a companion for your safe & secure projects · title: 2012-05-23- electronic days - adacore...

A companion for your Safe & Secure projects

May 23, 2012

Slide: 1Copyright © 2012 AdaCore

Michaël Friess

ELECTRONIC DAYS – Paris-Orly

Sales & Business Development [email protected]

A companion for your Safe & Secure projects

Agenda

• 18 years of selling Open Source development tools

• Tools for the development of critical systems

• SYSTEMATIC: a key partner for collaboration and res earch


• The role of programming languages in safe and secur e development

18 years of selling Open Source development tools

• Tool Provider for Ada and Safe & Secure software

• Founded in 1994, 70 employees worldwide

• Headquarters in Paris and New York

• Technology used worldwide in all High Integrity ind ustries (Military,


• Technology used worldwide in all High Integrity ind ustries (Military, Avionics, Railroad, Space, Air Traffic Management…)

• Expertise in compilation, embedded platforms, stati c analysis, dynamic analysis, formal proof, certification

• Active members of the ARG (Ada normalization group) and DO-178C committee

1994T

Our Expertise through the Our Expertise through the


Our Expertise through the Eyes of our Customers

Our Expertise through the Eyes of our Customers

Commercial AvionicsCommercial AvionicsA350 - ThalesMOSArt platform - BARCO 787 Dreamliner - HoneywellA380 – Hamilton SunstrandEUI-7001 Display Systems - Rockwell-Collins

A350 - ThalesMOSArt platform - BARCO 787 Dreamliner - HoneywellA380 – Hamilton SunstrandEUI-7001 Display Systems - Rockwell-Collins


Rail TransportationRail TransportationRailway Traffic Management - EurotunnelHigh Speed Trains - AlstomTraffic Density Technologies - Ansaldo STSRailway Control System - Siemens

Railway Traffic Management - EurotunnelHigh Speed Trains - AlstomTraffic Density Technologies - Ansaldo STSRailway Control System - Siemens


SpaceSpaceTerraSAR-X - EADS AstriumArgos 4 - THALESSentinel-1 - AstriumGround Control for SPOT Satellite - CNESInternational Space Station - Jacobs EngineeringCanadian Space Arm - MDA

TerraSAR-X - EADS AstriumArgos 4 - THALESSentinel-1 - AstriumGround Control for SPOT Satellite - CNESInternational Space Station - Jacobs EngineeringCanadian Space Arm - MDA


Air Traffic ControlAir Traffic ControlCFMU (Central Flow Management Unit) – EurocontroliFACTS (Next Generation ATC System) - NATSConflict Detection Technology - Lockheed MartinEurocat-X - Thales

CFMU (Central Flow Management Unit) – EurocontroliFACTS (Next Generation ATC System) - NATSConflict Detection Technology - Lockheed MartinEurocat-X - Thales


EnergyEnergy

Busbar Protection REB 500 - ABBADACS - AtosD2000 - Ipesoft

Busbar Protection REB 500 - ABBADACS - AtosD2000 - Ipesoft


Military SystemsMilitary SystemsBoom - EADS CASAKC-767 Tanker - BoeingA400M – Airbus MilitaryEurofighter Typhoon - BAE SystemsC-130 AMP – BoeingnEUROn - EADS CASADLIP – THALESAstute - THALES

Boom - EADS CASAKC-767 Tanker - BoeingA400M – Airbus MilitaryEurofighter Typhoon - BAE SystemsC-130 AMP – BoeingnEUROn - EADS CASADLIP – THALESAstute - THALES


Missiles - MBDAMissiles - MBDA

FinanceFinanceGPRIME - BNPZVIS - Post FinanceAutomated Trading System - NewTrade Research

GPRIME - BNPZVIS - Post FinanceAutomated Trading System - NewTrade Research


Security CriticalSecurity CriticalSecurity and Information Assurance – Rockwell CollinsMulti-level Security Workstation - SecunetSecurity and Information Assurance – Rockwell CollinsMulti-level Security Workstation - Secunet


