Focused Certification of an Industrial Compilation and Static Verification Toolchain

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10469)


SPARK 2014 is a subset of the Ada 2012 programming language that is supported by the GNAT compilation toolchain and multiple open source static analysis and verification tools. These tools can be used to verify that a SPARK 2014 program does not raise language-defined run-time exceptions and that it complies with formal specifications expressed as subprogram contracts. The results of analyses at source code level are valid for the final executable only if it can be shown that compilation/verification tools comply with a common deterministic programming language semantics.

In this paper, we present: (a) a mechanized formal semantics for a large subset of SPARK 2014, (b) an architecture for creating certified/certifying analysis and verification tools for SPARK, and (c) tools and mechanized proofs that instantiate that architecture to demonstrate that SPARK-relevant Ada run-time checks inserted by the GNAT compiler are correct; this includes mechanized proofs of correctness for abstract interpretation-based static analyses that are used to certify correctness of GNAT run-time check optimizations.

A by-product of this work is a substantial amount of open source infrastructure that others in academia and industry can use to develop mechanized semantics, and mechanically verified correctness proofs for analyzers/verifiers for realistic programming languages.


GNAT Compiler Spark Program Semantic Mechanisms CompCert Abstract Syntax Tree Analysis (AST) 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Barnes, J.: SPARK: The Proven Approach to High Integrity Software. Altran Praxis (2012)Google Scholar
  2. 2.
    Barnes, J.: Ada 2012 Rationale - The Language, The Standard Libraries, Lecture Notes in Computer Science, vol. 8338. Springer, Heidelberg (2013)Google Scholar
  3. 3.
    Belt, J., Hatcliff, J., Robby, Chalin, P., Hardin, D., Deng, X.: Bakar kiasan: flexible contract checking for critical systems using symbolic execution. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 58–72. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-20398-5_6CrossRefGoogle Scholar
  4. 4.
    Chapman, R., Botcazou, E., Wallenburg, A.: SPARKSkein: a formal and fast reference implementation of skein. In: Simao, A., Morgan, C. (eds.) SBMF 2011. LNCS, vol. 7021, pp. 16–27. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25032-3_2CrossRefGoogle Scholar
  5. 5.
    Chlipala, A.: Certified Programming with Dependent Types - A Pragmatic Introduction to the Coq Proof Assistant. MIT Press, Cambridge (2013)zbMATHGoogle Scholar
  6. 6.
    Courtieu, P., Aponte, M., Crolard, T., Zhang, Z., Robby, Belt, J., Hatcliff, J., Guitton, J., Jennings, T.: Towards the formalization of SPARK 2014 semantics with explicit run-time checks using coq. In: HILT, pp. 21–22 (2013)Google Scholar
  7. 7.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL, pp. 238–252 (1977)Google Scholar
  8. 8.
    Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The astreé analyzer. In: ESOP, pp. 21–30 (2005)CrossRefGoogle Scholar
  9. 9.
    Hatcliff, J., Wassyng, A., Kelly, T., Comar, C., Jones, P.L.: Certifiably safe software-dependent systems: challenges and directions. In: FOSE, pp. 182–200 (2014)Google Scholar
  10. 10.
    Jourdan, J., Laporte, V., Blazy, S., Leroy, X., Pichardie, D.: A formally-verified C static analyzer. In: POPL, pp. 247–259 (2015)CrossRefGoogle Scholar
  11. 11.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  12. 12.
    McCormick, J.W., Chapin, P.C.: Building High Integrity Applications with SPARK. Cambridge University Press, Cambridge (2015)CrossRefGoogle Scholar
  13. 13.
    Moy, Y., Ledinot, E., Delseny, H., Wiels, V., Monate, B.: Testing or formal verification: DO-178C alternatives and industrial experience. IEEE Software, pp. 50–56 (2013)CrossRefGoogle Scholar
  14. 14.
    Necula, G.C.: Proof-carrying code. In: POPL, pp. 106–119 (1997)Google Scholar
  15. 15.
    O’Neill, I.: SPARK - a language and tool-set for high-integrity software development. In: Industrial Use of Formal Methods: Formal Verification. Wiley (2012)Google Scholar
  16. 16.
    Ada conformity assessment test suite (ACATS).
  17. 17.
  18. 18.
  19. 19.
  20. 20.
    The Coq proof assistant.
  21. 21.
  22. 22.
    Why3 - where programs meet provers.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Kansas State UniversityManhattanUSA
  2. 2.AdaCoreParisFrance
  3. 3.Conservatoire National des Arts et MétiersParisFrance

Personalised recommendations