Top
Past Meeting Archive Los Angeles ACM home page National ACM home page Click here for More Activities this month
Check out the Southern California Tech Calendar

Joint Meeting of
the Los Angeles Chapters of
ACM, SIGAda, and SIGPLAN

Wednesday, November 5, 2003

"A Platform for High Reliability Programming"

James Alstad, Ed Manderfield, and Steve Rowell

Ever see a hunk of beef thrown into a Piranha tank? If not, don't miss this meeting. There will be a variety of impassioned Ada advocates and critics presenting their viewpoints on the future of Ada.

Ada seems to be fading as a widely used language, but that may just be a big advantage in certain applications where a stable platform with all of Ada's qualities (including some never widely used features, such as dollar decimal arithmetic and picture clauses from COBOL) are needed. We will have two Pro's and a Con speak to Ada's future at this meeting.

Steve Rowell will be the first speaker. Steve will present the counter point to using Ada in contrast to the Ada advocates. Steve will use contemporary industry needs, trends and languages to show the obsolescence of Ada. The title of Steve's talk is "Ada - just say no!"

Our next speaker will be Jim Alstad, a long time member of the Ada community, who will revisit the 1997 Department of Defense report "Ada and Beyond". Jim will recap the report's summary of Ada's superior effectiveness and update its recommended policy on the use of Ada.

The last speaker, Ed Manderfield, will present a specific application where a high reliability, stable language implemented a very critical application with what he calls a "6-Sigma Programming Language", and how other highly critical applications have been done in the Ada Language.

Time permitting, the three speakers will then face the audience, answering questions about their presentations.

It promises to be a interesting time and may answer the question: Can Ada survive without a governmental mandate or will it join Latin as a dead language?

Steve Rowell is a software architect currently working at Boeing as a consultant. At Boeing he has architected and implemented ground server software, a payload simulator and various projects while utilizing technologies such as Rational Rose, C++, windows, XML, XSLT and DII COE. Prior to Boeing, Steve was manager of software development for AST Research where his charter covered device drivers, PC BIOS, diagnostics, and automated software installation. AST, during much of this time period, was the number three PC manufacturer, under IBM and Compaq. He has also developed an event driven operating system for stress testing at Basic Four and a multitasking diagnostic under windows to increase throughput of PC manufacturing.

Jim Alstad has been developing software professionally for over 25 years. He has spent the last 22 years at a major aerospace company, where he now develops satellite flight software and has previously developed operating systems for avionics processors. Jim is an Ada advocate. He first spoke about Ada in 1981, first published an Ada paper in 1983, started teaching Ada in 1987, and is pleased to be working in Ada today.

Ed Manderfield after five years in the chemical industry, moved to computers courtesy of statistical design and analysis of experiments at DuPont. At ALWAC Computer Division of El Tronics Inc. he was supervisor of Programming Development, wrote the basic assembler and an ALGOL and FORTRAN compiler for the ALWAC III-E with the help of ALWAC users from Oregon State University and David Taylor Model Basin in Washington D.C. He was founder of the SMALGOL Committee and of LA SIGPLAN from which national grew. He was also manager of Information Processing for the Metals Research Laboratory of Continental Can among others.

~Summary~

LA ACM Chapter November Meeting.
Held Wednesday November 5, 2003.

The presentation was "A Platform for High Reliability Programming" a presentation by James Alstad, Ed Manderfield, and Steve Rowell. This was a joint meeting of the Los Angeles Chapters of ACM. SIGAda, and SIGPLAN.

Steve Rowell started out, titling his presentation as ADA, Just Say No. Ada is too much, too late. In the early eighties a compiler designer said "with in-depth knowledge of the target language and compiler construction a C compiler will take 3 man months, a Pascal compiler will take one man year and a ADA compiler will take 10 man years to write". This of course is heresy, yet consider the history that followed:

ADA compilers did take a long time to come up on new hardware. C compilers came up quick and were available day one, be it a new UNIX system or PC. The ADA compilers were many times more expensive. ADA basically missed the PC revolution, not becoming a popular language such as C or Pascal. ADA never gained grassroots support.

