AdaCore - The GNAT Pro Company » Technical Papers

Towards Certification of Object-Oriented Code with the GNAT Compiler

AdaCore — Wed, 05 Jan 2011 13:31:57 +0000

This paper was originally published in volume 28 of the Ada User Journal in 2007.

Abstract:

Dynamic binding, the ability to link at runtime a method call with a subprogram that depends on the class of the object, is strongly discouraged by current standards for avionics airborne systems. This is partly due to dynamic dispatching, the technique commonly used by most OO compilers to implement dynamic binding. In this paper we present some enhancements to the GNAT technology that will help the avionic industry take advantage of the full benefits of the OO techniques with Ada without the inconveniences associated with dynamic dispatching.

Couverture paper presented at ERTS² 2010

AdaCore — Tue, 08 Jun 2010 13:42:31 +0000

At the recent ERTS² 2010 conference held in Toulouse, Thomas Quinot presented this paper entitled “Object and Source Coverage for Critical Applications with the Couverture Open Analysis Framework”. It presents the Couverture approach to object and structural coverage analysis for certified safety-critical applications, in particular in the context of DO-178.

couverture_erts2010

A principled approach to software engineering

AdaCore — Thu, 05 Feb 2009 09:37:37 +0000

This paper examines the use of Java as a first programming language, in the light of well-established principles of software engineering, and the increasing concern with correctness, performance, and maintainability. We argue that Java is markedly inferior to Ada or C++ as a language for introductory Computer Science courses, and that its widespread use in the training of tomorrow’s software engineers is counterproductive.

Coverage and Free Software

AdaCore — Wed, 04 Jun 2008 07:00:16 +0000

A recent paper by Franco Gasperoni describing how a Free Software toolset (Coverage) and virtualization technology (QEMU) can be used effectively to assure code coverage in the development of software applications. While an important target use of the coverage toolset is safety-critical embedded applications, the design of the tools allows its use in non safety-critical projects.

Abstract Interface Types in GNAT: Conversions, Discriminants, and C++

AdaCore — Wed, 21 Mar 2007 16:06:16 +0000

Ada 2005 Abstract Interface Types provide a limited and practical form of multiple inheritance of specifications. In this paper we cover the following aspects of their implementation in the GNAT compiler: interface type conversions, the layout of variable sized tagged objects with interface progenitors, and the use of the GNAT compiler for interfacing with C++ classes with compatible inheritance trees.

Multi-Language Programming: The Challenge and Promise of Class-Level Interfacing

AdaCore — Thu, 20 Jul 2006 09:08:04 +0000

Many computer applications today involve modules written in different programming languages, and integrating these modules together is a delicate operation. This first requires the availability of formalisms to let programmers denote “foreign” entities like objects and subprograms as well as their associated types. Then, proper translation of what programmers express often calls for significant implementation effort, possibly down to the specification of very precise ABIs (Application Binary Interfaces). Meta-language based approaches a la CORBA/IDL are very powerful in this respect but typically aim at addressing distributed systems issues as well, hence entail support infrastructure that not every target environment needs or can afford. When component distribution over a network is not a concern, straight interfacing at the binary object level is much more efficient. It however relies on numerous low level details and in practice is most often only possible for a limited set of constructs.

Binary level interaction between foreign modules is traditionally achieved through subprogram calls, exchanging simple data types and relying on the target environment’s core ABI. Object Oriented features in modern languages motivate specific additional capabilities in this area, such as class-level interfacing to allow reuse and extension of class hierarchies across languages with minimal constraints. This paper describes work we have conducted in this context, allowing direct binding of Ada extensible tagged types with C++ classes. Motivated by extensions to the Ada typing system made as part of the very recent language standard revision, this work leverages the GCC multi-language infrastructure and implementation of the Itanium C++ ABI. We will first survey the issues and mechanisms related to basic inter-language operations, then present the interfacing challenges posed by modern object oriented features after a brief overview of the Ada, C++, and Java object models. We will continue with a description of our work on Ada/C++ class-level interfacing facilities, illustrated by an example.

Exposing Uninitialized Variables: Strengthening and Extending Run-Time Checks in Ada

AdaCore — Fri, 02 Jun 2006 16:05:04 +0000

Since its inception, a main ob jective of the Ada language has been to assist in the development of large and robust applications. In addition to that, the language also provides support for building safety- critical applications, e.g. by facilitating validation and verification of such programs. The latest revision of the language has brought some addi- tional improvements in the safety area, such as the Normalize Scalars pragma, which ensures an automatic initialization of the non-explicitly initialized scalars. This paper presents Initialize Scalars, an enrichment of the Normalize Scalars concept, and an extended mode to verify at run-time the validity of scalars, both designed for easy use in existing large applications. Their implementation in GNAT Pro (the GNU Ada 95 compiler) is discussed. The practical results obtained on a large Air Traffic Flow Management application are presented.

The Implementation of Ada 2005 Interface Types in the GNAT Compiler

AdaCore — Fri, 02 Jun 2006 12:49:25 +0000

One of the most important ob ject-oriented features of the new revision of the Ada Programming Language is the introduction of Abstract Interfaces to provide a form of multiple inheritance. Ada 2005 Abstract Interface Types are based on Java interfaces, and as such support inheritance of operation specifications, rather than the general complexity of inheritance of implementations as in full multiple inheritance. Real-time uses of Ada demand efficient and bounded worst-case execution time for interface calls. In addition, modern systems require mixed-language programming. This paper summarizes part of the work done by the GNAT Development Team to provide an efficient implementation of this language feature and simplifies interfacing with C++.

Safety, Security, and Object-Oriented Programming

AdaCore — Thu, 30 Mar 2006 09:35:40 +0000

When safety-critical software malfunctions people lives are in danger. When security-critical software is cracked national security or economic activity may be at risk. As more and more software embraces object-oriented programming (OOP) safety-critical and security-critical projects feel compelled to use object-orientation. But what are the guarantees of OOP in terms of safety and security? Are the design goals of OOP aligned with those of safe and secure software (S3) systems? In the following sections we look at key OOP aspects and analyze some of the hazards they introduce with respect to S3 and outline a possible way of addressing these vulnerabilities. Specifically, after a quick overview of OOP in section 2, section 3 deals with inheritance and shows some of its hazards in terms of S3 along with possible remedies. Section 4 focuses on dynamic binding and suggests a safer and more secure implementation than what is conventionally done. Finally, section 5 looks at testing programs with dynamic binding.

Certification & Object Orientation: The New Ada Answer

AdaCore — Wed, 08 Mar 2006 13:40:58 +0000

The object model of Ada 2005 is well-suited for applications that have to meet certification at various levels. We review the use of Ada in the context of certification, and show that the object-oriented facilities of the current language standard, properly restricted to avoid dynamic dispatching, can already be used without problems under current DO-178B guidelines. We then examine the complications to certification that are presented by dynamic dispatching in a single inheritance model, and show implementation-specific ways of addressing these complications. Finally, we discuss the problems introduced by the use of multiple inheritance. We conclude by showing how, regardless of the extent to which object-oriented idioms are used, Ada provides a safe and efficient vehicle to create certifiable systems.