Presentation is loading. Please wait.

Presentation is loading. Please wait.

Slide: 1 Copyright © 2008 AdaCore Leuven Feb 23, 2010 Robert B K Dewar President AdaCore What’s New in the World of Ada.

Similar presentations


Presentation on theme: "Slide: 1 Copyright © 2008 AdaCore Leuven Feb 23, 2010 Robert B K Dewar President AdaCore What’s New in the World of Ada."— Presentation transcript:

1 Slide: 1 Copyright © 2008 AdaCore Leuven Feb 23, 2010 Robert B K Dewar President AdaCore What’s New in the World of Ada

2 Slide: 2 Copyright © 2008 AdaCore First of All, What’s Old in the World of Ada A Short History Ada was created in response to a perception that there were too many programming languages around, and none of them really met the requirements for building large scale critical software. A set of requirements (Woodman.. Tinman.. Ironman.. Steelman) was developed. A language design competition was ultimately won by a French group at Honeywell, under the direction of Jean Ichbiah. Originally called green, the language was christened Ada (a woman’s name, so please don’t think it is an acronym and spell it ADA!)

3 Slide: 3 Copyright © 2008 AdaCore Ada 83, the First ISO Standard Ada 83 was standardized in 1983 by ANSI and in 1987 by ISO. Note that technically there is only one standard valid, the current one, and it is called just Ada, but we informally prefix a year to keep the versions separate. The US DoD established a formal validation procedure for Ada compilers (the ACVC suite), and the first validated compilers appeared in 1983 within months of the standard being released (the first one was at NYU). Note: The ACVC suite has now been transformed into an ISO-standardized validation procedure, and renamed as ACATS. Ada is the only language with an ISO standard for compiler validation.

4 Slide: 4 Copyright © 2008 AdaCore Ada 83, A Quick Overview The package concept, separation of specificaiton and implementation. The idea, build a spec of a package, then clients can use it right away. Derived types, time and distance would be separate types, so it is wrong at compile time to write T := D; Ranges for numeric types, a la Pascal (see next slide!) Generics, support for generic units parametrized by types. Well separated types, Character /= Boolean /= Integer. Proper enumeration types Run-time exceptions Tasking (first class high level multi-threading) Designed for readability and maintainability over ease of writing initial code.

5 Slide: 5 Copyright © 2008 AdaCore User-defined ranges for numeric types, a C Side-Bar Vista has about 50 million lines of C Microsoft is busy adding static assertions to this code –Static assertions = in practice range declarations for integer variables They have added half a million such assertions –As of a year ago –Half added by a sophisticated static analysis tool –Half added by hand These assertions have helped uncover potential bugs –About 100,000 potential buffer over-runs The two most common areas of problems in C –Buffer overruns –Overflow problems

6 Slide: 6 Copyright © 2008 AdaCore Ada 95, The First Major Update Object oriented features (type extension, dynamic dispatching). Ada 95 was the first standardized OO language. Child packages, allow introducing a hierarchy into the package structure of large programs. Protected types (a simpler task communication method) Standard libraries much extended and standardized Pragma Assert (copied from GNAT) Ravenscar Profile (simplified tasking.. Safety critical) Streams and Stream_IO

7 Slide: 7 Copyright © 2008 AdaCore Ada 2005 Interfaces (think Java) Synchronized interfaces Full internationalization (full Unicode support) Container packages (think STL) Circular dependencies in packages (limited with) Object.operation notation Unchecked_Union Pragma Unsuppress (copied from GNAT)

8 Slide: 8 Copyright © 2008 AdaCore WG9 directive: new ISO standard in 2012 Scope of amendment is limited: –A few critical additions to the language –Constructs to address multicore hardware –Numerous fixes to the RM The usual constraints: expressiveness, simplicity of description, implementability (pick any two)

9 Slide: 9 Copyright © 2008 AdaCore Major topics of Amendment Program correctness Enhanced container library Expressiveness : functions and expressions Visibility Concurrency and real-time programming Syntactic frills

10 Slide: 10 Copyright © 2008 AdaCore Program correctness Pre- and Postconditions: function Pop (S : in out Stack) return Elem with Pre => not Is_Empty (S) Post => not Is_Full (S); Type invariants: type Elem is tagged private with invariant => Is_Valid (Elem) invariant’class => Contents (Elem) /= 0; … function Is_Valid (T : Elem) return Boolean; Uniform notation : aspect specifications

