The A-Z of programming languages: Ada

Computerworld Australia is undertaking a series of investigations into the most widely used programming languages. Previously we have spoken to Alfred Aho, of AWK fame, and Chet Ramey about his experience maintaining Bash.

In this article we chat with S. Tucker Taft, chairman and CTO of SofCheck. Taft has been heavily involved in the Ada 1995 and 2005 revisions, and still works with the language today as both a designer and user.

Computerworld Australia spoke to Taft to learn more about the development and maintenance of Ada, and found a man deeply committed to language design and development.

How did you first become involved with Ada? After graduating in 1975, I worked for Harvard for four years as the "system mother" for the first Unix system outside of Bell Labs. During that time I spent a lot of time with some of the computer science researchers and became aware of the "DOD-1" language design competition.

I had been fascinated with programming language design for several years at that point and thought it was quite exciting that there was a competition to design a standard language for mission-critical software. I also had already developed some strong opinions about language design, so I had some complaints about all of the designs.

In September of 1980, a year after I left my job at Harvard, I returned to the Boston area and ended up taking a job at Intermetrics -- the company responsible for the design of the "Red" language, one of the four semifinalists and one of the two finalists for DOD-1. By that time [the language was] renamed to Ada in honor of Lady Ada Lovelace, daughter of Lord Byron and associate of Charles Babbage.

Although Intermetrics had shortly before lost the competition to Honeywell-Bull-Inria, they were still quite involved with the overall process of completing the Ada standard and were in the process of bidding on one of the two major Ada compiler acquisitions, this one for the Air Force. After a six-month design period and 12-month public evaluation, the Intermetrics design was chosen over two others, and I became first the head of the "Ada Program Support Environment" part, and then ultimately of the Ada compiler itself.

One of the requirements of the Air Force Ada Integrated Environment contract was to write the entire compiler and environment in Ada itself, which created some interesting "bootstrap" problems. In fact, we had to build a separate "boot" compiler in Pascal before we could even compile the "real" compiler. By the time we delivered, we had written almost a million lines of Ada code, and had seen Ada go from a preliminary standard to a Military standard (MIL-STD-1815), to an ANSI standard (Ada 83), and finally to an ISO standard (ISO 8652, Ada 87). I also had to go through the personal progression of learning the language, griping about the language and then finally accepting the language as it was, so I could use it productively.

However, in 1988, the U.S. Department of Defense announced that they were beginning the process to revise the Ada standard to produce Ada 9X (where X was some digit between 0 and 9). I quickly resurrected all my old gripes and a few new ones, and helped to write a proposal for Intermetrics to become the Ada 9X Mapping/Revision Team (the government's nomenclature for the language design team). This time the Intermetrics team won the competition over several other teams, including one that included Jean Ichbiah, the lead designer of the original Ada 83 standard. I was the technical lead of the Intermetrics MRT team, with Christine Anderson of the Air Force as the manager of the overall Ada 9X project on the government side.

What are the main differences between the original Ada and the 95 revision? The "big three" Ada 95 language revisions were Hierarchical Libraries, Protected Objects and Object-Oriented Programming. Hierarchical Libraries referred to the enhancement of the Ada module namespace to take it from Ada 83's simple "flat" namespace of "library units," where each unit had a single unique identifier, to a hierarchical namespace of units, with visibility control between parent and child library unit.

Protected Objects referred to the new "passive," data-oriented synchronization construct that we defined to augment the existing "active" message/rendezvous-oriented "task" construct of Ada 83.

Object-oriented programming was provided in Ada 95 by enhancing an existing "derived type" capability of Ada 83, by supporting type extension as part of deriving from an existing type, as well as supporting run-time polymorphism with the equivalent of "virtual functions" and runtime type "tags."

What prompted the Ada revision in 95? ISO standards go through regular revision cycles. Generally, every five years a standard must be reviewed, and at least every 10 years it must be revised. There were also some specific concerns about the language, though generally the language had turned out to be a reasonably good fit to the needs of mission-critical software development.

In particular, Ada's strong support for abstract data types in the guise of packages and private types had emerged as a significant step up in software engineering, and Ada's runtime checking for array bounds and null pointers had helped catch a large class of typical programming errors earlier in the life cycle.

Was there a particular problem you were trying to solve? Object-oriented programming was growing in popularity at the time, though it was still not fully trusted by much of the mission-critical software development community. In addition, the Ada 83 tasking model was considered elegant, but did not provide the level of efficiency or control that many real-time system developers would have preferred.

Once the Ada 9X revision process began, a "requirements" team was formed to solicit explicit comments from the Ada community about the language, both in terms of things to preserve and things to improve.

