Experiences using SPARK in an Undergraduate CS Course

1. Experiences using SPARK in an Undergraduate CS Course Dr. Anthony S. Ruocco Roger Williams University aruocco@rwu.edu Attendance made possible through the Educator Grant Program

2. Agenda • Why this course • Course Development • Assessment • Future Possibilities (some unexpected effects)

3. Ada95 Course • Needed a CS elective suitable for juniors/seniors • Asked constituents about Ada95 • Local industry was uninterested • One employer supported it (Navy Research Lab) • Dean was skeptical • More conducive to the idea of well-constructed software • Planned for a software development course using Ada95

4. High Integrity Software • SPARK toolset available at SIGSCE2004 • Gnat Programming System (GPS) available via AdaCorp Academic Alliance • Professional grade IDE • Some SPARK tools available as drop-down menu items • JGRASP • Used in other courses • Requires use of SPARK toolset ‘outside’ the IDE

5. The students • Seven total • 2 Juniors • 4 Seniors • 1 December grad • Courses (Completed/Concurrent) • Intro to Programming (7) • Data Structures (7) • Computer Organization (7) • Programming Languages (7) • Theory of Computation (5/2) • Analysis of Alg (5) • Operating Systems (2/3) • Compiler Design (2/3) • Senior Design I (2/3) • Senior Design II (2)

6. Course Description This course focuses on programming techniques for computer systems found in safety critical environments such as avionics, power plant and/or transportation systems. The course uses a specialized language (SPARK) and its tools to write and examine high-integrity code segments. Students become familiar with some of the differences between general programming languages and specialized languages. Use of the risks.comp news group also highlights non software-specific risks in large systems.

7. Course Objectives • Understand the safety/risk implications inherent in high integrity software systems. • Use specialized software tools in the production of high integrity code segments. • Use a specialized programming language to produce high integrity code segments. • Research an issue in high integrity software and present a possible solution.

8. Course Layout • Ada95 / SPARK language basics (10 lessons) • Examiner tools and software design (14 lessons) • gtkAda tools (4 lessons – target of opportunity) • Four projects • Two individual projects • One group project • One course project

9. SPARK Overview • A language fully contained within Ada95 • Syntactically, it is Ada code linked by special annotations to a tool-set • Produces a series of reports of the results (but it is not a compiler)

11. Projects • P1: Matrix • Individual • IDE and SPARK familiarization • Enforced requirement for all ranges to be subtypes • P2: Extension of Project 1 • No one thought of using child-packages

12. Projects (cont) • P3: max-flow • Given functional pascal code • Two groups (size 3 and 4) • This was an ‘interesting’ project • P4: Flight control simulator • Three groups of 2 for Pitch, Roll, Yaw control • Each group gave one person to a ‘control team’ • They were to work independently, then link their pieces

13. Assessment & Lessons Learned • First time course was offered • Only 7 students • Lots of opportunity for one-to-one discussions of content • Some follow-up after the course with graduates

14. Course Development This course focuses on programming techniques for computer systems found in safety critical environments such as avionics, power plant and/or transportation systems. The course uses a specialized language (SPARK) and its tools to write and examine high-integrity code segments. Students become familiar with some of the differences between general programming languages and specialized languages. Use of the risks.comp news group also highlights non software-specific risks inlarge systems.

15. Course Objectives • Understand the safety/risk implications inherent in high integrity software systems. • Use specialized software tools in the production of high integrity code segments. • Use a specialized programming language to produce high integrity code segments. • Research an issue in high integrity software and present a possible solution.

16. Student Comments • Students felt SPARK was a unique language (not just an Ada subset) • Students felt they needed to know Ada before starting SPARK • Students would like to see Ada95 as a regular elective and SPARK done on some cycle • All students felt the most important pre-req for this course was Programming Languages (a survey course) • Students were surprised by how much the OS and compiler removes from the programmer • All students were able to link some aspect of every previous course they had to this course*

17. Lessons learned • Had to do parallel development of Ada as SPARK constructs were covered • The GPS IDE with SPARK drop down menu helped instill habit of running SPARK tools prior to compilation • Pay attention to SPARK license, it expires in September (after the semester was underway)

18. Future possibilities(FIE 2006 paper) • SPARK supports a number of concepts from other courses • Five categories from CAC • Algorithms, software design, computer organization & architecture, data structures, programming languages • Algorithms: understanding all variables, as well as the operating space of the algorithm, tools to support formal proof • Software Design: strong focus on design by contract. All the parts need to be completely understood to integrate them

19. Computer Org and Architecture: Use of config files allows for various target machines • Data structures: Reduced operating space enforces careful data structure design and links to algorithm • Programming languages: SPARK itself • Consider SPARK as an overall educational tool, not just a language

20. Thanks to: Adacore: www.gnat.com/academic_overview.php Rod Chapman at Praxis: www.praxis-his.com/sparkada/universities.asp