11 Slide: 11 Copyright © 2008 AdaCore Container library Bounded containers –Fixed capacity, stack-allocated, controlled only if element is. –Vectors, hashed sets, hashed maps. Holder containers –Singleton structure for unconstrained values Synchronized queues –Amenable to lock-free implementation Multiway trees –Vector of descendant nodes, links every which way

12 Slide: 12 Copyright © 2008 AdaCore Expressiveness In-out parameters for functions checks on order-dependence to prevent unwanted side- effects Conditional expressions: X := (if Cond then X+1 else X * 2); Case Expressions: procedure Mangle (X : in out Integer) with Pre => (case X mod 3 is when 0 => pred1 (X), when 1 => pred2 (X), when 2 => pred3 (X) );

13 Slide: 13 Copyright © 2008 AdaCore Expressiveness (2) Iterators over containers User-defined iterators, through new interface types: for cursor in Iterate (My_Container) loop My_Container (Cursor) := My_Container (Cursor) + 1; end loop; Default iterator with no intervening cursor: for Element of My_Container loop Element := Element + 1; end loop;  Quantified expressions: ( for all J in A’First.. A (Inx’Pred (A’Last)) : A (J) <= A (Indx’succ (J)) A postcondition on a sorting routine

14 Slide: 14 Copyright © 2008 AdaCore Expressiveness (3) Extended membership operations: –Allow enumeration of values, to represent disjoint subsets: type Color is (Red, Green, Blue,Cyan,Magenta, Yellow, Black); Hue : Color;... If (Hue in Red | Blue | Magenta.. Black) then  Can use arbitrary types: if Name in (“Entry” | “Exit” | Translate (“Urgence”) |then

15 Slide: 15 Copyright © 2008 AdaCore Visibility Use all type Gives use-visibility to primitive operations and literals Integrated packages So an inner instance is merged with enclosing unit Incomplete types can be completed with partial views Types declared in three steps Untagged incomplete types can be used in formals and return  as long as full view available at point of call

16 Slide: 16 Copyright © 2008 AdaCore Concurrency and real-time Affinities Map task to processor or group of processors Ravenscar for multiprocessors Restriction on affinities and task migration Barriers  Better parallelism than can be obtained with protected objects

17 Slide: 17 Copyright © 2008 AdaCore Who is AdaCore Engineering organization –Two separate independent companies 100% FLOSS (Freely Licensed Open Source Software) 100% COTS (Commercial-Off-The-Shelf products) Worldwide presence

18 Slide: 18 Copyright © 2008 AdaCore What do we do Development tools for critical software –mission-critical (Air Traffic Management, simulation,...) –safety-critical (A350, 787, trains, missiles,...) –security-critical (NSA Tokeneer,...) Code generation experts –compilers, debuggers, emulators, builders, IDEs, coverage, stack analysis, formal methods, static analysis,... –model compilers (involved in Gene-Auto) 100% Free Software company

19 Slide: 19 Copyright © 2008 AdaCore Some customer projects

20 Slide: 20 Copyright © 2008 AdaCore CodePeer Automatic code review and robustness validation

21 Slide: 21 Copyright © 2008 AdaCore Peer Review Best practice in Extreme and Agile programming Improve code quality Reduce errors But… Requires initial effort to setup infrastructure Needs to sustain project pressure Often bypassed

22 Slide: 22 Copyright © 2008 AdaCore Alleviating Peer Review Process Certain categories of verifications Can be automated Are better handled by tools CodePeer provides: Static analysis Symbolic program interpretation Incremental & modular analysis

23 Slide: 23 Copyright © 2008 AdaCore CodePeer in Action Static run-time errors detection Test vectors generation Pre/post conditions generation Analysis results consolidation CodePeer compile-time analysis local analysis Day-to-day development global change impact analysis Software maintenance global analysis test vectors leverage Project quality assurance

24 Slide: 24 Copyright © 2008 AdaCore CodePeer Area of Action Race conditions Dead code Programming Errors out-of-bound indexing numeric overflow division by zero incorrect invariant Ada Run-Time Checks Assert statements if … then … raise … control flow User Checks

