The GNAT Pro Safety-Critical development environment supports rail applications that need to meet the highest levels of safety certification. It includes run-time libraries specialized for use in safety-critical systems, as well as several tools for static analysis and testing.
GNAT Pro Safety-Critical can be used in conjunction with other AdaCore products such as the SPARK Pro formal verification environment or the CodePeer advanced static analysis tool, providing a unique development framework that supports a wide range of verification activities.
In addition to a fully customizable run-time library, GNAT Pro Safety-Critical supplies several predefined run-time profiles (libraries corresponding to restricted feature choices). The Zero Footprint (ZFP) profile reflects an Ada language subset that does not require any Ada run-time routines, thus reducing the memory footprint to user code only. The Ravenscar Minimal profile implements the Ada Ravenscar tasking subset on top of ZFP. These profiles are intended for high criticality applications, for example, those that need to be certified to Software Safety Integrity Level (SIL) 3/4. For lower levels of criticality, the Ravenscar
Extended profile adds features such as exception propagation and stack overflow checking.
GNAT Pro Safety-Critical has been adapted to meet the needs of CENELEC standards for software development processes (EN 50128:2011, EN 50126:1999, and EN 50129:2003, for SIL 3/4), and a variety of certification-related material is available to supplement the product:
- A SIL 3/4 Independent Safety Assessor (ISA) certificate, confirming the Ravenscar Minimal profile’s conformity to the CENELEC standard
- Qualification material for several product components:
- the GNAT Pro compiler as a class T3 tool,
- the GNATcheck coding standard checker as a class T2 tool,
- the GNATmetric code metrics generator as a class T2 tool, and
- the GNATtest / AUnit testing framework as a class T2 tool.
Qualification material is also available for several other tools that can be used in conjunction with GNAT
- SPARK Pro’s GNATprove as a class T2 tool to show proof of absence of run-time errors,
- the CodePeer static analysis tool as a class T2 tool for data and control flow analysis, and
- the GNATcoverage and GNATemulator dynamic analysis tools as class T2 tools for code coverage analysis.
Rail Industry Standards
EN-50128 is the European standard used to certify rail applications. It classifies criticality levels between SIL0 (lowest) to SIL4 (highest). Ada is explicitly recommended to reach the highest level of safety (SIL4), as well as other techniques covered by either the GNAT Pro product or companion technologies such as GNATcoverage, SPARK Pro or CodePeer.