Dr. Benjamin Brosgol, AdaCore
Airborne systems that need a small footprint or must comply with an industry assurance standard such as DO-178B  or DO-178C  are sensitive to size and complexity costs in the run-time support libraries. To answer these needs, the Future Airborne Capability Environment (FACE™) Technical Standard  has designated the Ravenscar subset of the Ada programming language’s tasking features as one of the acceptable concurrency approaches for a software component that must satisfy safety and/or security assurance requirements.
The FACE [Future Airborne Capability Environment] approach is a joint government-industry software standard and business strategy for acquisition of affordable software systems that promotes innovation and rapid integration of portable capabilities across global defense programs. FACE - originally avionics-focused only, but has now broadened to encompass a wide catalog of applications for use across the entire spectrum of real-time systems - does not directly address issues of quality or fitness for purpose. Because these traits are obviously important in practice, the natural question for component developers is how to meet both the explicit FACE objective of portability and any domain-specific requirements for software reliability, safety, and security. Part of the answer is to choose appropriate software-development technologies and language(s).
As the transition to DO-178C takes hold, ensuring tool qualification for software being developed to the new standard is a must. With attention to Tool Qualification Levels (TQLs) and a Configuration Management (CM) system, development tools, projects, and environments can transition smoothly between requirements.