Reliable Software Technologies - Ada-Europe 2002ysis. The tutorial, which is extracted from the...
Transcript of Reliable Software Technologies - Ada-Europe 2002ysis. The tutorial, which is extracted from the...
“program” — 2002/5/18 — 23:18 — page 1 — #1ii
ii
ii
ii
7th International Conference on
Reliable Software Technologies
Ada-Europe 2002
Vienna, Austria, June 17-21, 2002
ADVANCE PROGRAM
SIGAda
http://www.ada-europe.org/conference2002.html
“program” — 2002/5/18 — 23:18 — page 2 — #2ii
ii
ii
ii
Preliminary Program
The information presented here is preliminary - please refer to the conference web site for the latest details.
In 2002, the 7th International Conference on Re-liable Software Technologies will take place inVienna, Austria, from June 17th to June 21st. Theconference offers a technical program and exhibi-tion, plus a series of tutorials and a workshop.The conference provides an international forum forresearchers, developers and users of reliable soft-ware technologies. Presentations and discussionscover applied and theoretical work currently con-ducted to support the development and mainte-nance of software systems.Vienna, a city with about 2 million inhabitants issituated in the heart of Europe. It is a city on
which its ever-changing history has left an indeli-ble mark, manifested also in the rich cultural her-itage. Shaped by its hundreds of years as capitalof an empire, the city’s ultimate fascination nowa-days stems from combining imperial grandeur withexplosive modernity.
The conference will take place in the ParkhotelSchonbrunn which originated in 1907 as the guesthouse of Emperor Franz Josef I. The newly ren-ovated hotel is located in the immediate vicin-ity of the “Schonbrunn Palace” and its beautifulsurrounding park, situated close to the center ofVienna.
Overview of the Week
Morning Late Morning After Lunch Afternoon
MondayJune 17thTutorials
SPARK, an “Intensive Overview”P. Amey and J. Barnes
MaRTE OS: Bringing Embedded Systems and Real-Time POSIX TogetherM. Gonzalez Harbour and M. Aldea Rivas
Principles of Physical Software Design in Ada95M. Heaney
Implementing Design Patterns in Ada95M. Heaney
TuesdayJune 18thSessions &Exhibition
Embedded SystemsUnsuitable for
Object OrientationMaarten Boasson
Embedded Systems Real-Time SystemsHigh-Integrity
SystemsCase Studies Vendor presentations
WednesdayJune 19thSessions &Exhibition
On ArchitecturalStability and Evolution
Mehdi JazayeriAda Language
Issues
Program AnalysisTools
Vendor presentations
ThursdayJune 20thSessions &Exhibition
Indulgent Algorithms:Virtues and Limitations
Rachid Guerraoui
Distributed Systems Libraries Contextware: BridgingPhysical and Virtual
WorldsAlois FerschaVendor presentations Object-Orientation
FridayJune 21stTutorials &Workshop
CORBA 3 and CORBA for Embedded SystemsS. Ron Oliver
Using Open Source Hardware and Software toBuild Reliable Systems
J. Sherrill and J. Gaisler
Cleanroom Software Engineering: An OverviewW. Bail
Workshop: A StandardContainer Library for Ada
E. Lamm
Exceptions – What You Always Wanted toKnow about Exceptions, But Were Afraid to
AskC. Colket
“program” — 2002/5/18 — 23:18 — page 3 — #3ii
ii
ii
ii
Invited Speakers
Embedded Systems Unsuitable forObject Orientation
Maarten Boasson, University of Amster-dam, The Netherlands
Tuesday June 18th, 9:30
It will be argued that the current focus on objecttechnology is detrimental to progress in embeddedsystems. The core of the problem is that OO is finefor analysis but does not answer the design needs.The difference between analyzing a system and de-signing one is enormous: during analysis, the focusis on understanding the various functional compo-nents of a system and their interactions, whereasdesigning is about implementing the desired func-tionality under the constraint that all quality goalsfor the system are achieved. The way that objecttechnology forces the software to be structured es-tablishes relationships between objects that do notnecessarily reflect the way real-world entities arerelated. In the real world, the entities that havebeen modeled in the system very often have nohierarchical relationships, but have their own au-tonomous behavior. This results in awkward pro-gramming constructs necessary for overcoming theidiosyncrasies of the object paradigm. This talk willoutline a different approach and will discuss benefitsof that approach relative to object orientation.
Short Biography
Maarten Boasson studied mathematics in Gro-ningen, The Netherlands. He became involved inadvanced studies aiming at control of complexity,
both of the develop-ment process and ofthe system under de-velopment itself. Thisresulted in the cre-ation of a novel archi-tecture for distributedreactive systems, thathas been applied suc-cessfully in numeroussystems and is, morethan 10 years after itsintroduction, still un-surpassed in its sup-
port for integration, fault tolerance and componentreuse. In 1996 Boasson was appointed professorof computer science at the University of Amster-dam. He has been involved in the organization ofnumerous international conferences, played a ma-jor role in establishing a dutch national researchprogram in embedded systems, and is currently as-sociate editor-in-chief of IEEE Software.
On Architectural Stability andEvolution
Mehdi Jazayeri, Technical University ofVienna, Austria
Wednesday June 19th, 9:30
Many organizations are now pursuing software ar-chitecture as a way to control their software devel-opment and evolution costs and challenges. A soft-ware architecture describes a system’s structure andglobal properties and thus determines not only howthe system should be constructed but also guidesits evolution. An important challenge is to be able
to evaluate the“goodness” of aproposed archi-tecture. The talkwill propose sta-bility or resilienceas a primary cri-terion for evalu-ating an architec-ture. The stabil-ity of an archi-tecture is a mea-
sure of how well it accommodates the evolution ofthe system without requiring changes to the ar-chitecture. As opposed to traditional predictiveapproaches to architecture evaluation, this talk willsuggest retrospective analysis for evaluating ar-chitectural stability by examining the amount ofchange applied in successive releases of a softwareproduct. A case study of twenty releases of a tele-communication software system containing a fewmillion lines of code will be used to demonstratehow retrospective analysis may be performed. Thetalk will also present the challenges in softwareevolution and conclude with recommendations forfuture research. This work was part of the project“Architectural Reasoning for Embedded Systems”(ARES).Short BiographyMehdi Jazayeri is a professor of computer science atthe Technical University of Vienna where he holdsthe chair of distributed systems. He spent manyyears in software research and development at sev-eral Silicon Valley companies, including ten yearsat Hewlett-Packard Laboratories in Palo Alto, Cal-ifornia. His recent work has been concerned withcomponent-base software engineering of distributed(web-based) systems. He is a coauthor of Program-ming Language Concepts (John Wiley, 1998), Fun-damentals of Software Engineering (Prentice-Hall,2002), and Software Architecture for Product Fam-ilies (Addison-Wesley, 2000).
