Development and Verification of a Flight Stack for a High-Altitude Glider in Ada/SPARK 2014
SPARK 2014 is a modern programming language and a new state-of-the-art tool set for development and verification of high-integrity software. In this paper, we explore the capabilities and limitations of its latest version in the context of building a flight stack for a high-altitude unmanned glider. Towards that, we deliberately applied static analysis early and continuously during implementation, to give verification the possibility to steer the software design. In this process we have identified several limitations and pitfalls of software design and verification in SPARK, for which we give workarounds and protective actions to avoid them. Finally, we give design recommendations that have proven effective for verification, and summarize our experiences with this new language.
KeywordsAda/SPARK Formal verification Limitations Rules
Thanks to the SPARK 2014 development and support team of AdaCore for their guidance and insights.
- 1.AdaCore: Ada Drivers Library (2015). https://github.com/AdaCore
- 2.Brandon, C., Chapin, P.: The use of SPARK in a complex spacecraft. In: HILT (2016)Google Scholar
- 5.Dross, C., Efstathopoulos, P., Lesens, D., Mentr, D., Mentré, D., Moy, Y.: Rail, space, security: three case studies for SPARK 2014. In: ERTS2 2014, pp. 1–10 (2014)Google Scholar
- 6.Filliâtre, J.C., Paskevich, A.: Why3: Where Programs Meet Provers (2013)Google Scholar
- 8.Meier, L., Tanskanen, P., Fraundorfer, F., Pollefeys, M.: PIXHAWK: a system for autonomous flight using onboard computer vision. In: ICRA, pp. 2992–2997 (2011)Google Scholar
- 9.Schonberg, E., Pucci, V.: Implementation of a simple dimensionality checking system in Ada 2012. In: HILT 2012, pp. 35–42. ACM, New York (2012)Google Scholar
- 10.Trojanek, P., Eder, K.: Verification and testing of mobile robot navigation algorithms: a case study in SPARK. In: IROS 2014, pp. 1489–1494 (2014)Google Scholar