From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.6 required=5.0 tests=BAYES_00,FROM_WORDY autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 108abf,bb3e71adef77f5a2 X-Google-Attributes: gid108abf,public X-Google-Thread: 103376,263215cdd36be286,start X-Google-Attributes: gid103376,public X-Google-ArrivalTime: 2001-06-18 20:00:04 PST Path: archiver1.google.com!newsfeed.google.com!newsfeed.stanford.edu!news.tele.dk!207.115.63.138!newscon04.news.prodigy.com!newsmst01.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!newssvr17.news.prodigy.com.POSTED!not-for-mail From: "Ken Garlington" Newsgroups: rec.aviation.military,comp.lang.ada References: <9gb1uu$87u7o$1@ID-52877.news.dfncis.de> Subject: Re: help me please! Organization: ex-FlashNet, now Prodigy X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: <3ezX6.311$kV6.181850212@newssvr17.news.prodigy.com> NNTP-Posting-Host: 65.67.102.33 X-Complaints-To: abuse@prodigy.net X-Trace: newssvr17.news.prodigy.com 992919551 6207069 65.67.102.33 (Mon, 18 Jun 2001 22:59:11 EDT) NNTP-Posting-Date: Mon, 18 Jun 2001 22:59:11 EDT Date: Tue, 19 Jun 2001 02:59:11 GMT Xref: archiver1.google.com rec.aviation.military:39881 comp.lang.ada:8878 Date: 2001-06-19T02:59:11+00:00 List-Id: [cross-posted to comp.lang.ada] "Emmanuel Gustin" wrote in message news:9gb1uu$87u7o$1@ID-52877.news.dfncis.de... : "Jamal Bengeloun" wrote in message : news:df481109.0106140310.5d923746@posting.google.com... : : > I am doing a graduate end of term research on the use of java in : > avionics systems, on the certification issues regarding those systems : > and finally on the viability of java in avionics (well why not Ada by : > the way? From what I've read here java is regarded as cooler, but is : > it safe?). First, on the current use of Java in avionics: I haven't personally seen any "safety-critical" (Level A, or SIL 4 if you prefer) real-time embedded avionics projects announced to date that use the Java language. I suspect this is due to a combination of issues: the complexity of certifying the system (including the JVM), the potential impact of garbage collection on run-time schedulability analysis, efficiency issues, and availability on certain platforms. However, particularly since not all avionics applications are necessarily safety-critical, this doesn't rule out Java implementations for lower criticality levels. With respect to certification issues, it depends on the certification scheme. Trying to certify a Java implementation against MoD 00-55, for example, would probably be much more difficult than with DO-178, which in turn would be probably more difficult than MIL-STD-882 (although in practice, it also depends a lot on the specific people granting the certification). Part of the problem is defining what is really meant by a "Java" implementation. If you're referring to Java targeted to the JVM, that's going to be significantly more difficult than Java compiled as "native" code. Conversely, using Ada as the source language, but with JVM as the target (such compilers do exist), might also be easier than Java + JVM. Again, it depends upon the certification criteria. For the sake of discussion, let's assume we're taking about a "traditional" Java implementation using a JVM, certified along the lines described in DO-178. I would suspect the only way this could be certified is through the use of some (probably all) of the following approaches: -- The Java/JVM vendor would need to provide sufficient data to certify both the Java toolset and the JVM implementation, including configuration management and verification records. For a Level A implementation, this would be significantly more information than you would normally expect a commercial vendor to generate, although some embedded OS vendors (Aonix, WindRiver, etc.) have such packages. As others have noted, the license agreements normally included with Java products don't encourage me that many Java vendors are working on this, but it's possible. - The avionics developer (or a third party) would have to generate a sufficiently robust verification scheme for both the toolset and JVM to independently show that both components are acceptable when integrated into the total system. AFAIK, RTCA has not yet bought off on the idea of independently certifying individual software components, so such integrated proof would be important. - Some use of product service history (i.e., the lack of defects attributable to the toolset/JVM when used in other applications) could be helpful; however, RTCA's position as I understand it places a number of limitations on how much faith can be placed on past experience. (Some DERs, on the other hand, seem to put a lot of faith in it.) Bottom line? I wouldn't want to be the first guy to go through this process. However, it might be technically feasible. It wouldn't seem to be economically desirable vs. other languages at this time, though. In terms of the general viability/safety of Java (and Ada) vs. C++, a recent column by Peter Coffee may be of some interest: http://www.zdnet.com/eweek/stories/general/0,11011,2769111,00.html I don't know if anyone has generated a specific guide for application of Java to safety-critical systems, as exists for C and Ada. I'd be surprised if one exists. One brief analysis is available at http://www.adaic.com/docs/reports/lawlis/p.htm It appears that the J Consortium's High Integrity Profile Task Group is working on a better analysis; more information is available at http://www.j-consortium.org and http://www.aonix.com/content/news/pr_9.28.99_2.html. There's a presentation on the first site that outlines some of the issues. Moving on to the side-issue of Ada: : Ada is widely regarded as a language designed by a committee, : on a par with FORTRAN-99, and handicapped by an excessive : number of features. I don't know; I never used it. As someone who _has_ actually used Ada in avionics applications (unlike Mr. Gustin, who was honest about his own lack of experience, and Mr. Tarver, who failed to note that he is unqualified to give an educated opinion), I believe this is an extremely inaccurate characterization of Ada. It continues to be used in a number of areas, e.g. for MoD 00-55 SIL 4 applications. There are non-technical factors that adversely affect its use, particularly in the U.S. marketplace. See the National Academy of Sciences study "Ada and Beyond: Software Policies for the Department of Defense," available at http://www.nap.edu/catalog/5463.html for more information on this subject. General information on Ada is available at http://www.acm.org/sigada and other sources.