Pro customers in
2013

15. Further Information
• Questions
• SPARK Team members are available today!
• For further detailed information, please contact
•Michaël Friess michael.friess@adacore.com
or
•Stuart Matthews stuart.matthews@altran-
praxis.com

16. Altran Praxis Limited
22 St Lawrence Street
Bath BA1 1AN
United Kingdom
Telephone +44 (0) 1225 466991
Facsimile +44 (0) 1225 469006
Website altran-praxis.com
Email stuart.matthews@altran-praxis.com