AdaIC News
Summer 1997

Ada Information Clearinghouse
The Official Source for Ada Information

Vol. XV, No. 1
ISSN 1064-1505
No Charge

AdaIC Sponsored by the Ada Joint Program Office and operated by IIT Research Institute


In This Issue


DoD to Replace Ada Mandate with Software-Engineering Process

On Nov. 1, 1996, the National Research Council (NRC) at the National Academy of Sciences (NAS) released the draft of its recommendations on the use of the Ada programming language in the Department of Defense (DOD). In mid-January, the final version was published and submitted to the DOD.

The NRC report, titled “Ada and Beyond: Software Policies for the Department of Defense”, made three key recommendations: 1) except for what it termed “warfighting” software, DOD should drop its mandate to use Ada; 2) DOD should invest roughly $15 million per year in Ada support in the warfighting domain or drop the Ada requirement completely; and 3) DOD should establish a software-engineering review process for DOD software projects, within which each project would make its language decisions.

(For more on the report itself, see the previous issue of this newsletter. For information on obtaining a copy of the report, one place to start is the Ada Information Clearinghouse’s World Wide Web site (http://archive.adaic.com/docs/present/nrc/). You can also see the NRC’s Web site (http://www2.nas.edu/cstbweb/21b6.html), or contact them at 800/624-6242 (Monday-Friday, 8:30am-5:00pm ET).

Engineering process rather than mandate, even for “warfighting”

On Feb. 27, 1997, Hon. Emmett Paige, Jr., Assistant Secretary of Defense for Command, Control, Communications, and Intelligence (ASD C3I), commented on the report in electronic mail to DOD senior executives working in the area of software. He said that he was “prepared to accept and implement all of [the NRC] recommendations with one exception”. Whereas the NRC report had suggested retaining the Ada mandate for “warfighting” systems, Mr. Paige said he believed the DOD “should no longer require Ada for any of its systems....”

At the NRC public hearing and in other contexts, questions were raised about the NRC report’s definition of “warfighting” and the DOD’s ability to give this term a clear reference. The NRC study team chose a relatively narrow definition for the term – specifically noting that its use of the term was narrower than widely used terms such as “mission critical”, or “C3I”.

In the area of weapons control, for instance, the NRC’s term “warfighting” did not include “support subsystems performing mainstream data management, networking, and graphical user interface functions”. Similar exclusions were noted for other domains.

The software-engineering process

For the DOD, the primary need for Ada has always been Ada’s inherent support for the principles of sound software engineering. To accomplish these ends without a language mandate, the report recommended that the DOD implement what it termed a software engineering plan review process – also called an “architecture review” process by others.

In the words of the report, the purpose of such a process is “to embody institutional and long-term interests in requirements for formulation, development, and post-deployment that might otherwise be compromised in favor of short-term goals.” Such engineering reviews would take place “at key points in the engineering process” and would be “conducted by peers and representatives of key stakeholders. These reviews are typically managed at the Program Executive Officer (PEO) level.”

Within such a process, language is just one important engineering decision in software development. With advances in software engineering, it is now widely held that it does not make sense to focus solely on language selection and ignore other critical software-engineering decisions.

A reasonable software-engineering process could work towards many of the same goals that the DOD had in adopting Ada. Considering proliferation of programming languages, for instance, the NRC report specifically addresses non-standard and proprietary languages. Under a systematic software-engineering process, it would be difficult to justify the use of non-standard, proprietary languages.

Such a process, moreover, would enable Ada to be judged on its engineering merits rather than having a mandate intrude what Mr. Paige termed a “contentious point of resentment” in the software process.

Timeframe

At the NRC’s November 1996 public review of the Ada report, Dr. Barry Boehm, chair of the NRC study team, indicated that companies that have installed an engineering-review process find that it costs about one percent of development cost per project, and saves about ten percent.

As valuable as the NRC report’s insights may be, software-engineering processes cannot be implemented overnight. Translating the NRC recommendations into some form of DOD-wide policy is a “non-trivial” task and will take some time to develop and implement. Both administratively and in terms of general policy guidance, it will require a disciplined analysis before implementation.

Further, the DOD will have to consider the best way to implement the NRC report’s recommendation to make a significant investment in Ada infrastructure. It goes almost without saying that the direction of any such investment will be critical, and will require study and planning on its own.

If you need more information

Many DOD software project managers and developers have to think ahead in terms of years and decades. Such individuals may feel a need to know as much as possible about future decisions, and a desire to provide input to those decisions. To assist in this regard, there are Ada policy and waiver points of contact for each of the three Services and for the independent components (such as DISA, etc.). Contact the Ada Information Clearinghouse for information on finding suitable points of contact:

Ada Information Clearinghouse
P.O. Box 1866; Falls Church, VA 22041
800-AdaIC-11 (232-4211)
703/681-2466; fax: 703/681-2869
e-mail: adainfo@sw-eng.falls-church.va.us
WWW: http://archive.adaic.com

Letter from the AJPO

I am very excited and encouraged by the recent decisions made by the Assistant Secretary of Defense for Command, Control, Communications & Intelligence (C3I), Mr. Emmett Paige, Jr., regarding the recommendations of the National Research Council (NRC).

