From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.224.127.70 with SMTP id f6mr8488666qas.5.1376575282540; Thu, 15 Aug 2013 07:01:22 -0700 (PDT) X-Received: by 10.50.103.4 with SMTP id fs4mr133469igb.1.1376575282506; Thu, 15 Aug 2013 07:01:22 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!reader02.eternal-september.org!news.eternal-september.org!news.eternal-september.org!news.eternal-september.org!feeder.eternal-september.org!usenet.blueworldhosting.com!feeder02.blueworldhosting.com!npeer01.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!fx3no2573110qab.0!news-out.google.com!he10ni1979qab.0!nntp.google.com!fx3no2573106qab.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Thu, 15 Aug 2013 07:01:21 -0700 (PDT) In-Reply-To: <87eh9vxg2u.fsf_-_@adaheads.sparre-andersen.dk> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=69.20.190.126; posting-account=lJ3JNwoAAAAQfH3VV9vttJLkThaxtTfC NNTP-Posting-Host: 69.20.190.126 References: <87mwojxs80.fsf@adaheads.sparre-andersen.dk> <7xzjsjckgf.fsf@ruckus.brouhaha.com> <87eh9vxg2u.fsf_-_@adaheads.sparre-andersen.dk> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <3bd106d4-e436-4720-82cc-675702da1298@googlegroups.com> Subject: Re: SPARK vs. Ada 2012 for static analysis (Was: Ada 2012 talk at DANSAS'13) From: Shark8 Injection-Date: Thu, 15 Aug 2013 14:01:22 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Received-Bytes: 2636 Xref: news.eternal-september.org comp.lang.ada:16879 Date: 2013-08-15T07:01:21-07:00 List-Id: On Thursday, August 15, 2013 7:02:17 AM UTC-6, Jacob Sparre Andersen wrote: >=20 > As I see things, the important place for complete static analysis > (i.e. SPARK) is in components which have a unique possibility of > breaking your system. One obvious example is a PRNG used for > cryptography; if it is broken, your whole system is broken, and nothing > else can break the system in quite the same way. I see what you're saying, but I [somewhat] disagree: the scope you're using= is too small. it's the small "everybody uses it and assumes it's correct" = things that need SPARK-verification. Take DNS for example: there's a *lot* of bugs that have been found in any m= ain DNS0server over the past decade [or two]. Everybody using the internet = is interacting with a DNS, even if indirectly. And so it behooves us to eli= minate everything [bug-wise] that we can -- which is what formal verificati= on does, and it's what the twp guys who developed Ironsides did. ( http://i= ronsides.martincarlisle.com/ ) The two papers linked just above the "Download" heading are quite informati= ve and say things much better than I can. I would love to see a formally-verified OS, and to be honest MS would have = a much better product to sell if they did so to their OS instead of worryin= g about "looking stylish". (See the Windows 8 disaster)