Tools for the development


Tools for the development of critical systems

AdaCore Products for Software Development

Development Environment

Core Package Static Analysis Package Code Quality & Testing


Core Package

• GPS• Compiler• Debugger• Multilanguage support

Static Analysis Package

• GNATmetric

• GNATcheck

• GNATstack

Code Quality & Testing Package

• Code Coverage (native)

• Code Profiling (native)

• Auto doc generator

• Unit testing framework

Service

• Customer web account

• Support

• Online consulting

• Access to intermediate releases

AdaCore Products for Software Development

Development Environment


Static Analysis QA & Testing for Embedded

AdaCore Products for Certification

• Coding Standard Checker ( GNATcheck )

• Code Coverage ( GNATcoverage )

• Static Stack Size Analyzer ( GNATstack )

Tool Qualification

• Traceability Study

Structural Code Coverage

for DO-178B/C Level A


• For GNAT Pro Ada run-times

• Ravenscar

• Cert

Certification Material

• Object Oriented Techniques for the

development of certified software

(DO-332)

DO-178C Training

SYSTEMATIC:a key partner for


a key partner for collaboration and research

Focus on 3 SYSTEMATIC Projects

Hi-Lite

Streamline the use of formal methods

Couverture

Code coverage on uninstrumentedcode

Targeted to the highest certification levels (e.g. DO-178B, level A)

Status: completed

Duration: 24 months

Investment: 2.23 million euros


Project P

Status: started in March 2011

Duration: 36 months

Investment: around 10 million euros

Model-driven engineering

Automatic code generation

High-Integrity embedded systems

methods

Status: started in March 2010

Duration: 36 months



The role of programming languages in safe and


languages in safe and secure development

Leverages to Increase Software Quality

• Processes – often enforced by standards

– DO-178B/C

– IEC 61508

– ISO 26262

• Tools– Static analysis

– Dynamic testing


– Requirements traceability

• Programming languages– Safety-critical software development: only a small subset of the global programming

effort

– A programming language itself is a product… with design flaws

– The correct abstraction to simplify the programmer’s job

– Some languages makes it easier:

– To write dependable code

– To demonstrate freedom from errors in the code

Ada Evolution

Ada 2005

Ada 2012• Pre / Post /


Ada 83

Ada 95• Object

Orientation• Better Access

Types• Protected

Types• Child

Packages

Ada 2005• Interfaces• Containers• Better

Limited Types

• Ravenscar

• Pre / Post / Invariants

• Iterators• New

expressions• Process

Affinities

• The Ada 2012 standard normalizes pre conditions, po st conditions

• New type invariants will ensure properties of a pri vate type

Pre, Post conditions and Invariants

procedure P (V : in out Integer)with Pre => V >= 10,

Post => V’Old /= V;


• New type invariants will ensure properties of a pri vate type

• Subtype predicates

type T is privatewith Invariant => Check (T);

type Even is range 1 .. 10 with Dynamic_Predicate => Even mod 2 = 0;

type Month is (Jan, Feb, Mar, Apr, May, ..., Nov, Dec);subtype Winter is Month

with Static_Predicate => Winter in Dec | Jan | Feb;

• Checks that a property is true on all components of a collection (container, array…)

Quantifier expressions

type A is array (Integer range <>) of Integer;

V : A := (10, 20, 30);B1 : Boolean := ( for all J in V’Range => V (J) >= 10); -- TrueB2 : Boolean := ( for some J in V’Range => V (J) >= 20); -- True


B2 : Boolean := ( for some J in V’Range => V (J) >= 20); -- True

• Improve readability

– Specification contains formally expressed properties on the code

• Improve testability

– Constraints on subprograms & code can lead to dynamic checks enabled during testing

• Allow more static analysis

Ada 2012 Safety Improvements


• Allow more static analysis

– The compiler checks the consistency of the properties

– Static analysis tools (CodePeer) uses these properties as part of their analysis

• Allow more formal proof

– Certain properties of the code can be proven (High-Lite project) –see http://www.open-do.org/projects/hi-lite/a-database-example/

Thank you for your attention


[email protected]

Thank you for your attention

a companion for your safe & secure projects · title: 2012-05-23- electronic days - adacore...

Documents