I spent a very interesting week in Toulouse last week. It started with a day of conference in which INRIA research labs showed a host of products and advanced research applicable to the domains of modeling and safety. There was in particular demos of Astrée (static analyzer for C, now sold by AbsInt Gmbh), Frama-C (framework for analyses on C, partner in Hi-Lite) and Alt-Ergo (prover SMT, partner in Hi-Lite).
It continued with the conference ERTS² during 3 days, which gathered many French and European providers and customers of embedded solutions. I’d like to highlight 3 presentations:
the Formal Methods Subgroup of the upcoming DO-178C standard presented how formal methods may be used in a certification context
Yesterday saw the official launch of the Hi-Lite project. Financially supported by French national and local government agencies, Hi-Lite aims to increase the use of formal methods in developing high integrity software, particularly to meet the forthcoming DO-178C avionics standard.
Hi-Lite is completely based on libre software. The project is structured in two different toolchains for Ada and C based on GNAT/GCC compilers, the SPARK verification toolset and the Frama-C platform. The integration of these toolchains inside two industrial IDEs offers to the user a common interaction on Ada and C programs. In particular, mixed Ada/C programs can be verified against a common specification.
The project partners are AdaCore, Altran Praxis, Astrium Space Transportation, CEA-LIST, the ProVal team of INRIA and Thales Communications. AdaCore is the project leader. For more information please visit www.open-do.org/projects/hi-lite and to subscribe to the public mailing list please send email to hi-lite-discuss@lists.forge.open-do.org.
We will be reporting on its progress here as it reaches major milestones throughout the evolution of the project.
Embarquez Agile (Embed Agility) is a one day conference being organized by AeroSpace Valley competitive cluster. The event will take place in Bordeaux, France on March 18, 2010. Cyrille Comar and Matteo Bordin will be giving talks around the Open-DO initiative and the notion of Qualifying Machine.
Couverture is a qualifiable tool to measure structural coverage. This paper describes how the Couverture technology copes with the “Souce Code VS Object Code Coverage” debate in a DO-178 context.
The Couverture project is hosted on the Open-DO Forge.
The attached paper is also published in the Ada User Journal, December 2009 issue.
We are pleased to welcome the HiberSource project to Open-DO. This configuration management system is used to manage project data in accordance with DO-178B and supports the full software life cycle.
There are many free version control systems (such as SVN) but there are no free configuration systems to support projects (like Razor or PVCS). HiberSource was started to be a configuration system to support full software life cycle with developing, verification and other certification activities.
For more information, please visit the project on the Open-DO forge.
A Qualifying Machine (QM) is an agile and lean infrastructure to ease DO-178 tool qualification. The main goal of a QM is to ease the manipulation of all artifacts within the whole application life cycle and to track the activities performed by the development team.
Within Open-DO, we released an instantiation of the QM concept for GNATcheck, a coding standard checking tool qualifiable for DO-178. The infrastructure and qualification material (including the Tool Qualification
Plan and the testing framework) are freely available as open source in the Open-DO forge. With this initiative, we intend to promote open collaborations in the high-assurance domain and to show how to deploy a lean and agile
qualification process.
You can get more information on the Open-DO Qualifying Machine and download its instantiation for GNATcheck here.
Speaking at the Ada UK Conference 2009 in London, Franco Gasperoni presents and positions requirement-based testing and coverage analysis in terms of the Avionics standard DO-178B. He then goes on to show how the Open-DO initiative (through Project Coverage) is addressing these needs.
Last week I attented the Grenoble (October 20, 2009) and Valence (October 22, 2009) conferences as part of the Agile Tour 2009 series. These events were a big success and attracted more than 450 attendees! I would like to thank one more time the CARA who did a very good job at organizing these.
The presentations were of very high quality and their diversity pleased practionners as well as managers and students. All the slides are accessible on the CARA’s website (French and English).
I gave a talk in Grenoble and Valence about the infrastructure and processes we put in place at AdaCore to build and test on a daily basis all our compilation chains and accompanying technology in a Lean fashion.
I also presented the “qualification machine” we have built based on open source technology to ease the DO-178B tool qualification process by adopting an agile philosophy.
I attended the DASIA 2009 conference las week, and I discovered a really nice open-source initiative targeting the high-integrity real-time community. The Real-Time Systems Group of the University of Valencia has developed an open-source hypervisor (partitioning kernel) called XtratuM, which is not ARINC compliant, but it provides temporal and spatial partitioning. It currently works on x86 and LEON2.
I know personally the people behind this project, and I can encourage you to keep an eye on it.