a companion for your safe & secure projects · title: 2012-05-23- electronic days - adacore...
TRANSCRIPT
A companion for your Safe & Secure projects
May 23, 2012
Slide: 1Copyright © 2012 AdaCore
Michaël Friess
ELECTRONIC DAYS – Paris-Orly
Sales & Business Development [email protected]
A companion for your Safe & Secure projects
Agenda
• 18 years of selling Open Source development tools
• Tools for the development of critical systems
• SYSTEMATIC: a key partner for collaboration and res earch
Slide: 2Copyright © 2012 AdaCore
• The role of programming languages in safe and secur e development
18 years of selling Open Source development tools
• Tool Provider for Ada and Safe & Secure software
• Founded in 1994, 70 employees worldwide
• Headquarters in Paris and New York
• Technology used worldwide in all High Integrity ind ustries (Military,
Slide: 3Copyright © 2012 AdaCore
• Technology used worldwide in all High Integrity ind ustries (Military, Avionics, Railroad, Space, Air Traffic Management…)
• Expertise in compilation, embedded platforms, stati c analysis, dynamic analysis, formal proof, certification
• Active members of the ARG (Ada normalization group) and DO-178C committee
1994T
Our Expertise through the Our Expertise through the
Slide: 4Copyright © 2012 AdaCore
Our Expertise through the Eyes of our Customers
Our Expertise through the Eyes of our Customers
Commercial AvionicsCommercial AvionicsA350 - ThalesMOSArt platform - BARCO 787 Dreamliner - HoneywellA380 – Hamilton SunstrandEUI-7001 Display Systems - Rockwell-Collins
A350 - ThalesMOSArt platform - BARCO 787 Dreamliner - HoneywellA380 – Hamilton SunstrandEUI-7001 Display Systems - Rockwell-Collins
Slide: 5Copyright © 2012 AdaCore
Rail TransportationRail TransportationRailway Traffic Management - EurotunnelHigh Speed Trains - AlstomTraffic Density Technologies - Ansaldo STSRailway Control System - Siemens
Railway Traffic Management - EurotunnelHigh Speed Trains - AlstomTraffic Density Technologies - Ansaldo STSRailway Control System - Siemens
Slide: 6Copyright © 2012 AdaCore
SpaceSpaceTerraSAR-X - EADS AstriumArgos 4 - THALESSentinel-1 - AstriumGround Control for SPOT Satellite - CNESInternational Space Station - Jacobs EngineeringCanadian Space Arm - MDA
TerraSAR-X - EADS AstriumArgos 4 - THALESSentinel-1 - AstriumGround Control for SPOT Satellite - CNESInternational Space Station - Jacobs EngineeringCanadian Space Arm - MDA
Slide: 7Copyright © 2012 AdaCore
Air Traffic ControlAir Traffic ControlCFMU (Central Flow Management Unit) – EurocontroliFACTS (Next Generation ATC System) - NATSConflict Detection Technology - Lockheed MartinEurocat-X - Thales
CFMU (Central Flow Management Unit) – EurocontroliFACTS (Next Generation ATC System) - NATSConflict Detection Technology - Lockheed MartinEurocat-X - Thales
Slide: 8Copyright © 2012 AdaCore
EnergyEnergy
Busbar Protection REB 500 - ABBADACS - AtosD2000 - Ipesoft
Busbar Protection REB 500 - ABBADACS - AtosD2000 - Ipesoft
Slide: 9Copyright © 2012 AdaCore
Military SystemsMilitary SystemsBoom - EADS CASAKC-767 Tanker - BoeingA400M – Airbus MilitaryEurofighter Typhoon - BAE SystemsC-130 AMP – BoeingnEUROn - EADS CASADLIP – THALESAstute - THALES
Boom - EADS CASAKC-767 Tanker - BoeingA400M – Airbus MilitaryEurofighter Typhoon - BAE SystemsC-130 AMP – BoeingnEUROn - EADS CASADLIP – THALESAstute - THALES
Slide: 10Copyright © 2012 AdaCore
Missiles - MBDAMissiles - MBDA
FinanceFinanceGPRIME - BNPZVIS - Post FinanceAutomated Trading System - NewTrade Research
GPRIME - BNPZVIS - Post FinanceAutomated Trading System - NewTrade Research
Slide: 11Copyright © 2012 AdaCore
Security CriticalSecurity CriticalSecurity and Information Assurance – Rockwell CollinsMulti-level Security Workstation - SecunetSecurity and Information Assurance – Rockwell CollinsMulti-level Security Workstation - Secunet
Slide: 12Copyright © 2012 AdaCore
Tools for the development
Slide: 13Copyright © 2012 AdaCore
Tools for the development of critical systems
AdaCore Products for Software Development
Development Environment
Core Package Static Analysis Package Code Quality & Testing
Slide: 14Copyright © 2012 AdaCore
Core Package
• GPS• Compiler• Debugger• Multilanguage support
Static Analysis Package
• GNATmetric
• GNATcheck
• GNATstack
Code Quality & Testing Package
• Code Coverage (native)
• Code Profiling (native)
• Auto doc generator
• Unit testing framework
