Presentation cover
page EU
A Complete HighIntegrity Software
Development Stack
Tucker Taft
AdaCore Inc
December 2014
www.adacore.com
System Engineers vs. Software Engineers
“Who needs
programmers?
Why do we
have to depend
on them to
implement our
design?”
“Uh boy, not
another attempt
at Programming
with Pictures…”
High-Integrity Software Development Stack 2
Who is in charge, and do we really need programmers?
• System Architects and Engineers develop the
original design
• In a traditional environment, there is a “hand off”
to the software engineers
– Detailed software design not directly linked to high level
design
– Design and even architecture may evolve as software
development issues arise
– Net effect => can become an us vs. them situation
High-Integrity Software Development Stack 3
Model Based System Engineering
Execution artifacts could include:
System behavior, timing and statistics
Using standard-based
model interchange
System engineers analyze, simulate and
validate the system design, and allocate
requirements to components.
System
engineers
create the
models
Using a standardconforming model
execution tools
Using standardconforming modeling
tools
Models can include
both hardware and
software components.
• Hardware and software engineers develop
components to satisfy the requirements.
• Test engineers develop the test
environment to verify the requirements.
Courtesy of Ed
Seidewitz
High-Integrity Software Development Stack 4
So How does Model-Based Approach Help reduce the us vs. them?
• Model-based approach, there need not be a “hand off”
– High-level design (produced by system engineers) is represented
in a modeling language that supports automated code generation.
– Software engineers are still important: they now focus on
providing new or enhanced parameterized building blocks, codegeneration capabilities, and infrastructure.
• Parameterized, annotated, high-performance building
blocks in a software development “stack” can become
key to commonality
and productivity.
High-Integrity Software Development Stack 5
Shift to a Model-Based Approach was a Wakeup call for
AdaCore, a Programmer-focused Tools Company
• Major aerospace customer shifted engineers almost
completely to model-based engineering
– Simulink, SCADE, etc. with automated code generation
• Remaining number of users for “conventional” 3rdgeneration compiler with IDE:
– Five seats -- their tools group
• Our traditional users were
disappearing …
• Needed to broaden our focus
and develop a deeper software
development “stack”
High-Integrity Software Development Stack 6
What exactly is a Software Development Stack?
Architecture Tools
Definition, Analysis, Documentation
Modeling Tools
Drawing, Analysis, Simulation, Autocoding
Compiling, Analysis, Scheduling, Debugging
Verification Tools
Testing, Analysis, Coverage, Proof
Hardware
Coding Tools
High-Integrity Software Development Stack 7
A Quick History of AdaCore
High-Integrity Software Development Stack 8
AdaCore 1994
High-Integrity Software Development Stack 9
AdaCore 2004
High-Integrity Software Development Stack 10
AdaCore 2014
Code
Peer
High-Integrity Software Development Stack 11
Current AdaCore Product Line
• GNATPro Ada/C/C++ Compilers and Run-Times
– Various run-times available: VxWorks, bare-board, zero-foot-print
– Includes GNAT Programming Studio (GPS) IDE with GDB-based
visual debugger (Eclipse-based GNATBench also available)
• GNATCoverage based on QEMU emulator
– Can also use Valgrind or hardware probes to provide trace info
• CodePeer control and data flow-based Static Analysis
– Qualified tool infers Pre/Postconditions from code itself
– Can be used to prove absence of language run-time errors
– Will check user-specified Pre/Postconditions and other Assertions
• SPARK Formal Verification tool set
– Based on SMT solver backend (CVC4, Alt-Ergo)
– Integrates with Ada 2012 Pre/Postcondition syntax, allows smooth
combination of “proof” and “test”
High-Integrity Software Development Stack 12
Upcoming AdaCore Product -- QGen
• QGen automated code generator for Simulink
– Qualifiable code generator will reduce need for unit testing
of generated code, coupled with certifiable library
– Generated code is easy to read and easily traceable back
to Simulink source
– Generates MISRA C or SPARK subset of Ada
– Integrated with CodePeer-based Code Verifier
– Now in Beta Test
High-Integrity Software Development Stack 13
AdaCore’s Growing Stack of Tools, Based on
Broad-Spectrum Modeling/Programming Language Family
Executable Specifications, System Models, Verifiable System Invariants
Simulate and Verify System
Properties
CertifiableCertifiable
Libraries Libraries Certifiable
Libraries
SPARK/CodePeer
SPARK/CodePeer
GNATPro/ParaSail
GNATPro
SPARK/CodePeer
GNATPro/ParaSail
GNATCoverage
GNATCoverage
Cert. ToolsCert. Tools
GNATCoverage
Cert. Tools
Certified Software-Intensive High-Integrity
System
High-Integrity
Software Development Stack
14
AdaCore Ongoing Vision: Provide Broad
Spectrum of Open-Source Language
Technology and High-Integrity Building Blocks
to help our Customers Engineer their
Increasingly Complex, Software-Intensive
Systems
High-Integrity Software Development Stack 15
For more information…
Steve Baird and Tucker Taft
AdaCore
[email protected]
[email protected]
www.adacore.com
High-Integrity Software Development Stack 16