October 4, 2001SIGAda 2001 Panel: Ada Experiences 1 Ada Experiences Panel Chair John McCormick,...

October 4, 2001 SIGAda 2001 Panel: Ada Experiences

1

Ada Experiences

Panel ChairJohn McCormick, University of Northern Iowa

PanelistsRobert Lockwood Alliant Techsystems

Bill Rusinak Lockheed-Martin

David Glessner Rockwell-Collins

Elizabeth Theesfeld Honeywell


2

Bob Lockwood

• Software Engineering Manager• Alliant Techsystems – Integrated Defense

Company• 600 Second Street NE

Hopkins, MN 55345952-931-5285

• [email protected]


3

Software Engineering Experience• Applications: Military – Command, Control,

Communications• Primary Projects – Real-Time, Embedded• Experience – 9 years hardware developer – 25

years software developer – 16 years working with Ada-83/Ada-95

• Company Certifications – ISO9001, CP2• Platforms – Intel 80x86/i960, PowerPC 5xx, 6xx,

7xx• Operating Systems – Bare Machine, VRTX,

VxWorks, Nucleus, LynxOS


4

Project• Military Vehicle Fire Control

– Navigation– Communication– Ballistics– Weapon Control– Operator Interface

• Intel 80x86/i960 platforms• Why Ada

– First major vehicle project – Ada Mandate– Highly Embedded C3


5

Project (cont)• Size

– Tactical Software 200,000 sloc– Support Software 300,000 sloc

• Why Easy– Strongly typed– Compile-Time checks

• Why Hard– Lack of experienced programmers– Extensive training necessary


6

Project (cont)

• Comparisons (Ada vs. xyz)– Fewer dumb errors– More robust runtime code– Higher reliability (with same compiler)– More automated testing

• Lessons Learned– Advantage for multiple development groups– Limit language usage– Most errors found at compile time– Identify interfaces early in project


7

Sr Software Engineering Manager

Lockheed Martin Tactical Defense Systems

Eagan, MN

[email protected]

Bill Rusinak


8

• Application: Military embedded systems (Maritime Surveillance Aircraft (MSA))

• Projects are real-time applications

• Experience: 23 years (12 years with Ada)

• Lockheed Martin TDS is CMM level 4, ISO 9001

• Platforms: Sun/Unix host development targeted to several platforms (Motorola 680x0, PowerPC)


9

Ada Experiences in MSA• Lockheed Martin Eagan supplies mission software for

almost all of the world’s P-3 aircraft (US Navy, Japan, Australia, Norway, the Netherlands)

• Replacement of 1970’s vintage hardware and software began in 1989 with the US Navy– First system had 3 Motorola 68030 processors

– Mission and System Test software rewritten (Ada 83)

– Evolving (e.g., X-Windows, Sparc)

• Ada software is 1 to 1.2 million lines of non-comment, non-blank code


10

Positive Experiences• Ada tasking was used without problem

– Task deadlocks were never encountered due to application of good design methodology

• Use of separates promotes design

• Ada code usable as PDL

• Original architecture has been flexible– Ported to different hosts– Maintained through different toolsets– Maintained by several customers


11

Negative Experiences• Task stack sizing is risky in a limited memory

system (only your linker knows for sure)

• Exceptions happen when you least expect them – it is easy to leave a semaphore seized

• Separates increase compilation time– Use a “de-separatizer”

• Overloading of names can be confusing

• Over and under use of types and exceptions– Takes experience to find the middle ground


12

Negative Experiences

• Ada 83 lacking protection mechanisms and multi-processor support

• Language needs space for stacks, exceptions, and can produce big programs

• Need more support/tooling


13

In General

• Define tasks up front

• Enforce concrete rules and use a few protection mechanisms

• Closely monitor dependencies during design

• Structure libraries properly

• Do it again (but with Ada 95)


14

• Senior Software Engineer, Navigation and Control Group, Advanced Technology Center

• Rockwell Collins400 Collins Road NE Cedar Rapids, Iowa 52498 319-295-6012

• [email protected]

David W. Glessner


15

Software Engineering Experience• Rockwell Collins: Navigation systems

(commercial and military)

• Pre-Rockwell Collins: Commercial RF systems (broadcast radio and TV, paging)

• 15 years in software, last 3 with Ada. Most of the rest with C. Some Assembly.

