From: Peter Amey <peter.amey@praxis-cs.co.uk>
Subject: Re: Ada used in General Aviation (GA) applications?
Date: Thu, 13 May 2004 08:43:17 +0100
Date: 2004-05-13T08:43:17+01:00 [thread overview]
Message-ID: <2ggn4gF2no0lU1@uni-berlin.de> (raw)
In-Reply-To: <40A21D65.7050806@noplace.com>
Marin David Condic wrote:
> The "Compile Ada to C then compile C to the target..." approach has been
> enormously popular and successful, hasn't it? :-)
Yes, considering we only came up with the SPARK -> C idea last year it
has been rather popular :-)
> Nobody wants to use two compilers, nobody wants to cobble the whole mess
> together and nobody wants to fight all the rest of the development tools
> that will be targeted to C. The whole argument amounts to "Go out and
> spend lots of extra money, take lots of extra time and go through lots
> of extra pain in order to have the *privilege* of programming your
> little board in Ada - all for a job that might only involve a couple of
> guys for a few months." It has not sold well and I doubt it ever will.
> Ada is either right there on the shelf with an embedded development kit
> or the embedded guys go elsewhere.
There is some truth in what you say, the process has to be convenient.
I think this hinders use of the approach for Ada in general. The use of
SPARK changes the gearing somewhat:
1. You are achieving more than "the privilege of programming your
little board in Ada", you are gaining the ability to do very high levels
of validation much earlier in the development process. Before you even
get to C you can have eliminated use of unset variables, proved freedom
from all run-time errors, shown that values remain in
design-domain-defined ranges (regardless of what C predefined type they
end up being implemented as), demonstrated separation of critical and
non-critical information flows and even proved that certain important
properties of the code hold.
2. The translation process can be completely transparent. As far as we
are concerned on one project, we have what amounts to a SPARK to target
compiler. We don't need to process the C manually at all.
3. If you are constrained to deliver something like MISRA-C then it is
orders of magnitude easier to arrange for the translator to represent
the exact SPARK design in something which is unequivocally MISRA-C than
to demonstrate retrospectively that hand-crafted C conforms to the
subset rules.
4. For very critical applications, the C provides an intermediate
representation between the SPARK and the object code and this makes
object code verification much easier than it otherwise would be. For
example, array assignments at the Ada level are "unwrapped" at the C
level. This intermediate representation allows one very hard step:
comparing Ada to machine code to be replaced by two much easier ones:
Ada to (simple) C and C to machine code.
5. You don't need, and therefore don't have to validate, a run-time
library.
So far from having to "spend lots of extra money, take lots of extra
time and go through lots of extra pain" we find the combination allows
us to produce higher quality at lower cost than writing directly in C.
regards
Peter
next prev parent reply other threads:[~2004-05-13 7:43 UTC|newest]
Thread overview: 119+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-10 9:17 Ada used in General Aviation (GA) applications? Kai Glaesner
2004-05-10 11:39 ` Marin David Condic
2004-05-10 17:59 ` Jeffrey Carter
2004-05-11 11:38 ` Marin David Condic
2004-05-10 18:28 ` Bernd Specht
2004-05-10 20:10 ` Martin Dowie
2004-05-11 7:37 ` Dmitry A. Kazakov
2004-05-11 9:45 ` Bernd Specht
2004-05-11 9:52 ` Bernd Specht
2004-05-11 11:50 ` Marin David Condic
2004-05-12 0:07 ` Richard Riehle
2004-05-12 12:21 ` Marin David Condic
2004-05-12 15:36 ` Robert C. Leif
2004-05-11 19:34 ` Bernd Trog
2004-05-11 20:46 ` Bernd Specht
2004-05-12 17:09 ` Mike Silva
2004-05-12 18:51 ` Bernd Specht
2004-05-13 5:50 ` Pascal Obry
2004-05-13 7:21 ` Vinzent 'Gadget' Hoefler
