Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why Switch to a Later Version of Ada?

Published bySusanti Sugiarto Modified over 5 years ago

Similar presentations

Presentation on theme: "Why Switch to a Later Version of Ada?"— Presentation transcript:

1

2 Why Switch to a Later Version of Ada?
Patrick Rogers 15 November 2018

3 Because changing people is difficult & expensive

4 A Later Version of Ada One of the things you can control
Productivity gains are expected to outweigh risks Gains are due to greater expressive power Doing better what we could already do somewhat Doing what we could not really do before

5 Ada Evolution Highlights
Contracts Iterators Flexible Expressions More Containers More Real-Time Support Ada 2005 Multiple Inheritance Containers Useful Limited Types More Real-Time Ravenscar Ada 95 Efficient synchronization OOP Better Access Types Child Packages Annexes Ada 83 Abstract Data Types Modules Concurrency Generics Exceptions etc.

6 Contracts Example Checked at Run-Time Low-Level Requirements
procedure Push (This : in out Stack; Value : in Content) with Pre => not Full (This), Post => not Empty (This) and Top (This) = Value and Extent (This) = Extent (This'Old) + 1 and Unchanged (This'Old, Within => This); function Full (This : Stack) return Boolean; function Empty (This : Stack) return Boolean; function Top (This : Stack) return Content with Pre => not Empty (This); function Extent (This : Stack) return Content_Count; function Unchanged (Invariant_Part, Within : Stack) return Boolean; Checked at Run-Time Low-Level Requirements

7 Ada 202x (where x = 0) Fine-grained parallelism for multicore architectures More contracts Richer expressions New profile based on relaxed Ravenscar And several other enhancements…

8 Parallel Block and Loop Examples
procedure Traverse (T : Expr_Ptr) is begin if T /= null and then T.all in Binary_Operation'Class then -- recurse down the binary tree parallel do Traverse (T.Left); and Traverse (T.Right); Put_Line ("Processing " & Expanded_Name (T'Tag)); end do; end if; end Traverse; Grid : array ( , ) of Boolean; parallel for K in Grid'Range(1) loop Grid (K, 1) := (for all J in Grid'Range (2) => Grid (K,J) = True); end loop; Separate threads

9 The Jorvik Profile A new profile based on Ravenscar
Not a replacement for Ravenscar! Intended for cases in which most stringent analyses not required Provides significant expressive power gain Many/most protected object idioms now allowed Predictability and efficiency retained Schedulability analysis retained Currently implemented as GNAT_Extended_Ravenscar profile On selected platforms

10 Jorvik Allowed PO Content Example
protected body Bounded_Buffer is entry Put (Item : in Element) when Count /= Capacity is begin Values (Next_In) := Item; Next_In := (Next_In mod Capacity) + 1; Count := Count + 1; end Put; entry Get (Item : out Element) when Count > 0 is Item := Values (Next_Out); Next_Out := (Next_Out mod Capacity) + 1; Count := Count - 1; end Get; end Bounded_Buffer; Multiple Entries per PO More Content per Barrier Multiple Queued Callers per Entry

11 Benefits? Don’t Believe Us
MITRE Annual Average Costs for Software Maintenance, 1994 Steve Zeigler Comparing Development Costs of C and Ada, March 30, 1995 Capers Jones Letter to CrossTalk, Oct. 1998 VDC Research Controlling Costs with Software Language Costs, 2018

12 Language constructs common to both
SPARK and Ada Ada features not in SPARK Additional SPARK contracts not in Ada Language constructs common to both SPARK also serves as a testbed for Ada 202x

13 What Can We Prove, Statically?
Freedom from run-time errors (!!) No buffer overflow, numeric overflow, divide by zero, invalid array indexes, etc. Safe to turn off exception checks! Data and Information flow No uninitialized variables, no unused assignments, etc. Data only go where you mean them to go Functional correctness at unit level Arbitrary properties, e.g., security and safety

14 Proving Functional Correctness Example
procedure Push (This : in out Stack; Value : in Content) with Pre => not Full (This), Post => not Empty (This) and Top (This) = Value and Extent (This) = Extent (This'Old) + 1 and Unchanged (This'Old, Within => This) , Global => null, Depends => (This =>+ Value); function Full (This : Stack) return Boolean; function Empty (This : Stack) return Boolean; function Top (This : Stack) return Content with Pre => not Empty (This); function Extent (This : Stack) return Content_Count; function Unchanged (Invariant_Part, Within : Stack) return Boolean; Verified Statically Pass the tests the first time!