I specifically and enthusiastically support the decision to drop the Ada Mandate for all systems. Ada 95 is a superior software-engineering enabling technology. Ada 95 is extremely competitive when language choices are made based on technical merit and/or lifecycle costs.

I am fortunate to work for an extremely supportive chain of command that gives me the freedom to speak my mind frankly. Ada 95 makes engineering sense, and its use should not have to be mandated, regardless of the domain in which a system exists. Even the most helpful policy cannot effectively substitute for hard engineering analysis.

An Ada mandate is not needed if programming-language decisions are made as part of a rational software-engineering process. Language decisions for government software projects need to be made on a lifecycle basis to protect the interests of the taxpayers. The compelling DOD interest is to use Ada where it makes sense as an engineering solution.

Moving to a software-engineering process

There is legitimate concern about the implementation of the software-engineering review process recommendations of the NRC report. Given the difficulties associated with a discrete requirement such as the Ada Mandate, how can a more general software-engineering requirement be better implemented?

Right now, DOD decision makers have only just begun the process of deciding how specifically to respond to the NRC report. Still, we can see that a well-thought-out software-engineering process can provide objective focus for DOD software programs. Education and training investments can provide the means for DOD personnel to implement successful software-engineering practices. In this context, Ada 95 will continue to prosper.

We cannot effectively manage technology if we do not understand it. When we focus on management, we get better management efficiency. When we focus on process, we get improved processes. But if we want better software, it is best to be focused on software engineering. Program management and process improvement are non-trivial elements critical to the success of any program. But without software engineering, management and process cannot produce reliable, high-assurance software.

The infrastructure

An important conclusion of the NRC report is that the existing Ada infrastructure provides the United States with a significant competitive advantage in warfighting software applications. A viable infrastructure requires high-caliber, properly trained personnel, as well as tools and environments. It is very difficult to build this infrastructure in the government sector alone. Industry and academia have critical roles to play in maintaining and expanding the Ada infrastructure. Tri-Ada is one of the most aptly named conferences ever. Every year people from government, industry, and academia come together to a conference where their intersecting technical interests are addressed.

We know there exists at least fifty million lines of code in warfighting software that is written in Ada. This is an extremely conservative, verifiable figure. Failure to maintain an adequate Ada support infrastructure has serious military implications. A key observation of the NRC report is that it would be very difficult to re-establish the existing Ada infrastructure if it were lost. The warfighting ramifications are very serious.

Consider an unexpected deployment to a theater of operations with an extreme climate. Combat operations in such a theater reveal software shortcomings in targeting systems. If that software is not maintainable, we will face a potential war stopper.

The lifecycle

For those not intimately familiar with the warfighting missions of the Defense Department, it is easy to simplistically compare warfighting software with commercial software. However, this is comparing apples to oranges: Military software and commercial software are simply not the same. It almost certainly does not make business sense to use all the extra safety features provided by an Ada compiler for a commercial product that will be on the shelf less than 18 months.

The business case that applies to defense systems is the lifecycle argument. Although sometimes difficult to rigorously quantify, the software-maintenance advantages of Ada are not seriously disputed. With software-maintenance costs running 70%-90% of software lifecycle costs, it is clear that Ada usually wins any lifecycle cost comparisons.

The AJPO

The Ada Joint Program Office does not make policy, it implements policy. We have a very important role to play in the execution of the policies that are developed to implement the recommendations of the NRC.

In my view, the most important contribution we can make is in the education and training of our human resources. In the Defense Department, we have great people doing some very tough jobs with very limited resources. We can never go wrong investing in people. Education and training are force multipliers that will produce a sustained high return on investment.

John A. Hamilton, Jr.
Lieutenant Colonel, U.S. Army
Chief, Ada Joint Program Office

AJPO Chief on Special Assignment from West Point

Since January, the Chief of the Ada Joint Program Office (AJPO) has been Lieutenant Colonel John A. (Drew) Hamilton, Jr., US Army. LTC Hamilton’s permanent assignment is Assistant Professor of Computer Science in the Department of Electrical Engineering and Computer Science at the US Military Academy at West Point.

LTC Hamilton brings a wide range of experience to the AJPO; he has been both a practitioner and an instructor in software engineering; and he has extensive experience both on the development side and from the position of the warfighters who must rely on the software.

LTC Hamilton has been an Army Field Artillery officer since 1979, after being commissioned with a B.A. in Journalism from Texas Tech University. During the 1980s, he held various Field Artillery assignments, commanding four field-artillery batteries: Headquarters Battery, 1st Battalion, 5th Field Artillery; Battery A, 8th Battalion, 8th Field Artillery; Service Battery, 1st Battalion, 8th Field Artillery; and Battery F, 7th Field Artillery.

LTC Hamilton received an M.S. in Systems Management from the University of Southern California in 1987, and an M.S. in Computer Science from Vanderbilt University in 1990. He graduated from the Naval War College with distinction in 1992. Thereafter, he was Chief of the Software Engineering Branch and later of the Officer Training Division at the Army Computer Science School at Fort Gordon, Ga., later joining the faculty of the Military Academy.

