About HBAP | Home | Quick Page | Welcome | FAQ
What's New? | RM 95Your Feedback

This text was mailed on 1996-07-01 by Bob Mathis to the ARA mailing list. The online version was derived 1996-07-09 by Magnus Kempe.

Notes on Presentations at Ada-Europe Conference

10-14 June 1996, Montreux, Switzerland

Jim Moore, moorej@acm.org

These notes contain brief descriptions of selected presentations. They are necessarily uneven in detail, reflecting my own personal interests.


Conference Keynote: Tucker Taft, Programming the Internet in Ada 95

Standing in for Tucker Taft, Dr. Chuck Engle of DISA gave the keynote presentation reporting on Taft's work on the Java/Ada 95 cross-compiler. The cross-compiler required only one labor year of effort. Compiling Ada 95 into Java is relatively easy, in fact, easier than compiling C++ into Java. Tucker says that Java is "Ada 95 semantics in C++ syntax". His product also compiles Java into Ada 95 which is more difficult.

A free compiler is available at "www.inmet.com/javadir/download". It will be free until August 1 and will self-destruct at that time. An environment will be available on July 1. Eventually it will be bundled with Thomson's Ada 95 compiler.

Academic Ada will soon be available for $68.50 (Addison-Wesley) in university bookstores.


Daily Keynote: Norm Schneidewind, Reliability Modeling for Safety Critical Software

The presentation primarily concerns reliability models developed for the NASA space shuttle. There are two types of measurements: customer-oriented, pertaining to end functionality; developer-oriented. The point is to relate the direct and indirect measurements so that we can have early prediction. In integration and test we can use the problem rate to drive a reliability model making predictions about the reliability of the end product. He deals with two particular criteria: remaining failures, the criterion that the number of failures predicted during a given amount of time is smaller than some threshhold; and time to next failure, the criterion that the expected time to the next failure exceeds some threshhold such as mission duration.

Session: Software Development Methods

Philippe Kruchten, Iterative Software Development for Large Ada Programs

The Canadian Automated Air Traffic Control System (CAATS) is estimated at 750K SLOC of Ada. It was initially bid using the 2167A life-cycle model, but changed in 1992 to use an object-oriented design and an iterative development process. The phases for their iterative process include: inception, elaboration, construction, transition, evolution.

The criteria for defining the content of an increment include:

  • focus on main mission of system
  • early treatment of major risks
  • try to cover functional scope of the system
  • try to cover architectural scope of the system

    Their model distinguishes phases from activities; the activities cut horizontally across the phases. Kruchten described some of the lessons they have learned in applying this LC model to CAATS.

    David Emery, HCSD Unit Development Process: Step-Wise Process Improvement

    This paper is also related to the CAATS program. They have progressed through three different versions of their Unit Development Process. This paper examines the various versions and what motivated the changes.

    Juan Antonio de la Puente, Mapping HRT-HOOD Designs to Ada 95 Hierarchical Libraries

    The European Space Agency uses HRT-HOOD (Hard Real-Time HOOD) as its design methodology. There have been methods to translate designs more or less directly into Ada but have tended to obscure the design. The paper describes how to use the subroutine renaming feature and the child library feature of Ada 95 to improve the mapping.

    Session: Experience Reports

    Dr. Chad Bremmon, Funds Management Modernization: Experiences with Developing an Object-Oriented, Client-Server Management Information System In Ada 95

    The paper describes the modernization of legacy systems for USAF Program Planning and Budgeting providing vertical integration among the various command echelons. This is an interesting integration of CORBA, SQL, ODBC, OLE and Ada 95 on a PC platform.

    Kor Molenmaker, Converting the Part Task Nautical Simulator to Ada 95 [from Ada 83]

    This paper describes the conversion of an existing operational program from Ada 83 to Ada 95 and the problems that were encountered.

    Vincent Celier, Visibility Control and Migration of Interfaces in Large Ada Systems

    In large Ada systems, it is necessary to freeze major interfaces early, but it is then sometimes necessary to change them. The paper describes techniques for minimizing the difficulties in migrating users of changed interfaces.

    Philippe Waroquiers, Ada Tasking and Dynamic Memory: To Use or Not to Use, That's a Question!

    This is an air traffic flow management flow system. The paper describes the tuning of the system to improve its performance. The major changes including changing the mechanisms for the storage of persistent data.

    Rich Hilliard, Experiences in Applying a Practical Architecture Method

    He described what MITRE has learned from articulating architectures for a number of large, complex systems. It's a good summary of the OSEG work in this area at MITRE-Bedford.

    John Smart, A Decade of Development and Deployment of Distributed Ada Systems

    His company develops Naval Command and Control Systems comprising more than 2.5 MSLOC of Ada 83 code. They use Jackson Structured Design. The paper is a valuable overview of how to use Ada 83 with JSD to develop very large systems.


    Daily Keynote: Andre Schiper, Fault Tolerance by Replication in Distributed Systems

    In this context, replication refers to using multiple copies of a single object on multiple machines. The point of replication is to permit the application to make progress despite failures. Today's trend is to achieve replication using standard workstations rather than specialized hardware, e.g. Tandem. The presentation discusses theoretical issues and implementation considerations in developing such systems. This discussion will focus on crash failures, where a failed process performs no action, and on asynchronous systems, where there is no global clock and no bound on transmission delays.