25 Slide: 25 Copyright © 2008 AdaCore Structural Coverage Analysis

26 Slide: 26 Copyright © 2008 AdaCore Xcov Features – Availability Depends on the Platform Coverage Levels Object: –Instruction –Object branch Source –Statement –Decision –Modified Condition/Decision Aggregated Coverage Capitalization: multiple executions Consolidation: different executables exercising the same function Tool Qualification For use in DO-178B Level A certification activities

27 Slide: 27 Copyright © 2008 AdaCore Xcov Timeline and Roadmap Instruction Coverage - June 2009 Q Statement Coverage Branch & Decision Coverage - Q Instruction & Branch Coverage - June 2009 October Statement Coverage Decision & MC/DC Coverage - December 2010 Q First Official Release

28 Slide: 28 Copyright © 2008 AdaCore Structural Coverage Analysis Metrics: Statement Coverage function P (A, B, C : Boolean) return Boolean is begin if ( A and then B ) or else C then return True; end if; end P; Statements ABCif statement ??TT At least 1 test per Conditional Expression

29 Slide: 29 Copyright © 2008 AdaCore Structural Coverage Analysis Metrics: Decision Coverage function P (A, B, C : Boolean) return Boolean is begin if ( A and then B ) or else C then return True; end if; end P; ABCif statement ??TT ?FFF At least 2 tests per Conditional Expression Decision

30 Slide: 30 Copyright © 2008 AdaCore Structural Coverage Analysis Metrics: MCDC function P (A, B, C : Boolean) return Boolean is begin if ( A and then B ) or else C then return True; end if; end P; ABCif statement TT?T F?TT TFFF ABC TTFT FTFF FTTT TFFF Decision Conditions Condition Coverage At least n+1 tests n = number of conditions A B C

31 Slide: 31 Copyright © 2008 AdaCore Branch Coverage vs. Decision Coverage function P (A, B, C : Boolean) return Boolean is begin if A and then B then return True; end if; end P; ABif statement TTT F?F Decision

32 Slide: 32 Copyright © 2008 AdaCore Decision Coverage: Result in Xcov

33 Slide: 33 Copyright © 2008 AdaCore Branch Coverage vs. Decision Coverage function P (A, B, C : Boolean) return Boolean is begin if A and then B then return True; end if; end P; ABif statement TTT TFF FTF if A and then B then : fffc0134 +: 88 1f lbz r0,0x0008(r31) fffc0138 +: e clrlwi r0,r0,24 fffc013c +: 2f cmpiw cr7,r0,0x0000 : fffc0140 v: 41 9e beq- cr7,0xfffc0160 fffc0144 +: 88 1f lbz r0,0x0009(r31) fffc0148 +: e clrlwi r0,r0,24 fffc014c +: 2f cmpiw cr7,r0,0x0000 : fffc0150 +: 41 9e beq- cr7,0xfffc0160 return True; : fffc0154 +: li r0,0x0001 fffc0158 +: 90 1f 00 0c stw r0,0x000c(r31) : fffc015c +: c b 0xfffc0168 end if; return False; : T T

34 Slide: 34 Copyright © 2008 AdaCore Branch Coverage vs. Decision Coverage function P (A, B, C : Boolean) return Boolean is begin if A and then B then return True; end if; end P; ABif statement TTT TFF FTF if A and then B then : fffc0134 +: 88 1f lbz r0,0x0008(r31) fffc0138 +: e clrlwi r0,r0,24 fffc013c +: 2f cmpiw cr7,r0,0x0000 : fffc0140 v: 41 9e beq- cr7,0xfffc0160 fffc0144 +: 88 1f lbz r0,0x0009(r31) fffc0148 +: e clrlwi r0,r0,24 fffc014c +: 2f cmpiw cr7,r0,0x0000 : fffc0150 +: 41 9e beq- cr7,0xfffc0160 return True; : fffc0154 +: li r0,0x0001 fffc0158 +: 90 1f 00 0c stw r0,0x000c(r31) : fffc015c +: c b 0xfffc0168 end if; return False; : T TF

