AdaCore maintains long-standing customer relationships with many of the world’s major defense contractors for whom Ada is the gold standard for safety-critical software development.
Military applications are unique in that they combine high safety stakes and system criticality with maintenance requirements and service life that can span decades. The software systems often need to be ported across generations of hardware, and require development environments that provide excellent portability and stability.
In addition to these, an ever-increasing threat over the past decade has been cybersecurity attacks. These have introduced a new level of effort required to produce a system that can maintain its required and expected integrity level. Analysis technologies are becoming critical to assist developers in ensuring that their software is exempt of vulnerabilities that could be used as a backdoor by a potential attacker.
Ada - The de facto standard for safety-critical software development
The Ada programming language was initially designed following a contract from the United States Department of Defense (DoD) from 1977 to 1983 to supersede over 450 programming languages used by the DoD at that time. Over the past 30 years it has become a de facto standard for developers of high-integrity, military applications. It is designed specifically for large, long-lived applications where reliability, efficiency, safety and security are vital. As an ISO standard Ada is under constant evolution - the last revision being Ada 2012 - always staying true to its original mandate. AdaCore’s technical team has been closely involved with the Ada language since its inception, and the GNAT Pro development environment combines state-of-the-art technology with expert support to provide a natural solution where efficient and reliable code is critical.
On large, mission-critical systems, Ada is often used in conjunction with other languages, and the Ada design specifically caters to such usage, enabling customers to leverage their investment in Ada across the widest range of development platforms. AdaCore provides complete support for compilation with multi-language build and debug for all GNAT Pro environments. The wide variety of platforms it supports include native hosts, such as Microsoft Windows, Sun Solaris and GNU/Linux; embedded targets for bare metal (ARM, x86, PPC) or on top of real-time operating systems (VxWorks, LynxOS-178, ...). GNAT Pro also provides support for mixed language applications including C and C++.
DO-178 and FACE
DO-178 was initially conceived and applied to civil avionics systems. A number of military avionics systems are also adopting and complying with the safety standard DO-178. This can be because the standard has been mandated by the DoD entity ordering the system or because the aircraft is supposed to operate both in military and civil aerospace. AdaCore has extensive knowledge and experience with avionics software certification standards, with AdaCore personnel playing an active role in standards-related working groups and committees. AdaCore President and co-founder Dr. Cyrille Comar is a recognized expert in software certification and participated in the development effort for DO-178C and its associated supplements. To learn more, read our booklet, AdaCore Technologies for DO‑178C / ED‑12C by Frédéric Pothon & Quentin Ochem.
The Future Airborne Capability Environment (FACE™) is a government-industry initiative for reducing defense system life cycle costs through portable and reusable software components. AdaCore has been directly supporting the FACE effort since 2012, both by participating actively in the FACE technical and business working groups and by supplying products that help avionics system developers produce FACE conformant software.
When Software Must Be Safe and Secure
Heavy-weight military tactical systems are often mission critical and so have strict requirements for reliability and operational security. Applications that must meet the highest levels of security must be developed in a manner to exactly specify their semantic operation. Tools must be able to formally prove correctness, and run-time libraries must be available that are verifiable to the same (or higher) standards as the desired security classification of the application.
GNAT Pro Assurance provides the perfect solution for long-lived systems. An important feature of this product is the “Sustained Branch” which allows GNAT Pro users to select a specific version of the technology and receive critical fixes and known-problems analysis years after the initial release of the technology.
CodePeer’s advanced static analysis tool for Ada uses control-flow, data-flow, and other advanced static analysis techniques to detect errors that would otherwise only be found through labor-intensive debugging. Recognized as CWE-Compatible by MITRE Corporation’s Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program, CodePeer can detect the most frequent types of code weaknesses, including the CWE’s Top 25 Most Dangerous Software Errors. The tool’s deep analysis also supports formal certification against industry-specific safety standards, such as DO-178.
Customer Projects: Defense
Rockwell Collins successfully used SPARK Pro and GNAT Pro High-Security in the development of the SecureOne™ Guard, a high assurance cross domain guard for military tactical systems.
Saab Electronic Defence Systems (Sweden) has adopted the CodePeer static analyzer tool for use on the GIRAFFE project. The GIRAFFE project is a family of land and naval radar-based surveillance and air defense command and control systems.
This case study describes Thales UK’s state-of-the-art non-hull-penetrating optronic mast for the United Kingdom Royal Navy’s new Astute-class submarines, which provides greater flexibility in boat design and improved surface visibility while reducing the probability of detection. The optronic mast is powered by AdaCore partner, Wind River’s VxWorks mission-critical real-time operating system (RTOS) submarine.