Embed Size (px)
Citation preview
Although ADA started as a pro~a~ng language for defence work, it can also be used in commercial work
Abstract: ADA and its related APSE (ADA
Programming Support Enviroment) offer hope of control over the ptobkms of dkvebing and maintaining kaqe software systems. This article discusses some of these probtems and why ADA w*ll help in their sohion.
&&ywor&: ADA, APSE, software e?lgineeTi?lg.
John Bames is a director of the Abingdol Technical Centre of SPL International ant project director at Ada Group Limited.
I’ Using ADA for compilers operating
and systems
by JOHN BARNES
e all know that programming W is a problem. It seems so simple to the novice working
alone on a personal computer, but unfortunately this simplicity does not extrapolate to the large program in- volving many programmers. The problems of ~de~t~~g the speci- fication, designing the solution, con- trolling the programming, testing the product and the final drudge and difficulty of eternal maintenance are all too familiar to the professional. Indeed it sometimes seems a miracle that programs ever work at all; the whole business appears on the very boundary of the capability of the human mind.
The difficulty is complexity and the solution is organization to control and hide it. Fashionable phrases currently in use are the ‘software life cycle’ and ‘software engineering’. By analogy with other forms of engineering it seems that two things are needed - a disciplined way of working (organiza- tion) and reusable components (hid- ing the detail).
ADA
The ADA language, which originated from the US Department of Defense’s need for a standard language for embedded systems, contains features which, as we shall see, are particularly suited to the production of reusable
software components. The develop- ment of ADA coincided with aware- ness of the life cycle problems and the need for a disciplined way of working and resulted in the concept of an APSE (ADA Prolog Support Environment) that would provide the required organization and control. Thus, the ADA language and a suit- able APSE together offer a potential solution to the software managers problem. The final development of an APSE is a complex story and in this article we will concentrate on the ADA
language itself.
Advantages of ADA
ADA’S notable advantages fall into four main groups:
* better control of errors l better control of visibility l wider portability * facilities for reusable components
Errors
ADA enables many common pro- gramming errors to be detected at an early stage in the development pro- cess. Moreover, they are detected in an organized way and not by uncon- trolled processes such as groping about in dumps. This saves time and effort.
ADA has inherited the ideas of strong typing from PASCAL. This means that a programmer can express
22 ~11~84~84/~22~~3.~ @ 1984 Butterworth 81 Co (Publishers) Ltd. data processing
concepts in a more precise way and the compiler can then detect muddled thinking. Thus, an enumeration type declaration:
type COLOUR is (RED, AMBER, GREEN);
enables us to declare a variable
C : COLOUR;
which can only take the values RED, AMBER and GREEN. If we also declare an integer I and then mista- kenly attempt to mix colours and integers by for example the assign- ment
I : = c;
then the compiler will mark this as an error and the program cannot be executed. In older Ianguages this faci- lity was not available and colours would have to be treated as integers. Any accidental mixing would not be detected during compilation since the dist~ction woul only be in the mind of the programmer and not in the text of the program; the program would then run but do silly things and the detection of the error would be made more difficult because it had moved to a Iater and less manageable part of the development process.
The above example is very simple and has been used merely to illustrate the point. However, the advantage of strong typing (the separation of cfasses of objects into abstract types) is well known by the PASCAL user. In ADA, the ideas have been extended and sharpened. As a consequence, the discipline imposed means that the achievement of a clean compilation is a major step. Most errors will by then have been found, the program wilI execute respectably and only minor errors of detail will usually remain.
Of course not all logical errors can be found by the static compilation process. Those which arise as a con- sequence of a dynamic computation (such as the generation of an out-of- bound array subscript) can only be found during execution. Such errors are trapped by the ADA system and
~0126 no 6 july/august 1984
cause the raising of an exception. An exception is an event that says
something has gone wrong. There are various predefined exceptions and the programmer can declare his/her own. A program can look out for exceptions by name and take appropriate re- covery actions. This enables a pro- gram to be partitioned in such a way that errors in one part can be con- tained so that they do not interfere with the correct running of another part. This is obviously of major importance in many applications such as process control, where continuous running is the goal and stray errors in some esoteric optimization routine must not be allowed to interfere with the basic control process. The excep- tion mechanism thus formalizes and makes more manageable the detecting of dynamic errors.
Visibility
A major difficulty with progra~~g is that detail often pervades unneces- sarily from one part of a program to another. This causes disasters since the use of detail is often not well documented. Thus, if it becomes necessary to change the detail of some data structure in one part of a pro- gram, there may be unexpected ef- fects on some other part because a ‘clever’ programmer took advantage of his/her knowledge of the detail. What we need, of course, are mecha- nisms to prevent detail from becom- ing unnecessarily visible so that infor- mation is only available on a need-to- know basis. ADA provides two such mechanisms, the package and the private type.
ADA package
The ADA package is what ADA is all about. A package is a group of soft- ware entities, typically procedures and functions but often variables and constants as well.
A package is in two parts, the specification which gives its interface to other parts of the program, and the
body which gives the ~plemeRtation detail. As a trival academic example consider:
package STACK is procedure PUSH (X : INTE- GER); function POP return INTEGER;
end STACK;
which is the specification of a package called STACK. It indicates that the package contains a procedure PUSH which takes an INTEGER parameter and a parameterless function POP which, when called, returns an INTEGER result.
Thus, the specification gives all the information needed to call PUSH and POP successfully and thereby mani- pulate the stack, but it says absolutely nothing about how the stack is im- plemented. That detail is hidden in the body which might be as follows:
package body STACK. is MAX : constant : = 100; S : array (1 .-MAX) of INTE- GER; TOP : INTEGER range 0.. MAX: = 0;
procedure PUSH (X : INTEGER) is begin
TOP:=TOP+l; S (TOP) : = X;
end PUSH;
function POP return INTEGER is begin
TOP: =TOP-I; return S (TOP + 1);
end STACK;
The package body, thus, encapsulates the detail and prevents it from being used outside the package. We then know that we can change the details in the body without having to change other parts of the program. (This
example is a bit too simple; the user perhaps should know the maximum size of the stack and what happens if he/she attempts to exceed it. This could be made available.)
In practice the package is very successful. The specification gives a crisp definition of the interface which,
23
ah.h~Ugh not ~bm~g the dynd aspects, neve~thekss, simply and pre- cisely states the static aspects. It enables system interfaces to be writ- ten down at an early stage in a project in their final form and to be checked by a compiler. This gives manage- ment positive early milestones which can be monitored. The writing of the bodies can then be done by different programmers. Of course the very di@icuh question of the precise speci- Geation of tire run-time shalom is a research topic which ADA does not tackle; nevertheless ADA controls the static aspects very well.
Al3A @‘hate tjrpe
me other ~A~~t~~w~e~~~~tr~~S ~~~~~isthe~-~~privatetype.
This enables a data type to be de- &red but keeps its inner structure bidden from the user. Such a type is declared in a package specification as private and the details are then given in the so-called private part. Thus, we might have a type DATE:
package P is .ff type DATE is private; 1..
private - from here is the private part
- the contents are not visible outside
type DATE is record DAY : INTEGER range I,. 31; MONTH : INTEGFR range L.12; PEAR : INTEGER; end record; end P;
The point is that all external access tu objects of the type DATE have to be via procedures declared in the package and direct access to the fields of the record is forbidden. This means that the layout can be ahered or extended later and we know that nothing outside the package will de- pend on the detail. Again the ~i~b~ty
of the fine detail is eontrolkzd.
If we want truly reusable software then it has to be portable from one ~plem~tation to another. Ali high level languages achieve this to some extent; ADA m&es further advances by increasing the bresdth of aspects addressed, Exam&s of this are in the areas of m~titas~g (or parallel pro- cessing), ~~~c~ precision and in- put-output. ADA is the first practical language to
include multitasking in the language itself. Multitasking is vital for resi- time embedded applications and pre- vious languages have typically relied on a procedural interface to the un- derlying operating system. This of course varies from machine to ma- chine and so these aspects of pro- grams have not been portable. By includiug tasking in the language in a unique (albeit perhaps controversial) way, ADA, theiX?fOre, increaSeS the
portability of programs in the import- m-t high growth embedded system ares.
The scienti& and engineering area has Iong been a FORTRAN stronghold. Although many small applications have recently dispersed onto personal machines with languages such as BASIC, FORTH and PASCAL, the big science communitys nuclear physics and so on, with its imatiabk appetite for number crunching, remains faith fuf to FORTRAN. Two key reasons are the high quality optimized code pro- duced by very mature FORTRAN com- pilers and a huge investment in nu- merical libraries. However, ADA is potentially far better than FORTRAN for numerical applications for all the usual software engineering reasons. Moreover, it addresses numerid pre- cision from the user’s point of view and not from the machine’s point of view (which FORTRAN does) and, thereby, enables programs to be writ- ten in a more portable manner. How- ever, ADA wiil not displace FORTS
q~~~~ high quality ADA compiiers and scient%c fibraries in ADA me a prerequisite. Much education is also needed. Furthermore, FORTRAN keeps evolving and gathering some modem facilities, though there is a Iimit to how much the old framework wih bear and it could be that the present FOWRAN 88 proposals con- tain the seeds of their own destruction.
Input~~~ut is worth mentioning. It is a problem area because a difficult compromise between shorty and ffe~b~~ is required. Languages which include input-output such as FORTRAN and PASCAL become inflex- ible for many applications. Languages which ignore the whole topic, ALGOL 60 was the classic example, run the risk of con&zing He facto stsndards which destroy ~~ab~~ in this area. ADA comprises by not including in- put-output intrinsicshy in the hin- guage itself, but rather by providing a set of predefined standard packages- These packages can be used for most applications, thereby, atta~g port- ability, but need not be used for special ap~Ii~~ons where they are ~ppropr~re. The p~os~phy is a good one but the present set of standard packages needs some im- provement and extension.