Now ADA is behind the times again. You just weren't cool in the 80's if you didn't use an object-oriented language. ADA was again, very late to the party. Though ADA finally gained recognition for supporting OOP, it failed to gain grassroots or wide-spread following as a language for OOP. Time to market for software solutions is often more critical than abundance of features. ADA has been slow getting to market. It is out of focus with critical industry needs. C/C++ and ADA are under some intense attacks due to growing concerns about security. For example, in a recent article in Fortune, Bill Joy described Windows as a kludged OS that was full of holes. One of the main reasons he cited was that C is a "dangerous language". I believe he meant this because C doesn't have a virtual machine as Java and C# do. Ada doesn't have a virtual machine either. A couple of weeks after this article Microsoft stock dropped 8% in one day due to news of OS holes. Type checking in low level routines is not considered as important as verification of the data from various locations before it is committed to application software (e.g. XML schemas). In fact, too much repetitive type checking is considered inefficient. Constraint checking in ADA is often turned off.

ADA has a steeper learning curve (at least it is perceived to be). Some argue that C++ is just as complex as ADA. This may or may not be true, but the learning curve for C++ is usually not done from scratch but incrementally from knowledge of a C or C-like language. Learning C++ is evolutionary, while learning ADA is viewed as revolutionary. The perception of Java, C, C++ and C# being relatives will by itself create an obstacle to investing in learning ADA. The pool of programmers already knowledgeable in C, C++, Java and/or C# is large and growing faster than the pool of ADA programmers.

There is a lack of industry support. Support by Commercial Off-The-Shelf (COTS) for ADA is at best an after thought. There is a lack of mature libraries and components (e.g. a windows framework). Tools are few and Lack competitive support. Special API's must often be provided. Currently I can't think of a hardware platform that doesn't have an existing C compiler (e.g. Palm, pocket PC's, smart phones, PIC's, etc.), this is not true for ADA. ADA lost its only influential friend. DOD no longer mandates ADA, but actively seeks COTS solutions.

COE (Common Operating Environment) is a military specification enforcing software requirements. The specification follows COTS very closely. For example, the part of COE that specifies the GUI for running under windows pretty much defaults to the Windows logo requirements. That is, if Microsoft will certify it then so will COE.

Click here to view Steve Rowell's slides

James Alstad 's presentation was titled ADA and Beyond, The View from 2003. This is an updating of the National Research Council's 1997 document "Ada and Beyond-Software Policies for the Department of Defense". Ada and Beyond emphasized life-cycle considerations. "Projects will specify and prioritize quality, cost, and schedule goals, and will analyze tradeoffs and the business case for particular decisions."

It defined a niche among DOD applications for Ada. " Warfighting software application"; "DOD will direct the maintenance of software"; "Software subsystem is large, more than 10,000 lines of code, or the subsystem is critical"; "There is no life-cycle cost-effectiveness justification for using another programming language".

It recommended considering choice of programming language within broader project review context. "The software engineering plan should cover: The systems scope and concept of operations; the key system and software requirements including stakeholder needs; the key elements of the system and software architecture, including programming language decision".

Zeigler published a study comparing Ada 83 and C in the development of the Verdix Ada Development System. The comparisons covered ten year's experience, over 1,000,000 SLOC in each language, and was balanced with respect to programmer experience, learning curve effects, and language productivity (SLOC per feature point).

Ada 83's cost per feature point was better than C's by a factor of 1.37. Ada 83's defects per feature point is better than C's by a factor of 5.9.

Alstad's conclusions:
Ada is far superior to C in density of delivered defects. Allowing that C++ is twice as good as C at catching defects then a C++ program will have about 3 times as many defects as a comparable Ada program. With other considerations (portability) Ada is intrinsically a better tool for developing software products.

Ada use is decreasing. What's a manager to do? Alstad recommends following "Ada and Beyond"'s recommendation to consider life-cycle costs and benefits: If one has a large base of existing software there is little point in rewriting software. If one has a base of existing programmers with focussed expertise, there would be a learning curve with a new language and development environment (on a new project), but this might be worthwhile on a large project, if the language has payoffs. Project characteristics versus language features can push the choice one way or another. Java is probably better than Ada for web software. Ada probably better than Java for an embedded system.

There are some non-issues. Some arguments raised against the use of Ada do not carry much weight. The argument that there's a lack of present and future ADA programmers. There are multiple teachers (in the LA area) whose business is teaching Ada. They have a record of success in getting Ada programmers started. Hire a computer science graduate who can pick up programming languages quickly and will become the local Ada expert.

