adacore paris tech day 2016: cyrille comar - looking ahead

Cyrille Comar

Looking Ahead

President

Outline

• Our Market is Growing

• Certification Support

• Language Support

• Hardware and OS Support

Our Market is GrowingAnd we’re getting ready for it

Slight Rebrand in 2017

• Version numbers switch to the year number (e.g. GNAT Pro 17)

• All existing products will be branded “Enterprise”§ GNAT Pro Native => GNAT Pro Native Enterprise§ GNAT Pro Cross => GNAT Pro Cross Enterprise§ GNAT Pro Safety Critical => GNAT Pro Cross Enterprise

• … other product-lines are cooking to address market shift…

GNAT Pro EnterpriseEverything you have today, plus…

• AWS is now included for all native platforms

• GNATemulator is now included for all bare metal platforms

• SPARK Discovery will be included in all GNAT Pro Enterprise & CodePeer packages

SPARK Discovery

• A “lightweight” version of SPARK

• Provides language subset verification & data flow analysis

• Provides basic proving capabilities through Alt-Ergo

• Great to start developing SPARK-ready code§ Improve quality of static analysis tools§ Reduce odds of error introduction§ Open the door to more powerful formal verification

GNAT Pro AssuranceA product for Certification & Stability

• Needs for stabilized –yet active– versions of the technology is increasing

• Today, AdaCore provides support on old versions of the technology

§ Workaround§ Help an analysis

GNAT Pro AssuranceA product for Certification & Stability

• Our new product will be tied to a version (or branch) of the technology

§ Only on selected branches

• Includes safety-critical fixes§ Silent compilation errors generating wrong code§ False-negative in a verification tool

• Include extra safety-critical know-problem analysis§ Impact analysis on the fix§ Potential risks for the application

A product for Certification & Stability

2016 2017 20187.4

7.4.1

7.4.2

7.4.3

7.4.4

18.3

17.2 18.2

17.1 18.1

17 18

GNAT Pro DeveloperA refocused product beyond A&D• Focused for modern embedded devices development

§ Natives: Linux, Windows, MacOSX§ Cross: ARM Bare Metal, ARM Linux

• Focused level of services§ Support only latest version§ Public support interface

• Focused level of tools§ Strict Ada 2012 compiler§ Only GPS as an IDE

Certification SupportBroadening the horizon

Certification support

• Historically focused on Avionics (DO-178), Space (ECSS-80-Q) and Railway (EN-50128)

• Opening to IEC 61508 (Industrial Systems, Military…)

• Opening to ISO-26262 (Automotive)

Lots of commonalities for tool providers

What’s coming in Avionics Certification?

DO-178C

DO-254

ARP4754AGet back to the essential 3 Overarching Properties

~150mandatory(major)objectives~1000pages

- 3“things”todemonstrate- 1page

What’s coming in Avionics Certification?

1.Intent: The defined intended functions are correct and complete with respect to the desired system behavior.

2.Correctness: The implementation is correct with respect to its defined intended functions, under foreseeable operating conditions.

3.Necessity: All of the implementation is either required by the defined intended functions or is without unacceptable safety impact.

Language SupportA single provider for the entire

workshop

C and C++

• Progressively adding C support for cross products§ VxWorks and Bare Metal are first, others will follow

• Tools are progressively being brought up to speed§ GPS support C development§ GNATcoverage & GNATstack support C when used with GNAT Pro§ Other tools (metrics, coding standard…) are on the roadmap

• Embedded C++ is potential next step

AdaCore C/C++ Toolchain Benefits

• IDE integrating the toolchain for Ada and C

• Integration with structural coverage and static stack analysis tools

• Portability across platforms (Linux/Windows, PPC, ARM, AVR, Leon…)

• Industrial-grade validated toolchain, used for 20 years across A&D companies

• Long term support for specific versions available, including, known problem safety analysis, workaround and fixes (including for hardware faults)

• Reactive support provided by the developer of the technology

• Certification-related support available for compiler and run-times

Hardware and OSAda as a first-class citizen

Looking at new entrants

• The RTOS market is always producing new products, new versions

§ Our job is to make sure that you have a wide range of options§ Your feedback is welcome!

• 64 bits cross targets are on the rise§ PowerPC (T2080, T4080)§ ARM Cortex A (A53, A57…)

SPARK-to-C – The Universal Compiler?

• Some targets remain difficult to support by GNAT Pro§ Because the number of potential users is small§ Because there is no gcc version available

• There targets may be needed by newcomers§ And they can develop code within the SPARK subset

• SPARK-to-C will use C as an intermediate representation…§ … and allow to use the target C compiler

• Can provide some interesting options with C integration§ Use SPARK as a specification to C code?