“program” — 2002/5/18 — 23:18 — page 4 — #4ii
ii
ii
ii
Indulgent Algorithms: Virtues andLimitations
Rachid Guerraoui, Swiss Federal Instituteof Technology in Lausanne (EPFL)
Thursday June 20th, 9:30
An indulgent algorithm is a reliable distributed al-gorithm that does not need re-liable failure detection. In par-ticular, with an indulgent al-gorithm, no process ever needsto know if some other processis up or down. This talk willdiscuss some practical and the-oretical ramifications of indul-gent algorithms, and will givesome new results on indulgent
algorithms in the context of the consensus problem.Short Biography
Rachid Guerraoui is professor in computer scienceat the Swiss Federal Institute of Technology in Lau-sanne where he leads the Distributed ProgrammingLaboratory (lpdwww.epfl.ch). He is interested inclassic and less classic music, triathlons, object-oriented programming and distributed algorithms.
Contextware: Bridging Physicaland Virtual Worlds
Alois Ferscha, University of Linz, Austria
Thursday June 20th, 16:30
Today a variety of terms like Ubiquitous Com-puting, Pervasive Computing, Invisible Comput-ing, Ambient Intelligence, Sentient Computing, andPost-PC Computing refers to new challenges andparadigms to the interaction between users and mo-bile and embedded computing devices. Fertilizedby a vast quantitative growth of the Internet overthe past years and a growing availability of wire-less communication technologies, an ubiquitous useof “embedded” information society technologies isevolving. Most of the services delivered through
those new technologies are services adapted to con-text, particularly to the person, time and locationof their use. The aim for seamless service provisionto anyone (personalized services) at any place (lo-cation based services) and at any time has broughtthe issues of middleware to a new discussion: itis expected that context-aware services will evolve,enabled by wirelessly networked computing devices.Services with explicit user input and output willbe replaced by a computing landscape sensing thephysical world via all different kinds of sensors, andcontrolling it via actuators in such a way that itbecomes merged with the virtual world.
This talk will explore the software engineering is-sues, challenges and enabling technologies associ-ated with the provision of context-aware services.In analogy to the term “middleware”—generallyunderstood as software technologies that serve tomediate between two or more separate and usuallyalready existing software components—the term“contextware” is introduced as the core of softwaretechnologies mediating services and the context oftheir use, thus bridging virtual and physical worlds.Short BiographyAlois Ferscha received the Mag. degree in 1984, anda PhD in business informatics in 1990, both fromthe University of Vienna, Austria. From 1986
through 2000 he was with theDepartment of Applied Com-puter Science at the Univer-sity of Vienna at the levels ofassistant and associate pro-fessor. In 2000 he joined theUniversity of Linz as full pro-fessor. He published morethan 60 technical papers ontopics related to parallel anddistributed computing. Cur-rently his research interestsare in the areas of Perva-sive Computing, Embedded
Software Systems, Wireless Communication, Mul-tiuser Cooperation, Distributed Interaction andDistributed Interactive Simulation.
Exhibition
The exhibition opens in the mid-morning breakon Tuesday and runs until after the Thursdayafternoon break. It takes place in the Parkho-tel Schonbrunn’s “Kaisersalon”, where the coffeebreaks are held.The mid-morning and almost all mid-afternoonbreaks are 60 minutes to give attendees ample op-portunity to visit the exhibition.
Each exhibitor will have at least one half hour pre-sentation slot during the vendor track; the programfor the vendor presentations is still being workedout.At the time of writing seven exhibitors: ACT,Aonix, Raincode, TNI, DDC-I, Green Hills Soft-ware Inc., and Rational have come forward, othershave expressed interest.
“program” — 2002/5/18 — 23:18 — page 5 — #5ii
ii
ii
ii
Tutorials
SPARK, an “Intensive Overview”Peter Amey & Janet Barnes, Praxis Crit-ical Systems, UK
Monday June 17th, all day
SPARK is an annotated sub-language of Ada whichis unambiguous and suitable for rigorous static anal-ysis. The tutorial, which is extracted from the four-day “Software Engineering with SPARK” coursewill provide an intensive introduction to SPARKand the static analysis that is performed by theSPARK Examiner.The tutorial is intended primarily for those withcurrent or recent experience of software develop-ment in Ada, especially those who will work on orlead safety critical or other high integrity develop-ments. Attendees will be encouraged to bring lap-top computers on which the SPARK Examiner willbe installed.Outline
1. The rationale of SPARK: major design ob-jectives, relationship with Ada, “why annota-tions?”, tool support.
2. The core SPARK language: types, expressions,statements, subprograms, packages.
3. Data and information flow analysis (includingpractical).
4. Design building blocks: abstract state ma-chines, abstract data types, interfacing withthe environment.
5. SPARK and program design.6. Formal verification.7. Exception freedom.8. Effective SPARK use, project organization.
PresentersPeter Amey is an aeronautical engineer by orig-inal professional training and achieved Chartered
Engineer status throughthe Royal AeronauticalSociety. He served asan engineering officer inthe Royal Air Force andspent several years at theBoscombe Down test es-tablishment working onthe certification of air-craft armament systems.Peter joined ProgramValidation Limited to de-velop SPARK and theSPARK Examiner and
continues that work today with Praxis Critical Sys-tems. As well developing SPARK he has used it
on major programs including Tornado, Eurofighterand the Lockheed C130J.