2004-05-13 8:10 ` Bernd Specht
2004-05-13 8:57 ` Vinzent 'Gadget' Hoefler
2004-05-13 9:27 ` Ludovic Brenta
2004-05-13 11:46 ` Marin David Condic
2004-05-13 19:20 ` Randy Brukardt
2004-05-13 21:00 ` tmoran
2004-05-13 23:41 ` Alexander E. Kopilovich
2004-05-14 6:44 ` Anders Wirzenius
2004-05-14 13:54 ` Andersen Jacob Sparre
2004-05-17 5:27 ` Anders Wirzenius
2004-05-17 11:53 ` Marin David Condic
2004-05-14 22:31 ` Ludovic Brenta
2004-05-15 9:05 ` Jacob Sparre Andersen
2004-05-15 11:46 ` Ludovic Brenta
2004-05-16 16:48 ` Jeffrey Carter
2004-05-17 6:35 ` Time to market, was: " Anders Wirzenius
2004-05-17 12:17 ` Marin David Condic
2004-05-18 1:05 ` Jeffrey Carter
2004-05-18 7:58 ` Peter Amey
[not found] ` <40A9EFFC.7090708@noplace.com>
2004-05-19 0:45 ` Jeffrey Carter
2004-05-17 12:04 ` Marin David Condic
2004-05-17 6:09 ` Anders Wirzenius
2004-05-18 4:45 ` Simon Wright
2004-05-17 11:58 ` Marin David Condic
2004-05-17 6:15 ` Martin Krischik
2004-05-17 11:48 ` Marin David Condic
2004-05-13 16:45 ` Pascal Obry
2004-05-13 17:05 ` Lutz Donnerhacke
2004-05-13 20:59 ` Bartłomiej Świercz
2004-05-13 21:06 ` Pascal Obry
2004-05-14 1:07 ` Alexander E. Kopilovich
2004-05-13 22:37 ` Alexander E. Kopilovich
2004-05-14 6:41 ` Ole-Hjalmar Kristensen
2004-05-13 19:30 ` Bernd Trog
2004-05-13 16:17 ` Mike Silva
2004-05-11 20:15 ` Martin Dowie
2004-05-12 12:30 ` Marin David Condic
2004-05-13 7:55 ` Dmitry A. Kazakov
2004-05-13 12:01 ` Marin David Condic
2004-05-13 13:22 ` Dmitry A. Kazakov
2004-05-17 12:25 ` Marin David Condic
2004-05-17 13:11 ` Dmitry A. Kazakov
2004-05-13 19:29 ` Randy Brukardt
2004-05-14 10:45 ` Kai Glaesner
2004-05-14 22:35 ` Ludovic Brenta
2004-05-17 12:26 ` Marin David Condic
2004-05-17 19:29 ` Randy Brukardt
2004-05-18 1:09 ` Jeffrey Carter
[not found] ` <40A9F260.9080300@noplace.com>
2004-05-19 0:50 ` Jeffrey Carter
2004-05-19 1:34 ` Marin David Condic
2004-06-06 9:48 ` I R T
2004-05-18 4:50 ` Simon Wright
[not found] ` <40A9F38C.9080003@noplace.com>
2004-05-18 21:05 ` Simon Wright
2004-06-06 9:51 ` I R T
2004-05-18 12:05 ` Marin David Condic
2004-05-19 17:17 ` Randy Brukardt
2004-05-19 22:21 ` Marin David Condic
2004-05-20 19:10 ` Georg Bauhaus
2004-05-21 11:39 ` Marin David Condic
2004-05-19 22:42 ` Jeff C,
2004-05-20 11:36 ` Marin David Condic
2004-05-21 1:46 ` Jeff C,
2004-05-21 5:46 ` Richard Riehle
2004-05-21 5:44 ` Simon Wright
2004-06-06 10:01 ` I R T
2004-05-12 2:32 ` Steve
2004-05-12 12:34 ` Marin David Condic
2004-05-13 6:21 ` Richard Riehle
2004-05-13 8:30 ` End of "discussion" (was Re: Ada used in General Aviation (GA) applications?) Bernd Specht
2004-05-13 15:14 ` Robert I. Eachus
2004-05-13 12:09 ` Ada used in General Aviation (GA) applications? Marin David Condic
2004-05-13 14:58 ` Martin Dowie
2004-05-13 20:37 ` Symbian OS (was: Re: Ada used in General Aviation (GA) applications?) Alexander E. Kopilovich
2004-05-11 11:41 ` Ada used in General Aviation (GA) applications? Marin David Condic
2004-05-11 17:28 ` Bernd Specht
2004-05-12 12:42 ` Marin David Condic
2004-05-13 8:00 ` Dmitry A. Kazakov
2004-05-12 10:01 ` Peter Amey
2004-05-12 12:50 ` Marin David Condic
2004-05-12 14:45 ` Georg Bauhaus
2004-05-13 7:43 ` Peter Amey [this message]
2004-05-13 12:17 ` Marin David Condic
2004-05-12 17:13 ` Mike Silva
2004-05-10 21:31 ` Ludovic Brenta
2004-05-11 11:29 ` Martin Dowie
2004-05-11 20:12 ` Martin Dowie
2004-05-11 14:29 ` Britt Snodgrass
2004-06-06 9:30 ` I R T
-- strict thread matches above, loose matches on Subject: below --
2004-05-12 9:06 Lionel.DRAGHI
2004-05-12 12:52 ` Marin David Condic
2004-05-12 17:58 ` Bernd Specht
2004-05-12 18:13 ` Ludovic Brenta
2004-05-12 18:28 ` Mark Lorenzen
2004-05-13 13:31 ` Mike Silva
2004-05-12 14:25 Lionel.DRAGHI
2004-05-13 7:57 Lionel.DRAGHI
2004-05-13 8:39 Lionel.DRAGHI
2004-05-14 11:44 Lionel.DRAGHI
2004-05-14 18:11 ` Martin Dowie
2004-05-16 18:53 ` Robert I. Eachus
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox