AdaCore Launches QGen
Customizable code generator and model verifier for Simulink and Stateflow models
is designed for qualification against software safety certification standards
AdaCore announces the release of QGen 2.1.0, a qualifiable and customizable code generator and model verifier for Simulink and Stateflow models. This tool can generate MISRA C and SPARK/Ada source code producing readable, traceable, and efficient code. It is particularly suited for developing and verifying high-integrity real-time control applications, especially where safety certification is required. The tool is highly configurable thanks to its visible intermediate representation.
QGen handles around 120 Simulink blocks and a subset of Stateflow. These were selected as a safe subset that guarantees predictable code generation patterns, does not require any run-time support, and allows for tool qualification against software safety standards.
The tool's static model verifier detects run-time errors such as integer overflow and division by zero. It also can find logic errors such as dead execution paths, and verify functional properties through Simulink Assertion blocks. QGen can be integrated with AdaCore’s GNATemulator and GNATcoverage tools to support Processor-in-the-Loop (PIL) testing and structural coverage analysis without any code instrumentation.
An important new feature of QGen, which is planned for release in 2016, is the ability to do model-level debugging of applications implemented with a combination of hand-written and autogenerated code, using GNAT Programming Studio (GPS). This GPS "model-level debugging" feature provides side-by-side views of a Simulink model and the corresponding generated SPARK/Ada or MISRA C code. Model-level debugging supports setting breakpoints on individual blocks, which will automatically set a breakpoint at the corresponding point in the generated code. In addition, model-level debugging permits stepping one block at a time, viewing the value of signal variables, and stepping into or out of model subsystems. This model-level debugging is built upon the existing debugging capability in GPS, and can support host debugging and cross-debugging with any targets supported by gdb (the debugging technology used by GPS).
Qualification material for QGen will be available for standards such as DO-178C (avionics), EN 50128 (rail), and ISO 26262 TCL3 (automotive). The model verification feature is qualifiable for DO-178C at Tool Qualification Level 5.
A QGen demo is available at http://www.adacore.com/qgen/demos/.
“Thanks to its strong focus on safety, QGen reinforces the position of the Simulink and Stateflow environments as the preferred solutions for model-driven development of high-integrity control systems,” said Tucker Taft, product manager for QGen at AdaCore. “With QGen, AdaCore offers a uniquely integrated and qualifiable solution for end-to-end model-based design, including code generation, production of high-performance embedded code, formal verification, structural coverage, and support for Processor-In-The-Loop testing.
“QGen offers us two opportunities,” said Cyrille Comar, AdaCore President. “First, our existing customers can now benefit from code generation from Simulink/Stateflow models in a way that is compatible and integrated with their existing tool and language investment. Further, QGen’s outstanding capabilities are attracting interest from new application domains driven by safety-critical requirements; this allows us to provide our high-integrity expertise and toolset to a much larger user base.”
About AdaCore
Founded in 1994, AdaCore supplies software development and verification tools for mission-critical, safety-critical, and security-critical systems. Four flagship products highlight the company’s offerings:
- The GNAT Pro development environment for Ada, a complete toolset for designing, implementing, and managing applications that demand high reliability and maintainability,
- The CodePeer advanced static analysis tool, an automatic Ada code reviewer and validator that can detect and eliminate errors both during development and retrospectively on existing software,
- The SPARK Pro verification environment, a toolset based on formal methods and oriented towards high-assurance systems, and
- The QGen model-based development tool, a qualifiable and customizable code generator and verifier for Simulink and Stateflow models, intended for safety-critical control systems.
Over the years customers have used AdaCore products to field and maintain a wide range of critical applications in domains such as space systems, commercial avionics, military systems, air traffic management/control, rail systems, medical devices, and financial services. AdaCore has an extensive and growing world-wide customer base; see www.adacore.com/customers/ for further information.
AdaCore has North American headquarters in New York and European headquarters in Paris. www.adacore.com