Peter teaches SPARK and Ada on a regular ba-sis and has lectured widely on the development ofcritical systems. Most recently this has includedthe keynote address “Logic versus Magic” at Ada-Europe 2001 and the paper “A Language for Sys-tems not Just Software” at SIGAda 2001.
Janet Barnes received a BA degree in Mathemat-ics from Cambridge Uni-versity in 1988 and MScand Phil degrees in Com-putation from OxfordUniversity in 1990 and1993 respectively. Forthe last eight years Janethas specialised in designand implementation ofhigh-integrity real-timeembedded systems. Asa user of SPARK onfive development pro-grammes she has exten-
sive experience and understanding of the SPARKlanguage.
Janet has taught the SPARK training course of-fered by Praxis Critical Systems on a number ofoccasions. Dr. Barnes is a member of the BritishComputer Society and is a Chartered Engineer.
MaRTE OS: Bringing EmbeddedSystems and Real-Time POSIXTogether
Michael Gonzalez Harbour & MarioAldea Rivas, University of Cantabria,Spain
Monday June 17th, all day
MaRTE OS is a free software implementation ofthe POSIX minimum real-time system profile. It isdesigned for embedded systems and provides a de-velopment environment for Ada, C, or mixed lan-guage real-time applications. The tutorial will de-scribe the main features of MaRTE OS, its archi-tecture and performance, and the details on its de-velopment environment. An example will be usedto demonstrate these concepts.
In addition, the tutorial will discuss the main real-time operating system services of the POSIX.13minimum real-time profile. These services allow ap-plication developers to write portable applicationsthat meet their real-time requirements, and thatmay be implemented on small embedded systems.
“program” — 2002/5/18 — 23:18 — page 6 — #6ii
ii
ii
ii
Outline Part I: Real-Time POSIX1. Introduction. Real-Time operating systems2. The POSIX standards and their Ada bindings3. POSIX subsets: Application environment pro-
files4. Thread management5. Priority scheduling6. Synchronization7. Signals8. Time management
Outline Part II: MaRTE OS1. Introduction. MaRTE OS Design requirements2. Architecture3. Implementation details and performance4. Development environment5. Case study6. Conclusions
Presenters
Michael Gonzalez Harbour is a Professor in theDepartment of Electronicsand Computers at the Uni-versity of Cantabria. Heworks in software engineer-ing for real-time systems.He is a co-author of “APractitioner’s Handbook onReal-Time Analysis”. Hehas been involved in sev-eral projects using Ada tobuild real-time controllersfor robots. He is an activemember of the POSIX real-time working group.
Mario Aldea Rivas received his Bachelor degreein Physics (Electronics) from the University of
Cantabria (Spain). Heis an Assistant Profes-sor in the Department ofElectronics and Comput-ers at the University ofCantabria. His previousresearch activity was cen-tered on the developmentof real-time embedded in-dustrial robot controllers.He is currently finishing hisPhD thesis on task schedul-ing in real-time operatingsystems, and as a part of
that research activity he has developed MaRTE OS:an Ada real-time operating system for embeddedapplications that implements the POSIX.13 mini-mal real-time profile.
Principles Of Physical SoftwareDesign in Ada95
Matthew Heaney, On2 Technologies, US
Monday June 17th, morning
The tutorial addresses issues concerning the compi-lation of large software systems and presents manytechniques for ameliorating the problems.
Most texts on software design concentrate almostexclusively on logical design, and provide only acursory explanation of physical design. Discussionsabout types and objects are important, but thereare also many pragmatic compilation issues thatcannot be ignored. Unless care is taken, depen-dencies among modules often force a substantialrecompile when seemingly innocuous changes aremade. This can stymie development, especially forlarge systems that require hours (or even days) torebuild.Outline• Physical versus logical design• Coupling and cohesion• What is the unit of decomposition?• Decoupling of components• Subsystems and package hierarchies• Package idioms• Type declarations - how, where, and how many• Static versus dynamic polymorphism• Aggregation versus inheritance• Composition using access discriminants• The adapter pattern: software glue• Iterators as a decoupling mechanism• Revisiting the Wegner taxonomy• C++ friendship versus Ada95 child units• How to emulate Java-style interfaces• How to prevent unnecessary compiles• Compiler support for minimal recompiles• Hiding static values used to constrain a type or
initialize an object• Static versus dynamic linking• COM: a binary standard for reusable compo-
nents• Private children versus subunits• Factory functions• Handle-body idiom and deferred type defini-
tion• Using class-wide types to remove compilation
dependencies• How to break mutual dependency between
specs
“program” — 2002/5/18 — 23:18 — page 7 — #7ii
ii
ii
ii
• Categorization pragmas• Package elaboration issues• Access types versus the Rosen Trick• The nature of a subsystem interface• The facade pattern• Degrees of type safety• The pitfalls of a Common Types package• How much should be declared in a generic pack-
age• Where does the data go: module versus in-
stance state• Logical versus physical types• What “maintainability” really means
PresenterPlease find Matthew Heaney’s biography at the endof the description of the following tutorial also pre-sented by him.
Implementing Design Patterns inAda95
Matthew Heaney, On2 Technologies, US
Monday, June 17th, afternoon
This tutorial addresses the question of what “designpatterns” are and presents many advanced idiomsfor object-oriented programming in Ada95.Outline• Idioms for class-wide programming and mem-
ory management• Interpreter pattern• Flyweight pattern• Template method (class-wide operations)• Adding controlled-ness to a (tagged) type al-
ready in a class• Auto pointers and smart pointers: to eliminate
memory leaks• Factory function: like a constructor in C++• Factory method: factory function that dis-
patches• Observer pattern: getting notified when the
state of another object changes• Multiple views idiom: for emulating Java-style
interfaces• Rosen Trick: to convert a constant view of an
object into a variable view• Parameter passing and tests for equality• Decorator pattern: for adding behavior to an
abstraction dynamically• Dispatching through a generic formal subpro-
gram or an access-to-subprogram object
PresenterMatthew Heaney has been using Ada since 1987
to successfully build large, real-time systems in the areas ofsimulation and electronic intel-ligence. His interest in soft-ware design and object-orientedprogramming led to his workon design patterns. He learnedabout design patterns by con-verting all the C++ examplesin the Gamma book to Ada95,and has since used them on realprojects. Matthew Heaney has
already given several tutorials at SIGAda, Ada-Europe, and AdaUK.