Have you faced any hard decisions in your revision of Ada? Every language-design decision was pretty hard, because there were many goals and requirements, some of which were potentially conflicting. Perhaps the most difficult decisions were political ones, where I realized that to achieve consensus in the language revision process among the ISO delegations, we [the design team] would have to give up some of our personal "favorite" revision proposals.

Are you still working with the language now, and in what context? Yes, I am still working with the language, both as a user and as a language designer. As you may know, the newest version of the language, known as Ada 2005, just recently achieved official standardization. The Ada 2005 design process was quite different from the Ada 95 process, because Ada 2005 had no Department of Defense-supported design team and instead had to rely on strictly voluntary contributions of time and energy.

Nevertheless, I am extremely proud of the accomplishments of the Ada 2005 design working group. We managed to round out many of the capabilities of Ada 95 into a language that overall I believe is even better integrated, is more powerful and flexible, while also being even safer and more secure.

Would you have done anything differently in the development of Ada 95 or Ada 2005 if you had the chance? The few technical problems in the development of Ada 95 that emerged later during use were either remedied immediately, if minor, through the normal language maintenance activities ("we couldn't have meant that... we clearly meant to say this"). Or if more major, were largely addressed in the Ada 2005 process. From a process point of view, however, I underestimated the effort required in building international consensus, and in retrospect I should have spent more time establishing the rationale for revision proposals before springing them on the panel of distinguished reviewers and the ISO delegations.

Are you aware of any of the Defense projects for which the language has been used? Ada was mandated for use by almost all significant Defense department software projects for approximately 10 years, from 1987 to 1997, and there were a large number of such projects. In the early years there were real challenges because of the immaturity of the Ada compilers. In the later years, in part because of the early difficulties, there were a number of projects that applied and received waivers to allow them to use other languages. Nevertheless, in the middle years of 1989 to 1995 or so, there was a boom in the use of Ada, and much of it was quite successful.

As far as specific projects, the Apache helicopter and the Lockheed C-130J (Hercules II Airlifter) are two well-known examples. The Lockheed C-130J is particularly interesting because it was developed using a formal "correctness by construction" process using the SPARK Ada-based tool set from Praxis High Integrity Systems. The experience with that process was that, compared to industry norms for developing safety-critical avionics software, the C-130J development had a 10 times lower error rate, four times greater productivity, half as expensive a development process and four times productivity increase in a subsequent project thanks to substantial reuse. NASA has also used Ada extensively for satellite software, and documented significantly higher reuse than their prior non-Ada systems.

In general, in study after study, Ada emerged as the most cost-effective way to achieve the desired level of quality, often having an order-of-magnitude lower error rate than comparable non-Ada systems after the same amount of testing.

Can you elaborate more on the development of the Static Interface Analysis Tool (SIAT) for Ada on behalf of the NASA Space Stations IV&V? The SIAT project was an early attempt to create a browser-based tool for navigating through a complex software system. The particular use in this case was for analyzing the software designed for the large network of computers aboard the International Space Station. It turns out that these systems have a large number of data interfaces, where one computer would monitor one part of the Space Station and report on its state to other computers, by what amounted to a large table of global variables. The SIAT tool was designed to help ensure that the interfaces were consistent, and that data flowed between the computers and these global variable tables in an appropriate way.

Are you aware of why the Green proposal was chosen over the Red, Blue and Yellow proposals at the start of Ada's development? The Green proposal reached a level of stability and completeness earlier than the other designs, and Jean Ichbiah did an excellent job of presenting its features in a way that the reviewers could understand and appreciate. Although there were flashes of brilliance in the other designs, none of them achieved the polish and maturity of the Green design.

Did you ever work closely with Jean Ichbiah? If so, what was the working relationship like, and what did you do together? I worked on and off with Jean during the final days of the Ada 83 design, and during some of the Ada maintenance activities prior to the start of the Ada 9X design process.

Jean was busy running his own company at the start of the Ada 9X process, but did end up joining the process as a reviewer for a period during 1992 and 1993. As it turned out, Jean and I had quite different views on how to design the object-oriented features of the updated language, and he ultimately left the project when it was decided to follow the design team's recommended approach.

In your opinion, what lasting legacy have Ada and Ada 95 brought to the Web? I believe Ada remains the benchmark against which all other languages are compared in the dimension of safety, security, multi-threading, and real-time control. It has also been a source for many of the advanced features in other programming languages. Ada was one of the first widely used languages to have a language construct representing an abstraction (a package), an abstract data type (a private type), multi-threading (tasks), generic templates, exception handling, strongly typed separate compilation, subprogram inlining, etc. In some ways Ada was ahead of its time, and as such was perceived as overly complex. Since its inception, however, its complexity has been easily surpassed by other languages, most notably C++, while its combination of safety, efficiency and real-time control has not been equaled.

1 2 Page 1
Page 1 of 2
9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon