-
SPARK as an extremum: Components in pure SPARK
Some time ago Norman Feske wrote about C++ and SPARK as a continuum. His article shows how SPARK can be used to implement critical functionality in SPARK while implementing the core component in C++ on Genode. He further describes a set of rules to prevent unexpected side effects in SPARK. In short it boils down to stateless libraries written in SPARK that cannot interact with the environment but can consume and produce data. While this might sound restricted at first glance this approach can be used to strengthen the security of existing software such as parsers or protocol checkers that shield the C++ code from tainted data. We also applied this method successfully outside of Genode by replacing the C++ parser of the Fizz TLS library by our own SPARK implementation. Continue...