He received his Ph.D. in Computer Science from Texas A&M University in 1996, with a doctoral dissertation entitled “Multilevel Simulation of Discrete Network Models”. His publications have ranged from historical studies in Field Artillery to more recent works in simulation and distributed systems. His book, Distributed Simulation, written with Major David A. Nash and Dr. Udo W. Pooch, was recently published by CRC Press.

ADEPT – Building Distributed Systems in Ada 95

MAJ Bernard J. Jansen, US Military Academy

Ada 95 provides enhanced object-oriented features; the Annexes to the Language Reference Manual provide for extending Ada’s capabilities in a number of areas, including distributed applications. Many in the Ada community have recognized the need for building convenient and easy-to-use toolsets for composing distributed systems.

One such toolset is the Advanced Distributed Engineering and Programming Toolset (ADEPT) – developed by researchers of the Computer Science Department of Texas A&M University funded by Computer Sciences Corp. ADEPT is a toolset for distributing the execution of Ada programs in accordance with the Distributed Systems Annex (Annex E).

ADEPT is an example of the simple, graphical interface that one can build for the construction of distributed Ada programs. The aim of the ADEPT project is to enable users to readily construct distributed programs. Designed to work with the GNAT Ada 95 compiler, ADEPT is publicly available via the World Wide Web (http://www.cs.tamu.edu/research/ADEPT).

The primary goal of ADEPT is to provide an open, easily usable implementation of Annex E. Also, the ADEPT toolset is now being extended to allow Ada applications to work together in a distributed system with client applications written in the Java programming language.

Ease of use for Annex E

ADEPT is made up of two parts: a partition communication system (PCS), and a graphical user interface (GUI). The communication system is portable, reusable, and written entirely in Ada. It is connection oriented, providing reliable message delivery. The communication system can also be easily extended to support simultaneous use of multiple network protocols, by adding an appropriate protocol module.

The GUI permits the user to partition and configure a distributed program, and to build partitions into executable units. The user performs these operations entirely within an icon- and window-based interface. Additionally, the GUI allows for consistency checks, editing and compiling of source code, adjustments of compiling, linking, and run-time options, and an automatic startup code that executes a distributed program with a single command.

A performance-monitoring package provides remote-call timing information, affording the developer performance-monitoring capabilities on remote subprogram calls.

Focus on the product

To be effective, any toolset must be easy to use and permit the developer to focus on the distributed system being built, and not on the implementation details. ADEPT’s partition communication system permits the convenient construction of distributed programs while the GUI provides icon, windows, and drag-and-drop features.

And Java, too!

The ADEPT toolset is now being extended to provide interoperability with the Java Remote Call Interface (RMI). The emerging Java technology, coupled with the increasing use of networks, offers the opportunity to reduce the cost of building distributed applications. This cost reduction is due in part to the platform independence of Java applets and their seamless integration with existing environments.

However, Ada has many advantages over Java in applications that require high code integrity, long-term maintainability, real-time performance, and incorporation of legacy code. Distributed programs are an example of this type of application domain. Thus, one can expect future distributed environments to exploit the advantages of both Java and Ada. The extending of ADEPT provides a concept for achieving Java-Ada interoperability in a distributed system. It exploits the similarity in the remote object models provided by Annex E and Java’s RMI.

Ada calling Java, Java calling Ada

The ADEPT extension allows a Java application to call a subprogram within an Ada partition as if the subprogram were specified as a method of a Java remote object. Support for remote calls from Ada partitions to Java servers was deemed to be of lesser utility than remote calls originated by a Java client, and the capability for Ada partitions to invoke Java objects has not yet been implemented. However the general approach of ADEPT will easily permit Ada-to-Java remote calls.

The technical approach to achieve this interoperation is a Java Exchange Agent (JxAgent). A JxAgent transforms a remote method call from a Java class into a corresponding remote call to a subprogram executed by an Ada partition. Presently, ADEPT has a prototype translator that automatically creates the Java remote method interface and an implementing class from specifications of an Ada type.

The extended ADEPT approach provides the capability for building distributed, interoperable Ada and Java programs. While still a work in progress, concept validation has already been accomplished. The completed work suggests that this approach is viable and has considerable utility in the distributed environment.

By generalizing this approach, one could conveniently create distributed programs written in a variety of languages together with Ada. Then, Ada subprograms can be used for the components of distributed systems where they offer significant advantages without the need for distributed-system builders to completely switch to Ada. For further information

Details on ADEPT can be obtained from the Web site listed above, a link to which is maintained on the Ada Information Clearinghouse Web site (http://archive.adaic.com/). Or contact:

Prof. Richard A. Volz,
e-mail: volz@cs.tamu.edu or
Mr. Ronald Theriault,
e-mail: ron@cs.tamu.edu

Updates for Educators: Conferences, Free Courseware, New Books

It’s summer, when school’s out – except for teachers!

