0

I'm studying the framework Frama-c, and I'm wondering if there is an equivalence between C/Frama-c and Spark Ada. I know that it can seem quite odd to compare such different languages, but after reading David A. Wheeler's article, Johannes Kanig's comparison and a bit of SPARK's user manual, I am struggling to guess if SPARK and C/Frama-c/ACSL give the same proof robustness and the same code reliability.

Thank you a lot in advance for giving your point of view / experience !

PS: I'm quite new to frama-c and I don't know much about SPARK programming.

Jacob Sparre Andersen
  • 6,733
  • 17
  • 22
Eliott.CH
  • 25
  • 3
  • 3
    The existence of a [Frama-C and SPARK day](https://frama-c.com/FCSD17.html) suggests some similarity between them. However, the languages are so different that *equivalence* is somewhat hard to define. I'd say both have similar objectives: apply sound formal methods to improve code quality and reliability. As indicated at the end of Johannes Kanig's article, as you cited, there are several differences between them. Maybe you'll need to refine your notion of *equivalence* to obtain a more precise answer. – anol May 24 '18 at 13:51

1 Answers1

0

I don't know Frama-C, but SPARK proofs are - as I understand - them absolute guarantees. With SPARK you can to some extend select how much you want proofs of.

The basic level is to prove absence of run-time errors (exceptions), but SPARK will attempt to prove all assertions (including pre- and post-conditions) you insert into your source text. So if you insert assertions, which document some functional requirements, then the guarantees (assuming that your SPARK tools can prove the assertions correct) extend to those functional requirements.

Jacob Sparre Andersen
  • 6,733
  • 17
  • 22