GNAT Pro for Safety-Critical is ideal for developing software applications for ground based avionics systems where a high level of safety and security is required on a native platform.

GNAT Pro Safety-Critical is an enhanced version of GNAT Pro, designed for building safe and secure software. Its many features help to reduce the cost of developing and certifying systems that have to meet safety standards such as RTCA DO-278 on a native platform. The High-Integrity Edition for Servers is the ideal solution for any safety-critical development effort for ground based avionics systems and other industries where a high level of safety/security is required on a native platform. Eurocontrol Safety Regulatory Requirement (ESARR) 4/6 or the UK Civil Aviation Authority CAP 670 / SW01 Air Traffic Services Safety Requirements or IEC 61508 for industrial automation.

The package is accompanied by DO-178B Level A life cycle artifacts applicable when using the DO-178B certifiable subset library. Our DO-178B Level A material directly maps to the top DO-278 Assurance Level certification requirements for AL1. These are the life cycle process documents used in multiple DO-178B Level A embedded certification efforts. Additionally the complete Ada Conformity Assessment Test Suite (ACATS) results are provided to show that the compiler and run-time system fully conform to the ISO Ada standard.

Air Traffic Management Safety Standards


RTCA DO-278 / EUROCAE ED-109 “Guidelines for Communication, Navigation, Surveillance and Air Traffic Management (CNS/ATM) Systems Software Integrity Assurance”, is the ground based complement to the DO-178B/C airborne standard.

RTCA DO-278 provides guidelines for the assurance of software contained in non-airborne CNS/ATM systems. DO-178B/ED-12, Software Considerations in Airborne Systems and Equipment Certification, defines a set of objectives that are recommended to establish assurance that airborne software has been reviewed, and in some cases, modified for application to non-airborne CNS/ATM systems. DO-278 is intended as an interpretive guide for the application of DO-178B/C guidance to non-airborne CNS/ATM systems. The two standards are thus interrelated.

More on DO-278B


Featured Project

iFACTS - Air Traffic Management System by NATS

iFACTS ― the interim Future Area Controls Tools Support ― provides tools for trajectory prediction, conflict detection and monitoring aids. The iFACTS system includes over 200 KLOC of SPARK source code, from which over 120,000 verification conditions are generated to prove exception-freedom.

Key Features of GNAT Pro Safety-Critical

  • Configurable Run-Time Library
  • Full Ada 2005 / 2012 Implementation
  • Advanced Static Analysis
  • Simplification of Certification Effort
  • Traceability
  • Safety-Critical Support and Expertise
Learn More »


Knowledge Center


  • When it comes to unmanned aircraft systems (UAS), virtually everyone is talking about and concerned with privacy issues – as though drones were robotic peeping Toms. The much larger and more critical issue, however, is security – without it, the potential exists for control of drones and even swarms of drones to be usurped and used to inflict harm. UAS hardware and software must be designed with development tools proven to be effective in the design and deployment of safety-critical and mission-critical systems and vehicles. In this webinar Robert Dewar will discuss the selection of optimal development tools and processes to ensure the safety, security, and reliability of real-time unmanned aircraft, onboard software, and ground control solutions.
  • The InSight webinar series continues with a webinar demonstrating how to write unit tests in a cost-effective way using the AdaCore toolset. More precisely it will show how to generate the unit testing framework using GNATtest, how to run the tests on an emulator such as GNATemulator and how to extract coverage results using GNATcoverage. This is primary aimed at developers and projects managers that already have unit testing infrastructure in place and are looking to reduce maintenance costs, as well as teams that are looking at implementing such techniques with minimal effort.

Developer Gems    

  • Gem #63: The Effect of Pragma Suppress

    Ada Gem #63 — The features of Ada have generally been designed to prevent violating the properties of data types, enforced either by compile-time rules or, in the case of dynamic properties, by using run-time checks. Ada allows run-time checks to be suppressed, but not with the intent of allowing programmers to subvert the type system.

  • Gem #53: Safe and Secure Software: Chapter 12: Conclusion

    Gem #53 is the concluding chapter of John Barnes' new booklet:

    Safe and Secure Software: An Introduction to Ada 2005.

    We hope you have enjoyed this series. In the attachment at the bottom of Gem #30 you can access the contents and bibliography for the entire booklet.