For those who are teaching Ada, the Ada community can provide access to a remarkable range of resources – from conferences to source-code libraries to texts and documents to Internet newsgroups and Web sites.

11th Annual Ada ASEET Symposium

For the past 11 years, one place for educators to come together has been the Annual Symposium of the Ada Software Engineering Education & Training (ASEET) Team. While part of the Department of Defense (DOD), the ASEET Team’s membership and conferences are open to Ada professionals at all levels.

This year’s conference will be held June 10-13 at Monmouth University, West Long Branch, N.J. The theme is “The Ada 95 Tool Chest for the year 2000”.

Tutorials on June 10-11 will cover topics from an introduction to Ada, to real-time programming and object-oriented programming, to “Software Engineering: Standards, Principles, Practices, Procedures, and Ethics”; there will be hands-on labs, as well.

Presentations on June 12-13 will feature a welcome address by Ada Joint Program Office (AJPO) Chief, LTC Drew Hamilton. The papers and presentations will include coverage of Ada resources and Ada in critical systems; there will also be vendor presentations. For additional information contact Eugene Bingue, e-mail: binguee@sw-eng.falls-church.va.us.

High School Education Workshops

For the second year, the ASEET Team is carrying Ada to high-school teachers. The Second Annual Ada 95 For High School Educators Workshop will be held July 7-11, and an Ada 95 Advanced Workshop will be held July 14-16 – both sponsored by the ASEET Team and by Sacred Heart University, Fairfield, Conn.

The five-day Educators Workshop will focus on the integration of Ada and software-engineering philosophy into a high-school curriculum. Some programming experience is preferred, but not required. Ada compilers and textbooks will be available for educators.

The three-day Advanced Workshop will include an introductory tutorial, along with coverage of object-oriented programming, and a discussion of the real-time features of Ada. For additional information on the workshops, contact: Prof. Sandra Honda, 203/371-7799, e-mail: honda@shu.sacredheart.edu; David A. Cook, e-mail: dcook@lss.afit.af.mil; Les Dupaix, e-mail: dupaixl@software.hill.af.mil; or Eugene Bingue, e-mail: binguee@sw-eng.falls-church.va.us.

New Ada 95 courseware available

Since 1992, the DOD has supported efforts to encourage development of courses in Ada and software engineering. Products produced by these efforts are being made available via the Ada Information Clearinghouse (AdaIC) Web site.

The latest Ada courseware to be made available includes:

“Software Engineering and Object-Oriented Development with Ada 95” – developed by Dr. Benjamin Brosgol and Jaques Cohen of Brandeis University. This is a course intended for intermediate to advanced students covering the topics of software-engineering principles, object orientation, and programming with concurrency. Course topics are illustrated with Ada 95.

“From Pascal to Ada 95: An Introduction By Examples” – by Dr. T.C. Wu of the Department of Mathematics and Computer Science at York College/CUNY. This is a two-course sequence in Ada and Software Engineering for Information Systems Management majors.

“Software Development Using GNAT Ada 95” – also by Dr. Wu of York College/CUNY. This is the second part of a two-course sequence in Ada and Software Engineering for Information Systems Management majors. This courseware allows the user to fully appreciate the unique power, richness, consistency, and flexibility of Ada 95.

All courseware is available from http://archive.adaic.com/ed-train/.

New books available

McGraw Hill has announced the availability of Object-Oriented Methods for Software Development by Jag Sodhi and Prince Sodhi; 352 pp., ISBN 0-07-059574-7. This book features Ada 95 in discussions regarding the bringing of OO analysis/design issues up to the advanced level of support languages. The book also helps users improve reusability percentages and enhance project management. For further information, contact: McGraw-Hill; 800/722-4726, 800/842-3075.

Framing Software Reuse: Lessons from the Real World, by Paul G. Bassett, is now available from Prentice Hall ($42/365 pp.).

In the first chapter, Bassett writes that the time for software reuse has come, and defends the point with findings from his extensive study. In conjunction with Q&M Associates Inc., of Pittsfield, Mass., Bassett presents data from a study of nine organizations, including Ameritech Corp., Chemical Bank (now Chase) and Union Gas. The findings: Reuse reduced participants’ time-to-market to 70% below the industry average; project cost also was reduced to 84% below industry average. Bassett also dedicates chapters on management questions such as the issue of transition to a reuse culture. For further information, contact: Prentice Hall, 800/643-5506; WWW: http://www.prenhall.com. (Also reviewed by Erin Callaway in PC Week, Nov. 4, 1996.)

What’s New on the Web site?

The Ada Information Clearinghouse (AdaIC) World Wide Web site is continually being updated. The “What’s New” link is on the AdaIC opening page (http://archive.adaic.com).Here are a few highlights of things added since the last issue of this newsletter:

“Why Use Ada?”

A slide presentation with accompanying script, by Dr. Charles Engle, former Chief of the Ada Joint Program Office (AJPO); an excellent overview examining policy issues, applications, and technical and business arguments for using Ada.

Compilers & Validation

Transfer of Ada validation back to AJPO
Memorandum from the National Institute of Standards and Technology (NIST) announcing transfer of oversight of the Ada compiler validation program back to the Ada Joint Program Office (AJPO); and announcing an extension for the use of version 2.0.1 of the Ada Compiler Validation Capability (ACVC) test suite.