35 Slide: 35 Copyright © 2008 AdaCore Branch Coverage: Result in Xcov

36 Slide: 36 Copyright © 2008 AdaCore Branch Coverage: Result in Xcov

37 Slide: 37 Copyright © 2008 AdaCore Branch Coverage vs. Decision Coverage: Full Branch Cov function P (A, B, C : Boolean) return Boolean is begin if A and then B then return True; end if; end P; ABif statement TTT TFF FTF if A and then B then : fffc0134 +: 88 1f lbz r0,0x0008(r31) fffc0138 +: e clrlwi r0,r0,24 fffc013c +: 2f cmpiw cr7,r0,0x0000 : fffc0140 v: 41 9e beq- cr7,0xfffc0160 fffc0144 +: 88 1f lbz r0,0x0009(r31) fffc0148 +: e clrlwi r0,r0,24 fffc014c +: 2f cmpiw cr7,r0,0x0000 : fffc0150 +: 41 9e beq- cr7,0xfffc0160 return True; : fffc0154 +: li r0,0x0001 fffc0158 +: 90 1f 00 0c stw r0,0x000c(r31) : fffc015c +: c b 0xfffc0168 end if; return False; : TF TF

38 Slide: 38 Copyright © 2008 AdaCore Bridging the Gap between Source and Object Code Coverage HOST TARGET Pure Functional Test Instrumented Functional Test Instrumented Executable Sources Approach by Instrumentation Executable Compilation Link Compilation Link Instrumentation Coverage Data Coverage Information Compilation Link Sources Pure Functional Test Pure Functional Test Instrumented Environment Execution Trace Executable Coverage Information Approach by Virtualization

39 Slide: 39 Copyright © 2008 AdaCore Challenges Preserving the Control Flow function P (Param : Boolean) return Boolean is begin if Param then return True; else return False; end if; end P; _ada_p: blr _ada_p: cmpwi %cr7,%r3,0 beqlr- %cr7 li %r3,1 blr Compilation

40 Slide: 40 Copyright © 2008 AdaCore GNAT Pro Update

41 Slide: 41 Copyright © 2008 AdaCore Agenda What’s New in GNAT Pro QEMU for VxWorks 653 Towards Safer Programming Modeling from a GNAT Pro Perspective Multilanguage Development SPARK Pro

42 Slide: 42 Copyright © 2008 AdaCore What’s New in GNAT Pro

43 Slide: 43 Copyright © 2008 AdaCore Comprehensive Ada Solutions Front-Line Support +

44 Slide: 44 Copyright © 2008 AdaCore Support for the JVM Support for the 8-bit AVR microcontroller GNAT for Lego Mindstorms NXT Increased Number of Supported Platforms Wind River –VxWorks 6.7 (SMP) –VxWorks Cert 6 –Workbench 3.1 for VxWorks 653 – pre-release SYSGO –ELinOS –PikeOS

45 Slide: 45 Copyright © 2008 AdaCore A Year of Development in GNAT Pro Over 130 new features/enhancements in GNAT Pro 6.2 GNAT Pro Component Collection A year of Ada Gems: the HOWTO library

46 Slide: 46 Copyright © 2008 AdaCore A new set of libraries at your fingertips An overview of the GNAT Component Collection Extending your Ada application with shell scripts A trace module for customized message/error logging A Virtual File System abstraction –Truly portable across systems –Handles remote files seamlessly and mailbox manipulation Database interface package –For safe SQL queries –Generates Ada types reflecting the database schema

47 Slide: 47 Copyright © 2008 AdaCore QEMU for VxWorks 653

48 Slide: 48 Copyright © 2008 AdaCore Bringing PowerPC Simulation to VxWorks 653 Features Open-Source simulation solution: QEMU Efficient Simulation Technology Windows hosted Simulation of a PowerPC 750gx 1 UART 1 ethernet device 32MB Flash BSPs for VxWorks 653 (4MB and 16MB flash) Final ROM Image generator Integration with Workbench target server

49 Slide: 49 Copyright © 2008 AdaCore QEMU for VxWorks 653 – Key Benefits Fully supported simulator for VxWorks 653 Available to all developers Single compiler for development and deployment Development platform close to the final HW platform (PowerPC processor) Code tested can be the code running on the final target Avoids endianness issues Eases functional testing Optional upgrade to MC/DC code coverage toolset (forthcoming)

