Ada Experiences Panel Chair John Mc Cormick University

Ada Experiences Panel Chair John Mc. Cormick, University of Northern Iowa Panelists Robert Lockwood Bill Rusinak David Glessner Elizabeth Theesfeld October 4, 2001 Alliant Techsystems Lockheed-Martin Rockwell-Collins Honeywell SIGAda 2001 Panel: Ada Experiences 1

Bob Lockwood • Software Engineering Manager • Alliant Techsystems – Integrated Defense Company • 600 Second Street NE Hopkins, MN 55345 952 -931 -5285 • Robert_lockwood@atk. com October 4, 2001 SIGAda 2001 Panel: Ada Experiences 2

Software Engineering Experience • Applications: Military – Command, Control, Communications • Primary Projects – Real-Time, Embedded • Experience – 9 years hardware developer – 25 years software developer – 16 years working with Ada-83/Ada-95 • Company Certifications – ISO 9001, CP 2 • Platforms – Intel 80 x 86/i 960, Power. PC 5 xx, 6 xx, 7 xx • Operating Systems – Bare Machine, VRTX, Vx. Works, Nucleus, Lynx. OS October 4, 2001 SIGAda 2001 Panel: Ada Experiences 3

Project • Military Vehicle Fire Control – – – Navigation Communication Ballistics Weapon Control Operator Interface • Intel 80 x 86/i 960 platforms • Why Ada – First major vehicle project – Ada Mandate – Highly Embedded C 3 October 4, 2001 SIGAda 2001 Panel: Ada Experiences 4

Project (cont) • Size – Tactical Software 200, 000 sloc – Support Software 300, 000 sloc • Why Easy – Strongly typed – Compile-Time checks • Why Hard – Lack of experienced programmers – Extensive training necessary October 4, 2001 SIGAda 2001 Panel: Ada Experiences 5

Project (cont) • Comparisons (Ada vs. xyz) – – Fewer dumb errors More robust runtime code Higher reliability (with same compiler) More automated testing • Lessons Learned – – Advantage for multiple development groups Limit language usage Most errors found at compile time Identify interfaces early in project October 4, 2001 SIGAda 2001 Panel: Ada Experiences 6

Bill Rusinak Sr Software Engineering Manager Lockheed Martin Tactical Defense Systems Eagan, MN 651 -456 -2222 william. a. rusinak@lmco. com October 4, 2001 SIGAda 2001 Panel: Ada Experiences 7

• Application: Military embedded systems (Maritime Surveillance Aircraft (MSA)) • Projects are real-time applications • Experience: 23 years (12 years with Ada) • Lockheed Martin TDS is CMM level 4, ISO 9001 • Platforms: Sun/Unix host development targeted to several platforms (Motorola 680 x 0, Power. PC) October 4, 2001 SIGAda 2001 Panel: Ada Experiences 8

Ada Experiences in MSA • Lockheed Martin Eagan supplies mission software for almost all of the world’s P-3 aircraft (US Navy, Japan, Australia, Norway, the Netherlands) • Replacement of 1970’s vintage hardware and software began in 1989 with the US Navy – First system had 3 Motorola 68030 processors – Mission and System Test software rewritten (Ada 83) – Evolving (e. g. , X-Windows, Sparc) • Ada software is 1 to 1. 2 million lines of non-comment, non-blank code October 4, 2001 SIGAda 2001 Panel: Ada Experiences 9

Positive Experiences • Ada tasking was used without problem – Task deadlocks were never encountered due to application of good design methodology • Use of separates promotes design • Ada code usable as PDL • Original architecture has been flexible – Ported to different hosts – Maintained through different toolsets – Maintained by several customers October 4, 2001 SIGAda 2001 Panel: Ada Experiences 10

Negative Experiences • Task stack sizing is risky in a limited memory system (only your linker knows for sure) • Exceptions happen when you least expect them – it is easy to leave a semaphore seized • Separates increase compilation time – Use a “de-separatizer” • Overloading of names can be confusing • Over and under use of types and exceptions – Takes experience to find the middle ground October 4, 2001 SIGAda 2001 Panel: Ada Experiences 11

Negative Experiences • Ada 83 lacking protection mechanisms and multi-processor support • Language needs space for stacks, exceptions, and can produce big programs • Need more support/tooling October 4, 2001 SIGAda 2001 Panel: Ada Experiences 12

In General • Define tasks up front • Enforce concrete rules and use a few protection mechanisms • Closely monitor dependencies during design • Structure libraries properly • Do it again (but with Ada 95) October 4, 2001 SIGAda 2001 Panel: Ada Experiences 13

David W. Glessner • Senior Software Engineer, Navigation and Control Group, Advanced Technology Center • Rockwell Collins 400 Collins Road NE Cedar Rapids, Iowa 52498 319 -295 -6012 • dwglessn@rockwellcollins. com October 4, 2001 SIGAda 2001 Panel: Ada Experiences 14

