Reliable, Safe and Secure? Ada and VxWorks Can Help!

Reliable, Safe and Secure? Ada and VxWorks Can Help!

By guest contributor Ben Brosgol, Senior Technical Staff, AdaCore

TheFinalWriting reliable, safe and secure software is tough. Doing it for for hard real-time systems with demanding certification requirements — such as DO-178B or DO-178C for avionics — is tougher and indeed is one of the most daunting challenges that a developer has to face. Meeting this challenge calls for experience-hardened programming languages, development tools, and target platform support: the exact solution that AdaCore and Wind River have been offering our joint customers since our companies entered into a formal partnership in 2001.  Leveraging the Ada language and an extensive toolset under Wind River’s Workbench IDE, application developers can produce software at the highest levels of safety criticality across a range of VxWorks platforms and processor families.

The AdaCore / Wind River development environments have a long and strong pedigree in the Aerospace and Defense industry.  Fielded applications include:

How can the AdaCore / Wind River partnership help you?

The Ada language

Ada itself brings many benefits. A modern general-purpose language, Ada has strong type checking that detects and corrects errors early — in many cases at compile time — before they turn into run-time bugs. It has the high-level functionality that you would expect: object orientation, generic templates, exception handling, data abstraction, concurrency (tasking), extensive standard library, etc. The most recent version of the language supports “contract-based programming” which, in effect, embeds requirements in the source code where they can be verified either dynamically (by testing) or statically (with appropriate tool support).  Ada also offers features that are needed for low-level programming; you can write interrupt handlers in Ada, specify data representation and alignment, manage endianness issues, interface with C, and in general have as much control over the hardware as you would in assembler.

AdaCore tools

A language is only as good as its tool support, and for Ada an extensive toolset, smoothly integrated with Wind River’s Workbench IDE, expedites the development and verification processes of the software life cycle. Static analysis tools include a stack usage calculator, a coding standard enforcer, a metrics reporter, and a CWE-compatible “bug finder”. For the most critical applications, proof technology based on the formally verifiable SPARK language (a subset of Ada) can prove program properties such as absence of run-time errors, security policy conformance, and even full functional correctness. For dynamic analysis a coverage tool can determine source code coverage up to MC/DC, and a test harness generator can simplify the organization and management of test suites. Several of the tools have been qualified as verification tools under DO-178B (TQL-4 or TQL-5 in DO-178C), reducing the certification costs by automating activities that otherwise would need to be done manually.

The VxWorks RTOS

AdaCore’s GNAT Pro compiler efficiently maps Ada’s dynamic features to the underlying VxWorks services, allowing developers to take advantage of the language’s high-level constructs without sacrificing performance. In addition to the full Ada run-time library, several specialized profiles are available that are particularly suited to safety-critical applications. For example:

  • The ZFP (Zero Footprint) profile contains minimal run-time code.
  • The Cert profile extends the ZFP with features including support for ARINC-653 APEX processes on VxWorks 653. This profile implements the Ada Safety Base and Security Capability Sets of the Future Airborne Capability Environment (FACE™) standard.
  • The Ravenscar Cert profile augments the Cert profile with support for the Ravenscar tasking subset. It supplies the functionality required by the FACE standard’s Ada Safety Extended Capability Set.

These profiles have been implemented for Wind-River’s FACE-conformant VxWorks 653 V2.5 RTOS and also for VxWorks 653 V3.x.

The GNAT Pro Ada development environment is now available for the VxWorks 7 RTOS on the ARM 64-bit, PowerPC 64-bit and Intel 32-bit multi-core architectures. These releases add to the existing GNAT Pro support for VxWorks 7 targets (ARM 32-bit, PowerPC 32-bit and Intel 64-bit), VxWorks 6 and VxWorks 653.

The bottom line

Producing, certifying and maintaining safety-critical applications is a formidable undertaking, requiring top-notch language, tool and RTOS technology. AdaCore and Wind River have been satisfying this requirement for nearly two decades, supplying Ada environments for VxWorks platforms that help customers minimize their risk and costs. Though the development and verification problem is hard, the decision for a solution is easy: choose Ada and VxWorks and rest assured that your software can run assured.

Tweet about this on TwitterShare on Google+Share on FacebookShare on LinkedInEmail this to someone