1 / 67

Leuven Feb 23, 2010 Robert B K Dewar President AdaCore

Leuven Feb 23, 2010 Robert B K Dewar President AdaCore. What’s New in the World of Ada. First of All, What’s Old in the World of Ada A Short History.

step
Download Presentation

Leuven Feb 23, 2010 Robert B K Dewar President AdaCore

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Leuven Feb 23, 2010 Robert B K Dewar President AdaCore What’s New in the World of Ada

  2. First of All, What’s Old in the World of AdaA Short History • Ada was created in response to a perception that there were too many programming languages around, and none of them really met the requirements for building large scale critical software. • A set of requirements (Woodman .. Tinman .. Ironman .. Steelman) was developed. • A language design competition was ultimately won by a French group at Honeywell, under the direction of Jean Ichbiah. • Originally called green, the language was christened Ada (a woman’s name, so please don’t think it is an acronym and spell it ADA!)

  3. Ada 83, the First ISO Standard • Ada 83 was standardized in 1983 by ANSI and in 1987 by ISO. • Note that technically there is only one standard valid, the current one, and it is called just Ada, but we informally prefix a year to keep the versions separate. • The US DoD established a formal validation procedure for Ada compilers (the ACVC suite), and the first validated compilers appeared in 1983 within months of the standard being released (the first one was at NYU). • Note: The ACVC suite has now been transformed into an ISO-standardized validation procedure, and renamed as ACATS. Ada is the only language with an ISO standard for compiler validation.

  4. Ada 83, A Quick Overview • The package concept, separation of specificaiton and implementation. The idea, build a spec of a package, then clients can use it right away. • Derived types, time and distance would be separate types, so it is wrong at compile time to write T := D; • Ranges for numeric types, a la Pascal (see next slide!) • Generics, support for generic units parametrized by types. • Well separated types, Character /= Boolean /= Integer. • Proper enumeration types • Run-time exceptions • Tasking (first class high level multi-threading) • Designed for readability and maintainability over ease of writing initial code.

  5. User-defined ranges for numeric types, a C Side-Bar • Vista has about 50 million lines of C • Microsoft is busy adding static assertions to this code • Static assertions = in practice range declarations for integer variables • They have added half a million such assertions • As of a year ago • Half added by a sophisticated static analysis tool • Half added by hand • These assertions have helped uncover potential bugs • About 100,000 potential buffer over-runs • The two most common areas of problems in C • Buffer overruns • Overflow problems

  6. Ada 95, The First Major Update • Object oriented features (type extension, dynamic dispatching). Ada 95 was the first standardized OO language. • Child packages, allow introducing a hierarchy into the package structure of large programs. • Protected types (a simpler task communication method) • Standard libraries much extended and standardized • Pragma Assert (copied from GNAT) • Ravenscar Profile (simplified tasking .. Safety critical) • Streams and Stream_IO

  7. Ada 2005 • Interfaces (think Java) • Synchronized interfaces • Full internationalization (full Unicode support) • Container packages (think STL) • Circular dependencies in packages (limited with) • Object.operation notation • Unchecked_Union • PragmaUnsuppress (copied from GNAT)

  8. WG9 directive: new ISO standard in 2012 • Scope of amendment is limited: • A few critical additions to the language • Constructs to address multicore hardware • Numerous fixes to the RM • The usual constraints: expressiveness, simplicity of description, implementability (pick any two)

  9. Major topics of Amendment • Program correctness • Enhanced container library • Expressiveness : functions and expressions • Visibility • Concurrency and real-time programming • Syntactic frills

  10. Program correctness Pre- and Postconditions: function Pop (S : in out Stack) return Elem with Pre => not Is_Empty (S) Post => not Is_Full (S); Type invariants: type Elem is tagged private with invariant => Is_Valid (Elem) invariant’class => Contents (Elem) /= 0; … function Is_Valid (T : Elem) return Boolean; Uniform notation : aspect specifications

