Welcome to Ada 2005

John Barnes - Author of ‘Programming in Ada 2005′

Time: 35:03 mins

Abstract:

Ada 2005 is the latest chapter in the Ada story. Ada 95 was a huge leap forward from Ada 83. However, experience has shown that Ada 95 has a number of roughish edges. Ada 2005 is not such a giant leap forward but aims rather to round off Ada 95 and so provide the community with a really smooth programming language suited for the demanding applications of the 21st century. John will explain the specific goals of the development and introduce the key new features of Ada 2005 and thus set the scene for the rest of the day.

« Back to Contents

OOP & structure control in Ada 2005

Pascal Leroy, IBM

Time: 30:19 mins

Abstract:

Ada 2005 has introduced a number of new features that aid the programming and analysis of real-time systems. These features include: the inclusion of the Ravenscar profile for safety critical real-time systems, CPU monitoring and accounting, budgeting for the execution time of groups of tasks, timing event for efficient time driven computation, and new scheduling polices. The latter policies being non-premeption, round robin, EDF (Earliest Deadline First) and combinations of these policies. This talk will review all of these features and include examples of use.

Object-oriented techniques and structure control are important in very large systems in providing flexibility and extensibility. This talk will give an overview of the numerous enhancements that have been made in this area as part of the Ada 2005 Amendment. These enhancements include topics such as: Java-like interfaces, which allow proper multiple inheritance and integrate OOP with concurrent programming; the prefixed notation, used by many other languages, which simplifies usage of complex OO architectures; type extensions in nested scopes, which make it possible to declare controlled types at any level; object factories, which make it possible to dynamically create objects of any type in a class; explicit syntax for controlling overriding, which improves the safety of OO programs; the addition of limited and private with clauses, which support mutually dependent type structures crossing package boundaries and allow finer-grain visibility control; and finally improved aggregates and function returns which make limited types more flexible and easier to use.

« Back to Contents

Programming & certifying Ada software on an ARINC 653 platform

George Romanski, Verocel Inc.

Time: 24:46 mins

Abstract:

Ada applications running in a partitioned Integrated Modular Avionics environment such as ARINC 653 constrain the programmer, but also provide greater flexibility. The Ada Tasking model may be replaced by the Process, Semaphore, Blackboard, Event and other synchronization and control mechanisms. Exception management if present, must co-exist with a Health Monitoring system. Processor-time, memory and shared resources must be robustly partitioned. This is accomplished through a configuration control mechanism. While this restricts what a programmer can do within a partition, an application may be split across several partitions, and different variants of the applications may co-exist on the same IMA platform. Multiple schedules and mode switches will then select which sets of applications should run and how transitions occur.

An IMA system needs to be configured very carefully. Platform providers, system integrators and application developers must set up a contracting model which specifies the responsibilities for and ownership of system parameters. In a safety critical system such contract models are subject to the same certification criteria as the application programs themselves. As systems evolve and applications change, the cost of system upgrade will remain high unless the components, Ada and programs in other languages, can be treated as applications in this modular system. This reduction of cost will only be accomplished if the impact of change can be isolated to the components that change.

« Back to Contents

Real time issues

Alan Burns, University of York

Time: 29:14 mins

Abstract:

Ada 2005 has introduced a number of new features that aid the programming and analysis of real-time systems. These features include: the inclusion of the Ravenscar profile for safety critical real-time systems, CPU monitoring and accounting, budgeting for the execution time of groups of tasks, timing event for efficient time driven computation, and new scheduling polices. The latter policies being non-premeption, round robin, EDF (Earliest Deadline First) and combinations of these policies. This talk will review all of these features and include examples of use.

« Back to Contents

Building safety-critical/certified applications with Ada

Rod White, MBDA

Time: 30:13 mins

Abstract:

Developing safety-critical and certified applications presents different sets of problems in different domains. This talk considers those that relate to the missile products of MBDA, typically characterized by a small platform, demanding performance and a harsh environment. It will consider issues such as the use of Ada, runtime systems, software re-use and the role of off-the-shelf elements. It will also consider the challenges for the future – Ada has been the preferred language for a considerable period, but it is becoming necessary to address the need to incorporate elements in other languages e.g. C – this introduces a new set of issues and concerns.

