Advanced SPARK

Warning

This version of the website contains UNPUBLISHED contents.

This course will teach you advanced topics of SPARK.

Note

The code examples in this course use an 80-column limit, which is a typical limit for Ada code. Note that, on devices with a small screen size, some code examples might be difficult to read.

Download PDF Download EPUB

Contents:

• Subprogram Contracts
  • Subprogram Contracts in Ada 2012 and SPARK 2014
  • Dynamic Execution of Subprogram Contracts
  • Dynamic Behavior when Subprogram Contracts Fail
  • Precondition
  • Postcondition
  • Contract Cases
  • Attribute 'Old
  • Implication and Equivalence
  • Reasoning by Cases
  • Universal and Existential Quantification
  • Expression Functions
  • Code Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10
• Type Contracts
  • Type Contracts in Ada 2012 and SPARK 2014
  • Static and Dynamic Predicates
    • Static Predicate
    • Dynamic Predicate
    • Restrictions on Types With Dynamic Predicate
    • Dynamic Checking of Predicates
    • Temporary Violations of the Dynamic Predicate
  • Type Invariant
    • Dynamic Checking of Type Invariants
  • Inheritance of Predicates and Type Invariants
  • Other Useful Gotchas on Predicates and Type Invariants
  • Default Initial Condition
  • Code Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10
• Systems Programming
  • Type Contracts in Ada 2012 and SPARK 2014
  • Systems Programming – What is it?
  • Systems Programming – How can SPARK help?
  • Systems Programming – A trivial example
  • Volatile Variables and Volatile Types
  • Flavors of Volatile Variables
    • Using Async_Readers / Async_Writers
    • Using Effective_Reads / Effective_Writes
    • Combinations of Flavors of Volatile Variables
  • Constraints on Volatile Variables
  • Constraints on Volatile Functions
  • State Abstraction on Volatile Variables
  • Constraints on Address Attribute
  • Can something be known of volatile variables?
  • Other Concerns in Systems Programming
  • Code Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10
• Concurrency
  • Concurrency ≠ Parallelism
  • Concurrent Program Structure in Ada
  • The problems with concurrency
  • Ravenscar – the Ada solution to concurrency problems
  • Concurrent Program Structure in Ravenscar
  • Ravenscar – the SPARK solution to concurrency problems
  • Concurrency – A trivial example
  • Setup for using concurrency in SPARK
  • Tasks in Ravenscar
  • Communication Between Tasks in Ravenscar
  • Protected Objects in Ravenscar
  • Protected Communication with Procedures & Functions
  • Blocking Communication with Entries
  • Relaxed Constraints on Entries with Extended Ravenscar
  • Interrupt Handlers in Ravenscar
  • Other Communications Between Tasks in SPARK
  • Data and Flow Dependencies of Tasks
  • State Abstraction over Synchronized Variables
  • Synchronized Abstract State in the Standard Library
  • Code Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10
• Object-oriented Programming
  • What is Object Oriented Programming?
  • Prototypes and Scopes in SPARK
  • Classes in SPARK
  • Methods in SPARK
  • Dynamic dispatching in SPARK
    • A trivial example
    • The problems with dynamic dispatching
  • LSP – the SPARK solution to dynamic dispatching problems
    • Verification of dynamic dispatching calls
    • Class-wide contracts and data abstraction
    • Class-wide contracts, data abstraction and overriding
  • Dynamic semantics of class-wide contracts
  • Redispatching and Extensions_Visible aspect
  • Code Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10
• Ghost code
  • What is ghost code?
  • Ghost code – A trivial example
  • Ghost variables – aka auxiliary variables
  • Ghost variables – non-interference rules
  • Ghost statements
  • Ghost procedures
  • Ghost functions
  • Imported ghost functions
  • Ghost packages and ghost abstract state
  • Executing ghost code
  • Examples of use
    • Encoding a state automaton
    • Expressing useful lemmas
    • Specifying an API through a model
  • Extreme proving with ghost code – red black trees in SPARK
  • Positioning ghost code in proof techniques
  • Code Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10
• Test and Proof
  • Various Combinations of Tests and Proofs
  • Test (be)for(e) Proof
    • Activating Run-time Checks
    • Activating Assertions
    • Activating Ghost Code
  • Test for Proof
    • Overflow Checking Mode
  • Test alongside Proof
    • Checking Proof Assumptions
    • Rules for Defining the Boundary
    • Special Compilation Switches
  • Test as Proof
    • Feasibility of Exhaustive Testing
  • Test on top of Proof
    • Combining Unit Proof and Integration Test
  • Test Examples / Pitfalls
    • Example #1
    • Example #2
    • Example #3
    • Example #4
    • Example #5
    • Example #6
    • Example #7
    • Example #8
    • Example #9
    • Example #10