Another and very important aspect of portability is the determination of the US DoD that ADA compilers should implement standard ADA and not subsets or supersets. (Supersets are a trick of vendors to woo unwary users to becoming trapped onto the vendor range of hardware,) The DOD has two weapons. First, the name ADA is trademarked in most countries and second, a validation suite is being developed so that compilers can be rigorously tested. This suite is impor- tant and it is notable that it is now in use web before the ava~ab~ty of many compilers. This should prevent accidential ~s~te~retati~~ of the ADA standard and consequent diver- sity of implementation. At the time of writing, the suite does not fully em-
The database is held in each coun- try on a central computer, and up- dated weekly. If the specialist can find no mention of a problem in the system, it is possible to use Sperry’s network (Units) to search the data- bases held in the other IS support and development centres worldwide. All of these centres are in various stages of development. The UK SSC is one of the most advanced, although origi- nal developments started at the Rose- ville, MN centre as far back as 1972.
Hardware problems
When a user with a hardware fault calls in, the specialist sends a message to the local engineering office. The local terminal will ‘beep’ until the message is acknowledged. It is then up to the local office to get an engineer out to the site.
A step forward from immediate response to ma~ten~ce calls would
be to carry out maintenance before a fault occurs. Sperry’s 1100140 and System 80 users have now been brought online to a prognostic trace service, run from the support centre. Sperry can access a m~tenance pro- cessor attached to the user’s system, and collect a summary of that week’s hardware faults. If a board looks like it is about to fail completely, the local engineer can replace it next time he is at the site. This obviously presents security problems if Sperry can get into a user’s computer system remote- ly, but the organization of permissions has been worked out sufficiently to satisfy even defence establishments, says Sperry.
The reasoning behind the move toward excellence in maintenance ser- vice is the need to survive in a market increasingly dominated by IBM, says manager of special programmes, Gareth Geis. He sees the ‘acceptable’ cost of hardware m~nten~ce contin-
uing to fall, until it reaches zero. So suppliers must work to get their maintenance costs down. For ex- ample, travelling time represents be- tween 10% and 15% of total costs. So if the engineer can go out to a customer site prepared with the right parts to fix a fault, costs can be cut.
By feeding maintenance informa- tion back to product development, systems can be improved, thereby reducing the risk of failure.
Even when there will still be bugs in software, the ability to access easily the work other people have done on fixing them will save time and money that might have been expended doing the work again.
Sperry does not see the work it has done as complete. It hopes to extend these sorts of service to customers using all its systems, and is open to suggestions on how the service might be further improved to suit its users.
0
Using ADA for compilers and operating systems ~~~~~~~ from pcage 24 brace all aspects of ADA. Neverthe- less, it is a searching test and the number of compilers which have passed is small. In the long term, the rigour is welcome but there are those who who fear that it is delaying confidence in the language.
Reusable components
A long-term goal is the development of a professional software components industry which embraces more than the libraries we have today. It will not happen quickly but prerequisites which ADA provides are parameteriza- tion and control of interfaces.
Software is rarely reusable without alteration. The idea of procedure parameters is thirty years old and provided the basis for the satisfactory development of numerical libraries in the sixties. ADA also includes a mechanism, known as generics, which enables parameterization to occur on a broader scale with continu-
ing guarantee of correctness. In essence, this gives us modifiable soft- ware in an organized manner.
The control of interfaces is pro- vided through the package specifica- tion mechanism described above. The separate comp~ation facilities of ADA
are such that it is impossible to put together a program that has inconsis- tent parts, in the sense that any unit using a package and the package itself always relate to the same version of the interface. This is implemented by various relations known as dependen- cies between the separately compiled ADA units held in the so-called ADA
program library for that total pro- gram.
The above discussion leads into the concept of an APSE. Ideally, the program library is implemented using a database and all the tools for con- figuration control, etc., can then act on that database. The development of APSES is progressing very slowly. This is partly because what is needed is not agreed and because of changes in methods of working from centra-
lized to distributed systems. Four APSE designs are being deve-
loped. Two are emerging as simple prototypes - the US Army ALS system and the EEC PAPS system - whereas the two more sophisticated ones - the USAF AIE system and the UK M-Chapse system - are currently still only designs.
Conclusion
In conclusion, ADA is an important advance because it offers a welcome opportunity for bringing organization into the software development pro- cess. It has been an ANSI standard for just over a year but production compilers are not yet widely available. Over the next year or so this position will change and the penetration of ADA could then be quite rapid. q
The Ada Group Limited, F’restcoid Building, Station Road, Theale, Reading RG7 4AF, UK. Tel: (0734) 303485.
~0126 no 6 julyfaugust 1984 29
