Bakar Kiasan: Flexible Contract Checking for Critical Systems Using Symbolic Execution

Spark, a subset of Ada for engineering safety and security-critical systems, is one of the best commercially available frameworks for formal-methodssupported development of critical software. Spark is designed for verification and includes a software contract language for specifying functional properties of procedures. Even though Spark and its static analysis components are beneficial and easy to use, its contract language is almost never used due to the burdens the associated tool support imposes on developers. Symbolic execution (SymExe) techniques have made significant strides in automating reasoning about deep semantic properties of source code. However, most work on SymExe has focused on bugfinding and test case generation as opposed to tasks that are more verificationoriented such as contract checking. In this paper, we present: (a) SymExe techniques for checking software contracts in embedded critical systems, and (b) Bakar Kiasan, a tool that implements these techniques in an integrated development environment for Spark. We describe a methodology for using Bakar Kiasan that provides significant increases in automation, usability, and functionality over existing Spark tools, and we present results from experiments on its application to industrial examples.