AdaCore DirectionsWho are we? Where are we going?

Cyrille ComarParis, October 1st

Agenda of the talk- Mission

- Location & People

- Values

- Strategy: Strengthening & Opening

- Research Activities

- QGen

- Conclusion

We help people build

software that matters.

Ada

- Expertise on critical software development

- Maintain & evolve (Ada) compilation toolchain with pedigree

- Emphasis on customer support

Locations

Robert Dewar (1945-2015)

Some of us in the US

Hristian, frontend

Ben, newsletterSteve, static analysisTucker, qgen

Nicolas, gps Doug, cross

We actively and creatively evolve our product line, operations, and organization to help our customers and teammates. We are passionate about what we do and are committed to learning, researching and creating.

We build long-term relationships with our teammates, customers, and partners. Acting as a team, we debate, cooperate, and help each other grow.

We share our plans, practices and technologies with our teammates, partners and customers. This is strengthened by our participation in relevant open-source and professional communities, and the open-source licensing of our products.

We organize our work to meet all our commitments. We provide customers, partners and teammates unrestricted access to our expertise, making support our number one priority. Our rigor ensures that our products can be used to build the most demanding software systems.

Strengthening & Opening

- Enhance our Ada offering (new targets, new tools, new optims…)

- Make SPARK+CodePeer « the » best game in town for

- complementing testing with static verifications

- industrial use of program proving- higher level of reliability- lower cost of verification- stop (some) security attacks

Help people build software that matters… even more

Strengthening & Opening

- Unexplored markets

- Software that matters in C

- Code generation from “models” that matter

Help more people build software that matters…

Strengthening & Opening

Unexplored Markets

Software that matters in C- Toolset that can be used for critical development:

- Manage pedigree of the C compiler (e.g. KP entries)

- Active long term maintenance (e.g. sustained branches)

- Set of verification tools (e.g. gnatcov)

- Better controlled build system (gprbuild)

Research Activites- Dashboarding: AdaSquore (DGA-Rapid)

- Formal methods:

- ProofInUse (LabCom with INRIA): enhance proving capabilities

- Vecolib (ANR): loop invariants

- Soprano (ANR): improve SMT solvers

- CAP2018 (FUI) with Sogilis & Squadrone

- SPARK in legacy C for FFI

Code generation from “models” that matter

QGen

What is QGen?A qualifiable and

customizable code generator

from Simulink® and Stateflow® to SPARK and

MISRA C

A formal model verifier

for runtime errors and functional properties

An open and extensible frameworkto integrate

heterogeneous models

QGen Main Features- Support for a large subset of Simulink®

- Around 120 blocks, optional checks for MISRA Simulink®- Stateflow® also supported, since early 2015

QGen Main Features- Support for a large subset of Simulink®

- Code generation producing MISRA C and SPARK (formally provable language)

- Readable and traceable code, no performance penalty

QGen Main Features- Support for a large subset of Simulink®

- Code generation producing MISRA C and SPARK (formally provable language)

- Integrated with compilation and testing frameworks- Integration with GNAT Pro compiler for qualified, end-to-end tool chain- Integration with GNATemulator and GNATcoverage for structural coverage analysis (up to

MC/DC) without code instrumentation executing embedded object code

QGen Main Features- Support for a large subset of Simulink®

- Code generation producing MISRA C and SPARK (formally provable language)

- Integrated with compilation and testing frameworks

- Includes a static model verifier- Focus on safety-critical systems- Run-time errors (divisions by zero, overflows, …)- Logical errors (dead execution paths)- Functional/safety properties (Simulink® assertions blocks)

QGen Main Features- Support for a large subset of Simulink®

- Code generation producing MISRA C and SPARK (formally provable language)

- Integrated with compilation and testing frameworks

- Includes a static model verifier

- Qualification material- Including validation against Simulink® simulation- DO-178C, EN 50128, ISO-26262 TCL3

QGen An open and extensible framework

QGen An open and extensible framework

“The gcc for modeling languages”- QGen is designed to accept multiple languages in input, including in-house DSLs- A single code generation style/strategy for all of your modeling languages- XML-based model import at different abstraction levels- Design model: blocks, signals, states, transitions, ….- Code model: variables, statements

Selective model compilation- QGen is composed of multiple model compilation steps- It is possible to execute them selectively - It is possible to import/export XML at any step

RoadmapFeb 2015

QGen commercial availability

Spring 2015

Stateflow® support

2016

Tool Qualification Planning Documents

2017

QGen Debugger

2018

QGen TQL1 qualification completed

Conclusion- World of critical software development is evolving…

- You are the main source of AdaCore evolution

So let’s talk… even more