spark-by-example.org

SPARK by Example – results, notes and progress

Algorithms from ACSL by Example Sulfur edition. We use SPARK Discovery 2017 edition.

Non-mutating algorithms

Find (naive version)

• level 0: everything is proved but overflow and range check (normal)

Find

-level 0: everything is proved

Find_First_Of

• level 0: everything is proved

Adjacent_Find

• level 0: everything is proved

Equal

• level 0: invariant preservation + postcondition not proved
• level 1: everything is proved

Mismatch

• level 0: invariant preservation + postcondition not proved
• level 1: everything is proved

Search

• can be proved with SPARK GPL with a timeout of 30s on my machine. Can be proved easily with SPARK PRO 2017. Need investigation.

Search_N

Find_End

-level 0: Cannot prove Has_Sub_Range_In_Prefix function in loop invariant. -level 1: everything is proved

Count

• no particular problem using axiomatic definition of Occ (see http://docs.adacore.com/spark2014-docs/html/ug/gnatprove_by_example/manual_proof.html#manual-proof-using-ghost-code)
• not using a Size parameter seems to make the proof easier
• functions Occ_Def and Occ are also proved
• easier than ACSL, no need to prove lemmas?

Maximum and minimum algorithms

Max_Element

Max_Seq

Min_Element

Level 0 : Everything is proved.

Binary search algorithms

Lower_Bound

Upper_Bound

Equal_Range

Binary_Search

Mutating algorithms

Swap

Fill

Swap_Ranges

Copy

Copy_Backward

Reverse_Copy

Reverse

Rotate_Copy

Rotate

Replace_Copy

Replace

Remove_Copy

Remove

Random_Shuffle

Numeric algorithms

Iota

Accumulate

Inner_Product

Partial_Sum

Adjacent_Difference

Heap algorithms

Is_Heap

Push_Heap

Pop_Heap

Make_Heap

Sort_Heap

Sorting Algorithms

Is_Sorted

Partial_Sort

Selection_Sort

Insertion_Sort

Heap_Sort

The Stack data type