• Target platforms: Mostly custom boards (AAMP, 68302, 68HC16, 8088, Z-80), some PCs. Various commercial and custom RTOSes.

• Development platforms: Unix (Sun, HP, DEC), Windows, VAX (using Apex RCI).


16

SNIPER/SUOSAS• Sensor Integration for robust navigation

– GPS, IMU, Loran, barometric altimeter, TDOA radio, vision.

– DARPA funded.

• Reused Ada software from earlier GPS/IMU projects.

• 80,000 LOC (38,000 non-comment non-blank)

• First exposure to Ada.


17

SNIPER/SUOSAS (cont)• Good:

– Package specs. Enumerations. Ranges.– Rational Apex. Rational Compilation Integrator (RCI).

• Bad: – Flaky hardware. – Tools. – Compile times. – Didn't "trust" the language. – Code bloat (possibly due to Ada 83 missing generic formal

packages or pointers to subprograms).

• Result: Successful field trials for both projects. SUOSAS continuing.


18

Various GPS-related projects(Commercial GPS, Artillery)

• Ada chosen on a DARPA project in 1980s due to DOD mandate. Based on earlier Jovial development. Some parts of software still have a Jovial "feel" e.g., "for ii in 1..10"

• 102,000 LOC (44,000 non-comment, non-blank)

• Analysis and modifications of some pretty complicated code.


19

Various GPS-related projects (cont)

• Good– Apex browsing!

– Types make modifications easier to analyze.

• Bad– Apex configuration control (Summit/CM).

– Cumbersome to see differences between versions. (Local policies probably contributed to this.)

• Results: Successful lab trials.


20

Automatic Dependent Surveillance – Broadcast (ADS-B)

• New development integrated with existing Traffic Alert and Collision Avoidance System (TCAS).

• ADS-B: 8,000 LOC (4,400 non-comment, non-blank)– similar amount for additional analysis and simulation

• Mixture of Apex Ada 95 (Sun host) and DDC Ada 83 (AAMP-based TCAS target).– developed mainly on the Sun

– late integration (risky, but worked quite well)


21

Automatic Dependent Surveillance – Broadcast (ADS-B) (cont)

• Good– Ada 95/83 portability. Ada 95 tasking.– GNAT for the PC.– Ada contributes to thoroughness; exposed some

algorithm weaknesses.

• Bad– Ada design flaw? “Cos(Long_Float(2.0*Pi/I))”

– Stack alignment bug during integration.

• Result: Successful flight tests with other vendors. Work continuing.


22

Elizabeth Theesfeld

6 Black Belt/Principal Software Engineer

HoneywellCommercial Aviation Products (CAP)

8840 Evergreen Blvd

Coon Rapids, MN 55433

(763) 957-3626

[email protected]

Commercial Aviation Products


23

Background Information

14 Years of experience in real-time embedded software for both Military and Commercial Avionics.

7 Years of experience with Ada.



24

CAP has only one program developed in Ada Secondary Attitude and Air Data Reference Unit

(SAARU) for the Boeing 777 Aircraft 60,000 Lines of Code Real-Time embedded software on a 68040

processor Object Oriented Design using Booch Diagrams DO-178B Compliant



25

Positives for using Ada at CAP Eliminated the need for software-software

integration Strong data typing Strong software architecture Was able to hand the program over to a new team

that did not work on the original development for airline updates with minimal impact

Negatives for using Ada at CAP Not many Ada programmers available



26

Reliability of SAARU software in the field

The 777 was certified in 1995

To date we have had 0 software defects recorded


October 4, 2001SIGAda 2001 Panel: Ada Experiences 1 Ada Experiences Panel Chair John McCormick,...

Documents

Transcript of October 4, 2001SIGAda 2001 Panel: Ada Experiences 1 Ada Experiences Panel Chair John McCormick,...