From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00,INVALID_DATE,
	MSGID_SHORT autolearn=no autolearn_force=no version=3.4.4
Path: utzoo!mnetor!uunet!husc6!bbn!rochester!PT.CS.CMU.EDU!sei!ajpo!eberard
From: eberard@ajpo.sei.cmu.edu (Edward Berard)
Newsgroups: comp.lang.ada
Subject: Protection for Ada Binary Libraries
Message-ID: <324@ajpo.sei.cmu.edu>
Date: 19 Feb 88 10:14:09 GMT
Organization: Ada Joint Program Office
Keywords: Ada, Libraries, Protection
List-Id: <comp.lang.ada>

I find myself dealing with increasing numbers of clients who are
considering the use of Ada technology for commercial (non-weapons
systems, and often non-government) applications. Often questions arise
which would never even be considered in the embedded real-time arena.
What follows is one of those questions.

Suppose one is developing an Ada product which is to be used by Ada
software engineers. Part of this product involves a library of Ada
packages. The developer wishes to make the package specifications
available to his or her clients, but wishes to protect the bodies of
these same packages. The mechanism the developer chooses is to create
a "binary" Ada library using the library mechanisms provided by Ada
development system vendors. (For example, on the DEC VAX the developer
will use DEC's Ada library mechanism, and on a Sun Workstation the
developer will supply several libraries, e.g., one for the TeleSoft
compiler, one for the Verdix compiler, one for the Alsys compiler, and
one for the Tartan Labs compiler.)

Everything appears to be in order until the developer discovers that
by using the symbolic debugger supplied in some of these environments,
a client can have access to all the source code for the bodies to the
packages. Before I advise this client on what I feel is the obvious
answer, I need to make sure that what I am saying is accurate.
Specifically, I need answers to the following questions:

   1. When compiling Ada source code into a library, do most, if not
      all, Ada compilers have some mechanism (e.g., a /NO DEBUG
      switch) which will prevent the source (and even close
      approximations of the original source) from being placed in the
      library?

   2. Assuming one can prevent the original Ada source code from
      becoming part of the library, are there any obvious (or subtle)
      disadvantages to this with some Ada compilers?

   3. Are there other commonly accepted mechanisms for protecting
      source code in Ada libraries?

   4. Given that a developer wishes to make binary libraries of Ada
      packages available to potential clients, are there better
      mechanisms than tying the libraries to specific Ada development
      system?

				-- Ed Berard
				   eberard@ajpo.sei.cmu.edu
				   (301) 695-6960