• GNAT Pro
• Ada Answers
• Developers
• Academia
• Company

Home > GNAT Pro > High-Integrity Family > High-Integrity Edition for Servers

When Lives Depend on Safe and Secure Software

RTCA DO-278 / EUROCAE ED-109 are the Guidelines for Communication, Navigation, Surveilance and Air Traffic Management (CNS/ATM) Systems Software Integrity Assurance safety standard.

Click here for a detailed overview of DO-278 »

GNAT Pro High-Integrity Edition for Servers is an enhanced version of GNAT Pro, designed for building safe and secure software. Its many features help to reduce the cost of developing and certifying systems that have to meet safety standards such as RTCA DO-278 on a native platform. The High-Integrity Edition for Servers is the ideal solution for any safety-critical development effort for ground based avionics systems and other industries where a high level of safety/security is required on a native platform. Eurocontrol Safety Regulatory Requirement (ESARR) 4/6 or the UK Civil Aviation Authority CAP 670 / SW01 Air Traffic Services Safety Requirements or IEC 61508 for industrial automation.

The package is accompanied by DO-178B Level A life cycle artifacts applicable when using the DO-178B certifiable subset library. Our DO-178B Level A material directly maps to the top DO-278 Assurance Level certification requirements for AL1. These are the life cycle process documents used in multiple DO-178B Level A embedded certification efforts. Additionally the complete Ada Conformity Assessment Test Suite (ACATS) results are provided to show that the compiler and run-time system fully conform to the ISO Ada standard.

Configurable Run-Time Library

Using GNAT Pro High-Integrity Edition for Servers configurable run-time capability, you can specify any level of support for Ada’s dynamic features, from none at all to the full Ada 95 or Ada 2005 languages. The units included in the library may be either a subset of the standard units provided with GNAT Pro, or they may be specially tailored to the application. This capability is useful, for example, if one of the predefined profiles provides almost all the features needed to adapt an existing system to new safety-critical requirements, and where the costs of adaptation without the additional features are considered prohibitive.

Also available are the zero-foot-print (ZFP) and Cert run-time libraries previously proven for embedded development. These can be used where top level safety requirements need to be satisfied, such as for DO-278 AL 1 or 2 and other top safety standard levels. These are off-the-shelf library definitions to limit feature use to simplify certification. Further they define perfect subsets to allow the full use of the GNATstack static analysis tool.

GNATstack

The GNATstack static analysis tool is supplied with this edition. GNATstack statically calculates the maximum stack space required by each task in an application. The computed bounds can be used to ensure that sufficient space is reserved, thus guaranteeing safe, predictable execution with respect to stack usage. GNATstack uses conservative analysis to deal with complexities such as subprogram recursion, while avoiding unnecessarily pessimistic estimates. The tool’s output data can be used directly to satisfy DO-178B requirements (Table A-5, Objective 6, which relates to the Accuracy and consistency issues itemized in Section 6.3.4f) and the associated sections from DO-278 for native safety systems.

Certification

DO-178B Level A certification evidence is available for this package for the certified subset library supplied with the package. This includes life cycle artificats required by DO-178B Level A. This material meets the documentation requirements for DO-278 AL1.

AdaCore has taken the additional quality step of using independent safety certification experts to produce the DO-178B certification materials. Safety-critical experts, Verocel have developed the certification package for the run-time library components accompanying the GNAT Pro High-Integrity Edition as well as many other avionic systems. Verocel specializes in the verification of safety-critical software at all levels of criticality and provides verification services and qualified tools to help satisfy the various regulatory objectives. AL1 or 2 testing may be obtained through Verocel for the specific native platform desired.

Traceability

Through a compiler switch you can generate a low-level version of the source program that reveals implementation decisions but stays basically machine independent. This helps support traceability requirements, and may be used as a reference point for verifying that the object code matches the source code. Another compiler switch produces details of data representation (sizes, record layout, etc.), which is also helpful in traceability.

Further AdaCore has partnerships with best in class source level test and coverage analysis providers. Source coverage capabilities can be obtained from:

• IPL AdaTEST »
• Vector Software VectorCAST/Ada »

Simplification of Certification Effort

You can restrict language features that, although not requiring a run-time library, nevertheless could complicate the test coverage analysis part of the certification effort. For example, you can prohibit the use of constructs that would result in code with implicit loops and conditionals (such as a slice assignment).

Full Ada 2005 Implementation

In keeping with its status as the leading Ada technology, GNAT Pro is the first Ada environment to implement all of the major features included in Ada 2005, the latest revision of the Ada language. With Ada 2005, Ada continues to be on the cutting edge of programming language design. Some of the new features include:

• - Mutually Dependent Package Specifications
• - Aggregates for Limited Types
• - More Contexts for Anonymous Access Types
• - Java-like Interfaces
• - Real-Time and High-Integrity Support
• - New Pragmas
• - Predefined Library extensions

Please visit the Ada 2005 page for more information.

Also see GNAT Pro for:
Native Development »
Embedded Development »