Safety and Open Source

Proving heap-manipulating programs with SPARK

The SPARK open-source proof tool for Ada now supports verifying pointer-based algorithms thanks to an ownership policy inspired by Rust
D.safety
Claire Dross
SPARK is an open-source tool for formal verification of the Ada. language. Last year, support for pointers, aka access types, was added to SPARK. It works by enforcing an ownership policy somewhat similar to the one used in Rust. It ensures in particular that there is only one owner of a given data at all time, which can be used to modify it. One of the most complex parts for verification is the notion of borrowing. It allows to transfer the ownership of a part of a data-structure, but only for a limited time. Afterward ownership returns to the initial owner. In this talk, I will explain how this can be achieved and, in particular, how we can describe in the specification the relation between the borrower and the borrowed object at all times.

Additional information

Type devroom

More sessions

2/6/21
Safety and Open Source
D.safety
The advantages of Free and Open Source Software are numerous, benefiting industry partners, individual contributors and the wider community who collaborate to advance state of the art. More than ever companies choose FOSS, however the world of safety is behind the curve. Software developed for safety applications often use old development practices and are closed source. Too commonly this code is seen as a competitive advantage, and having spent vast sums developing and analysing for safety, ...
2/6/21
Safety and Open Source
Joffrey Huguet
D.safety
The guarantees provided by SPARK, an open-source formal proof tool for Ada, and its analysis are only as strong as the properties that were initially specified. In particular, use of third-party libraries or the Ada standard libraries may weaken the analysis, if the relevant properties of the library API are not specified. We progressively added contracts to some of the GCC GNAT Ada standard libraries to enable users to prove additional properties when using them, thus increasing the safety of ...
2/6/21
Safety and Open Source
Matthias Valvekens
D.safety
The push for paperless bureaucracy has been going on for quite some time, but the circumstances of the past year made the issue even more pressing than it already was. The PDF specification outlines a number of security features, including but not limited to encryption, digital signatures and redaction support. The goal of this talk is to give a broad overview of the various security mechanisms provided by the PDF standard and their applications in the real world, with a particular focus on ...
2/6/21
Safety and Open Source
shuahfosdem
D.safety
Assessing whether a system is safe, requires understanding the system sufficiently. If the system depends on Linux, it is important to understand Linux within that system context and how Linux is used in that system. The challenge is selecting Linux components and features that can be evaluated for safety and identifying gaps that exist where more work is needed to evaluate safety sufficiently. The ELISA project has taken on the challenge to make it easier for companies to build and certify ...
2/6/21
Safety and Open Source
D.safety
We would like to hold an open live discussion on the topic of Safety and Open Source.