Ada Compiler Validation Procedures, Version 5.0 DRAFT
An overview of the Ada compiler validation process, updated for use with ACVC 2.1 (draft version).

ACVC Test Suite, Version 2.1 Beta
The current version of the ACVC test suite for Ada 95 compiler validation and the User's Guide.

WebAda – Version 1.1
An update to WebAda, the web-based Ada 95 program development environment using the GNAT compiler.

AdaIDE for GNAT
A free, simple, integrated editor/compiler environment for Ada 95 program development using the GNAT Ada compiler. AdaIDE is a multi-document interface (MDI) style program based on the Microsoft example in Visual BASIC.

ADEPT: Advanced Distributed Engineering and Programming Toolset
A set of tools for configuring and building distributed Ada programs that are consistent with Ada 95’s Distributed Systems Annex (Annex E) and designed for use with the freely available GNU Ada 95 Translator (GNAT) compiler. (For more on this, see “ADEPT – Building Distributed Systems in Ada 95 and Java”).

Products & Tools

Ada Tools & Loaner Program
A resource library of software tools established to promote the development and use of Ada.

Standards & Guidelines

WinHelp version of the Ada 95 Reference Manual
A complete implementation of the printed copy of the Reference Manual in Windows WinHelp format with extensive hyperlinking and indexing.

News & Events

AdaIC Jobs Page
A searchable electronic bulletin board listing recent Ada job openings posted by employers.

Policy & History Ada & Beyond: Software Policies for the Department of Defense
A report from the National Research Council (NRC) outlining recommendations for the future use of the Ada programming language in the DOD. An accompanying NRC briefing is also available.

Ada Diversifies Westinghouse’s Czech Nuclear Shutdown System

By Ann Eustice Brandon

When Westinghouse Electric Corp. started to develop software for a Czech nuclear reactor’s secondary shutdown system, they knew it had to be robust. The company needed to assure all interested parties – from the Czech Republic’s regulatory agencies, to its Western neighbors, to its own regulatory agency – that the system was accident-proof. To help them give that assurance, they chose Ada.

The stakes were high. Immediately after the 1993 break with Slovakia, the Czech Republic decided to continue construction and retrofitting of a Soviet-designed reactor, a VVER-1000, in the town of Temelin, 60 kilometers (36 miles) from the Austrian border.

Czech goals are to generate 50-percent of their national power through nuclear energy by the millennium, and to replace the high-sulfur domestic brown coal whose smoke has laid waste to a third of Bohemia’s forests. Nearby Austria has equally vital concerns. While in most of the world the specter of nuclear disaster is named “Chernobyl”, in Czechoslovakia it is called “Bohunice”.

For over a decade, the four-unit Soviet VVER-440 plant there suffered mishaps and accidents that culminated in April 1990 when the coolant level rose and caused the building to flood. Austria began handing out free potassium iodide (KI) tablets and lobbying internationally to stop the Soviet-designed plants from operating.

Bohunice is now part of western Slovakia, but the Czechs needed to earn Western European confidence in Temelin’s safety. Otherwise, obstacles to international licensing and financial backing could frustrate their efforts.

In 1994, Westinghouse signed a $419-million contract to provide new instrumentation and control (I&C), to design new fuel and a reactor core, and to supply U.S.-manufactured fuel. Despite Austrian opposition, the U.S. Export-Import Bank awarded the company a much-needed $317 million loan guarantee.

Although the Czech utility Skoda is in charge of testing and licensing the I&C system, the company has taken steps to assure neighboring countries that Temelin’s software can pass U.S. Nuclear Regulatory Commission (NRC) regulations. Most of the I&C system is already licensed in Europe. Westinghouse is reusing much of the software that it previously installed in a Sizewell, England, plant. Also, the NRC has trained Skoda technicians in licensing and testing reactor software.

While much of the Westinghouse software is reused, the secondary shutdown system is completely new. For the software, the Monroeville, Penna., division decided to program the backup shutdown system in Ada; the primary shutdown system is in PLM-86.

Why choose Ada?

Westinghouse came to its decision by conducting a survey of languages and narrowing the field to Ada and C. It chose Ada because of several factors. First, the Ada programming language is an international standard (ISO/IEC 8652). If Westinghouse wins a similar contract in Poland, for example, the Czech software should successfully compile on the different or newer computer system.

Second, Westinghouse chose Ada because the behavior of an Ada program can be deterministic at the lowest level through logical access of the target hardware’s basic elements, and through control over the visibility of types, operations, and data. Third, Ada features strong type and range checking. Fourth, those features and its modular construction have long made it attractive to other organizations for safety-critical applications. Ada is used extensively by international airplane manufacturers, the U.S. Federal Aviation Agency (FAA) and Department of Energy, and many nations’ organizations for air traffic control and aerospace exploration. As a result, government agencies had already subjected Ada software-development tools to stringent tests for safety.

