Programming Languages and Software Construction Franco Gasperoni gasperoni adacore

Programming Languages and Software Construction Franco Gasperoni gasperoni@adacore. com http: //libre. adacore. com/Software_Matters

Software Phases Affected by the P. L. Testing (Unit Testing) Check that the code does what it is supposed to (functionality, performance, reliability, …) Coding Fill in the software structure with code http: //libre. adacore. com Design Create a software structure (architecture) around which code will be built © Ada. Core under the GNU Free Documentation License 4

A Good Programming Language … Helps you build software that is: • • Reliable Safe Secure Evolvable A good programming language will make your life easier. It will NOT do the job for you. http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 6

A Poor Programming Language … Will make it harder to build software that is: • • Reliable Safe Secure Evolvable It is possible to write good software with a poor language. It will require more experienced engineers. In any event it will take longer and will be more COSTLY than with a good language. http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 7

Programming Languages Examples

A Programming Example Can you tell in less than 20 seconds whether the following 3 routines in the following 3 programming languages do the following correctly: Return the n-bit field of a 32 bit word from • Bit position p • To bit position p n+1 Bit position 0 is at the right end n bits Bit 31 ……… http: //libre. adacore. com Bit p Bit ………… pn+1 © Ada. Core under the GNU Free Documentation License ……… Bit 0 11

C unsigned get_bits (unsigned x, int p, int n) { return (x >> (p n+1)) & ~(~0 << n); } http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 12

History of Some Imperative Languages 1950 1960 1970 1980 PL/I(66) 1990 2000 Eiffel (86) Ada(95) A S S E M B L Y 2005 Ada(05) Ada(83) Cobol(58) Pascal(70) Java(96) Algol(60) C(72) Fortran(54) Simula(67) C++(89) Smalltalk(80) imperative Basic(66) http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 14

1970 1980 1990 2005 Ada(05) Ada(95) Ada(83) Pascal(70) Eiffel (86) C++(89) C(72) http: //libre. adacore. com ANSI C(88) Java(96) Java 1. 5 ISO C++(98) ISO C(99) © Ada. Core under the GNU Free Documentation License 15

Programming Language Design Goals C • A portable, higher level assembly language • No safety or security concerns C++ • An object oriented language upwardly compatible with C • No safety or security concerns Java • Fix C++ insecurity problems (i. e. cannot create a virus in Java) • No safety concerns http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 16

The Ada Programming Language

Ada Industrial-strength version of Pascal designed to build: • Safe, and secure software • Software that needs to evolve • Mixed language software Language designed by an international team • 1983: First version of the language • 1995: First standard revised (e. g. OO programming added) First object oriented language to be an ISO standard • 2005: New revision Only language to have a formal compiler validation procedure • Validation procedure is an ISO standard (> 4, 000 compiler tests) http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 20

Some Industrial Applications in Ada Business-critical • • Canal+ Technologies: Pay per view, access control BNP: Trading Language Philips: Semiconductor assembly equipment Helsinki radiotelescope Mission-critical • • Astree: European wide railroad signaling Weirton Steel process controller Mondex electronic money Scanning Electron microscope Safety-critical • Airbus A 340 • Boeing 777 http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 24

Ada & Software Costs

Ziegler’s Study: Comparing C & Ada 1995 study on the VADS compiler • 60 engineers, from 1984. . 1994 with MS degrees in computer science • All knew C at hire. All programmed in both C and Ada. VADS • About 4. 5 million lines of code, 22000 files, cost >$28 m over 10 years http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 27

Costs Per Feature During Implementation http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 28

Post-Delivery (User-Reported) Defects http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 29

Some Non-Reasons for Ada’s Advantage Not because of people: • The same people used both languages Not because of process: • The same process was used, for design, for testing, for debugging, for source control, for management, and so forth • C required ‘makefiles’, but had tighter coding standards Not because of Ada’s highest level constructs: • VADS used few generics or tasks Not because of reuse: • This study considers only unique code, factoring out reuse http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 30

Some Reasons for Ada’s Advantage Ada Enabled Better Error Locality • Most errors caught at compile time • Runtime errors are easier to trace Ada Enabled Better Tool Support • Ada’s richer semantic model allows computers to help more • For example, builds are automated and guaranteed consistent Ada Reduced Effective Complexity • Function of language complexity and application complexity • Standard language complexity is easier to learn and use Ada Encouraged Better Program Organization • Packages, with specifications and private parts http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 31

Summary Developing software in Ada is 60% cheaper than in C Code developed in Ada has 9 times less bugs than in C Was Ada consistently better? • • *YES* Over different subsets of VADS For experienced AND inexperienced programmers For both C experts AND Ada experts For the highest AND lowest rated programmers Was Ada harder to learn? *No* Was Ada code more reliable? *YES* © Ada. Core under the GNU Free Documentation License http: //www. adaic. com/whyada/ada-vs- http: //libre. adacore. com 32

Ada & Education

From an Education Perspective Ada is a good language to teach good software practice • Reliability, safety, security Ada allows to design functionality-oriented as well as object-oriented software • Ada allows the construction of software that can evolve Free Software high-quality Ada environment available to all • http: //libre. adacore. com • GNAT GPL Edition (Ada 2005) • Linux, Solaris, Windows, … http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 34

You Should Know Several Languages No single programming language is appropriate in every circumstance Today most systems use a mixture of programming languages http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 35

Example: MULTOS CA Multiple application OS for smart cards 30%: SPARK (Ada subset) • “Security kernel” of tamper proof software • Certified at the HIGHEST security level 30%: Ada 95 Infrastructure • (concurrency, inter task and inter process communications, database interfaces etc. ), bindings to ODBC and Win 32 30%: C++ • GUI (Microsoft Foundation Classes) 5%: C • Device drivers, cryptographic algorithms 5%: SQL Database stored procedures http: //libre. adacore. com © Ada. Core under the GNU Free Documentation License 36