Stack Overflow
Stack Overflow

Questions tagged [spark-ada]

SPARK is a programming language developed to allow formal proof of the absence of run-time errors. SPARK overlaps sufficiently with Ada that all SPARK programs can be compiled with an Ada compiler.

SPARK Ada is a subset of the Ada programming language, and a toolkit, that supports formal proof. It is intended for use in systems that require high reliability and integrity.

54 questions
3
votes
2 answers

Ada GNATprove insints that 1 is not >= 0

I am trying to prove, that my algorithm for finding second largest value in array works as it should. This is my code: function FindMax2 (V : Vector) return Integer is Max : Natural := 0; SecondMax : Natural := 0; begin for I in V'Range…
pucikplay
  • 101
  • 4
3
votes
1 answer

How do I modify my post condition to achieve Gold standard of Spark proof - Ada SPARK

I am totally new to Ada, and have been trying to implement some basics. I have a simple function to flip a coin - not randomly, heads should be flipped to tails and vice versa. I added a post condition that flip(coin) != coin. It is supposed to say…
HubertBlu
  • 747
  • 1
  • 7
  • 20
3
votes
1 answer

Proving Select Sort algorithm using SPARK

I am trying to prove that my implementation of Select Sort in Ada is correct. I have tried a few loop invariants, but using gnatprove only proves inner loop's invariant: package body Selection with SPARK_Mode is procedure Sort (A : in out Arr) is …
pucikplay
  • 101
  • 4
3
votes
1 answer

Ada constraint error: Discriminant check failed. What does this mean?

I've tried searching the docs and the code, but I'm unable to find what this is and therefore how to correct it. Scenario: I'm using the Ada SPARK vectors library and I have the following code: package MyPackage with SPARK_Mode => On is package…
David Boshton
  • 2,555
  • 5
  • 30
  • 51
3
votes
1 answer

How to prove equivalence of two functions?

I have two functions: InefficientEuler1Sum and InefficientEuler1Sum2. I want to prove that they both are equivalent (same output given same input). When I run SPARK -> Prove File (in GNAT Studio), I get such messages about line pragma…
Lessness Randomness
  • 138
  • 8
3
votes
2 answers

"Taking on a Challenge in SPARK Ada" - Sum ghost function in post-condition having unintended behavior

I am writing a piece of software in SPARK Ada which requires the post-condition to verify that the function return value is equal to the summed values of an array. Upon proving the file where the function resides, I keep getting an error which…
Glenn McAvoy
  • 89
  • 7
3
votes
2 answers

Multi-Tasking on Embedded Devices with Ravenscar

I'm using the Ravenscar profile to build an application that utilizes tasks. As a simple example, I have one task that has a barrier such that it only executes when the barrier is True. However, I've noticed that if the main control thread is…
jsinglet
  • 1,151
  • 7
  • 8
2
votes
2 answers

Ada and SPARK identifier `State` is either undeclared or not visible at this point

I am doing an automatic train protection on Ada with SPARK approach. This is my spec in SPARK: package Sensors --# own State,Pointer,State1,State2; --# initializes State,Pointer,State1,State2; is type Sensor_Type is (Proceed, Caution, Danger,…
dori naji
  • 980
  • 1
  • 16
  • 41
2
votes
2 answers

How to check for Storage_Error in Spark_Ada

According to the Spark2014 documentation, one is not allowed to handle exceptions in Spark code. With verification, most run-time errors can be excluded to occur inside a written program, but exceptions like Storage_Error can not be excluded. Since…
mhatzl
  • 173
  • 1
  • 7
2
votes
1 answer

how do i stop the pre-condition from failing in the below example in ADA Spark

For a project I am currently trying to write a mini pilot assistance system for an imaginary aircraft. The task is to learn Ada Spark, not avionics. I have modelled the plane components I wish to use, done some tests in the main file to check the…
HubertBlu
  • 747
  • 1
  • 7
  • 20
2
votes
1 answer

Can SPARK be used to prove that Quicksort actually sorts?

I'm not a user of SPARK. I'm just trying to understand the capabilities of the language. Can SPARK be used to prove, for example, that Quicksort actually sorts the array given to it? (Would love to see an example, assuming this is simple)
MWB
  • 11,740
  • 6
  • 46
  • 91
2
votes
1 answer

Installing ada libraries from github -- to keep getting file not found error

This is such a noddy question, but I'm struggling to particularly install libadalang which (to avoid X-Y problem) came from me having a working Gnatstudio, installing ada webserver, then I couldn't start Gnatstudio as it required libadalang.so. So I…
David Boshton
  • 2,555
  • 5
  • 30
  • 51
2
votes
1 answer

Ada complaining that I've added a volatile object in a function call to generic type when not volatile

So I've got the following declaration: record String1 : String (1 .. 64); String2 : String (1 .. 64); Timestamp : Time; Int1 : Long_Long_Integer; String3 : Unbounded_String; end record; And…
David Boshton
  • 2,555
  • 5
  • 30
  • 51
2
votes
2 answers

Specify that a Subprogram in another package is not blocking?

SPARK restricts the calling of potentially blocking subprograms from within protected objects. However, I've noticed if I call ANY subprogram outside of the package in which the protected object lives I get the warning about a potentially blocking…
jsinglet
  • 1,151
  • 7
  • 8
2
votes
2 answers

Find factor of a number

I want to find the smallest factor of a value with below specification procedure S_Factor (N : in out Positive; Factor : out Positive) with SPARK_Mode, Pre => N > 1, Post => (Factor > 1) and (N'Old / Factor = N)…
PoliteMan
  • 43
  • 4
1
2
3 4