The argument that there's a lack of tool support. There are multiple highly -featured supported tool environments available. There's one open source compiler (GNAT), so that an organization could, if necessary, maintain tools itself indefinitely as the source code is available. Stability of the ADA language means that environments don't need to change for that reason.

What is the future of Ada? Ada has a niche in engineering applications, in embedded systems and systems requiring high reliability. Alstad recommends that Ada advocates should worry Ada's success in its niche and not in the wider world. He recommends increased software engineering professionalism including explicit software engineering education, government standards for critical applications (Example: require a reliability level), and licensing of software professionals.

Ed Manderfield was introduced as shy and retiring and reluctant to speak. (For those of you who don't know him, this is the complete reverse of his personality). Ed says we need Six Sigma Programming on ultra-reliable computers to have highly reliable applications. Six Sigma came from hardware manufacturing systems and is badly needed in software. There are examples of former software systems that approached Six Sigma reliability, The Apollo Program, the Boeing Automated Landing System and heart monitor applications. Recent fads in computing are OOPSLA and SEIS and the Computer Maturity Model. Proponents of CMMI say "Six Sigma Programming" is impossible. Ed said it has already been done in a number of projects over the last 40 years.

His first example was the Apollo program. The Apollo program had not gone far when 3 astronauts died in a fire before the first scheduled test flight. Harrison Storms and Dutch Kindelberger requested doubling the budget to fix the problems and they got it. Ed described the thorough series of tests and flights of each of the test flights. The Lunar Guidance system was a highly reliable set of software produced by IBM. Apollo 10 went through most of the steps required for the Moon landing and Apollo 11 accomplishing it. There was a serious accident on Apollo 13 requiring abandoning the landing, but the LEM lifeboat returned the astronauts safely. Apollo 17 provided the last chance for man to walk on the Moon's surface during the 20th. century. Ed presented a sweeping and very interesting discussion of the Apollo program.

Other examples of highly reliable programming are Boeing's automatic landing system and heart monitors. Ed say's "Six Sigma Programming" would be impossible without ADA 95 because it is at present the only stable platform with advanced technology. Other languages can claim to be more object oriented, but lack stability and have severe defects in their design.

To get six sigma reliability results you need more than an advanced language. You need organization, Quality Assurance, Configuration Management, Testing, and Validation &Verification. A truly superior organization is required to get results. Periodic peer review of work in process is required.

Some implanted heart monitors have been working for 3 years and that is a system where you better have zero errors. If your life depends on it make sure you have six sigma programming and the programming is done in Ada 95.

This was an excellent presentation by the three speakers who expressed differing viewpoints. I do note that the differences were based more on perspective than differences on the technical aspects of the languages. Steve Rowell described problems of using Ada over a wide range of software development. Jim Alstad conceded that Ada would not be the right language for every use, but filled a very important niche. Ed Manderfield restricted his discussion to places where highly reliable software was needed and where failure would mean loss of life. You really had to be there to discern the differences in each speaker's approach.

This was the third meeting of the LA Chapter year and was attended by 18 persons.
Mike Walsh, LA ACM Secretary
 

Our next meeting will be December 3rd. Check back for details
Plan to Attend!


The Los Angeles Chapter normally meets the first Wednesday of each month at the Ramada Hotel, 6333 Bristol Parkway, Culver City. The program begins at 8 PM.   From the San Diego Freeway (405) take the Sepulveda/Centinela exit southbound or the Slauson/Sepulveda exit northbound.

6:30 p.m.  Social Time

7:00 p.m. Dinner

8:00 p.m.  Presentation

 

Reservations

To make a reservation, call or e-mail John Halbur, (310) 375-7037, and indicate your choice of entree, by Sunday before the dinner meeting.

There is no charge or reservation required to attend the presentation at 8:00 p.m.. Parking is FREE!

For membership information, contact Mike Walsh, (818)785-5056 or follow this link.


Other Affiliated groups

SIGAda   SIGCHI SIGGRAPH  SIGPLAN

****************
LA SIGAda

Return to "More"

****************

LA  SIGGRAPH

Please visit our website for meeting dates, and news of upcoming events.

For further details contact the SIGPHONE at (310) 288-1148 or at Los_Angeles_Chapter@siggraph.org, or www.siggraph.org/chapters/los_angeles

Return to "More"

****************

Past Meeting Archive Los Angeles ACM home page National ACM home page Top

 Last revision: 2003 1113 - [ Webmaster ]