CORBA 3 and CORBA for Em-bedded SystemsS. Ron Oliver, Top Graph’X, US
Friday, June 21st, all day
This tutorial starts with an overview of CORBA 3with emphasis on changes from CORBA 2. It willinclude a brief introduction to distributed comput-ing, in general, including fundamentals of concur-rent and real-time systems, and of computer net-works. Thereafter it addresses CORBA princi-ples, the Interface Definition Language (IDL), clientprograms, object (server) programs, CORBA Ser-vices, CORBA Facilities, and the CORBA Compo-nent Model (CCM). Several advanced features ofCORBA 3, including Minimum CORBA and Real-Time CORBA, are also discussed. These topics areof particular interest when using CORBA in thearea of embedded systems.All examples for the tutorial will be based on theTopGraphX product, ORBAda, and the Ada95 pro-gramming language. Attendees need not have priorknowledge of CORBA.PresenterS. Ron Oliver has been in the software industrysince 1968, with an equal mixture of industrial and
academic experience. Since1974 he has specialized inconcurrent and real-timesoftware engineering. Dur-ing 9 years with the com-puter science and computerengineering programs atCal Poly, he led many re-search and student projectsin object-oriented design andimplementation for concur-
rent and real-time systems, and in the distributedcomputing environment. Most recently he has beenfocusing on CORBA technology.
“program” — 2002/5/18 — 23:18 — page 8 — #8ii
ii
ii
ii
Conference
Schedule
Tuesd
ay
18th
Wednesd
ay
19th
Thurs
day
20th
9:30
–10:
30
Invi
ted
Tal
k:E
mb
edd
edS
yst
ems
Un
suit
able
for
Ob
ject
Ori
enta
tion
Maa
rten
Boa
sson
,U
nive
rsit
yof
Am
ster
dam
,T
heN
ethe
rlan
ds
Invi
ted
Tal
k:O
nA
rch
itec
tura
lS
tab
ilit
yan
dE
volu
tion
Meh
diJa
zaye
ri,
Tec
hnic
alU
nive
rsit
yof
Vie
nna,
Aus
tria
Invi
ted
Tal
k:In
du
lgen
tA
lgor
ith
ms:
Vir
tues
and
Lim
itat
ion
sR
achi
dG
uerr
aoui
,Sw
iss
Fede
ral
Inst
itut
eof
Tec
hnol
ogy,
Laus
anne
,Sw
itze
rlan
d
10:3
0–11
:30
Exh
ibit
ion
Op
enin
g&
Coff
eeE
xh
ibit
ion
&C
offee
Exh
ibit
ion
&C
offee
Em
bed
ded
Syst
ems
Cas
eS
tud
ies
Ad
aL
angu
age
Issu
esD
istr
ibu
ted
Syst
ems
Ven
dor
Ses
sion
I
11:3
0–12
:00
12:0
0–12
:30
12:3
0–13
:00
Eva
luat
ing
Per
form
ance
and
Pow
erof
Ob
ject
-ori
ente
dvs
.P
roce
dura
lP
rogr
amm
ing
inE
mbe
dded
Pro
cess
ors
A.
Cha
tzig
eorg
iou,
G.
Step
hani
des
OM
C-I
NT
EG
RA
LM
emor
yM
anag
emen
tJo
seM
anue
lP
erez
Loba
to,
Eva
Mar
tın
Lobo
Lan
guag
eIs
sues
ofC
ompi
ling
Ada
toH
ardw
are
M.
War
d,N
.C
.A
udsl
ey
Soft
war
eD
evel
opm
ent
Ree
ngin
eeri
ng–
An
Exp
erie
nce
Rep
ort
Adr
ian
Hoe
Dev
elop
men
tof
aC
ontr
olSy
stem
for
Tel
eope
rate
dR
obot
sus
ing
UM
Lan
dA
da95
F.
J.O
rtiz
,A
.M
artı
nez,
B.
Alv
arez
,A
.Ib
orra
,J.
M.
Fern
ande
z
Usi
nga
Secu
reJa
vaM
icro
-ker
nel
onE
mbe
dded
Dev
ices
for
the
Rel
iabl
eE
xecu
tion
ofD
ynam
ical
lyU
ploa
ded
App
licat
ions
W.
Bin
der,
B.
Lic
htl
How
tous
eG
NA
Tto
Effi
cien
tly
Pre
proc
ess
New
Ada
Sent
ence
sJ.
Mir
anda
,F
.G
uerr
a,E
.M
arte
l,J.
Mar
tın,
A.
Gon
zale
z
Exp
osin
gU
nini
tial
ized
Var
iabl
es:
Stre
ngth
enin
gan
dE
xten
ding
Run
-Tim
eC
heck
sin
Ada
Rob
ert
Dew
ar,
Oliv
ier
Hai
nque
,D
irk
Cra
eyne
st,
Phi
lippe
War
oqui
ers
Add
ing
Des
ign
By
Con
trac
tto
the
Ada
Lan
guag
eE
hud
Lam
m
Mod
ellin
g&
Sche
dula
bilit
yA
naly
sis
ofH
ard
Rea
l-T
ime
Dis
trib
uted
Syst
ems
base
don
Ada
Com
pone
nts
J.L
.M
edin
a,J.
Javi
erG
utie
rrez
,J.
M.
Dra
ke,
M.
Gon
zale
zH
arbo
ur
Tra
nspa
rent
Env
iron
men
tfo
rR
eplic
ated
Rav
ensc
arA
pplic
atio
nsL
uıs
Mig
uel
Pin
ho,
Fran
cisc
oV
asqu
es
Con
curr
ency
Con
trol
inT
rans
acti
onal
Dra
goM
.P
atin
o-M
artı
nez,
R.
Jim
enez
-Per
is,
J.K
ienz
le,
S.A
reva
lo
11:3
0–12
:00
12:0
0–12
:30
12:3
0–13
:00
13:0
0–14
:30
Lu
nch
&E
xh
ibit
ion
Lu
nch
&E
xh
ibit
ion
Lu
nch
&E
xh
ibit
ion
“program” — 2002/5/18 — 23:18 — page 9 — #9ii
ii
ii
ii
Conference
Schedule
(con
t.)