Software Engineering Experience • Rockwell Collins: Navigation systems (commercial and military) • Pre-Rockwell Collins: Commercial RF systems (broadcast radio and TV, paging) • 15 years in software, last 3 with Ada. Most of the rest with C. Some Assembly. • Target platforms: Mostly custom boards (AAMP, 68302, 68 HC 16, 8088, Z-80), some PCs. Various commercial and custom RTOSes. • Development platforms: Unix (Sun, HP, DEC), Windows, VAX (using Apex RCI). October 4, 2001 SIGAda 2001 Panel: Ada Experiences 15

SNIPER/SUOSAS • Sensor Integration for robust navigation – GPS, IMU, Loran, barometric altimeter, TDOA radio, vision. – DARPA funded. • Reused Ada software from earlier GPS/IMU projects. • 80, 000 LOC (38, 000 non-comment non-blank) • First exposure to Ada. October 4, 2001 SIGAda 2001 Panel: Ada Experiences 16

SNIPER/SUOSAS (cont) • Good: – Package specs. Enumerations. Ranges. – Rational Apex. Rational Compilation Integrator (RCI). • Bad: – – – Flaky hardware. Tools. Compile times. Didn't "trust" the language. Code bloat (possibly due to Ada 83 missing generic formal packages or pointers to subprograms). • Result: Successful field trials for both projects. SUOSAS continuing. October 4, 2001 SIGAda 2001 Panel: Ada Experiences 17

Various GPS-related projects (Commercial GPS, Artillery) • Ada chosen on a DARPA project in 1980 s due to DOD mandate. Based on earlier Jovial development. Some parts of software still have a Jovial "feel" e. g. , "for ii in 1. . 10" • 102, 000 LOC (44, 000 non-comment, non-blank) • Analysis and modifications of some pretty complicated code. October 4, 2001 SIGAda 2001 Panel: Ada Experiences 18

Various GPS-related projects (cont) • Good – Apex browsing! – Types make modifications easier to analyze. • Bad – Apex configuration control (Summit/CM). – Cumbersome to see differences between versions. (Local policies probably contributed to this. ) • Results: Successful lab trials. October 4, 2001 SIGAda 2001 Panel: Ada Experiences 19

Automatic Dependent Surveillance – Broadcast (ADS-B) • New development integrated with existing Traffic Alert and Collision Avoidance System (TCAS). • ADS-B: 8, 000 LOC (4, 400 non-comment, nonblank) – similar amount for additional analysis and simulation • Mixture of Apex Ada 95 (Sun host) and DDC Ada 83 (AAMP-based TCAS target). – developed mainly on the Sun – late integration (risky, but worked quite well) October 4, 2001 SIGAda 2001 Panel: Ada Experiences 20

Automatic Dependent Surveillance – Broadcast (ADS-B) (cont) • Good – Ada 95/83 portability. Ada 95 tasking. – GNAT for the PC. – Ada contributes to thoroughness; exposed some algorithm weaknesses. • Bad – Ada design flaw? “Cos(Long_Float(2. 0*Pi/I))” – Stack alignment bug during integration. • Result: Successful flight tests with other vendors. Work continuing. October 4, 2001 SIGAda 2001 Panel: Ada Experiences 21

Commercial Aviation Products Elizabeth Theesfeld 6 s Black Belt/Principal Software Engineer Honeywell Commercial Aviation Products (CAP) 8840 Evergreen Blvd Coon Rapids, MN 55433 (763) 957 -3626 elizabeth. theesfeld@honeywell. com October 4, 2001 SIGAda 2001 Panel: Ada Experiences 22

Commercial Aviation Products ( Background Information j 14 Years of experience in real-time embedded software for both Military and Commercial Avionics. j 7 Years of experience with Ada. October 4, 2001 SIGAda 2001 Panel: Ada Experiences 23

Commercial Aviation Products (CAP has only one program developed in Ada j Secondary Attitude and Air Data Reference Unit (SAARU) for the Boeing 777 Aircraft j 60, 000 Lines of Code j Real-Time embedded software on a 68040 processor j Object Oriented Design using Booch Diagrams j DO-178 B Compliant October 4, 2001 SIGAda 2001 Panel: Ada Experiences 24

Commercial Aviation Products ( Positives for using Ada at CAP j Eliminated the need for software-software integration j Strong data typing j Strong software architecture j Was able to hand the program over to a new team that did not work on the original development for airline updates with minimal impact ( Negatives for using Ada at CAP j Not many Ada programmers available October 4, 2001 SIGAda 2001 Panel: Ada Experiences 25

Commercial Aviation Products ( Reliability of SAARU software in the field j The 777 was certified in 1995 j To date we have had 0 software defects recorded October 4, 2001 SIGAda 2001 Panel: Ada Experiences 26