Why Switch to a Later Version of Ada?

Slides:



Advertisements
Similar presentations
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Advertisements

Programming Languages and Paradigms
Concurrency Important and difficult (Ada slides copied from Ed Schonberg)
Copyright © 2001 Praxis Critical Systems Limited  New and Exciting Things in the World of SPARK Roderick Chapman Praxis Critical Systems.
Concurrency in Ada What concurrency is all about Relation to operating systems Language facilities vs library packages POSIX threads Ada concurrency Real.
Exceptions David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 The Role of Exceptions Definition: a method succeeds if it terminates in.
(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.
Testing an individual module
Language Evaluation Criteria
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Managing the development and purchase of information systems (Part 1)
CSCA48 Course Summary.
Programming Language C++ Xulong Peng CSC415 Programming Languages.
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
1 Programming Languages and the Software Production Process Informal Cardelli’s metrics of programming languages fitness to real-time applications: Economy.
Bill J. Ellis Dependable Systems Group Heriot-Watt University (Project page: Proving Exception.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.
Design by Contract. The Goal Ensure the correctness of our software (correctness) Recover when it is not correct anyway (robustness) Correctness: Assertions.
© Bertrand Meyer and Yishai Feldman Notice Some of the material is taken from Object-Oriented Software Construction, 2nd edition, by Bertrand Meyer (Prentice.
Tutorial 2: Homework 1 and Project 1
7 - Programming 7J, K, L, M, N, O – Handling Data.
“<Fill in your definition here.>”
SWEN421 – Lecture 3 Building High Integrity Software with SPARK Ada
Planning & System installation
Why study programming languages?
Software Requirements
Types for Programs and Proofs
Learning to Program D is for Digital.
Abstract Data Types and Encapsulation Concepts
Module 30 (Unix/Linux Security Issues II)
Component Based Software Engineering
Simple Concurrent Object-Oriented Programming
Outline What does the OS protect? Authentication for operating systems
Design Goals Programs reliability and maintenance is important
DATA STRUCTURES AND OBJECT ORIENTED PROGRAMMING IN C++
Lecture 25 More Synchronized Data and Producer/Consumer Relationship
Outline What does the OS protect? Authentication for operating systems
CS510 Operating System Foundations
Levels of Software Assurance in SPARK
While Loops BIS1523 – Lecture 12.
Recursion "To understand recursion, one must first understand recursion." -Stephen Hawking.
Algorithm design and Analysis
Abstract Data Types and Encapsulation Concepts
QGen and TQL-1 Qualification
QGen and TQL Qualification
CSC 533: Programming Languages Spring 2015
ITEC 2620M Introduction to Data Structures
Improving the structure of existing code
A Robust Data Structure
Covering CWE with Programming Languages and Tools
Starting Out with Programming Logic & Design
Stacks Abstract Data Types (ADTs) Stacks
Basics of Recursion Programming with Recursion
Monitor Giving credit where it is due:
Focus of the Course Object-Oriented Software Development
Chapter8: Statement-Level Control Structures April 9, 2019
Software development process
JavaScript CS 4640 Programming Languages for Web Applications
CSE 153 Design of Operating Systems Winter 19
Assertions References: internet notes; Bertrand Meyer, Object-Oriented Software Construction; 4/25/2019.
Mistakes, Errors and Defects
Computer Science 340 Software Design & Testing
Contract-Based Programming with/without Ada 2012
CSC 533: Programming Languages Spring 2018
CSc 453 Interpreters & Interpretation
CSC 533: Programming Languages Spring 2019
JavaScript CS 4640 Programming Languages for Web Applications
Presentation transcript:

Why Switch to a Later Version of Ada? Patrick Rogers 15 November 2018

Because changing people is difficult & expensive

A Later Version of Ada One of the things you can control Productivity gains are expected to outweigh risks Gains are due to greater expressive power Doing better what we could already do somewhat Doing what we could not really do before

Ada Evolution Highlights Contracts Iterators Flexible Expressions More Containers More Real-Time Support Ada 2005 Multiple Inheritance Containers Useful Limited Types More Real-Time Ravenscar Ada 95 Efficient synchronization OOP Better Access Types Child Packages Annexes Ada 83 Abstract Data Types Modules Concurrency Generics Exceptions etc.

