Reputation: 25
Equivalence between C/frama-c and Spark-ada
I'm studying the framework Frama-c, and I'm wondering if there is an equivalence between C/Frama-c and Spark Ada. I know that it can seem quite odd to compare such different languages, but after reading David A. Wheeler's article, Johannes Kanig's comparison and a bit of SPARK's user manual, I am struggling to guess if SPARK and C/Frama-c/ACSL give the same proof robustness and the same code reliability.
Thank you a lot in advance for giving your point of view / experience !
PS: I'm quite new to frama-c and I don't know much about SPARK programming.
Upvotes: 0
Views: 319
Answers (1)
Reputation: 6601
I don't know Frama-C, but SPARK proofs are - as I understand - them absolute guarantees. With SPARK you can to some extend select how much you want proofs of.
The basic level is to prove absence of run-time errors (exceptions), but SPARK will attempt to prove all assertions (including pre- and post-conditions) you insert into your source text. So if you insert assertions, which document some functional requirements, then the guarantees (assuming that your SPARK tools can prove the assertions correct) extend to those functional requirements.
Upvotes: 0
Related Questions
- A potential bug in the induction strategy of Frama-C 24.0
- How can I map frama-c CLI code to the original c statement? And how can I find the documentation of the api of the frama-c?
- Frama-c Assertion
- How to prove a SPARK.Text_IO procedure precondition will hold
- Implementation of frama-clang
- Frama-C Value Builtins
- How to compile a Frama-C plug-in having a C source?
- Frama-C behaviors and value analysis
- Explicit-value analysis in Frama C
- Value analysis module and extensions options