Westinghouse found such a tool through the compiler manufacturer Thomson Software Products (now called Aonix). Thomson offered a run-time system, C-SMART, that had been used on several of the Boeing 777 aircraft’s systems, including the brakes and the power ignition, and had met FAA standards.

The I&C architecture

Westinghouse’s I&C system will control the Temelin reactor’s everyday operations as well as protect the plant from accidents. A Unit Information System (UIS) processes the data from Temelin’s control and protection systems via a WESTNET highway, which is a standard high-speed redundant Fiber Distributed Data Interface. Its redundancy ensures that one data highway can fail without crashing the system. The highway distributes the data to a technical support center, and to the main and emergency control rooms, which have switches that communicate directly to the two shutdown systems.

The secondary protection system monitors the sensors of various conditions in the plant, such as temperatures, flows, and pressures, to detect if they are below or above a set point. If an acceptable range is exceeded, then the Ada-driven system sends a signal to the non-logical programming (NPL) control room, where software is embedded in the hardware. The primary system also sends a signal to the NPL. If the two systems agree, then the NPL implements one or more of its nine reactor trip functions, which usually means closing or opening a valve or a pump. If they disagree, then the NPL decides which signal to obey according to a set of logical choices that cannot be changed since they have been burned into the hardware.

Developing the software for the backup shutdown system

A different architecture and a different language were not the only ways in which Westinghouse satisfied the ambiguous requirement that its secondary protection system be “diverse.” The software-development laboratory also hired a new staff of programmers who were unfamiliar not only with the other systems’ software design, but also with nuclear plants and with Ada. “We purposefully went after programmers with little or no experience in nuclear-reactor software,” said Jeff Pike, the diverse protection system’s lead engineer. “We wanted a completely clean slate.” All the new programmers had a core knowledge of nuclear physics and experience in other languages, such as C and PLM. After a week of in-house training in Ada, the programmers began designing the new system from scratch.

For the secondary backup system, developers decided to use a combination of object-oriented design (OOD) and structural analysis. Programmers currently equate OOD with clear and easily maintainable software; in safety-critical applications, however, it does have drawbacks. In order to control the complexity of a solution, for example, OOD programmers will conceal unnecessary details throughout an algorithm. Such information hiding is almost forbidden in many safety-critical software requirements. For instance, when a piece of software’s failure in a new airplane would be “catastrophic”, then the FAA requires that every line of code must be demonstrably executed. In other words, nothing can be hidden. For Westinghouse’s secondary shutdown system, the engineers used the design techniques that characterize Ada and OOD in order to facilitate the separately developed software’s integration. Some information is hidden, such as the I/O, so that other components cannot mistakenly corrupt the data.

The Westinghouse software developers further ensured that the Ada software would meet safety-critical criteria by choosing Thomson’s C-SMART library and its standard cross compiler, which translates the host’s code into Motorola 68040 executable software. When used together, the compiler and C-SMART library reject code that uses Ada features that are not generally accepted in safety-critical applications. Tasking, for example, can communicate data from a dozen sensors simultaneously; but it is forbidden because the timing of executed code is not set in granite.

After another round of editing the documentation and implementing any customer changes, Westinghouse hopes to ship its new I&C system in November 1997. In the fall of 1996, the company started to test, verify, and validate its new backup protection software, which will be fewer than 100,000 SLOC. Testing for the entire system should be completed in May 1997.

The Temelin power plant still has hurdles to overcome before final approval, and has drawn opposition from inside as well as outside the new Czech republic. Moreover, the requirements for the secondary shutdown system continue to change as the Czechs fit Western standards into a Soviet design.

Despite the moving baseline, the programmers are integrating the individual parts of the new modules into a complete system, which Ada’s strong typing has made easier than they expected. Pike said that, unlike his experience with C integration, he does not worry that another developer “was supposed to pass me three parameters and only passes me two and they’re of a different type.”

“At this point in the development, most people see that Ada has significantly cut down on the integration time,” Pike said. “Problems are in logic mistakes or requirements that are not lined up at the system level, more than mismatches that you would find if not using a strongly typed language.”

In time, Westinghouse expects that Skoda and the Austrians will share the programmers’ confidence in Ada’s strength and safety.

[A complete version of this article can be found on the AdaIC’s Web site: http://archive.adaic.com.]

Newsbits

Scientific high performance computing with Ada 95

An example of Ada 95’s successful use in scientific high-performance computing can be found in code developed by Martin J. Stift of the Institute for Astronomy in Vienna. The code can synthesize the integrated polarized spectrum of a rotating magnetic star (the so-called Oblique Rotator), and has been successfully executed in parallel on several processors of a Silicon Graphics Power Challenge XL symmetric multiprocessing server.

Mr. Stift found that, for the calculation of stellar spectra over large wavelength intervals and of stellar atmospheres, the Ada tasking model is much better suited than High Performance FORTRAN.

A first description can be found in http://amok.ast.univie.ac.at/~stift/parallel.html [Martin J. Stift; Institut fuer Astronomie; Tuerkenschanzstr. 17; A-1180 Wien, Austria; tel: 43-1-4706800/35; fax: 43-1-4706800/35; e-mail: stift@astro.ast.univie.ac.at]

DISA sells popular DII software to Allies

Software products that make up the Defense Information Infrastructure (DII) are in demand by U.S. military allies and coalition partners.