Contracts Example Checked at Run-Time Low-Level Requirements procedure Push (This : in out Stack; Value : in Content) with Pre => not Full (This), Post => not Empty (This) and Top (This) = Value and Extent (This) = Extent (This'Old) + 1 and Unchanged (This'Old, Within => This); … function Full (This : Stack) return Boolean; function Empty (This : Stack) return Boolean; function Top (This : Stack) return Content with Pre => not Empty (This); function Extent (This : Stack) return Content_Count; function Unchanged (Invariant_Part, Within : Stack) return Boolean; Checked at Run-Time Low-Level Requirements

Ada 202x (where x = 0) Fine-grained parallelism for multicore architectures More contracts Richer expressions New profile based on relaxed Ravenscar And several other enhancements…

Parallel Block and Loop Examples procedure Traverse (T : Expr_Ptr) is begin if T /= null and then T.all in Binary_Operation'Class then -- recurse down the binary tree parallel do Traverse (T.Left); and Traverse (T.Right); Put_Line ("Processing " & Expanded_Name (T'Tag)); end do; end if; end Traverse; Grid : array (1 .. 80, 1 .. 100) of Boolean; parallel for K in Grid'Range(1) loop Grid (K, 1) := (for all J in Grid'Range (2) => Grid (K,J) = True); end loop; Separate threads

The Jorvik Profile A new profile based on Ravenscar Not a replacement for Ravenscar! Intended for cases in which most stringent analyses not required Provides significant expressive power gain Many/most protected object idioms now allowed Predictability and efficiency retained Schedulability analysis retained Currently implemented as GNAT_Extended_Ravenscar profile On selected platforms

Jorvik Allowed PO Content Example protected body Bounded_Buffer is entry Put (Item : in Element) when Count /= Capacity is begin Values (Next_In) := Item; Next_In := (Next_In mod Capacity) + 1; Count := Count + 1; end Put; entry Get (Item : out Element) when Count > 0 is Item := Values (Next_Out); Next_Out := (Next_Out mod Capacity) + 1; Count := Count - 1; end Get; … end Bounded_Buffer; Multiple Entries per PO More Content per Barrier Multiple Queued Callers per Entry

Benefits? Don’t Believe Us MITRE Annual Average Costs for Software Maintenance, 1994 Steve Zeigler Comparing Development Costs of C and Ada, March 30, 1995 Capers Jones Letter to CrossTalk, Oct. 1998 VDC Research Controlling Costs with Software Language Costs, 2018

Language constructs common to both SPARK and Ada Ada features not in SPARK Additional SPARK contracts not in Ada Language constructs common to both SPARK also serves as a testbed for Ada 202x

What Can We Prove, Statically? Freedom from run-time errors (!!) No buffer overflow, numeric overflow, divide by zero, invalid array indexes, etc. Safe to turn off exception checks! Data and Information flow No uninitialized variables, no unused assignments, etc. Data only go where you mean them to go Functional correctness at unit level Arbitrary properties, e.g., security and safety

Proving Functional Correctness Example procedure Push (This : in out Stack; Value : in Content) with Pre => not Full (This), Post => not Empty (This) and Top (This) = Value and Extent (This) = Extent (This'Old) + 1 and Unchanged (This'Old, Within => This) , Global => null, Depends => (This =>+ Value); … function Full (This : Stack) return Boolean; function Empty (This : Stack) return Boolean; function Top (This : Stack) return Content with Pre => not Empty (This); function Extent (This : Stack) return Content_Count; function Unchanged (Invariant_Part, Within : Stack) return Boolean; Verified Statically Pass the tests the first time!

Proving Abstract Properties Example type Move_Result is (Full_Speed, Slow_Down, Keep_Going, Stop); procedure Move (Train : in Train_Id; New_Position : in Train_Position; Result : out Move_Result) with Pre => Valid_Id (Train) and Valid_Move (Trains (Train), New_Position) and At_Most_One_Train_Per_Track and Safe_Signaling, Post => At_Most_One_Train_Per_Track and Safe_Signaling; function At_Most_One_Train_Per_Track return Boolean; function Safe_Signaling return Boolean; …

SPARK Reliability Example MULTOS is an “operating system” for smartcards 100,000 lines of SPARK code Industry standard is 5 defects per 1,000 lines Thus approximately 500 defects expected Only 4 defects reported 1 year after delivery 0.04 per KSLOC Corrected under warranty (!) Ultra-high reliability achieved Page 16

SPARK Productivity Example Industry standard is 10 lines of code per day Fully documented, tested, everything In any language MULTOS project achieved 28 lines of code per day Very high levels of productivity achieved Page 17

SPARK C130J Project Results Order of magnitude code quality improvement over industry norms for DO 178B Level A software Productivity improved by a factor of 4 over previous comparable programs Development costs half of that typical for non safety-critical code Sutton, James: Cost-Effective Approaches to Satisfy Safety-critical Regulatory Requirements. Workshop Session, SIGAda 2000.

Adoption Guidelines Are Available How to go from a strong semantic coding standard to full functional correctness Based on the Thales experience Provides detailed level-specific guidance https://www.adacore.com/books/implementation-guidance-spark

Takeaway Ada continues to give more power to the programmer Use “-gnat2020” switch to play with Ada 202x SPARK takes Ada a big step further via static verification Significant productivity and reliability gains are possible The risks are worth the gains

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.