Stability for Embedded Applications?

[sei!ae@tut.cis.ohio-state.edu (Arthur Evans)]

Jean Pierre Rosen (rosen@meduse.enst.fr) says
> There is only one Ada language, and all versions of the ACVC test this
> same language; 1.11 has just more tests than 1.10.  No other language
> is so strictely controlled, so uniform, so validated or has so many
> compilers second sources. It does not mean there is no risk for the
> future: it just means that the risks are order of magnitude lower than
> with any other language.

All true, but, unfortunately, that doesn't tell the whole story.  Ada 83
has many places where the definition leaves matters up to the discretion
of the implementor.  The idea was not to tie the implementors' hands but
to give them flexibility to achieve maximum possible efficiency.

Now, an Ada user is surely taking risks in writing code that depends on
how the compiler happens to implement one of these freedoms.  However,
in the rush of getting the code written, real programmers will test the
compiler, find that it does such-and-such, and then write code that
takes advantage of that behavior.  Neither higher management nor
documentation is likely to know of such decisions.  Yes, we know that's
bad.  And yes, it surely happens.

When the vendor issues a new release, it may well implement such
decisions differently.  Thus code that worked before may stop working,
and this situation is both legal and consistent with ACVCs.  This is the
long term stability problem raised by the original poster on this
subject.

Now, don't get me wrong.  Ada is probably vastly less susceptible to
this problem than any other contender in the market place.  But Ada is
not perfect, and none of us should pretend that it is.

This problem has attracted much attention in the Ada 9X Requirements
process, and the Requirements Document encourages the Mapping/Revision
Team to eliminate as many implementation freedoms as possible.  That's
surely good.  However, every implementation freedom eliminated in 9X
represents a lack of upward compatability for folks whose code happens
to take advantage of such freedom, and these folks will surely get
burned.  The Requirements Team, with the support of the Distinguished
Reviewers, concluded that this was the best long-term solution for Ada.

The pertinent provision of the Requirement Document is from Section 1.4
on General Guidelines:

  - Upward Compatibility: In general, any legal Ada 83 program must also
    be a legal Ada 9X program and must have the same effect allowed or
    required by Ada 83.  However, to improve the portability of Ada
    programs, and to satisfy other requirements, it may be necessary to
    eliminate some effects allowed by Ada 83 or to make some Ada 83
    programs illegal.  In these cases, the following guidelines shall
    apply:

     - No implementation-dependent behavior allowed in Ada 83 shall be
       excluded in Ada 9X if that behavior is actually supported by a
       significant number of implementations and is important to a
       significant number of users.

     - No Ada 83 program shall be illegal in Ada 9X unless it is
       relatively easy to correct the illegal program or it is expected
       that very few existing legal programs will be affected (since the
       programs are either pathological or erroneous).

     - No legal Ada 83 program shall have a different semantic effect in
       Ada 9X unless it is expected that extremely few existing programs
       will be affected (e.g., it might be acceptable to modify the
       optimization rules in ways that affect when the evaluation of an
       expression requires CONSTRAINT_ERROR or NUMERIC_ERROR to be
       raised).

    Any non-upward-compatible changes shall be justified by the
    Mapping/Revision Team and where possible, accompanied by an analysis
    of techniques for detecting possible incompatibilities in existing
    programs.

Art Evans
Software Engineering Institute
Carnegie Mellon University