Green Hills, GHS, MULTI, 2000, C, C++, ADA, Compiler, Safety, DO-178B Leve A, G-Cover, Coverage, Object Code Analyzer, CStart, Ravenscar Profile

Safety Critical Products GSTART

Safety Critical Products: GSTART

A complete safety critical line

Green Hills Software offers a complete safety critical product line that includes:

INTEGRITY-178B—a full time and memory-partitioned ARINC-653-1 real-time operating system (RTOS)
GMART—a safety critical minimal Ada run-time kernel
GSTART—a safety critical small-tasking Ada run-time
language support for C, C++ and Ada
a full set of safety critical testing tools

GMART, GSTART, and INTEGRITY-178B are available with full off-the-shelf DO-178B Level A certification material. All have formally passed DO-178B Level A multiple times as a part of avionics systems and thus are certified and not just certifiable.

A safe-tasking model that supports determinism & schedulability analysis

GSTART—Green Hills Software’s Small Tasking Ada Run-Time product—is designed from the ground up to be certifiable to DO-178B Level A, the highest level within the FAA’s commercial avionics safety critical standard.

GSTART also supports the established safety critical Ravenscar Profile language subset. The Ravenscar Profile was intended to define a taskng model that supports determinism and schedulability analysis. Developed at the Eighth International Real-Time Ada Workshop in Ravenscar England, the Ravenscar Profile is also advocated in ISO/IEC JTC 1/SC22/WG9 draft standard ISO/IEC, DTR 15942: “Programming Languages Guide for the Use of the Ada Programming Language in High Integrity Systems.”

The Ravenscar Profile defines a safe language subset that includes tasking. Memory allocation is allowed, but only at program elaboration time to prevent memory creep by allowing allocation only once. Deallocation is disallowed since, without the ability to dynamically allocate new objects, it adds no value and simplifies run time system (RTS) requirements. Task rendezvous are disallowed but tasks can communicate via Ada95 protected objects. This provides a deterministic tasking model. All task dispatching is handled in a FIFO manner with priority given to Ceiling Locking priority values. General exception handling is also disallowed in favor of a single global handler. This removes the non-determinism of general handlers while still supporting a graceful system shutdown should a runtime error occur.

Although use of the Ravenscar Profile removes some generally useful language features, the resulting program is likely simpler and easier to certify to safety critical standards. Removing these language features also allows the Ada Run Time System (RTS) to be simplified and optimized for this subset. Thus the GSTART RTS is smaller and faster than general purpose full Ada RTSes.

GSTART definition
	Task type and object declarations at the library level
	No unchecked deallocation of protected & task objects
	No dynamic allocation of task or protected objects
	Tasks are assumed to be non-terminating
	Library level protected objects with no entries (to ensure atomic updates to shared data)
	No requeue
	No Task Aborts or Asynchronous Transfer of Control
	No rendezvous mechanism due to more efficient protected objects
	Real-time package, no reliance on Calendar package
	Atomic and volatile pragmas
	'Delay until' statements. Ada83 relative delays are not allowed
	All priorities are static
	Protected procedures as interrupt handlers

Key customers

- Lockheed Martin
- Boeing
- Rockwell
- Raytheon
- BAE SYSTEMS
- BF Goodrich Aerospace
- Alenia Aerospatiale

Available with INTEGRITY-178B

GSTART is available as a bare machine Ada RTS or integrated with the INTEGRITY-178B partitioned RTOS. As a bare RTS, GSTART provides a small and fast multi-tasking single application execution environment. As a kernel within an INTEGRITY-178B partition the user has all the advantages of the bare model but now with the support of potentiallymultiple applications being able to run on the same single processor.