Re: Porting from Modula-2 to Ada

[Colin_Paul_Gloster@ACM.org (Colin Paul Gloster)]

Colin Paul Gloster said on Thursday 24th October 2002:

"In article <xzVr9.8$7m4.2475110@newssvr12.news.prodigy.com>, Pat Rogers
wrote:
""Nicolas Cail�n Paul Gloster" <Colin_Paul_Gloster@ACM.org> wrote in
message news:3DAFEE75.9BF44775@ACM.org...
[..] 
 > I noticed that in the book "Safety-critical computer systems"
 written
 > by Neil Storey and published in 1996 by Addison-Wesley with ISBN
 > 020 1427 877 that were more compilers available for embedded
 targets,
 > at least according to Neil Storey or the author(s) of a study
 looking
 > at Pascal; C; Ada 83; Modula 2; assemblies; and about three other
 > languages he referred to, Modula-2 would be preferrable to use than
 Ada.
 > What are your views on this?
  
  That is not the conclusion I would draw from the text.  See for
  example page 224:
  
  "This factor [use of mature tools versus new ones] has implications
  for the use of languages such as Modula-2.  From Table 9.2 it is clear
  that a suitable subset of Modula-2 has many of the attractive
  attributes associated with safety-critical software.  However, the
  comparatively little use of this language within this field is a
  distinct disadvantage.  Some safety-critical applications are using
  Modula-2 ... and perhaps, in time, sufficient experience will be
  gained to allow it to become a preferred language in this area."
  
  I'm not aware of the "internationally recognized safe subset" for
  Modula-2 that his tables (and the text on pg. 223) indicate exist.
  Does anyone have a reference?" 

I will not have access to the book again for quite some time, but I
thought that he or a study he referred to advocated the Modula-2
language for ideal world use, but that in real world use it was not
used enough to reassure that its compilers are good enough, so that
Ada was still recommended as the favorite due to tool quality (not
language) concerns.

I do not remember a mention of a subset of Modula-2, but if he mentioned
it, then it might be described in the study examining Pascal; C; Ada 83;
Modula-2; and assemblies he referred to for one of his tables."

I have looked up the reference Neil Storey gave for Table 9.2. The paper 
is arguably lacking in detail and references. More quickly I have looked
back at Neil Storey's book, and I do not seem to see his expressing of
preferrence for Modula-2 instead of Ada 83, almost the reverse. Sorry.

From "The choice of computer languages for use in safety-critical
systems" by W.J. Cullyer, S.J. Goodenough [what a surname!] and
B.A. Wichmann on pages 51 to 58 of the IEE's March 1991 Volume 6 Number 2
issue of "Software Engineering Journal":

"[..]

[From page 51:] This paper makes it clear that 'unsafe' constructions
exist in all known assembly and high-order languages. [..] Hence, the
advice given favours the use of well defined subsets of the commonly
available languages.

[..]

[From page 52:] The resulting Tables should not be regarded as fixed. New
research and development of sub-languages policed by formal methods may
tend to enhance particular assessment as we move into the 1990s. This is
particularly true in rela-tion to Ada, which at the moment is immature for
this application area. All assessments given in the Tables should
therefore be treated as lower bounds, arising from the state of scientific
knowledge.

[..]

[From page 56:]

	Table 5		Modula-2 and a subset
	[..]

4.6	Modula-2

The Modula-2 language has a substantial fraction of the power of Ada but
is only of the same complexity as ISO Pascal. In some respects, it can
be regarded as a highly suitable language for safety-critical software,
being strongly typed and with modules for information hiding. ISO has
agreed to standardise the language, and this work is being undertaken [..]

* Data typing: although Modula-2 is a strongly typed language, there are
three loopholes to the type rules:
	* unsafe use of variant records, as in Pascal;
	* use of an explicit unsafe conversion function;
	* use of parameters of type WORD, which matches
	any parameter type.

[..]

* Safe subsets: a safe subset would exclude case state-ments with
uncovered cases and the three forms of type loopholes noted above.
[..]
[..] although a Modula-2 subset looks good, it may lack adequate
functionality for a specific application. [..From page 57:] Nevertheless,
it is felt that of the Standard languages, Modula-2 is inherently more
secure than the others listed here.

4.7	Ada

[..] the assessment given below of the characteristics of a sub-language
that could appear is of necessity, based on theoretical considerations
rather than experience.
[..]

* The languages that design teams should consider as candidates for use in
high-integrity systems are, according to the assessments in this paper,
and in descending order of merit

	* ISO Pascal [..]
	* an Ada sub-language[..]
	* a Modula-2 sub-language[..]

[..]

* If analysis of the hazards suggests that the risks are comparatively
low, the second group of languages that may be considered includes, in no
particular order

	* structured assembly languages;
	* DoD Ada, with minimal restrictions;
	* ISO Pascal, with minimal restrictions;
	* Modula-2, with minimal restrictions.

[..]

* Based on the assessments in this paper, the use of the following
languages is to be deprecated when safety is an issue:

	* [..]
	* C (despite its many adherents);
	* [..].

[..]

(C) Crown copyright 1991.

[..]"