Canada has bought parts of the Global Command and Control System (GCCS), while Japan, Australia, and Saudi Arabia are reviewing the GCCS components. Also, the United Kingdom has expressed interest in the new Common Operating Environment (COE).

To promote these sales and to make sure that foreign systems are interoperable with DOD systems, the Defense Information Systems Agency (DISA) is beefing up its role in foreign military sales of DII products. DISA’s director, LtGen Albert Edmonds, has designated the Joint Requirements Analysis and Integration Unit, or D-7, as the point of contact for foreign military sales.

It is predicted that, in addition to GCCS and COE, products for information security, the Defense Message System, and the Defense Information Systems Network will be in demand as well. [“DII hits international markets,” Thomas Temin, Government Computer News, Jan. 27, 1997, v16 n2 p42]

AJPO hosts Ada OO seminar

The AJPO hosted a seminar on Ada and object orientation on February 26, 1997, at DISA in Falls Church, Va. LTC Hamilton, AJPO Chief, provided a two-hour presentation on Object-Oriented Terms and Concepts, and Richard Riehle, a frequent contributor to the Journal of Object Oriented Programming and Embedded Systems Programming, presented “Kissing a Frog – Polymorphic Types in Object-Oriented Programming”. This seminar covered the notion of dynamic binding with inherited types using Ada 95.

Design of reusable software components: a success story

The U.S. Army’s Product Manager for the Joint Tactical Area Communications Systems (PM-JTACS) and the Joint Spectrum Center (JSC) met with great success in designing reusable software components in Ada. During the course of the development process, several guidelines were developed that greatly increased the reusability of the code. Thirteen organizations within the DOD now use the reuse library for a wide range of applications. The USAF and Army’s Air-Ground-Air Frequency Engineering System (AGAFES) is one of these programs, and it obtained 66 percent reuse and attending cost savings of close to $1 million.

For further details, contact PM-JTACS at 908/532-0556 (Susan Millender) or visit the Reuse Library home page at http://reuse.jsc.mil. [“Design of Reusable Components: A Success Story,” by LTC Robert Kirsch, Susan Millender, and Gregory Wagner, Crosstalk, Nov. 1996, Vol. 9, No. 11, p. 4.]

New lessons learned on transitioning to Ada 95

The AJPO has released the latest set of “Ada 95 Transition Partnership Project Lessons Learned”. These lessons were gathered based on the experiences of five of the AJPO’s Ada 95 Transition Partners Projects. The projects received classroom training from AJPO-sponsored commercial trainers, and hands-on mentoring from CACI, Inc., which has documented the projects’ lessons learned.

An electronic copy of the lessons learned can be found at: http://archive.adaic.com/docs/reports/ajpo/transition-support.

IEEE Reuse Standards Committee builds on efforts of RIG

The Advanced Reuse Technologies Group and Cimarron co-hosted the inaugural meeting of the IEEE Reuse Standards Committee (RSC) on January 16-17 in Clear Lake, Tex. The goal of the RSC is to build upon the efforts of the Reuse Interoperability Group (RIG) by expanding the development of reuse standards. The RIG group laid a good foundation regarding reuse library standards. The RSC will continue the work of the RIG in the development of standards for reuse library interfaces. All work currently in progress will be continued. In addition to the work of the RIG, the RSC will broaden its scope to all reuse related standard activities within the IEEE.

Some recommendations for standardization include standards describing “Fundamental Principles of Software Reuse” and “Domain Analysis”, and Reuse Supplements to the 12207 lifecycle standard and the SPICE standard Also, the RSC will initiate and coordinate other reuse-related efforts as appropriate and coordinate with other U.S. and international standards organizations. [Gary D. Boetticher, Advanced Reuse Technologies Group, 281/461-8300; e-mail: gdb@cs.wvu.edu]

Fun and games with Ada

Ada’s not all work. Ada Towers, ver. 1.00, is a solitaire-type card game written in Ada, and an executable version for Miscosoft Windows Version 1.00 is freely available and can be found at http://archive.adaic.com/tools/ada-towers/. The source code is also available for a small disk charge; the game is approximately 2,000 lines of Ada code, and the User Interface library is about 5,000 lines. [For further information, contact Ada Towers creator: Bill Yow, 750 East Hidden View Drive, Phoenix, AZ 85048; e-mail: byow@mcimail.com]

Reuse ’97 Workshop – “The Business of Reuse”

Reuse ’97 “The Business of Reuse,” being held at the Lakeview Resort in Morgantown, W.V., 21-24 July 1997, will provide an atmosphere where the impacts, considerations, and benefits of reuse to the business enterprise can be investigated by working groups. [Rose Armstrong, Reuse ’97 Program Chair; WVHTC Foundation; 1000 Technology Drive; Fairmont, WV 26554; 304/366-2577; fax; 304/366-2699; e-mail: rmarmstr@wvhtf.org] [Joan M. Ruscin, SAIC/ASSET, ruscinj@source.asset.com]

Mosemann enters GCN Hall of Fame

Lloyd K. Mosemann, II, who spent nearly four decades working to improve software development and use within the Department of Defense (DOD), is the newest member of the Government Computer News’ Hall of Fame. At the awards ceremony, Mosemann said he was beginning to see some of his predictions about software reuse coming true.

