Aim higher

A model solution for safety-critical industries

A Eurostars-supported project has tapped into the growing demand for model-driven development solutions in industries where security and reliability are crucial. Now sectors as diverse as car makers and avionics suppliers can take advantage of tools that automatically generate code from models in safety critical environments.

Key target industries for Ada (a computer programming language) have tended to be aerospace and defence, where safety and security are obviously paramount. “In recent years however we have seen these and other industries increasingly using software modelling technologies,” explains Dr José Ruiz, Senior Software Engineer at AdaCore, main partner in the EUREKA Eurostars Hi-MoCo project. “We therefore saw an opportunity to bring our knowledge of generating code for safety-critical environments to a much wider audience.”

Automatic code generation tools have tended to be all-purpose and not really tailored for safety-critical systems, while specific safety-critical modelling tools have tended to be rather inflexible. Ruiz and his colleagues sought to develop new tools capable of filling this gap in the model-based development market. “We sought to build a bridge between these two poles,” he explains. “This was the starting point of the project.”

Addressing market needs

The end result of the Hi-MoCo project, which was completed in 2014, is the QGen product; an automatic code generator and model verifier that is both flexible and meets stringent safety standards. It is designed to save industries time as there is no need to write code by hand, nor spend time verifying its reliability.

“This product has been on the market for over a year,” says Ruiz. “We already have a number of customers on board, and lots of evaluations are in progress from companies investigating how the concept fits their needs.”

One key sector is aerospace (for on-board avionics, satellite control, etc.), where computer-based systems must be certified against stringent safety standards. AdaCore is in the process of validating QGen’s code generation capabilities (this is known as “tool qualification”), which will save end users considerable time and effort in verifying the generated code.

Exploring new opportunities

For the French and Estonian project partners, a key benefit of the Hi-MoCo project has been the opportunity to contact industries and companies that develop safety-critical systems but might not have used the Ada programming language. “For us, the QGen product has really helped us to crack the automotive market, which has proved challenging in the past,” says Ruiz. “We are currently dealing with automotive companies in Europe and Japan, so the project has really helped us to open new doors.”

“This sends a positive message to customers that we are evolving together with them to meet their needs.”

QGen can generate MISRA C and SPARK, two software development guidelines. SPARK supports formal verification, and being able to generate SPARK enables users to strengthen mathematics-based confidence during the verification effort. The success of the product means that AdaCore has already had to create two new positions in order to keep pace with demand.

In terms of the future, the company is currently discussing with existing and prospective customers how best to fine-tune the tool. “We’ve developed and marketed a product that effectively generates code; now we need to fully integrate the product with end–user requirements,” explains Ruiz.  “I think this sends a positive message to current and prospective customers that we are evolving together with them to meet their needs, even if some of the industries we are targeting – such as aerospace and defence – have a rather slow adoption curve.”