Tuesd
ay
18th
Wednesd
ay
19th
Thurs
day
20th
Rea
l-T
ime
Syst
ems
Ven
dor
Ses
sion
IIP
rogr
amA
nal
ysi
sV
end
orS
essi
onII
IL
ibra
ries
,A
PIs
,an
dB
ind
ings
Ob
ject
-Ori
enta
tion
14:3
0–15
:00
15:0
0–15
:30
AP
OSI
X-A
daIn
terf
ace
for
App
licat
ion-
Defi
ned
Sche
dulin
gM
ario
Ald
eaR
ivas
,M
icha
elG
onza
lez
Har
bour
The
Form
alD
evel
opm
ent
ofa
Rea
lT
ime
Ker
nel:
Ker
nel
Mod
ellin
gSt
ephe
nG
.M
iche
ll,D
ougl
asJ.
How
e
14:3
0–15
:00
15:0
0–15
:30
Stat
icD
epen
denc
yA
naly
sis
for
Con
curr
ent
Ada
95P
rogr
ams
Zhe
nqia
ngC
hen,
Bao
wen
Xu,
Jian
jun
Zha
o,H
ongj
iY
ang
Dat
aFA
N:
AP
ract
ical
App
roac
hto
Dat
aF
low
Ana
lysi
sfo
rA
da95
K.
Cza
rnec
ki,
M.
Him
solt,
E.
Ric
hter
,F
.V
iew
eg,
A.
Ros
skop
f
14:3
0–15
:00
15:0
0–15
:30
An
Ada
Bin
ding
toth
eIE
EE
1003
.1q
(PO
SIX
Tra
cing
)St
anda
rdA
gust
ınE
spin
osa
Min
guet
,A
naG
arcı
aFo
rnes
,A
lfons
Cre
spo
iLo
rent
e
GN
AT
Ada
Dat
abas
eD
evel
opm
ent
Env
iron
men
tM
icha
elE
rdm
ann
Usi
ngO
bje
ctO
rien
tati
onin
Hig
hIn
tegr
ity
App
licat
ions
:A
Cas
eSt
udy
A.
Alo
nso,
R.
Lop
ez,
T.
Var
dane
ga,
J.A
.de
laP
uent
e
Ada
,In
terf
aces
and
the
Lis
tene
rP
arad
igm
J-P
.R
osen
15:3
0–16
:00
Coff
ee&
Exh
ibit
ion
Pri
orit
izat
ion
ofT
est
Cas
esin
MU
MC
UT
Tes
tSe
ts:
An
Em
piri
cal
Stud
yY
.T
.Y
u,M
.F
.La
u15
:30–
16:0
0C
offee
&E
xh
ibit
ion
16:0
0–16
:30
Coff
ee&
Exh
ibit
ion
Hig
h-I
nte
grit
yS
yst
ems
Tool
s
16:3
0–17
:00
17:0
0–17
:30
Clo
sing
the
Loo
p:T
heIn
fluen
ceof
Cod
eA
naly
sis
onD
esig
nP
eter
Am
ey
Hig
h-In
tegr
ity
Syst
ems
Dev
elop
men
tfo
rIn
tegr
ated
Mod
ular
Avi
onic
sus
ing
VxW
orks
and
GN
AT
Pau
lP
arki
nson
,Fr
anco
Gas
pero
ni
Abo
utth
eD
ifficu
ltie
sof
Bui
ldin
ga
Pre
tty-
Pri
nter
for
Ada
Serg
eyR
ybin
,A
lfred
Stro
hmei
er
AT
ailo
rabl
eD
istr
ibut
edP
rogr
amm
ing
Env
iron
men
tE
.M
arte
l,F
.G
uerr
a,J.
Mir
anda
Invi
ted
Tal
k:C
onte
xtw
are:
Bri
dgi
ng
Physi
cal
and
Vir
tual
Wor
lds
Alo
isFe
rsch
a,U
nive
rsit
atL
inz,
Aus
tria
17:3
0–18
:15
Ada
-Eur
ope
Gen
eral
Ass
embl
yC
losi
ngSe
ssio
nA
war
ds:
best
pape
r&
best
pres
enta
tion
Gu
ided
Cit
yT
our
&T
own
-Hal
lR
ecep
tion
Ban
qu
et(H
euri
ger)
Sch
onb
run
nP
alac
e“G
ran
dT
our”
“program” — 2002/5/18 — 23:18 — page 10 — #10ii
ii
ii
ii
Tutorials (cont.)
Using Open Source Hard- andSoftware to Build Reliable Systems
Joel Sherrill, OAR Corporation, US,& Jiri Gaisler, Gaisler Research, Sweden
Friday, June 21st, morning
A framework for the development of embedded sys-tems based solely on open-source components ispresented. The framework is based on the LEONSPARC-V8 processor, RTEMS real-time operatingsystem, and the GNU Ada toolchain. The tutorialincludes a discussion of the implications of applyingthe open source model to hardware and embeddedsystems software. An overview of the characteris-tics of real-time embedded systems, the cross de-velopment process, and the features of Ada95 thataid the development of real-time embedded systemsis presented. A demonstration is made on how toconfigure the target processor, adapt the RTEMSoperating system to custom boards, and developAda applications.OutlineThe LEON processor and the RTEMS real-time op-erating system are open source solutions targetingthe two sides of embedded systems—hardware andsoftware. Both were initially developed by orga-nizations responsible for the development, deploy-ment, and maintenance of custom systems withhigh safety and reliability requirements and ex-tremely long lifespans. While the LEON was ini-tially developed for space applications and RTEMSfor military applications, both have been madeavailable to the general embedded systems commu-nity. Interestingly, both have found use in a varietyof domains not envisioned by their original spon-sors.
In this tutorial, LEON and RTEMS and the impli-cations for using open source hardware and softwarein embedded systems are examined. The features ofboth LEON and RTEMS along with the open sourcetools that support them are presented. This is fol-lowed by an examination of the adaptation of theGNAT compiler to this target environment and thefeatures of the Ada programming language that areparticularly useful to real-time embedded systemsdevelopers. The tutorial concludes with a demon-stration of the GNAT/RTEMS-LEON toolchain onboth a simulator and real hardware.PresentersDr. Joel Sherrill is Director of Research and De-velopment for OAR Corporation with 15 years ex-perience in the design, development, and fielding ofreal-time embedded applications in a variety of mili-tary, commercial, and research domains. As a prin-
cipal author and current maintainer of the open-source real-time operating system RTEMS, he has
been deeply involved innumerous RTEMS re-lated efforts including theGNAT/RTEMS valida-tion. In addition to reg-ularly teaching courses onRTEMS and other real-time topics for OAR Cor-poration, Dr. Sherrill is apart-time instructor at theUniversity of Alabama inHuntsville. He is a found-ing member of the Steer-ing Committee for the Free
Software Foundation’s GNU Compiler Collection.As an experienced software developer, Dr. Sher-rill has also focused on the practical application ofsoftware engineering research to the everyday lifeof the developer. In this light, he is a member ofOAR’s SEPG and has led process improvement andimplementation efforts on a number of projects.
Jiri Gaisler is the founder of Gaisler Research andthe designer of the ERC32and LEON processors. Hehas 15 years experiencein the design and imple-mentation of fault-tolerantprocessors and digital sys-tems for space applica-tions, most of it gained asstaff researcher at the Eu-ropean Space Agency. Cur-rent activities involve sim-ulator design and data-handling systems develop-ment for future space plat-
forms. Mr. Gaisler has presented several papersat international conferences, and regularly holdscourses on LEON architecture and utilization.
Cleanroom Software Engineering:An Overview
William Bail, MITRE & University ofMaryland, US
Friday, June 21st, afternoon
Cleanroom Software Engineering is an approach tothe development of software that is strongly rootedin formal methods and mathematics. Developed byHarlan Mills and his colleagues at IBM in the late1970s, and officially named Cleanroom in 1987, thistechnique emphasizes defect avoidance. While notgaining the notoriety that other techniques have en-
“program” — 2002/5/18 — 23:18 — page 11 — #11ii
ii
ii
ii
joyed, projects that have applied Cleanroom haveexperienced significant benefits, including low de-fect rates. Cleanroom emphasizes multiple builds in
an incremental model, witheach build constructed us-ing forms known as boxstructures. Verification ofthe structures is accom-plished using correctnessproofs, while software cer-tification is based on us-age models which facilitatestatistical testing. Recentwork has integrated Clean-room with object-orientedmodels. In addition theSEI has released a Clean-
room Software Engineering Reference Model, pro-viding an integrated set of work products and pro-cesses for organizations wishing to apply this tech-nique.PresenterWilliam BailBS, Carnegie Institute of Technology, Mathemat-ics MS, University of Maryland, Computer SciencePhD, University of Maryland, Computer ScienceWork experience focuses on aiding large scale soft-ware development projects in the areas of softwaremethodologies, principally for the US Government(DoD and FAA). Teaching focuses on requirementsengineering, IV&V practice, and software design.William Bail has a total of 35 years of software en-gineering experience.
Exceptions — What You AlwaysWanted to Know about Excep-tions, But Were Afraid To AskCurrie Colket, MITRE & ACM SIGAda,USFriday, June 21st, afternoon
Exception processing has the power to detect se-rious problems in the execution of a program andreturn one back to a known safe state with highintegrity. As such, it can be a very powerful toolfor developing high quality software. Unfortunatelymany developers do not use the full power of excep-tions. Frequently the use of exceptions is to simplylog the problem and continue execution, allowingthings to gracefully degrade. In the case of Ari-ane 5, exceptions were raised appropriately, but theresult had not been well thought out, resulting in adisaster.This tutorial will start at the basics, discussing theAda 83 concept of exceptions. To be effective, ex-ceptions and their handling must be addressed at
the design level and not at the code level where it isfrequently performed today. This presentation willdiscuss several alternative approaches to address-ing error handling in the design using exceptions.Ada 95 introduced some important changes to theexception area making them more effective. Inparticular, the addition of package Ada.Exceptionsprovides excellent facilities to support debuggingand provides a mechanism to eliminate erroneousmapping of raised exceptions.The use of exceptions can be assessed via automatedtools. Several analyses that can be performed on aprogram via automated tools so the program qual-ity can be improved will be discussed. The tuto-rial will conclude by addressing proposed needs forexceptions resulting from the Exception Workshopheld at Ada-Europe 2001.Outline
1. Introduction2. Major Benefits of Exceptions3. Ada 95 RM Exception View & Ada 83 deltas4. Designing Software With Exceptions5. Design Considerations6. Ada 95 Quality and Style Guide7. Design Examples8. Issues Using Exceptions—Exception Gotchas9. Future of Ada Exceptions
10. ConclusionPresenterMr. Currie Colket is the Chair of ACM SIGAda,
the Chair of the SIGAdaAda Semantic WorkingGroup, and the Chair ofthe ISO WG9 ASIS Rap-porteur Group. He re-cently retired from theDoD where he served inthe Air Force as an Air-borne Surveillance Officeron AWACS and a computerscientist for the UnitedStates Navy. Mr. Colketis currently a software sys-
tems engineer for MITRE. His current tasks involvecode analysis using ASIS-based tools. In this ca-pacity, he has addressed the use of Ada exceptionsfor both code development and operational use.Prior to his affiliation with MITRE, he was a con-sultant for the Software Program Manager’s Net-work (SPMN). He has a Bachelor of Science fromCase Institute of Technology, a Master of BusinessAdministration from the University of SouthernMississippi and a Master of Science in ComputerScience from the Ohio State University.
“program” — 2002/5/18 — 23:18 — page 12 — #12ii
ii
ii
ii
Workshop
A Standard Container Library for Ada
Friday, June 21st, morning. Both contempo-rary dominant general purpose programming lan-guages, Java and C++, come equipped with a stan-dard set of reusable containers, such as Maps andSets. There are quite a few Ada libraries for thesepurposes, but there is little agreement on the ex-act details of a standard container library. Thereis however a general feeling, as can be witnessedon recent discussions on comp.lang.ada, that sucha library is important for Ada’s future. A stan-dard container library is important for achievingmany of Ada’s goals, top among them the use ofreusable components for efficient software engineer-ing. Other important goals that can be served by astandard container library are educational uses andefficient implementation of common algorithms anddata structures, which is important for real-timesystems.Designing a useful standard container library forAda is a difficult task, as the language is used in awide variety of different domains, with different andat times conflicting demands. Hence the need fordebating and elaborating the issues among a groupof interested Ada users.Aims of the WorkshopWorkshop participants should attempt to come upwith two deliverables: a set of core requirementsthat are deemed by the majority to be critical for
applicability of the standard container library totheir needs, and a high level design for the libraryitself.The workshop should help in forming a workinggroup dedicated to implementing a reference imple-mentation of the proposed library.The results of the workshop should furthermoreform the basis for a recommendation which wouldlead to the adoption of a standard container libraryas part of the Ada standard library, in the next re-vision of the Ada language.Workshop Co-ChairsEhud Lamm ([email protected]), The Open Uni-versity of IsraelJohn English ([email protected]), University ofBrightonParticipationParticipation to the workshop is limited to 25–35 in-dividuals and is by invitation upon acceptance of asubmission. Participants should submit brief posi-tion papers (1 or 2 pages) to Ehud Lamm, includinglink to relevant source code if at all possible. Theworkshop will include talks based on the submittedpapers and intensive shepherded design sessions.
The deadline for the submission of position papersis stated on the conference web site.
See the conference web site for more details ( http://www.ada-europe.org/conference2002.html ).
Social Program
Tuesday Evening: Civic ReceptionOn Tuesday we will enjoy a cocktail reception atthe historic town hall by invitation of the Mayorof Vienna. Before that a guided tour by bus willprovide a first impression of the city and several ofits well-known sights, among them the magnificentbuildings along the Ringstraße, such as the StateOpera House, the Museum of Fine Arts, the Mu-seum of Natural History, the Hofburg Palace, theParliament, the City Hall, the Burgtheater, and theUniversity as well as the Votivkirche Church.
Wednesday Evening: BanquetWednesday evening the conference banquet willtake place at a famous “Heurigen” in Grinzing.Heuriger is a word that the Viennese use both forthe wine of the latest grape harvest and for theestablishments at which it is served. Grinzing isprobably Austria’s best known wine-growing dis-trict, and the Heuriger “Altes Presshaus” has a tra-dition that dates back as far as 1527. Over a glass of
wine and traditional Viennese cuisine we will havethe opportunity to experience several of the mun-dane ingredients such as “Schrammel-Musik” and“Wiener Gemutlichkeit” that add to the flair of thiscity.
Thursday Evening: SchonbrunnPalace “Grand Tour”A short walk from the conference venue “Parkho-tel Schonbrunn” through the adjacent baroque-stylepark of the Schonbrunn Palace will take us tothe palace itself, where we will enjoy an exclusiveevening tour through this former summer residenceof the Habsburg family.
“program” — 2002/5/18 — 23:18 — page 13 — #13ii
ii
ii
ii
7th International Conference on Reliable Software Technologies - Ada-Europe 2002Vienna, Austria, June 17-21, 2002
REGISTRATION FORMPARTICIPANT Please use block capitals
Ms/Mrs [ ] Mr [ ] TitleFamily name First nameAffiliation/OrganizationStreetCity Post/Zip code CountryTelephone Fax EmailSpecial requirements (e.g. diet)Reduced registration fee
[ ] member Ada-Europe; national organization [ ]academia[ ] member ACM; membership number
Additional CommentsRegistration time Early registration (by May 25th) [ ] Late or on site (after May 25th) [ ]
REGISTRATION FEESConference registration fee (see table on next page)Three day conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURIndividual days (Tue [ ] Wed [ ] Thu [ ]) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURTutorial/Workshop registration (see table on next page)Please indicate tutorials/workshop for which you want to register:
Monday, June 17th [ ] T1 [ ] T2 [ ] T3 [ ] T4Friday, June 21st [ ] T5 [ ] T6 [ ] T7 [ ] T8 [ ] W
Tutorial/Workshop registration fee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURExtra Banquet ticket: tickets @ 53 EUR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURExtra proceedings: proceedings @ 30 EUR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EUR
TOTAL PAYMENT DUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .EUR
PAYMENT METHODBy bank transfer [ ] By cheque [ ] By credit card [ ]By bank transfer to account number 0130-30655/00, “TU Wien – Ada-Europe 2002”. The accountis at the CA-BV Austria whose bank identifier (swift) code is CABVATWW (Please mention “Ada-Europe 2002” and your name and attach proof of payment, e.g., a copy of the bank draft, to this form).By cheque drawn on an Austrian Bank and made payable to:
TU Wien Reliable Software Technologies—Ada-Europe 2002.
By credit card MasterCard [ ] Visa [ ]Card Expiration DateName as shown on credit card Signature:
Mail or fax this form to:AE2002 Registration, CON.ECT, Event Management GesmbH,Kaiserstr. 14, A-1070 Vienna, AustriaFax ++43 1 522 36 36-10 Document Version 1.4
“program” — 2002/5/18 — 23:18 — page 14 — #14ii
ii
ii
ii
Conference Registration Fee:
Three days of conference (June 18th–June 20th) including one copy of the proceedings, coffee breaks,lunches, visit and reception in town hall on Tuesday 18th, and the Schonbrunn Palace “Grand Tour” onThursday 20th.
member Ada-Europe or ACM SIGAda non membernon academia academia non academia academia
Early registration(by May 25th) 530 EUR 470 EUR 590 EUR 530 EUR
Late registration(after May 25th) 590 EUR 590 EUR 650 EUR 650 EUR
Individual day registration(per day) 270 EUR 270 EUR 300 EUR 300 EUR
Tutorial Registration Fee:
Prices are per tutorial, including tutorial notes and coffee breaks.Lunches are only included when registered for full day tutorial or two half day tutorials on the same day.
half day full day or two halveson same day
Workshop(by invitation only)
Early registration(by May 25th) 120 EUR 230 EUR 50 EUR
Late registration(after May 25th) 150 EUR 290 EUR 70 EUR
Overview of Tutorials:
MondayJune 17th
T 1 full day SPARK, an “Intensive overview” – Amey/Barnes
T 2 full day MaRTE OS: Bringing Embedded Systems and RT POSIX Together –Gonzalez/Aldea
T 3 morning Principles of Physical Software Design in Ada 95 – HeaneyT 4 afternoon Implementing Design Patterns in Ada 95 – Heaney
FridayJune 21st
T 5 full day CORBA 3 and CORBA for Embedded Systems – Oliver
T 6 morning Using Open Source Hardware and Software to Build Reliable Systems –Sherrill/Gaisler
T 7 afternoon Cleanroom Software Engineering: An Overview – Bail
W morning Workshop: Standard Container Library for Ada –Lamm (by invitation only)
T 8 afternoon Exceptions – What You Always Wanted to Know About Exceptions,But Were Afraid to Ask – Colket
Note: No registration request will be confirmed until payment has been received. CANCELLATIONSmust be in writing. A Cancellation fee of 120 EUR will be applied to all cancellations. No refunds will begiven for cancellations postmarked after June 1st. Substitutions will be accepted. The hotel informationcan be found through the web page of the conference. Additional lunch tickets will be on sale throughoutthe conference.For latest information see the web page at http://www.ada-europe.org/conference2002.html, or sendemail to [email protected] any information, please contact:Bettina Hainschink (Conference Secretariat), CON.ECT Tel: ++43 1 522 36 36CON.ECT, Event Management GesmbH Fax: ++43 1 522 36 36-10Kaiserstr. 14, A-1070 Vienna, Austria Email: [email protected]
“program” — 2002/5/18 — 23:18 — page 15 — #15ii
ii
ii
ii
Program Committee
Angel Alvarez, Technical University of Madrid,SpainLars Asplund, Uppsala University, SwedenNeil Audsley, University of York, UKJohn Barnes, UKGuillem Bernat, University of York, UKMaarten Boasson, University of Amsterdam,The NetherlandsBen Brosgol, ACT, USABernd Burgstaller, TU Vienna, AustriaUlf Cederling, Vaxjo University, SwedenRoderick Chapman, Praxis CriticalSystems Limited, UKPaolo Coppola, INTECS HRT, ItalyDirk Craeynest, Offis nv/sa & K.U.Leuven,BelgiumAlfons Crespo, Universidad Politecnicade Valencia, SpainPeter Dencker, Aonix GmbH, GermanyRaymond Devillers, Universite Libre de Bruxelles,BelgiumBrian Dobbing, Praxis Critical Systems Limited,UKWolfgang Gellerich, IBM, GermanyJesus M. Gonzalez-Barahona, ESCET,Universidad Rey Juan Carlos, SpainMichael Gonzalez Harbour, Universidad deCantabria, SpainThomas Gruber, ARC Seibersdorf research,AustriaHelge Hagenauer, University of Salzburg, AustriaAndrew Hately, Eurocontrol, BelgiumGunter Hommel, TU Berlin, GermanyWolfgang Kastner, TU Vienna, AustriaJan van Katwijk, Delft University of Technology,The Netherlands
Hubert B. Keller, Forschungszentrum Karlsruhe,GermanyYvon Kermarrec, ENST Bretagne, FranceJorg Kienzle, Swiss Federal Institute ofTechnology Lausanne, SwitzerlandAlbert Llamosı, Universitat de les Illes Balears,SpainKristina Lundqvist, Massachusetts Institute ofTechnology, USAFranco Mazzanti, Istituto di Elaborazione dellaInformazione, ItalyJohn W. McCormick, University of NorthernIowa, USAPierre Morere, Aonix, FranceLaurent Pautet, ENST Paris, FranceErhard Plodereder, University Stuttgart, GermanyJuan A. de la Puente, Universidad Politecnica deMadrid, Spain
Gerhard Rabe, TUV Nord e.V., Hamburg,GermanyJean-Marie Rigaud, Universite Paul Sabatier,Toulouse, FranceAlexander Romanovsky, University of Newcastle,UKJean-Pierre Rosen, Adalog, FranceBo Sanden, Colorado Technical University, USABernhard Scholz, TU Vienna, AustriaEdmond Schonberg, New York University & ACT,USATullio Vardanega, Dept. of Pure and AppliedMath., Univ. of Padova, ItalyStef Van Vlierberghe, Eurocontrol CFMU,BelgiumAndy Wellings, University of York, UKIan Wild, Eurocontrol CFMU, BelgiumJurgen Winkler, Friedrich-Schiller-Universitat,Jena, GermanyThomas Wolf, Paranor AG, Switzerland
Further Information
The conference web site gives up-to-date details ofthe program. Also on the web site are details on thevenue including travel information and hotel accom-modation. In case of unavailable web-access pleasecontact the Conference Secretariat regarding hotelaccommodation and to receive further information.
Bettina HainschinkAda-Europe 2002 Conference SecretaryCON.ECT Event Management GesmbHKaiserstr. 14, A-1070 Vienna, AustriaTel: ++43 1 522 36 36 Fax: ++43 1 522 36 36-10Email: [email protected]
http://www.ada-europe.org/conference2002.html
“program” — 2002/5/18 — 23:18 — page 16 — #16ii
ii
ii
ii
Organization
Conference ChairGerhard H. SchildtTechnical University of ViennaDepartment of [email protected] Co-ChairsJohann BliebergerTechnical University of ViennaDepartment of [email protected]
Alfred StrohmeierSwiss Fed. Inst. of TechnologyLausanneSoftware Engineering [email protected]
Tutorial Chair
Helge HagenauerUniversity of SalzburgDept. Comp. Science & [email protected]
Exhibition Chair
Thomas GruberARC Seibersdorfresearch [email protected]
Publicity Chair
Dirk CraeynestOffis nv/sa & [email protected]
Local Organization Chair
Bernd BurgstallerTechnical University of ViennaDepartment of [email protected]
In cooperation with
SIGAda
The organizers thank the exhibitors (preliminary list)
and the supporters (preliminary list) of the conference.
The City of Vienna
Document Version 1.8