  11. Container library Bounded containers Fixed capacity, stack-allocated, controlled only if element is. Vectors, hashed sets, hashed maps. Holder containers Singleton structure for unconstrained values Synchronized queues Amenable to lock-free implementation Multiway trees Vector of descendant nodes, links every which way

  12. Expressiveness In-out parameters for functions checks on order-dependence to prevent unwanted side-effects Conditional expressions: X := (if Cond then X+1 else X * 2); Case Expressions: procedure Mangle (X : in out Integer) with Pre => (case X mod 3 is when 0 => pred1 (X), when 1 => pred2 (X), when 2 => pred3 (X) );

  13. Expressiveness (2) Iterators over containers User-defined iterators, through new interface types: for cursor in Iterate (My_Container) loop My_Container (Cursor) := My_Container (Cursor) + 1; end loop; Default iterator with no intervening cursor: for Element of My_Container loop Element := Element + 1; end loop; Quantified expressions: ( for all J in A’First .. A (Inx’Pred (A’Last)) : A (J) <= A (Indx’succ (J)) A postcondition on a sorting routine

  14. Expressiveness (3) Extended membership operations: Allow enumeration of values, to represent disjoint subsets: type Color is (Red, Green, Blue ,Cyan ,Magenta, Yellow, Black); Hue : Color; ... If (Hue in Red | Blue | Magenta .. Black) then Can use arbitrary types: if Name in (“Entry” | “Exit” | Translate (“Urgence”) |then

  15. Visibility Use all type Gives use-visibility to primitive operations and literals Integrated packages So an inner instance is merged with enclosing unit Incomplete types can be completed with partial views Types declared in three steps Untagged incomplete types can be used in formals and return as long as full view available at point of call

  16. Concurrency and real-time Affinities Map task to processor or group of processors Ravenscar for multiprocessors Restriction on affinities and task migration Barriers Better parallelism than can be obtained with protected objects

  17. Who is AdaCore • Engineering organization • Two separate independent companies • 100% FLOSS (Freely Licensed Open Source Software) • 100% COTS (Commercial-Off-The-Shelf products) • Worldwide presence

  18. What do we do • Development tools for critical software • mission-critical (Air Traffic Management, simulation, ...) • safety-critical (A350, 787, trains, missiles, ...) • security-critical (NSA Tokeneer, ...) • Code generation experts • compilers, debuggers, emulators, builders, IDEs, coverage, stack analysis, formal methods, static analysis, ... • model compilers (involved in Gene-Auto) • 100% Free Software company

  19. Some customer projects

  20. CodePeer Automatic code review and robustness validation

  21. Peer Review • Best practice in Extreme and Agile programming • Improve code quality • Reduce errors But… • Requires initial effort to setup infrastructure • Needs to sustain project pressure • Often bypassed

  22. Alleviating Peer Review Process Certain categories of verifications • Can be automated • Are better handled by tools CodePeer provides: • Static analysis • Symbolic program interpretation • Incremental & modular analysis

  23. CodePeer in Action CodePeer Day-to-day development Software maintenance Project quality assurance • Static run-time errors detection • Test vectors generation • Pre/post conditions generation • Analysis results consolidation • compile-time analysis • local analysis • global change impact analysis • global analysis • test vectors leverage

  24. CodePeer Area of Action Programming Errors Ada Run-Time Checks User Checks • Race conditions • Dead code • Assert statements • if … then … raise … control flow • out-of-bound indexing • numeric overflow • division by zero • incorrect invariant

  25. Structural Coverage Analysis

  26. Coverage Levels Object: Instruction Object branch Source Statement Decision Modified Condition/Decision Xcov Features – Availability Depends on the Platform • Aggregated Coverage • Capitalization: multiple executions • Consolidation: different executables exercising the same function • Tool Qualification • For use in DO-178B Level A certification activities

