in Aerospace / Defence / Space

AdaCore tools gain ISO 26262 and IEC 61508 qualification

Posted 18 February 2020 · Add Comment

AdaCore today announced that three of its signature software development/verification tools for Ada, SPARK and C have been qualified under the ISO 26262 and IEC 61508 functional safety standards.

AdaCore has over two decades of certification experience in safety-critical domains such as avionics, space and rail. By completing the qualification process for automotive and industrial standards, the company has shown that its high integrity technologies can meet the demanding assurance requirements of the software-intensive industries.

The three development/verification tools qualified for compliance are:

  • GNAT Pro, a robust and flexible development environment comprising an industrial-grade toolchain that supports the Ada and C programming languages, either standalone or mixed in a single binary. GNAT Pro comes with a range of development and verification tools, including stack size computation, coding standard verification and a customisable/extensible IDE.
  • The Common Code Generator (CCG), which compiles from a SPARK-like Ada subset to C code. CCG allows projects to cross-compile Ada and SPARK applications to any hardware target that provides a C compiler, including targets that do not come with off-the-shelf Ada support.
  • SPARK Pro, a toolset based on an Ada language subset that allows developers to formally guarantee properties of source code, such as the absence of certain categories of vulnerabilities (buffer overflow, division by zero, references to uninitialised variables) and to prove custom functional assertions.

Both theGNAT Pro compiler and CCG received TCL3 qualification under ISO 26262, and T3 qualification under IEC 61508. The SPARK Pro verification tool received TCL3 and T2 qualification. All three products have been certified by TÜV SÜD, an independent, globally recognised organisation which confirms that products meet national and international standards. The TÜV SÜD certification mark is widely acknowledged and respected as a trusted symbol of quality, safety, and sustainability.

“The demand for cost-effective tools and methodologies have greatly increased in the automotive and industrial domains over the past few years,” said Quentin Ochem, Lead of Business Development at AdaCore. “The Ada and SPARK languages have emerged as viable alternatives to C for many developers needing higher integrity software. The completion of our safety certification under the corresponding standards demonstrates our commitment to support these industrial projects on their own path to adoption.”

ISO 26262 and IEC 61508
ISO 26262 is a functional safety standard for automotive systems and a derivative of the generic IEC 61508 standard for electrical/electronic/programmable electronic (E/E/PE) systems. It defines an automotive safety lifecycle's phases and their associated activities and uses a risk-based approach to determine Automotive Safety Integrity Levels (ASILs) and the relevant requirements. An analysis of the system's functions focuses on the potential hazards in the event of a failure and the consequences to life and property. The computed ASIL ranges from A (least critical) to D (most critical) and takes into account the estimated probability of the failure being exposed, whether the driver can ameliorate the hazard in response, and the severity of the hazard's occurrence.

ISO 26262 specifies requirements for tool qualification, recognising the benefits from automation in terms of both productivity and accuracy and defines four tool qualification methods:
•    Increased confidence from use,
•    Evaluation of the tool development process,
•    Validation of the software tool, and
•    Development in accordance with a safety standard.

Qualification is based on the calculated Tool Confidence Level (TCL), ranging from 1 (lowest) to 3 (highest). A tool’s TCL is in turn determined by whether / how an error in the tool or its output can lead to a safety hazard (the “Tool Impact”) and the probability of preventing/detecting such errors (“Tool Error Detection”). A tool at TCL1 does not need qualification. TCL2 and TCL3 tools require qualification, with the system’s ASIL determining which qualification methods are most recommended. Tool qualification artifacts include a Software Tool Qualification Plan, Software Tool Documentation, a Software Tool Classification Analysis (which establishes the relevant TCL), and a Software Tool Qualification Report.

IEC 61508 is an international standard for functional safety in E/E/PE systems and is the “umbrella” for domain-specific standards such as ISO 26262. The standard is based on the concepts of a safety life cycle (the engineering processes needed for functional safety) and safety integrity level, or SIL (the level of risk reduction). The SILs range from SIL1 (lowest requirement for risk reduction) to SIL4 (highest). The SILs are defined in terms of probability of failure on demand; e.g. for SIL4 the probability of a dangerous failure per hour of continuous operation is between 10-9 and 10-8.

Software-related requirements are defined in Part 3 of IEC 61508, with the identification of techniques and measures for software development/verification; the specific requirements are based on the SIL. The standard specifies three tool qualification categories:
• T1: the tool is not used to either verify the code or to produce output that is part of the executable (e.g. a text editor)
• T2: the tools may fail to detect an error but does not generate code that is part of the executable (i.e. a verification tool such as a coding standard checker)
• T3: the tool can produce output that is part of the executable (e.g. a compiler)

Tools classified at T2 or T3 must have the appropriate documentation, with T3 requiring additional justification (based on user experience or test cases) that the tool complies with its documentation.

Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical and security-critical systems, with its products used to field and maintain a wide range of critical applications in domains such as commercial and military avionics, space, defence systems and air traffic management/control.


* required field

Post a comment

Other Stories
Latest News

COVID-19 impact on RAF Display Teams in 2020

Noting the restrictions currently in place on the UK population during the effort to combat the spread of the Coronavirus (COVID-19), the Royal Air Force (RAF) has suspended all displays from its various teams and bands until further

ICAO stresses air transport's role in recovery from COVID-19 pandemic

ICAOís Council President and Secretary General welcomed the G20 leadersí statement on COVID-19, including its underscoring of how this unprecedented pandemic serves as ďa powerful reminder of our interconnectedness and

IATA highlights airlines' cash crisis

The International Air Transport Association (IATA) has published new analysis showing that airlines may burn through $61 billion of their cash reserves during the second quarter ending 30 June 2020, while posting a quarterly net loss

EDM installs Air Balticís A220 Extended Door Trainer

Manchester based provider of training simulators to the civil aviation and defence sectors, EDM, has completed a project for Air Balticís A220 Extended Door Trainer, which has been fully installed at their training facility in Riga,

UK space sector working together on response to coronavirus

The UK Space Agency and trade body UKspace, are working together to help the space sector respond to the COVID-19 pandemic.

Eastern Airways improves temporary Humberside-Aberdeen schedule

Eastern Airways is making improvements to its temporary schedule on the Humberside Airport-Aberdeen route following customer feedback, which will help key workers and vital energy sector personnel.

IQPC SK0403300420
See us at
DVD 2020SMI favws BT06020406203CDSE BT2702150720