SPARK 2014 User’s Guide¶
Copyright (C) 2011-2017, AdaCore and Altran UK Ltd
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled ‘GNU Free Documentation License’.
- 1. Getting Started with SPARK
- 2. Introduction
- 3. Installation of GNATprove
- 4. Identifying SPARK Code
- 5. Overview of SPARK Language
- 6. SPARK Tutorial
- 7. Formal Verification with GNATprove
- 7.1. How to Run GNATprove
- 7.1.1. Setting Up a Project File
- 7.1.2. Running GNATprove from the Command Line
- 7.1.3. Using the GNAT Target Runtime Directory
- 7.1.4. Specifying the Target Architecture and Implementation-Defined Behavior
- 7.1.5. Using CodePeer Static Analysis
- 7.1.6. Running GNATprove from GPS
- 7.1.7. Running GNATprove from GNATbench
- 7.1.8. GNATprove and Manual Proof
- 7.2. How to View GNATprove Output
- 7.3. How to Use GNATprove in a Team
- 7.4. How to Write Subprogram Contracts
- 7.5. How to Write Object Oriented Contracts
- 7.6. How to Write Package Contracts
- 7.7. How to Write Loop Invariants
- 7.7.1. Automatically Generated Loop Invariants
- 7.7.2. The Four Properties of a Good Loop Invariant
- 7.7.3. Proving a Loop Invariant in the First Iteration
- 7.7.4. Completing a Loop Invariant to Prove Checks Inside the Loop
- 7.7.5. Completing a Loop Invariant to Prove Checks After the Loop
- 7.7.6. Proving a Loop Invariant After the First Iteration
- 7.8. How to Investigate Unproved Checks
- 7.9. GNATprove by Example
- 7.10. Examples in the Toolset Distribution
- 7.1. How to Run GNATprove
- 8. Applying SPARK in Practice
- 8.1. Objectives of Using SPARK
- 8.1.1. Safe Coding Standard for Critical Software
- 8.1.2. Prove Absence of Run-Time Errors (AoRTE)
- 8.1.3. Prove Correct Integration Between Components
- 8.1.4. Prove Functional Correctness
- 8.1.5. Ensure Correct Behavior of Parameterized Software
- 8.1.6. Safe Optimization of Run-Time Checks
- 8.1.7. Address Data and Control Coupling
- 8.1.8. Ensure Portability of Programs
- 8.2. Project Scenarios
- 8.1. Objectives of Using SPARK
- A. Command Line Invocation
- B. Alternative Provers
- C. Project Attributes
- D. Implementation Defined Pragmas
- E. External Axiomatizations
- F. GNATprove Limitations
- G. Portability Issues
- H. Semantics of Floating Point Operations
- I. SPARK Architecture, Quality Assurance and Maturity
- J. GNU Free Documentation License