GNAT Pro Safety-Critical
For Safety-Critical Industries and Standards.
GNAT Pro Safety-Critical is an environment for any high-reliability / safety-critical embedded application. In addition, we have solutions to address the programming challenges and requirements associated with many industries and international safety standards.
Configurable Run-Time Library
GNAT Pro Safety-Critical’s configurable run-time capability enables developers to specify any level of support for Ada’s dynamic features, from none at all to the full Ada 95, Ada 2005, Ada 2012 language versions. The units included in the library may be either a subset of the standard units provided with GNAT Pro, or they may be specially tailored to the application. This capability is useful, for example, if one of the predefined profiles provides almost all the features needed to adapt an existing system to new safety-critical requirements, and where the costs of adaptation without the additional features are considered prohibitive.
Full Ada 2005 / 2012 Implementation
GNAT Pro has implemented all of the major features included in Ada 2012, the latest revision of the Ada language. With Ada 2012, Ada continues to be the benchmark for programming languages designed for safe and secure software systems.
Advanced Static Analysis
The GNATstack static analysis tool is supplied with this edition. GNATstack statically calculates the maximum stack space required by each task in an application. The computed bounds can be used to ensure that sufficient space is reserved, thus guaranteeing safe, predictable execution with respect to stack usage. GNATstack uses conservative analysis to deal with complexities such as subprogram recursion, while avoiding unnecessarily pessimistic estimates. The tool’s output data can be used directly to satisfy DO-178B / DO-178BC requirements (Table A-5, Objective 6, which relates to the Accuracy and consistency issues itemised in Section 6.3.4f) and the associated sections from DO-278 for native safety systems.
Simplification of Certification Effort
You can restrict language features that, although not requiring a run-time library, nevertheless could complicate the test coverage analysis part of the certification effort. For example, you can prohibit the use of constructs that would result in code with implicit loops and conditionals (such as a slice assignment).
Through a compiler switch you can generate a low-level version of the source program that reveals implementation decisions but stays basically machine independent. This helps support traceability requirements, and may be used as a reference point for verifying that the object code matches the source code. Another compiler switch produces details of data representation (sizes, record layout, etc.), which is also helpful in traceability.