Ada UK conference: SPARK safety: is no delivery better than 1 defect?

["Michael" <fvit@shaw.ca>]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 1413 bytes --]

Hi all,

The next Ada Conference UK 2009 (March 24, in London), is to highlight the 
increased relevance of Ada in safety-and security-critical programming.

Software reliability and conformance are the Ada's raison d'�tre and the 
main objectives of software engineering.  Base on that, safety engineering 
is focusing on the global system vision (e.g.: unforeseen interactions of 
reliable sub-systems, modifications to the system, changes to the 
operational environment.)

About safety, does Ada need to still evolve, or engineers being more 
responsible?

The SPARK Ada enhancement was recently brought to our attention, (from an 
open-source mini demonstrating project named Tokeneer).  Based on a subset 
of Ada, SPARK code "should be correct by virtue of the techniques used in 
its construction".  Tookeneer might, but not iFACTS (a medium term flight 
conflict detection system "scheduled for delivery by Dec-07, re-approved by 
the NATS Board in January 2008, with a revised cost, delivery and benefits 
profile".  ("re-planned again for 2009, and now with an optimised schedule 
of Winter 2010").

In regards to the Tokeneer mini-project findings, were the safety critical 
iFACTS project's delays and deficiencies predictable?

That should be one of the main Ada Conference safety concerns. (Tookeneer 
and SPARK are both in the Ada conference program, but not iFACTS yet!).

Cheers,

MIchael