Re: SPARK User Group 2008

["Michael" <Michael@home.ca>]

Is the iFACTS project going to be an Ada success story?



iFACTS is an engineering project made without engineering.

That should have been a must, for a Medium Term Conflict Detection software 
conceived to enhance ATC operations and assist the UK flight controllers in 
assuring safety.



Results are delays and an unusual amount of deficiencies.   Some Ada 
projects are like that:  ignoring the engineering for the sake of Ada.



Ensuring system safety, stability and non-saturation are ones of the main 
engineering challenges.  Ada is an engineering tool made to meet such 
objectives; and it works pretty well if used with the best software 
engineering practices and processes (i.e: SEI's CMM level III and over).



SPARKS is a subset of Ada.  The general goal of SPARK is to provide a 
language which increases the probability of the software code behaving as 
intending.  In another word SPARK provides additional information, which 
allows performing rigorous mathematical analysis in order to significantly 
increase the code intrinsic integrity and runtime correctness.  The benefits 
are to reduce the risk of processing erroneous data, and then preventing any 
error handling and/or system recovering risk.



SPARKS has its advantages and its limitations.  It better works for small 
embedded projects like airborne systems.



Praxis-Hight Integrity Systems should have been well advised to favour High 
Engineering Reliability.  That's still not sufficient for safety, but better 
than nothing (i.e: iFACTS).



Cheers,



Michael

Vancouver