  27. Xcov Timeline and Roadmap PowerPC ERC32/LEON 2

  28. Structural Coverage Analysis Metrics: Statement Coverage functionP (A, B, C : Boolean) return Boolean is begin if( A and then B ) or else C then return True; end if; endP; Statements At least 1 test per Conditional Expression

  29. Structural Coverage Analysis Metrics: Decision Coverage functionP (A, B, C : Boolean) return Boolean is begin if( A and then B ) or else C then return True; end if; endP; Decision At least 2 tests per Conditional Expression

  30. Structural Coverage Analysis Metrics: MCDC functionP (A, B, C : Boolean) return Boolean is begin if( A and then B ) or else C then return True; end if; endP; Conditions Decision At least n+1 tests n = number of conditions A C B Condition Coverage

  31. Branch Coverage vs. Decision Coverage functionP (A, B, C : Boolean) return Boolean is begin ifA and then B then return True; end if; endP; Decision

  32. Decision Coverage: Result in Xcov

  33. Branch Coverage vs. Decision Coverage functionP (A, B, C : Boolean) return Boolean is begin ifA and then B then return True; end if; endP; if A and then B then <lib__f1+0000001c>: fffc0134 +: 88 1f 00 08 lbz r0,0x0008(r31) fffc0138 +: 54 00 06 3e clrlwi r0,r0,24 fffc013c +: 2f 80 00 00 cmpiw cr7,r0,0x0000 <lib__f1+00000028>: fffc0140 v: 41 9e 00 20 beq- cr7,0xfffc0160 <lib__f1+00000048> fffc0144 +: 88 1f 00 09 lbz r0,0x0009(r31) fffc0148 +: 54 00 06 3e clrlwi r0,r0,24 fffc014c +: 2f 80 00 00 cmpiw cr7,r0,0x0000 <lib__f1+00000038>: fffc0150 +: 41 9e 00 10 beq- cr7,0xfffc0160 <lib__f1+00000048> return True; <lib__f1+0000003c>: fffc0154 +: 38 00 00 01 li r0,0x0001 fffc0158 +: 90 1f 00 0c stw r0,0x000c(r31) <lib__f1+00000044>: fffc015c +: 48 00 00 0c b 0xfffc0168 <lib__f1+00000050> end if; return False; <lib__f1+00000048>: T T

  34. Branch Coverage vs. Decision Coverage functionP (A, B, C : Boolean) return Boolean is begin ifA and then B then return True; end if; endP; if A and then B then <lib__f1+0000001c>: fffc0134 +: 88 1f 00 08 lbz r0,0x0008(r31) fffc0138 +: 54 00 06 3e clrlwi r0,r0,24 fffc013c +: 2f 80 00 00 cmpiw cr7,r0,0x0000 <lib__f1+00000028>: fffc0140 v: 41 9e 00 20 beq- cr7,0xfffc0160 <lib__f1+00000048> fffc0144 +: 88 1f 00 09 lbz r0,0x0009(r31) fffc0148 +: 54 00 06 3e clrlwi r0,r0,24 fffc014c +: 2f 80 00 00 cmpiw cr7,r0,0x0000 <lib__f1+00000038>: fffc0150 +: 41 9e 00 10 beq- cr7,0xfffc0160 <lib__f1+00000048> return True; <lib__f1+0000003c>: fffc0154 +: 38 00 00 01 li r0,0x0001 fffc0158 +: 90 1f 00 0c stw r0,0x000c(r31) <lib__f1+00000044>: fffc015c +: 48 00 00 0c b 0xfffc0168 <lib__f1+00000050> end if; return False; <lib__f1+00000048>: T T F