Service
• Customer web account
• Support
• Online consulting
• Access to intermediate releases
AdaCore Products for Software Development
Development Environment
Slide: 15Copyright © 2012 AdaCore
Static Analysis QA & Testing for Embedded
AdaCore Products for Certification
• Coding Standard Checker ( GNATcheck )
• Code Coverage ( GNATcoverage )
• Static Stack Size Analyzer ( GNATstack )
Tool Qualification
• Traceability Study
Structural Code Coverage
for DO-178B/C Level A
Slide: 16Copyright © 2012 AdaCore
• For GNAT Pro Ada run-times
• Ravenscar
• Cert
Certification Material
• Object Oriented Techniques for the
development of certified software
(DO-332)
DO-178C Training
SYSTEMATIC:a key partner for
Slide: 17Copyright © 2012 AdaCore
a key partner for collaboration and research
Focus on 3 SYSTEMATIC Projects
Hi-Lite
Streamline the use of formal methods
Couverture
Code coverage on uninstrumentedcode
Targeted to the highest certification levels (e.g. DO-178B, level A)
Status: completed
Duration: 24 months
Investment: 2.23 million euros
Slide: 18Copyright © 2012 AdaCore
Project P
Status: started in March 2011
Duration: 36 months
Investment: around 10 million euros
Model-driven engineering
Automatic code generation
High-Integrity embedded systems
methods
Status: started in March 2010
Duration: 36 months
Investment: 3.9 million euros
Investment: 2.23 million euros
The role of programming languages in safe and
Slide: 19Copyright © 2012 AdaCore
languages in safe and secure development
Leverages to Increase Software Quality
• Processes – often enforced by standards
– DO-178B/C
– IEC 61508
– ISO 26262
• Tools– Static analysis
– Dynamic testing
Slide: 20Copyright © 2012 AdaCore
– Requirements traceability
• Programming languages– Safety-critical software development: only a small subset of the global programming
effort
– A programming language itself is a product… with design flaws
– The correct abstraction to simplify the programmer’s job
– Some languages makes it easier:
– To write dependable code
– To demonstrate freedom from errors in the code
Ada Evolution
Ada 2005
Ada 2012• Pre / Post /
Slide: 21Copyright © 2012 AdaCore
Ada 83
Ada 95• Object
Orientation• Better Access
Types• Protected
Types• Child
Packages
Ada 2005• Interfaces• Containers• Better
Limited Types
• Ravenscar
• Pre / Post / Invariants
• Iterators• New
expressions• Process
Affinities
Ada Evolution
Ada 2005
Ada 2012• Pre / Post /
Slide: 22Copyright © 2012 AdaCore
Ada 83
Ada 95• Object
Orientation• Better Access
Types• Protected
Types• Child
Packages
Ada 2005• Interfaces• Containers• Better
Limited Types
• Ravenscar
• Pre / Post / Invariants
• Iterators• New
expressions• Process
Affinities
• The Ada 2012 standard normalizes pre conditions, po st conditions
• New type invariants will ensure properties of a pri vate type
Pre, Post conditions and Invariants
procedure P (V : in out Integer)with Pre => V >= 10,
Post => V’Old /= V;
Slide: 23Copyright © 2012 AdaCore
• New type invariants will ensure properties of a pri vate type
• Subtype predicates
type T is privatewith Invariant => Check (T);
type Even is range 1 .. 10 with Dynamic_Predicate => Even mod 2 = 0;
type Month is (Jan, Feb, Mar, Apr, May, ..., Nov, Dec);subtype Winter is Month
with Static_Predicate => Winter in Dec | Jan | Feb;
• Checks that a property is true on all components of a collection (container, array…)
Quantifier expressions
type A is array (Integer range <>) of Integer;
V : A := (10, 20, 30);B1 : Boolean := ( for all J in V’Range => V (J) >= 10); -- TrueB2 : Boolean := ( for some J in V’Range => V (J) >= 20); -- True
Slide: 24Copyright © 2012 AdaCore
B2 : Boolean := ( for some J in V’Range => V (J) >= 20); -- True
• Improve readability
– Specification contains formally expressed properties on the code
• Improve testability
– Constraints on subprograms & code can lead to dynamic checks enabled during testing
• Allow more static analysis
Ada 2012 Safety Improvements
Slide: 25Copyright © 2012 AdaCore
• Allow more static analysis
– The compiler checks the consistency of the properties
– Static analysis tools (CodePeer) uses these properties as part of their analysis
• Allow more formal proof
– Certain properties of the code can be proven (High-Lite project) –see http://www.open-do.org/projects/hi-lite/a-database-example/
Thank you for your attention
Slide: 26Copyright © 2012 AdaCore
Thank you for your attention