In the 1980s, Mosemann recalled saying, “If there is a silver bullet for software in the 1990s, that silver bullet will be reuse.” But as years passed and reuse was on the back burner at the DOD, Mosemann said he began to think he might have missed the mark. But as economics demanded improvements in software processes, it became more difficult for the Pentagon and Services to build custom systems from scratch. Instead, it became necessary to reuse existing code combined with off-the-shelf packages to keep costs down. Mosemann, who retired January 1996, said of the award, “It’s truly nice to be both gone and not forgotten.”

[Government Computer News, November 4, 1996, v15 n28 p61(1)]

4th Annual Object Applications Awards

Object World Frankfurt ’97 will take place on October 7-10, 1997, together with COMDEX Internet at the Sheraton Conference Center Frankfurt/Main. One of the highlights of the show will be the fourth edition of the annual OMG international Object Application Awards. An entry kit may be obtained from: tel: +49-6173 -9558-50; fax: +49-6173-9404-20; e-mail: LogOn@omg.org; WWW: http://www.ltt.de. [Roberto Zicari, Program Chair]

These Newsbits have been extracted from the AdaIC’s “Software Engineering News Briefs” – a regular news feature that is sent out electronically on a weekly basis. To be added to the distribution list, please send e-mail to: listproc@sw-eng.falls-church.va.us. In the body of the message, write: subscribe newslist.

Ada Calendar

Ada Europe ’97 — International Conference on Reliable Software Technologies
June 2-6, 1997
London, England

COMDEX/Spring 97
June 2-5, 1997
Georgia World Congress Center, Atlanta, GA

Object Expo/Java Expo/Web Apps Solutions ’97
June 2-6
New York Coliseum, New York, NY
212/242-7515

11th European Conference on Object-Oriented Programming
June 9-13
Jyväskylä, Finland
E-mail: heilala@jyu.fi

11th Annual ASEET Symposium
June 10-13, 1997
Monmouth University, Monmouth, NJ

3rd Conference on Object-Oriented Technologies and Systems (COOTS ’97)
June 16-19
Portland Marriott Hotel, Portland, OR
714/588-8649

SEKE ’97 — The Ninth International Conference on Software Engineering and Knowledge Engineering
June 18-20, 1997
Madrid, Spain

*Washington Ada Symposium (WAdaS ’97)
June 23-25, 1997
McLean Hilton, McLean, VA

Software Technology and Engineering Practice – STEP ’97
July 14-18
Holiday Inn-King’s Cross, London, UK
+44 161 200 3338

Reuse Workshop ’97
July 21-24
Lakeview Resort, Morgantown, WV
304/284-9000

*Object World West ‘97
July 23-25, 1997
Moscone Center, San Francisco, CA

TOOLS USA – Technology of Object-Oriented Languages and Systems
July 28-August 1
Santa Barbara, CA
805/685-1006

15th International Conference on Artificial Intelligence (IJCAI-97)
Aug 23-29, 1997
Nagoya, Japan

SEI Software Engineering Symposium
August 25-28
Pittsburgh, PA
412/268-5800

Workshop on Software Methods and Tools for Ada 95
September 8-12
Brest, France
+33-2-98-00-12-85

The Year 2000 and Other Issues in Software Maintenance
September 21-24
Tyne & Wear, UK-England
+44 (0)191-492-0429

Sixth European Software Engineering Conference (ESEC’97)
September 22-25, 1997
Zurich, Switzerland

OOPSLA ’97: Conference on Object Oriented Programming Systems Languages and Applications
October 12-17, 1997
TBD USA

COMDEX Internet/Object World Frankfurt ’97
October 7-10
Sheraton Conference Center, Frankfurt, Germany
617/433-1829

Conference on Domain-Specific Languages
October 15-17
Red Lion Resort, Santa Barbara, CA
E-mail: conference@usenix.org

Government Technology Exhibition (GTEC)
October 21-22
Ottawa Congress Centre and Westin Hotel,
Ottawa, Ontario
613/731-9850

*TRI-Ada ’97
November 9-13
Adam’s Mark Hotel, St. Louis, MO
E-mail: dfh@apci.net

The 10th Annual Software Technology Conference (STC)
April 19-24, 1998
Salt Lake City, UT

International Parallel Processing Symposium (IPPS)– and Symposium on Parallel and Distributed Processing (SPDS)
April 1998 (date to be determined)
Orlando, FL

5th International Conference on Software Reuse
June 2-5, 1998
Victoria, British Columbia, Canada
E-mail: edwards@vtops.cs.vt.edu Embedded Systems Conference (West)
September 29-October 3
San Jose Convention Center, San Jose, CA
E-mail: jshaw@mfi.com