« Back to Contents

Demonstrating Safety-Critical properties of an automatic train protection system

Robin Messer, Westinghouse

Time: 21:52 mins

Abstract:

Describes work done in collaboration with Aerosystems International. We show how safety critical properties of an ATP have been:

• Captured from hazard analysis
• Analysed using a UML model
• Translated in to SPARK annotations
• Metrics captured on the work

« Back to Contents

Safety-Critical Software: Looking for an argument

Carl Sandom, iSys Integrity

Time: 25:35 mins

Abstract:

This presentation will provide software developers with a broad overview of what an Independent Safety Auditor (ISA), safety regulator or third-party might look for when evaluating safety-critical software. The presentation should be of interest to anyone undertaking either safety-critical software development from the beginning or the retrospective safety assessment of software which has not been developed explicitly for safety-critical use but is subsequently used within safety-critical systems.

Software safety assurance can be provided to a third party by constructing a clear and compelling safety argument which is underpinned with evidence from various diverse sources. The structure of the safety argument will determine the type and depth of the evidence that must be generated during development and/or collected in-service to support any claims made regarding the safety of the software in the context of its actual or assumed use.

The provision of safety assurance is the central topic of this presentation and a pragmatic approach to the construction of a clear and compelling software safety argument will be described in detail. The presentation is based upon a software safety assurance strategy that has been used to support system safety certification or acceptance for various real-life software development projects which the presenter has been directly involved with either as the ISA or as part of the safety assurance team.

« Back to Contents

Excutable Modelling with UML and Ada:
The X Factor

John Rowlands, BAE Systems

Time: 25:08 mins

Abstract:

Traditionally, executability is a property possessed by programming languages, but often not by design languages. For instance a simple UML design only captures the structure of a software system and provides a high level description of behaviour, enabling ease of navigation for maintenance. However, in order to improve the productivity of the software process, a rich model is needed that allows animation and code generation. Animation allows the design to be tested prior to committing to code or deploying to a particular platform. Full code generation allows the software to be maintained at the design level, lifting the level of abstraction at which the developer interacts with the design. However, if we are to maintain our software at the model level, we need to have access to all the features we have come to take for granted with traditional programming languages, such as ease of static checking, debugging and testing.

In order to enrich a UML model for executability and code generation, an action language is needed. This language needs to understand the architectural concepts inherent in UML and add a detailed definition of the behaviour of the software. In the Ada community we are used to the idea that the programming language inherently provides support for finding errors early, such as strong typing, declaration before use and ease of static analysis. The ideal action language should allow the software engineer to work at the UML level of abstraction whilst providing similar static checking facilities.

The presentation will address the question of how such an action language could be constructed, the features that it should exhibit and the way in which it could be defined.

« Back to Contents

Mixed Criticality

Peter Amey, Praxis High Integrity Systems

Time: 25:55 mins

Abstract:

High integrity applications, such as those performing safety or security critical functions, are usually built to conform to standards such RTCA DO-178B or UK Def Stan 00-55. Typically such standards define ascending levels of criticality each of which requires a different and increasingly onerous level of verification. It is very common to find that real systems contain code of multiple criticality levels. For example, a critical control system may generate a non-critical usage log. Unless segregation can be demonstrated to a very high degree of confidence, there is usually no alternative to verifying all the software components to the standard required by the most critical element, leading to an increase in overall cost. The presentation describes the novel use of static analysis to provide a robust segregation of differing criticality levels, thus allowing appropriate verification techniques to be applied at the subprogram level. We call this fine-grained matching of verification level to subprogram criticality smart certification.

« Back to Contents

Ada 2005 & high integrity systems

Robert Dewar, AdaCore

Time: 35:35 mins

Abstract:

Ada has been, and continues to be, succesful for Safety-Critical applications. This talk covers the foundations of the Ada language and its evolution being based on good programming practice and smooth integration of new features rather than specific technical capabilities. Among these Readability, the Package Structure, the Strong Typing system, Compile Time Checking, and Run Time Exceptions all help to ensure that Ada continues to be used widely in Safety-Critical applications. The presentation concludes by emphasizing the importance of the Ada “culture” instilled in programmers.

« Back to Contents