Time filter

Source Type

Le Touquet – Paris-Plage, France

Kanig J.,AdaCore
Proceedings of the ACM SIGAda Annual International Conference; SIGAda | Year: 2012

We give a hands-on introduction to the tools GNATtest and GNATprove, both developed at AdaCore in the Hi-Lite research project. They allow to do verification of Ada 2012 contracts through testing and formal verification, and also allow a combination of the results of both tools. The tutorial will contain a very short introduction to Ada 2012, and attendees will write a small example on which they can play with GNATtest to develop test cases, and GNATprove to do some formal verification. © 2012 Author.

Moy Y.,AdaCore
Ada User Journal | Year: 2013

With the addition of many new kinds of assertions in Ada 2012, it is tempting to state properties of your data that "forget" about the possibility of overflows. GNAT has defined a compilation switch and a pragma that make it possible.

Moy Y.,AdaCore
Ada User Journal | Year: 2013

SPARK 2014 was the next generation of the Ada language, which had been applied worldwide in a range of industrial applications such as civil and military avionics, railway signaling, cryptographic and cross-domain solutions. The latest version of the Ada language contained contract-based programming constructs as part of the core language. SPARK 2014 used the same syntax for contracts, meaning that a program written in Ada 2012 was verified by the SPARK 2014 verification tools without having to rewrite the contracts. SPARK 2014 strengthened the specification capabilities of the language by the addition of contracts for data dependencies, information flows, state abstraction, and data and behavior refinement. The SPARK 2014 language also comprised of a bigger subset of Ada than its predecessors.

Moy Y.,AdaCore | Ledinot E.,Dassault Aviation | Delseny H.,Airbus | Wiels V.,ONERA | Monate B.,TrustMySoft
IEEE Software | Year: 2013

The complexity of avionics software has also increased to the point where many doubt that current verification techniques based on testing will be sufficient in the future. Although this permission to replace part of testing with formal verification is quite new, one is successfully applied this new guidance into a production like environment at Dassault-Aviation and Airbus. The use of formal verification for activities previously done by testing has been cost-effective for both companies, by facilitating maintenance leading to gains in time on repeated activities. For many other requirements, such as dataflow and functional properties, formal verification is only feasible via the source-code representation. DO-178 allows this approach, provided the user can demonstrate that properties established at the source level still hold at the binary level.

This paper continues the publication of the "SPARK 2014 Rationale", which started in the December 2013 issue of the Ada User Journal. In this instalment, we present three contributions regarding ghost code, Object Oriented programming and functional update in SPARK.

Discover hidden collaborations