15 Proving Abstract Properties Example
type Move_Result is (Full_Speed, Slow_Down, Keep_Going, Stop); procedure Move (Train : in Train_Id; New_Position : in Train_Position; Result : out Move_Result) with Pre => Valid_Id (Train) and Valid_Move (Trains (Train), New_Position) and At_Most_One_Train_Per_Track and Safe_Signaling, Post => At_Most_One_Train_Per_Track and Safe_Signaling; function At_Most_One_Train_Per_Track return Boolean; function Safe_Signaling return Boolean;

16 SPARK Reliability Example
MULTOS is an “operating system” for smartcards 100,000 lines of SPARK code Industry standard is 5 defects per 1,000 lines Thus approximately 500 defects expected Only 4 defects reported 1 year after delivery 0.04 per KSLOC Corrected under warranty (!) Ultra-high reliability achieved Page 16

17 SPARK Productivity Example
Industry standard is 10 lines of code per day Fully documented, tested, everything In any language MULTOS project achieved 28 lines of code per day Very high levels of productivity achieved Page 17

18 SPARK C130J Project Results
Order of magnitude code quality improvement over industry norms for DO 178B Level A software Productivity improved by a factor of 4 over previous comparable programs Development costs half of that typical for non safety-critical code Sutton, James: Cost-Effective Approaches to Satisfy Safety-critical Regulatory Requirements. Workshop Session, SIGAda 2000.

19 Adoption Guidelines Are Available
How to go from a strong semantic coding standard to full functional correctness Based on the Thales experience Provides detailed level-specific guidance

20 Takeaway Ada continues to give more power to the programmer
Use “-gnat2020” switch to play with Ada 202x SPARK takes Ada a big step further via static verification Significant productivity and reliability gains are possible The risks are worth the gains

21 Questions?

22

Download ppt "Why Switch to a Later Version of Ada?"

Similar presentations

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Programming Languages and Paradigms

Programming Languages and Paradigms
Concurrency Important and difficult (Ada slides copied from Ed Schonberg)

Concurrency Important and difficult (Ada slides copied from Ed Schonberg)
Copyright © 2001 Praxis Critical Systems Limited  New and Exciting Things in the World of SPARK Roderick Chapman Praxis Critical Systems.

Copyright © 2001 Praxis Critical Systems Limited  New and Exciting Things in the World of SPARK Roderick Chapman Praxis Critical Systems.
Concurrency in Ada What concurrency is all about Relation to operating systems Language facilities vs library packages POSIX threads Ada concurrency Real.

Concurrency in Ada What concurrency is all about Relation to operating systems Language facilities vs library packages POSIX threads Ada concurrency Real.
Exceptions David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 The Role of Exceptions Definition: a method succeeds if it terminates in.

Exceptions David Rabinowitz. March 3rd, 2004 Object Oriented Design Course 2 The Role of Exceptions Definition: a method succeeds if it terminates in.
(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.

(c) 2007 Mauro Pezzè & Michal Young Ch 1, slide 1 Software Test and Analysis in a Nutshell.
Testing an individual module

Testing an individual module
Language Evaluation Criteria

Language Evaluation Criteria
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.

University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Managing the development and purchase of information systems (Part 1)

Managing the development and purchase of information systems (Part 1)
CSCA48 Course Summary.

CSCA48 Course Summary.
Programming Language C++ Xulong Peng CSC415 Programming Languages.

Programming Language C++ Xulong Peng CSC415 Programming Languages.
Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.

Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.
1 Programming Languages and the Software Production Process Informal Cardelli’s metrics of programming languages fitness to real-time applications: Economy.

1 Programming Languages and the Software Production Process Informal Cardelli’s metrics of programming languages fitness to real-time applications: Economy.
Bill J. Ellis Dependable Systems Group Heriot-Watt University (Project page: Proving Exception.

Bill J. Ellis Dependable Systems Group Heriot-Watt University (Project page: Proving Exception.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.

ANU COMP2110 Software Design in 2003 Lecture 10Slide 1 COMP2110 Software Design in 2004 Lecture 12 Documenting Detailed Design How to write down detailed.
1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.

1 Assertions. 2 A boolean expression or predicate that evaluates to true or false in every state In a program they express constraints on the state that.
/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.

/ PSWLAB Evidence-Based Analysis and Inferring Preconditions for Bug Detection By D. Brand, M. Buss, V. C. Sreedhar published in ICSM 2007.

Similar presentations

Ads by Google