50 Slide: 50 Copyright © 2008 AdaCore Towards Safer Programming

51 Slide: 51 Copyright © 2008 AdaCore Safer Programming: the AdaCore Answer

52 Slide: 52 Copyright © 2008 AdaCore Safer Programming: the AdaCore Answer Available today Qualification material Q Qualification material On demand Qualification material Q3 2010

53 Slide: 53 Copyright © 2008 AdaCore Modeling from a GNAT Pro perspective Ongoing Work

54 Slide: 54 Copyright © 2008 AdaCore Modeling from a GNAT Pro Perspective

55 Slide: 55 Copyright © 2008 AdaCore Modeling from a GNAT Pro Perspective – Matlab/Simulink Simulink Manual Coding Customization to the final target Code Easier to certify + Duplicate work Errors-prone process –

56 Slide: 56 Copyright © 2008 AdaCore Modeling from a GNAT Pro Perspective – Matlab/Simulink Simulink Write once in Matlab/Simulink + C code generator not qualified –

57 Slide: 57 Copyright © 2008 AdaCore Modeling from a GNAT Pro Perspective – Matlab/Simulink Simulink Write once in Matlab/Simulink Adapted to DO-178B/C application development From the Gene-Auto project (ITEA Framework) Partners: Airbus, Thales, Continental, Barco… AdaCore working with the consortium for a qualifiable Ada code generator + Safe subset of Simulink available +/ –

58 Slide: 58 Copyright © 2008 AdaCore Modeling from a GNAT Pro Perspective – UML2/SysML Papyrus AdaCore’s contribution to the EU-funded TOPCASED project

59 Slide: 59 Copyright © 2008 AdaCore Multi-Language Development

60 Slide: 60 Copyright © 2008 AdaCore Multilanguage Development Support for Ada, C, C++ GPRbuild C/C++ to Ada Binding Generator Ada-Java Interfacing Suite

61 Slide: 61 Copyright © 2008 AdaCore GNAT Pro at the heart of multilanguage applications … for Source_Dirs use…; for Library_Kind use “relocatable”; package Builder is for Default_Switches (“Ada”) use …; for Default_Switches (“C”) use …; … end Builder; … GNAT Project File

62 Slide: 62 Copyright © 2008 AdaCore C/C++ -> Ada Binding Generator class Domestic { public: virtual void Set_Owner (char* Name) = 0; }; class Animal { public: int Age_Count; virtual void Set_Age (int New_Age); }; class Dog : Animal, Domestic { public: char *Owner; virtual void Set_Owner (char* Name); Dog(); }; C++ Header package animals_h is package Class_Domestic is type Domestic is limited interface; pragma Import (CPP, Domestic); procedure Set_Owner (this : access Domestic; Name : Interfaces.C.Strings.chars_ptr) is abstract; end; use Class_Domestic; package Class_Animal is type Animal is tagged limited record Age_Count : aliased int; end record; pragma Import (CPP, Animal); […] end; use Class_Animal; package Class_Dog is type Dog is new Animal and Carnivore and Domestic with record Tooth_Count : aliased int; Owner : Interfaces.C.Strings.chars_ptr; end record; […] Ada Spec

63 Slide: 63 Copyright © 2008 AdaCore When Multilanguage Development Includes Java Typical use of Ada-Java Multilanguage Development Communication?

64 Slide: 64 Copyright © 2008 AdaCore Automating the Use of Ada from Java Using the GNAT Ada-Java Interfacing Suite

65 Slide: 65 Copyright © 2008 AdaCore Automating the Use of Ada from Java Imports Loads Using the GNAT Ada-Java Interfacing Suite

66 Slide: 66 Copyright © 2008 AdaCore SPARK Pro High-Assurance by Design

67 Slide: 67 Copyright © 2008 AdaCore What is SPARK Pro? A combination of… AdaCore Toolset & Service-Oriented Customer Interface –GNAT Programming Studio/GNATbench –GNAT Tracker Praxis High-Integrity Systems’ SPARK Language –A design approach for high-assurance software, –A means of enforcing discipline in software process, –A set of static verification tools, –A programming language.


Download ppt "Slide: 1 Copyright © 2008 AdaCore Leuven Feb 23, 2010 Robert B K Dewar President AdaCore What’s New in the World of Ada."

Similar presentations


Ads by Google