  35. Branch Coverage: Result in Xcov

  36. Branch Coverage: Result in Xcov

  37. Branch Coverage vs. Decision Coverage: Full Branch Cov functionP (A, B, C : Boolean) return Boolean is begin ifA and then B then return True; end if; endP; if A and then B then <lib__f1+0000001c>: fffc0134 +: 88 1f 00 08 lbz r0,0x0008(r31) fffc0138 +: 54 00 06 3e clrlwi r0,r0,24 fffc013c +: 2f 80 00 00 cmpiw cr7,r0,0x0000 <lib__f1+00000028>: fffc0140 v: 41 9e 00 20 beq- cr7,0xfffc0160 <lib__f1+00000048> fffc0144 +: 88 1f 00 09 lbz r0,0x0009(r31) fffc0148 +: 54 00 06 3e clrlwi r0,r0,24 fffc014c +: 2f 80 00 00 cmpiw cr7,r0,0x0000 <lib__f1+00000038>: fffc0150 +: 41 9e 00 10 beq- cr7,0xfffc0160 <lib__f1+00000048> return True; <lib__f1+0000003c>: fffc0154 +: 38 00 00 01 li r0,0x0001 fffc0158 +: 90 1f 00 0c stw r0,0x000c(r31) <lib__f1+00000044>: fffc015c +: 48 00 00 0c b 0xfffc0168 <lib__f1+00000050> end if; return False; <lib__f1+00000048>: T F T F

  38. Compilation Link Executable Bridging the Gap between Source and Object Code Coverage Approach by Instrumentation Approach by Virtualization Coverage Information Coverage Information Sources Sources Compilation Link Instrumentation Compilation Link Execution Trace Pure Functional Test Executable Instrumented Executable Instrumented Environment HOST TARGET Coverage Data Instrumented Functional Test Pure Functional Test Pure Functional Test

  39. Challenges -fpreserve-control-flow Preserving the Control Flow function P (Param : Boolean) return Boolean is begin ifParamthen return True; else return False; end if; end P; Compilation _ada_p: cmpwi %cr7,%r3,0 beqlr- %cr7 li %r3,1 blr _ada_p: blr

  40. GNAT Pro Update

  41. Agenda • What’s New in GNAT Pro • QEMU for VxWorks 653 • Towards Safer Programming • Modeling from a GNAT Pro Perspective • Multilanguage Development • SPARK Pro

  42. What’s New in GNAT Pro

  43. Comprehensive Ada Solutions Front-Line Support +

  44. Increased Number of Supported Platforms • Wind River • VxWorks 6.7 (SMP) • VxWorks Cert 6 • Workbench 3.1 for VxWorks 653 – pre-release • SYSGO • ELinOS • PikeOS • Support for the JVM • Support for the 8-bit AVR microcontroller • GNAT for Lego Mindstorms NXT

  45. A Year of Development in GNAT Pro • Over 130 new features/enhancements in GNAT Pro 6.2 • GNAT Pro Component Collection • A year of Ada Gems: the HOWTO library

  46. A new set of libraries at your fingertips An overview of the GNAT Component Collection • Extending your Ada application with shell scripts • A trace module for customized message/error logging • A Virtual File System abstraction • Truly portable across systems • Handles remote files seamlessly • Email and mailbox manipulation • Database interface package • For safe SQL queries • Generates Ada types reflecting the database schema

  47. QEMU for VxWorks 653

  48. Bringing PowerPC Simulation to VxWorks 653 Features • Open-Source simulation solution: QEMU • Efficient Simulation Technology • Windows hosted • Simulation of a PowerPC 750gx • 1 UART • 1 ethernet device • 32MB Flash • BSPs for VxWorks 653 (4MB and 16MB flash) • Final ROM Image generator • Integration with Workbench target server

  49. QEMU for VxWorks 653 – Key Benefits • Fully supported simulator for VxWorks 653 • Available to all developers • Single compiler for development and deployment • Development platform close to the final HW platform (PowerPC processor) • Code tested can be the code running on the final target • Avoids endianness issues • Eases functional testing • Optional upgrade to MC/DC code coverage toolset (forthcoming)

  50. Towards Safer Programming

More Related