    Session: Distributed Systems

    Thomas Wolf, Secure Communication in Distributed Ada

    The paper describes alternatives for communicating encrypted data among partitions in a distributed system. The method would also work for compression and other data transformations. They deal with the problem of key exchange.

    Session: Verification and Validation

    Neel Madhav, Testing Ada 95 Programs for Conformance to Rapide Architecture

    RAPIDE is a language for defining architectures. The paper describes a mapping from Ada to RAPIDE and a method for checking conformance. This is useful because a number of tools are available to analyze RAPIDE designs.

    Session: Safety & Security

    Dan Craigen, Ada 95 and Critical Systems, An Analytical Approach

    The purpose of the paper is to analyze the suitability of the Ada 95 language for use in critical systems. It summarizes a much larger report that evaluates the various language features of Ada 95 from the viewpoint of critical systems. It concludes that the use of complete Ada 95 in critical systems is problematic but that SPARK-like subsets are suitable.

    Marc Richard-Foy, The Use of Ada in Critical Systems, such as the TGV

    He described the particular methods employed in programming the train control systems for the French high-speed train, TGV. The safety approach relies on three elements: the coded processor technique (a mechanism for self-checking of data validity); a safe Ada subset (LSAda) and a strict quality assurance process.

    Alfred Rosskopf, Use of a Static Analysis Tool for Safety-Critical Ada Applications

    This controversial paper is a study of the use of the SPARK Examiner to perform static analysis on Ada code. The assessment is critical. Basically, the analysis would criticize any method that requires supplemental annotation to facilitate static analysis.

    Session: Ada Programming Language

    Michael Oudshoorn, Beyond Ada 95: The Addition of Persistence and its Consequences

    This paper describes some extensions made to Ada 95 for the study of persistent programming. He concludes that the extensions are possible but are sometimes not compatible with the spirit of the Ada language.


    Daily Keynote: Alan Burns, Ada 95: An Effective Concurrent Programming Language

    The paper uses case studies to illustrate how high-level concurrent programming abstractions can be built from the facilities provided by Ada 95. The examples illustrate three problems: resource control; atomic actions; and flexible scheduling.

    Session: Real-time Systems

    Ben Brosgol, The Dining Philosophers in Ada 95

    The "dining philosophers" is a classic problem in concurrent programming. Brosgol has offered a number of Ada solutions to the problem in the past. This paper re-analyzes the problem utilizing the new concurrent programming features of Ada 95.

    Ted Baker, The GNARL Implementation of POSIX/Ada Signal Services

    GNARL is the run-time library for the GNAT compiler. The paper describes the application-level interface for GNARL so that Ada tasking might be equated with POSIX threads.

    David Mundie, Implementing Protected Types on Embedded Targets

    The paper describes Tartan's experience in implementing protected types in their compilers for embedded machines.

    Session: Ada 95 Programming Language

    Wolfgang Gellerich, Where Does "Goto" Go to?

    This paper is the result of a study that examined 8.5 million lines of Ada source code (excluding specifications) to determine situations in which programmers choose to code Goto statements. They found that 99.5% of files contained no Goto statements whatsoever. The average distance (in lines) between occurrences of Goto is about 8100 lines. This is a much greater distance than for Fortran or C. Of the GOTOs found, 67% could have been replaced by other control structures and another 26% were in ACVC tests. Another 5% were in automatically generated code. So, only about 1.5% of the occurrences were legitimate, primarily intended for premature loop termination. In those cases where GOTOs were used for "efficiency", there is evidence that the programs with GOTOs run more slowly than those without.

    Closing Keynote: Chuck Engle, Transitioning the AJPO

    He reviewed the history and success of Ada in the DoD. The count of languages in the maintained inventory has declined from about 450 in 1980 to 37 today. Ada is the #1 language in weapon systems and #2 (to Cobol) for AIS systems.

    He cited MITRE's work on maintenance cost showing that C costs twice as much per function point as Ada in large systems.

    The new DODI 5000.1/5000.2 says that Ada is the language for software to be maintained by the DOD. The new DODD 3405.1 will provide an order of preference: (1) COTS; (2) adjust your requirements to fit a COTS alternative; (3) NDI (GOTS); (4) 4GL or 5GL (presuming that maintenance will be done at the 4GL level); (5) Ada; (6) get a waiver.

    Use of Ada will be checked at MAISRC/DAB quarterly and annual reviews. 14 waivers were requested last year; 12 were granted.

    There are currently 14 validated Ada 95 compilers. Seven programs have been designated as early adopters for Ada 95. The Airfields application for GCCS has been delivered. FMMS has demonstrated an initial prototype. The Marine Corps Tactical Data Link went to the field last week.

    For each of the last three years there has been a 25% annual increase in the use of Ada in universities. A free Ada compiler (GNAT) is available to researchers in source code form. A very low cost compiler and development environment along with a CS-1 textbook will be available on a CD this summer. Ada 95 is now the introductory level course at USMA and USAFA. NPG and AFIT have also adopted Ada 95.

    He showed a chart claiming that Ada is the #2 language in universities (after Pascal). Even C and C++ together are smaller than Ada.

    The National Research Council is now conducting a review of Ada policy in the DoD for completion by October 31, 1996.

    New validation suite, 2.0.1, adds additional tests but still does not require complete implementation of all of Ada 95. Version 2.1 in March 97 will complete that.

    Transition of activities formerly done by AJPO: AJPO will close by June 1997. Its current activities will be performed by others: