“program” — 2002/5/18 — 23:18 — page 1 — #1ii

ii

ii

ii

7th International Conference on

Reliable Software Technologies

Ada-Europe 2002

Vienna, Austria, June 17-21, 2002

ADVANCE PROGRAM

SIGAda

http://www.ada-europe.org/conference2002.html

“program” — 2002/5/18 — 23:18 — page 2 — #2ii

ii

ii

ii

Preliminary Program

The information presented here is preliminary - please refer to the conference web site for the latest details.

In 2002, the 7th International Conference on Re-liable Software Technologies will take place inVienna, Austria, from June 17th to June 21st. Theconference offers a technical program and exhibi-tion, plus a series of tutorials and a workshop.The conference provides an international forum forresearchers, developers and users of reliable soft-ware technologies. Presentations and discussionscover applied and theoretical work currently con-ducted to support the development and mainte-nance of software systems.Vienna, a city with about 2 million inhabitants issituated in the heart of Europe. It is a city on

which its ever-changing history has left an indeli-ble mark, manifested also in the rich cultural her-itage. Shaped by its hundreds of years as capitalof an empire, the city’s ultimate fascination nowa-days stems from combining imperial grandeur withexplosive modernity.

The conference will take place in the ParkhotelSchonbrunn which originated in 1907 as the guesthouse of Emperor Franz Josef I. The newly ren-ovated hotel is located in the immediate vicin-ity of the “Schonbrunn Palace” and its beautifulsurrounding park, situated close to the center ofVienna.

Overview of the Week

Morning Late Morning After Lunch Afternoon

MondayJune 17thTutorials

SPARK, an “Intensive Overview”P. Amey and J. Barnes

MaRTE OS: Bringing Embedded Systems and Real-Time POSIX TogetherM. Gonzalez Harbour and M. Aldea Rivas

Principles of Physical Software Design in Ada95M. Heaney

Implementing Design Patterns in Ada95M. Heaney

TuesdayJune 18thSessions &Exhibition

Embedded SystemsUnsuitable for

Object OrientationMaarten Boasson

Embedded Systems Real-Time SystemsHigh-Integrity

SystemsCase Studies Vendor presentations

WednesdayJune 19thSessions &Exhibition

On ArchitecturalStability and Evolution

Mehdi JazayeriAda Language

Issues

Program AnalysisTools

Vendor presentations

ThursdayJune 20thSessions &Exhibition

Indulgent Algorithms:Virtues and Limitations

Rachid Guerraoui

Distributed Systems Libraries Contextware: BridgingPhysical and Virtual

WorldsAlois FerschaVendor presentations Object-Orientation

FridayJune 21stTutorials &Workshop

CORBA 3 and CORBA for Embedded SystemsS. Ron Oliver

Using Open Source Hardware and Software toBuild Reliable Systems

J. Sherrill and J. Gaisler

Cleanroom Software Engineering: An OverviewW. Bail

Workshop: A StandardContainer Library for Ada

E. Lamm

Exceptions – What You Always Wanted toKnow about Exceptions, But Were Afraid to

AskC. Colket

“program” — 2002/5/18 — 23:18 — page 3 — #3ii

ii

ii

ii

Invited Speakers

Embedded Systems Unsuitable forObject Orientation

Maarten Boasson, University of Amster-dam, The Netherlands

Tuesday June 18th, 9:30

It will be argued that the current focus on objecttechnology is detrimental to progress in embeddedsystems. The core of the problem is that OO is finefor analysis but does not answer the design needs.The difference between analyzing a system and de-signing one is enormous: during analysis, the focusis on understanding the various functional compo-nents of a system and their interactions, whereasdesigning is about implementing the desired func-tionality under the constraint that all quality goalsfor the system are achieved. The way that objecttechnology forces the software to be structured es-tablishes relationships between objects that do notnecessarily reflect the way real-world entities arerelated. In the real world, the entities that havebeen modeled in the system very often have nohierarchical relationships, but have their own au-tonomous behavior. This results in awkward pro-gramming constructs necessary for overcoming theidiosyncrasies of the object paradigm. This talk willoutline a different approach and will discuss benefitsof that approach relative to object orientation.

Short Biography

Maarten Boasson studied mathematics in Gro-ningen, The Netherlands. He became involved inadvanced studies aiming at control of complexity,

both of the develop-ment process and ofthe system under de-velopment itself. Thisresulted in the cre-ation of a novel archi-tecture for distributedreactive systems, thathas been applied suc-cessfully in numeroussystems and is, morethan 10 years after itsintroduction, still un-surpassed in its sup-

port for integration, fault tolerance and componentreuse. In 1996 Boasson was appointed professorof computer science at the University of Amster-dam. He has been involved in the organization ofnumerous international conferences, played a ma-jor role in establishing a dutch national researchprogram in embedded systems, and is currently as-sociate editor-in-chief of IEEE Software.

On Architectural Stability andEvolution

Mehdi Jazayeri, Technical University ofVienna, Austria

Wednesday June 19th, 9:30

Many organizations are now pursuing software ar-chitecture as a way to control their software devel-opment and evolution costs and challenges. A soft-ware architecture describes a system’s structure andglobal properties and thus determines not only howthe system should be constructed but also guidesits evolution. An important challenge is to be able

to evaluate the“goodness” of aproposed archi-tecture. The talkwill propose sta-bility or resilienceas a primary cri-terion for evalu-ating an architec-ture. The stabil-ity of an archi-tecture is a mea-

sure of how well it accommodates the evolution ofthe system without requiring changes to the ar-chitecture. As opposed to traditional predictiveapproaches to architecture evaluation, this talk willsuggest retrospective analysis for evaluating ar-chitectural stability by examining the amount ofchange applied in successive releases of a softwareproduct. A case study of twenty releases of a tele-communication software system containing a fewmillion lines of code will be used to demonstratehow retrospective analysis may be performed. Thetalk will also present the challenges in softwareevolution and conclude with recommendations forfuture research. This work was part of the project“Architectural Reasoning for Embedded Systems”(ARES).Short BiographyMehdi Jazayeri is a professor of computer science atthe Technical University of Vienna where he holdsthe chair of distributed systems. He spent manyyears in software research and development at sev-eral Silicon Valley companies, including ten yearsat Hewlett-Packard Laboratories in Palo Alto, Cal-ifornia. His recent work has been concerned withcomponent-base software engineering of distributed(web-based) systems. He is a coauthor of Program-ming Language Concepts (John Wiley, 1998), Fun-damentals of Software Engineering (Prentice-Hall,2002), and Software Architecture for Product Fam-ilies (Addison-Wesley, 2000).

“program” — 2002/5/18 — 23:18 — page 4 — #4ii

ii

ii

ii

Indulgent Algorithms: Virtues andLimitations

Rachid Guerraoui, Swiss Federal Instituteof Technology in Lausanne (EPFL)

Thursday June 20th, 9:30

An indulgent algorithm is a reliable distributed al-gorithm that does not need re-liable failure detection. In par-ticular, with an indulgent al-gorithm, no process ever needsto know if some other processis up or down. This talk willdiscuss some practical and the-oretical ramifications of indul-gent algorithms, and will givesome new results on indulgent

algorithms in the context of the consensus problem.Short Biography

Rachid Guerraoui is professor in computer scienceat the Swiss Federal Institute of Technology in Lau-sanne where he leads the Distributed ProgrammingLaboratory (lpdwww.epfl.ch). He is interested inclassic and less classic music, triathlons, object-oriented programming and distributed algorithms.

Contextware: Bridging Physicaland Virtual Worlds

Alois Ferscha, University of Linz, Austria

Thursday June 20th, 16:30

Today a variety of terms like Ubiquitous Com-puting, Pervasive Computing, Invisible Comput-ing, Ambient Intelligence, Sentient Computing, andPost-PC Computing refers to new challenges andparadigms to the interaction between users and mo-bile and embedded computing devices. Fertilizedby a vast quantitative growth of the Internet overthe past years and a growing availability of wire-less communication technologies, an ubiquitous useof “embedded” information society technologies isevolving. Most of the services delivered through

those new technologies are services adapted to con-text, particularly to the person, time and locationof their use. The aim for seamless service provisionto anyone (personalized services) at any place (lo-cation based services) and at any time has broughtthe issues of middleware to a new discussion: itis expected that context-aware services will evolve,enabled by wirelessly networked computing devices.Services with explicit user input and output willbe replaced by a computing landscape sensing thephysical world via all different kinds of sensors, andcontrolling it via actuators in such a way that itbecomes merged with the virtual world.

This talk will explore the software engineering is-sues, challenges and enabling technologies associ-ated with the provision of context-aware services.In analogy to the term “middleware”—generallyunderstood as software technologies that serve tomediate between two or more separate and usuallyalready existing software components—the term“contextware” is introduced as the core of softwaretechnologies mediating services and the context oftheir use, thus bridging virtual and physical worlds.Short BiographyAlois Ferscha received the Mag. degree in 1984, anda PhD in business informatics in 1990, both fromthe University of Vienna, Austria. From 1986

through 2000 he was with theDepartment of Applied Com-puter Science at the Univer-sity of Vienna at the levels ofassistant and associate pro-fessor. In 2000 he joined theUniversity of Linz as full pro-fessor. He published morethan 60 technical papers ontopics related to parallel anddistributed computing. Cur-rently his research interestsare in the areas of Perva-sive Computing, Embedded

Software Systems, Wireless Communication, Mul-tiuser Cooperation, Distributed Interaction andDistributed Interactive Simulation.

Exhibition

The exhibition opens in the mid-morning breakon Tuesday and runs until after the Thursdayafternoon break. It takes place in the Parkho-tel Schonbrunn’s “Kaisersalon”, where the coffeebreaks are held.The mid-morning and almost all mid-afternoonbreaks are 60 minutes to give attendees ample op-portunity to visit the exhibition.

Each exhibitor will have at least one half hour pre-sentation slot during the vendor track; the programfor the vendor presentations is still being workedout.At the time of writing seven exhibitors: ACT,Aonix, Raincode, TNI, DDC-I, Green Hills Soft-ware Inc., and Rational have come forward, othershave expressed interest.

“program” — 2002/5/18 — 23:18 — page 5 — #5ii

ii

ii

ii

Tutorials

SPARK, an “Intensive Overview”Peter Amey & Janet Barnes, Praxis Crit-ical Systems, UK

Monday June 17th, all day

SPARK is an annotated sub-language of Ada whichis unambiguous and suitable for rigorous static anal-ysis. The tutorial, which is extracted from the four-day “Software Engineering with SPARK” coursewill provide an intensive introduction to SPARKand the static analysis that is performed by theSPARK Examiner.The tutorial is intended primarily for those withcurrent or recent experience of software develop-ment in Ada, especially those who will work on orlead safety critical or other high integrity develop-ments. Attendees will be encouraged to bring lap-top computers on which the SPARK Examiner willbe installed.Outline

1. The rationale of SPARK: major design ob-jectives, relationship with Ada, “why annota-tions?”, tool support.

2. The core SPARK language: types, expressions,statements, subprograms, packages.

3. Data and information flow analysis (includingpractical).

4. Design building blocks: abstract state ma-chines, abstract data types, interfacing withthe environment.

5. SPARK and program design.6. Formal verification.7. Exception freedom.8. Effective SPARK use, project organization.

PresentersPeter Amey is an aeronautical engineer by orig-inal professional training and achieved Chartered

Engineer status throughthe Royal AeronauticalSociety. He served asan engineering officer inthe Royal Air Force andspent several years at theBoscombe Down test es-tablishment working onthe certification of air-craft armament systems.Peter joined ProgramValidation Limited to de-velop SPARK and theSPARK Examiner and

continues that work today with Praxis Critical Sys-tems. As well developing SPARK he has used it

on major programs including Tornado, Eurofighterand the Lockheed C130J.

Peter teaches SPARK and Ada on a regular ba-sis and has lectured widely on the development ofcritical systems. Most recently this has includedthe keynote address “Logic versus Magic” at Ada-Europe 2001 and the paper “A Language for Sys-tems not Just Software” at SIGAda 2001.

Janet Barnes received a BA degree in Mathemat-ics from Cambridge Uni-versity in 1988 and MScand Phil degrees in Com-putation from OxfordUniversity in 1990 and1993 respectively. Forthe last eight years Janethas specialised in designand implementation ofhigh-integrity real-timeembedded systems. Asa user of SPARK onfive development pro-grammes she has exten-

sive experience and understanding of the SPARKlanguage.

Janet has taught the SPARK training course of-fered by Praxis Critical Systems on a number ofoccasions. Dr. Barnes is a member of the BritishComputer Society and is a Chartered Engineer.

MaRTE OS: Bringing EmbeddedSystems and Real-Time POSIXTogether

Michael Gonzalez Harbour & MarioAldea Rivas, University of Cantabria,Spain

Monday June 17th, all day

MaRTE OS is a free software implementation ofthe POSIX minimum real-time system profile. It isdesigned for embedded systems and provides a de-velopment environment for Ada, C, or mixed lan-guage real-time applications. The tutorial will de-scribe the main features of MaRTE OS, its archi-tecture and performance, and the details on its de-velopment environment. An example will be usedto demonstrate these concepts.

In addition, the tutorial will discuss the main real-time operating system services of the POSIX.13minimum real-time profile. These services allow ap-plication developers to write portable applicationsthat meet their real-time requirements, and thatmay be implemented on small embedded systems.

“program” — 2002/5/18 — 23:18 — page 6 — #6ii

ii

ii

ii

Outline Part I: Real-Time POSIX1. Introduction. Real-Time operating systems2. The POSIX standards and their Ada bindings3. POSIX subsets: Application environment pro-

files4. Thread management5. Priority scheduling6. Synchronization7. Signals8. Time management

Outline Part II: MaRTE OS1. Introduction. MaRTE OS Design requirements2. Architecture3. Implementation details and performance4. Development environment5. Case study6. Conclusions

Presenters

Michael Gonzalez Harbour is a Professor in theDepartment of Electronicsand Computers at the Uni-versity of Cantabria. Heworks in software engineer-ing for real-time systems.He is a co-author of “APractitioner’s Handbook onReal-Time Analysis”. Hehas been involved in sev-eral projects using Ada tobuild real-time controllersfor robots. He is an activemember of the POSIX real-time working group.

Mario Aldea Rivas received his Bachelor degreein Physics (Electronics) from the University of

Cantabria (Spain). Heis an Assistant Profes-sor in the Department ofElectronics and Comput-ers at the University ofCantabria. His previousresearch activity was cen-tered on the developmentof real-time embedded in-dustrial robot controllers.He is currently finishing hisPhD thesis on task schedul-ing in real-time operatingsystems, and as a part of

that research activity he has developed MaRTE OS:an Ada real-time operating system for embeddedapplications that implements the POSIX.13 mini-mal real-time profile.

Principles Of Physical SoftwareDesign in Ada95

Matthew Heaney, On2 Technologies, US

Monday June 17th, morning

The tutorial addresses issues concerning the compi-lation of large software systems and presents manytechniques for ameliorating the problems.

Most texts on software design concentrate almostexclusively on logical design, and provide only acursory explanation of physical design. Discussionsabout types and objects are important, but thereare also many pragmatic compilation issues thatcannot be ignored. Unless care is taken, depen-dencies among modules often force a substantialrecompile when seemingly innocuous changes aremade. This can stymie development, especially forlarge systems that require hours (or even days) torebuild.Outline• Physical versus logical design• Coupling and cohesion• What is the unit of decomposition?• Decoupling of components• Subsystems and package hierarchies• Package idioms• Type declarations - how, where, and how many• Static versus dynamic polymorphism• Aggregation versus inheritance• Composition using access discriminants• The adapter pattern: software glue• Iterators as a decoupling mechanism• Revisiting the Wegner taxonomy• C++ friendship versus Ada95 child units• How to emulate Java-style interfaces• How to prevent unnecessary compiles• Compiler support for minimal recompiles• Hiding static values used to constrain a type or

initialize an object• Static versus dynamic linking• COM: a binary standard for reusable compo-

nents• Private children versus subunits• Factory functions• Handle-body idiom and deferred type defini-

tion• Using class-wide types to remove compilation

dependencies• How to break mutual dependency between

specs

“program” — 2002/5/18 — 23:18 — page 7 — #7ii

ii

ii

ii

• Categorization pragmas• Package elaboration issues• Access types versus the Rosen Trick• The nature of a subsystem interface• The facade pattern• Degrees of type safety• The pitfalls of a Common Types package• How much should be declared in a generic pack-

age• Where does the data go: module versus in-

stance state• Logical versus physical types• What “maintainability” really means

PresenterPlease find Matthew Heaney’s biography at the endof the description of the following tutorial also pre-sented by him.

Implementing Design Patterns inAda95

Matthew Heaney, On2 Technologies, US

Monday, June 17th, afternoon

This tutorial addresses the question of what “designpatterns” are and presents many advanced idiomsfor object-oriented programming in Ada95.Outline• Idioms for class-wide programming and mem-

ory management• Interpreter pattern• Flyweight pattern• Template method (class-wide operations)• Adding controlled-ness to a (tagged) type al-

ready in a class• Auto pointers and smart pointers: to eliminate

memory leaks• Factory function: like a constructor in C++• Factory method: factory function that dis-

patches• Observer pattern: getting notified when the

state of another object changes• Multiple views idiom: for emulating Java-style

interfaces• Rosen Trick: to convert a constant view of an

object into a variable view• Parameter passing and tests for equality• Decorator pattern: for adding behavior to an

abstraction dynamically• Dispatching through a generic formal subpro-

gram or an access-to-subprogram object

PresenterMatthew Heaney has been using Ada since 1987

to successfully build large, real-time systems in the areas ofsimulation and electronic intel-ligence. His interest in soft-ware design and object-orientedprogramming led to his workon design patterns. He learnedabout design patterns by con-verting all the C++ examplesin the Gamma book to Ada95,and has since used them on realprojects. Matthew Heaney has

already given several tutorials at SIGAda, Ada-Europe, and AdaUK.

CORBA 3 and CORBA for Em-bedded SystemsS. Ron Oliver, Top Graph’X, US

Friday, June 21st, all day

This tutorial starts with an overview of CORBA 3with emphasis on changes from CORBA 2. It willinclude a brief introduction to distributed comput-ing, in general, including fundamentals of concur-rent and real-time systems, and of computer net-works. Thereafter it addresses CORBA princi-ples, the Interface Definition Language (IDL), clientprograms, object (server) programs, CORBA Ser-vices, CORBA Facilities, and the CORBA Compo-nent Model (CCM). Several advanced features ofCORBA 3, including Minimum CORBA and Real-Time CORBA, are also discussed. These topics areof particular interest when using CORBA in thearea of embedded systems.All examples for the tutorial will be based on theTopGraphX product, ORBAda, and the Ada95 pro-gramming language. Attendees need not have priorknowledge of CORBA.PresenterS. Ron Oliver has been in the software industrysince 1968, with an equal mixture of industrial and

academic experience. Since1974 he has specialized inconcurrent and real-timesoftware engineering. Dur-ing 9 years with the com-puter science and computerengineering programs atCal Poly, he led many re-search and student projectsin object-oriented design andimplementation for concur-

rent and real-time systems, and in the distributedcomputing environment. Most recently he has beenfocusing on CORBA technology.

“program” — 2002/5/18 — 23:18 — page 8 — #8ii

ii

ii

ii

Conference

Schedule

Tuesd

ay

18th

Wednesd

ay

19th

Thurs

day

20th

9:30

–10:

30

Invi

ted

Tal

k:E

mb

edd

edS

yst

ems

Un

suit

able

for

Ob

ject

Ori

enta

tion

Maa

rten

Boa

sson

,U

nive

rsit

yof

Am

ster

dam

,T

heN

ethe

rlan

ds

Invi

ted

Tal

k:O

nA

rch

itec

tura

lS

tab

ilit

yan

dE

volu

tion

Meh

diJa

zaye

ri,

Tec

hnic

alU

nive

rsit

yof

Vie

nna,

Aus

tria

Invi

ted

Tal

k:In

du

lgen

tA

lgor

ith

ms:

Vir

tues

and

Lim

itat

ion

sR

achi

dG

uerr

aoui

,Sw

iss

Fede

ral

Inst

itut

eof

Tec

hnol

ogy,

Laus

anne

,Sw

itze

rlan

d

10:3

0–11

:30

Exh

ibit

ion

Op

enin

g&

Coff

eeE

xh

ibit

ion

&C

offee

Exh

ibit

ion

&C

offee

Em

bed

ded

Syst

ems

Cas

eS

tud

ies

Ad

aL

angu

age

Issu

esD

istr

ibu

ted

Syst

ems

Ven

dor

Ses

sion

I

11:3

0–12

:00

12:0

0–12

:30

12:3

0–13

:00

Eva

luat

ing

Per

form

ance

and

Pow

erof

Ob

ject

-ori

ente

dvs

.P

roce

dura

lP

rogr

amm

ing

inE

mbe

dded

Pro

cess

ors

A.

Cha

tzig

eorg

iou,

G.

Step

hani

des

OM

C-I

NT

EG

RA

LM

emor

yM

anag

emen

tJo

seM

anue

lP

erez

Loba

to,

Eva

Mar

tın

Lobo

Lan

guag

eIs

sues

ofC

ompi

ling

Ada

toH

ardw

are

M.

War

d,N

.C

.A

udsl

ey

Soft

war

eD

evel

opm

ent

Ree

ngin

eeri

ng–

An

Exp

erie

nce

Rep

ort

Adr

ian

Hoe

Dev

elop

men

tof

aC

ontr

olSy

stem

for

Tel

eope

rate

dR

obot

sus

ing

UM

Lan

dA

da95

F.

J.O

rtiz

,A

.M

artı

nez,

B.

Alv

arez

,A

.Ib

orra

,J.

M.

Fern

ande

z

Usi

nga

Secu

reJa

vaM

icro

-ker

nel

onE

mbe

dded

Dev

ices

for

the

Rel

iabl

eE

xecu

tion

ofD

ynam

ical

lyU

ploa

ded

App

licat

ions

W.

Bin

der,

B.

Lic

htl

How

tous

eG

NA

Tto

Effi

cien

tly

Pre

proc

ess

New

Ada

Sent

ence

sJ.

Mir

anda

,F

.G

uerr

a,E

.M

arte

l,J.

Mar

tın,

A.

Gon

zale

z

Exp

osin

gU

nini

tial

ized

Var

iabl

es:

Stre

ngth

enin

gan

dE

xten

ding

Run

-Tim

eC

heck

sin

Ada

Rob

ert

Dew

ar,

Oliv

ier

Hai

nque

,D

irk

Cra

eyne

st,

Phi

lippe

War

oqui

ers

Add

ing

Des

ign

By

Con

trac

tto

the

Ada

Lan

guag

eE

hud

Lam

m

Mod

ellin

g&

Sche

dula

bilit

yA

naly

sis

ofH

ard

Rea

l-T

ime

Dis

trib

uted

Syst

ems

base

don

Ada

Com

pone

nts

J.L

.M

edin

a,J.

Javi

erG

utie

rrez

,J.

M.

Dra

ke,

M.

Gon

zale

zH

arbo

ur

Tra

nspa

rent

Env

iron

men

tfo

rR

eplic

ated

Rav

ensc

arA

pplic

atio

nsL

uıs

Mig

uel

Pin

ho,

Fran

cisc

oV

asqu

es

Con

curr

ency

Con

trol

inT

rans

acti

onal

Dra

goM

.P

atin

o-M

artı

nez,

R.

Jim

enez

-Per

is,

J.K

ienz

le,

S.A

reva

lo

11:3

0–12

:00

12:0

0–12

:30

12:3

0–13

:00

13:0

0–14

:30

Lu

nch

&E

xh

ibit

ion

Lu

nch

&E

xh

ibit

ion

Lu

nch

&E

xh

ibit

ion

“program” — 2002/5/18 — 23:18 — page 9 — #9ii

ii

ii

ii

Conference

Schedule

(con

t.)

Tuesd

ay

18th

Wednesd

ay

19th

Thurs

day

20th

Rea

l-T

ime

Syst

ems

Ven

dor

Ses

sion

IIP

rogr

amA

nal

ysi

sV

end

orS

essi

onII

IL

ibra

ries

,A

PIs

,an

dB

ind

ings

Ob

ject

-Ori

enta

tion

14:3

0–15

:00

15:0

0–15

:30

AP

OSI

X-A

daIn

terf

ace

for

App

licat

ion-

Defi

ned

Sche

dulin

gM

ario

Ald

eaR

ivas

,M

icha

elG

onza

lez

Har

bour

The

Form

alD

evel

opm

ent

ofa

Rea

lT

ime

Ker

nel:

Ker

nel

Mod

ellin

gSt

ephe

nG

.M

iche

ll,D

ougl

asJ.

How

e

14:3

0–15

:00

15:0

0–15

:30

Stat

icD

epen

denc

yA

naly

sis

for

Con

curr

ent

Ada

95P

rogr

ams

Zhe

nqia

ngC

hen,

Bao

wen

Xu,

Jian

jun

Zha

o,H

ongj

iY

ang

Dat

aFA

N:

AP

ract

ical

App

roac

hto

Dat

aF

low

Ana

lysi

sfo

rA

da95

K.

Cza

rnec

ki,

M.

Him

solt,

E.

Ric

hter

,F

.V

iew

eg,

A.

Ros

skop

f

14:3

0–15

:00

15:0

0–15

:30

An

Ada

Bin

ding

toth

eIE

EE

1003

.1q

(PO

SIX

Tra

cing

)St

anda

rdA

gust

ınE

spin

osa

Min

guet

,A

naG

arcı

aFo

rnes

,A

lfons

Cre

spo

iLo

rent

e

GN

AT

Ada

Dat

abas

eD

evel

opm

ent

Env

iron

men

tM

icha

elE

rdm

ann

Usi

ngO

bje

ctO

rien

tati

onin

Hig

hIn

tegr

ity

App

licat

ions

:A

Cas

eSt

udy

A.

Alo

nso,

R.

Lop

ez,

T.

Var

dane

ga,

J.A

.de

laP

uent

e

Ada

,In

terf

aces

and

the

Lis

tene

rP

arad

igm

J-P

.R

osen

15:3

0–16

:00

Coff

ee&

Exh

ibit

ion

Pri

orit

izat

ion

ofT

est

Cas

esin

MU

MC

UT

Tes

tSe

ts:

An

Em

piri

cal

Stud

yY

.T

.Y

u,M

.F

.La

u15

:30–

16:0

0C

offee

&E

xh

ibit

ion

16:0

0–16

:30

Coff

ee&

Exh

ibit

ion

Hig

h-I

nte

grit

yS

yst

ems

Tool

s

16:3

0–17

:00

17:0

0–17

:30

Clo

sing

the

Loo

p:T

heIn

fluen

ceof

Cod

eA

naly

sis

onD

esig

nP

eter

Am

ey

Hig

h-In

tegr

ity

Syst

ems

Dev

elop

men

tfo

rIn

tegr

ated

Mod

ular

Avi

onic

sus

ing

VxW

orks

and

GN

AT

Pau

lP

arki

nson

,Fr

anco

Gas

pero

ni

Abo

utth

eD

ifficu

ltie

sof

Bui

ldin

ga

Pre

tty-

Pri

nter

for

Ada

Serg

eyR

ybin

,A

lfred

Stro

hmei

er

AT

ailo

rabl

eD

istr

ibut

edP

rogr

amm

ing

Env

iron

men

tE

.M

arte

l,F

.G

uerr

a,J.

Mir

anda

Invi

ted

Tal

k:C

onte

xtw

are:

Bri

dgi

ng

Physi

cal

and

Vir

tual

Wor

lds

Alo

isFe

rsch

a,U

nive

rsit

atL

inz,

Aus

tria

17:3

0–18

:15

Ada

-Eur

ope

Gen

eral

Ass

embl

yC

losi

ngSe

ssio

nA

war

ds:

best

pape

r&

best

pres

enta

tion

Gu

ided

Cit

yT

our

&T

own

-Hal

lR

ecep

tion

Ban

qu

et(H

euri

ger)

Sch

onb

run

nP

alac

e“G

ran

dT

our”

“program” — 2002/5/18 — 23:18 — page 10 — #10ii

ii

ii

ii

Tutorials (cont.)

Using Open Source Hard- andSoftware to Build Reliable Systems

Joel Sherrill, OAR Corporation, US,& Jiri Gaisler, Gaisler Research, Sweden

Friday, June 21st, morning

A framework for the development of embedded sys-tems based solely on open-source components ispresented. The framework is based on the LEONSPARC-V8 processor, RTEMS real-time operatingsystem, and the GNU Ada toolchain. The tutorialincludes a discussion of the implications of applyingthe open source model to hardware and embeddedsystems software. An overview of the characteris-tics of real-time embedded systems, the cross de-velopment process, and the features of Ada95 thataid the development of real-time embedded systemsis presented. A demonstration is made on how toconfigure the target processor, adapt the RTEMSoperating system to custom boards, and developAda applications.OutlineThe LEON processor and the RTEMS real-time op-erating system are open source solutions targetingthe two sides of embedded systems—hardware andsoftware. Both were initially developed by orga-nizations responsible for the development, deploy-ment, and maintenance of custom systems withhigh safety and reliability requirements and ex-tremely long lifespans. While the LEON was ini-tially developed for space applications and RTEMSfor military applications, both have been madeavailable to the general embedded systems commu-nity. Interestingly, both have found use in a varietyof domains not envisioned by their original spon-sors.

In this tutorial, LEON and RTEMS and the impli-cations for using open source hardware and softwarein embedded systems are examined. The features ofboth LEON and RTEMS along with the open sourcetools that support them are presented. This is fol-lowed by an examination of the adaptation of theGNAT compiler to this target environment and thefeatures of the Ada programming language that areparticularly useful to real-time embedded systemsdevelopers. The tutorial concludes with a demon-stration of the GNAT/RTEMS-LEON toolchain onboth a simulator and real hardware.PresentersDr. Joel Sherrill is Director of Research and De-velopment for OAR Corporation with 15 years ex-perience in the design, development, and fielding ofreal-time embedded applications in a variety of mili-tary, commercial, and research domains. As a prin-

cipal author and current maintainer of the open-source real-time operating system RTEMS, he has

been deeply involved innumerous RTEMS re-lated efforts including theGNAT/RTEMS valida-tion. In addition to reg-ularly teaching courses onRTEMS and other real-time topics for OAR Cor-poration, Dr. Sherrill is apart-time instructor at theUniversity of Alabama inHuntsville. He is a found-ing member of the Steer-ing Committee for the Free

Software Foundation’s GNU Compiler Collection.As an experienced software developer, Dr. Sher-rill has also focused on the practical application ofsoftware engineering research to the everyday lifeof the developer. In this light, he is a member ofOAR’s SEPG and has led process improvement andimplementation efforts on a number of projects.

Jiri Gaisler is the founder of Gaisler Research andthe designer of the ERC32and LEON processors. Hehas 15 years experiencein the design and imple-mentation of fault-tolerantprocessors and digital sys-tems for space applica-tions, most of it gained asstaff researcher at the Eu-ropean Space Agency. Cur-rent activities involve sim-ulator design and data-handling systems develop-ment for future space plat-

forms. Mr. Gaisler has presented several papersat international conferences, and regularly holdscourses on LEON architecture and utilization.

Cleanroom Software Engineering:An Overview

William Bail, MITRE & University ofMaryland, US

Friday, June 21st, afternoon

Cleanroom Software Engineering is an approach tothe development of software that is strongly rootedin formal methods and mathematics. Developed byHarlan Mills and his colleagues at IBM in the late1970s, and officially named Cleanroom in 1987, thistechnique emphasizes defect avoidance. While notgaining the notoriety that other techniques have en-

“program” — 2002/5/18 — 23:18 — page 11 — #11ii

ii

ii

ii

joyed, projects that have applied Cleanroom haveexperienced significant benefits, including low de-fect rates. Cleanroom emphasizes multiple builds in

an incremental model, witheach build constructed us-ing forms known as boxstructures. Verification ofthe structures is accom-plished using correctnessproofs, while software cer-tification is based on us-age models which facilitatestatistical testing. Recentwork has integrated Clean-room with object-orientedmodels. In addition theSEI has released a Clean-

room Software Engineering Reference Model, pro-viding an integrated set of work products and pro-cesses for organizations wishing to apply this tech-nique.PresenterWilliam BailBS, Carnegie Institute of Technology, Mathemat-ics MS, University of Maryland, Computer SciencePhD, University of Maryland, Computer ScienceWork experience focuses on aiding large scale soft-ware development projects in the areas of softwaremethodologies, principally for the US Government(DoD and FAA). Teaching focuses on requirementsengineering, IV&V practice, and software design.William Bail has a total of 35 years of software en-gineering experience.

Exceptions — What You AlwaysWanted to Know about Excep-tions, But Were Afraid To AskCurrie Colket, MITRE & ACM SIGAda,USFriday, June 21st, afternoon

Exception processing has the power to detect se-rious problems in the execution of a program andreturn one back to a known safe state with highintegrity. As such, it can be a very powerful toolfor developing high quality software. Unfortunatelymany developers do not use the full power of excep-tions. Frequently the use of exceptions is to simplylog the problem and continue execution, allowingthings to gracefully degrade. In the case of Ari-ane 5, exceptions were raised appropriately, but theresult had not been well thought out, resulting in adisaster.This tutorial will start at the basics, discussing theAda 83 concept of exceptions. To be effective, ex-ceptions and their handling must be addressed at

the design level and not at the code level where it isfrequently performed today. This presentation willdiscuss several alternative approaches to address-ing error handling in the design using exceptions.Ada 95 introduced some important changes to theexception area making them more effective. Inparticular, the addition of package Ada.Exceptionsprovides excellent facilities to support debuggingand provides a mechanism to eliminate erroneousmapping of raised exceptions.The use of exceptions can be assessed via automatedtools. Several analyses that can be performed on aprogram via automated tools so the program qual-ity can be improved will be discussed. The tuto-rial will conclude by addressing proposed needs forexceptions resulting from the Exception Workshopheld at Ada-Europe 2001.Outline

1. Introduction2. Major Benefits of Exceptions3. Ada 95 RM Exception View & Ada 83 deltas4. Designing Software With Exceptions5. Design Considerations6. Ada 95 Quality and Style Guide7. Design Examples8. Issues Using Exceptions—Exception Gotchas9. Future of Ada Exceptions

10. ConclusionPresenterMr. Currie Colket is the Chair of ACM SIGAda,

the Chair of the SIGAdaAda Semantic WorkingGroup, and the Chair ofthe ISO WG9 ASIS Rap-porteur Group. He re-cently retired from theDoD where he served inthe Air Force as an Air-borne Surveillance Officeron AWACS and a computerscientist for the UnitedStates Navy. Mr. Colketis currently a software sys-

tems engineer for MITRE. His current tasks involvecode analysis using ASIS-based tools. In this ca-pacity, he has addressed the use of Ada exceptionsfor both code development and operational use.Prior to his affiliation with MITRE, he was a con-sultant for the Software Program Manager’s Net-work (SPMN). He has a Bachelor of Science fromCase Institute of Technology, a Master of BusinessAdministration from the University of SouthernMississippi and a Master of Science in ComputerScience from the Ohio State University.

“program” — 2002/5/18 — 23:18 — page 12 — #12ii

ii

ii

ii

Workshop

A Standard Container Library for Ada

Friday, June 21st, morning. Both contempo-rary dominant general purpose programming lan-guages, Java and C++, come equipped with a stan-dard set of reusable containers, such as Maps andSets. There are quite a few Ada libraries for thesepurposes, but there is little agreement on the ex-act details of a standard container library. Thereis however a general feeling, as can be witnessedon recent discussions on comp.lang.ada, that sucha library is important for Ada’s future. A stan-dard container library is important for achievingmany of Ada’s goals, top among them the use ofreusable components for efficient software engineer-ing. Other important goals that can be served by astandard container library are educational uses andefficient implementation of common algorithms anddata structures, which is important for real-timesystems.Designing a useful standard container library forAda is a difficult task, as the language is used in awide variety of different domains, with different andat times conflicting demands. Hence the need fordebating and elaborating the issues among a groupof interested Ada users.Aims of the WorkshopWorkshop participants should attempt to come upwith two deliverables: a set of core requirementsthat are deemed by the majority to be critical for

applicability of the standard container library totheir needs, and a high level design for the libraryitself.The workshop should help in forming a workinggroup dedicated to implementing a reference imple-mentation of the proposed library.The results of the workshop should furthermoreform the basis for a recommendation which wouldlead to the adoption of a standard container libraryas part of the Ada standard library, in the next re-vision of the Ada language.Workshop Co-ChairsEhud Lamm (ehudla@openu.ac.il), The Open Uni-versity of IsraelJohn English (je@brighton.ac.uk), University ofBrightonParticipationParticipation to the workshop is limited to 25–35 in-dividuals and is by invitation upon acceptance of asubmission. Participants should submit brief posi-tion papers (1 or 2 pages) to Ehud Lamm, includinglink to relevant source code if at all possible. Theworkshop will include talks based on the submittedpapers and intensive shepherded design sessions.

The deadline for the submission of position papersis stated on the conference web site.

See the conference web site for more details ( http://www.ada-europe.org/conference2002.html ).

Social Program

Tuesday Evening: Civic ReceptionOn Tuesday we will enjoy a cocktail reception atthe historic town hall by invitation of the Mayorof Vienna. Before that a guided tour by bus willprovide a first impression of the city and several ofits well-known sights, among them the magnificentbuildings along the Ringstraße, such as the StateOpera House, the Museum of Fine Arts, the Mu-seum of Natural History, the Hofburg Palace, theParliament, the City Hall, the Burgtheater, and theUniversity as well as the Votivkirche Church.

Wednesday Evening: BanquetWednesday evening the conference banquet willtake place at a famous “Heurigen” in Grinzing.Heuriger is a word that the Viennese use both forthe wine of the latest grape harvest and for theestablishments at which it is served. Grinzing isprobably Austria’s best known wine-growing dis-trict, and the Heuriger “Altes Presshaus” has a tra-dition that dates back as far as 1527. Over a glass of

wine and traditional Viennese cuisine we will havethe opportunity to experience several of the mun-dane ingredients such as “Schrammel-Musik” and“Wiener Gemutlichkeit” that add to the flair of thiscity.

Thursday Evening: SchonbrunnPalace “Grand Tour”A short walk from the conference venue “Parkho-tel Schonbrunn” through the adjacent baroque-stylepark of the Schonbrunn Palace will take us tothe palace itself, where we will enjoy an exclusiveevening tour through this former summer residenceof the Habsburg family.

“program” — 2002/5/18 — 23:18 — page 13 — #13ii

ii

ii

ii

7th International Conference on Reliable Software Technologies - Ada-Europe 2002Vienna, Austria, June 17-21, 2002

REGISTRATION FORMPARTICIPANT Please use block capitals

Ms/Mrs [ ] Mr [ ] TitleFamily name First nameAffiliation/OrganizationStreetCity Post/Zip code CountryTelephone Fax EmailSpecial requirements (e.g. diet)Reduced registration fee

[ ] member Ada-Europe; national organization [ ]academia[ ] member ACM; membership number

Additional CommentsRegistration time Early registration (by May 25th) [ ] Late or on site (after May 25th) [ ]

REGISTRATION FEESConference registration fee (see table on next page)Three day conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURIndividual days (Tue [ ] Wed [ ] Thu [ ]) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURTutorial/Workshop registration (see table on next page)Please indicate tutorials/workshop for which you want to register:

Monday, June 17th [ ] T1 [ ] T2 [ ] T3 [ ] T4Friday, June 21st [ ] T5 [ ] T6 [ ] T7 [ ] T8 [ ] W

Tutorial/Workshop registration fee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURExtra Banquet ticket: tickets @ 53 EUR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EURExtra proceedings: proceedings @ 30 EUR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . EUR

TOTAL PAYMENT DUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .EUR

PAYMENT METHODBy bank transfer [ ] By cheque [ ] By credit card [ ]By bank transfer to account number 0130-30655/00, “TU Wien – Ada-Europe 2002”. The accountis at the CA-BV Austria whose bank identifier (swift) code is CABVATWW (Please mention “Ada-Europe 2002” and your name and attach proof of payment, e.g., a copy of the bank draft, to this form).By cheque drawn on an Austrian Bank and made payable to:

TU Wien Reliable Software Technologies—Ada-Europe 2002.

By credit card MasterCard [ ] Visa [ ]Card Expiration DateName as shown on credit card Signature:

Mail or fax this form to:AE2002 Registration, CON.ECT, Event Management GesmbH,Kaiserstr. 14, A-1070 Vienna, AustriaFax ++43 1 522 36 36-10 Document Version 1.4

“program” — 2002/5/18 — 23:18 — page 14 — #14ii

ii

ii

ii

Conference Registration Fee:

Three days of conference (June 18th–June 20th) including one copy of the proceedings, coffee breaks,lunches, visit and reception in town hall on Tuesday 18th, and the Schonbrunn Palace “Grand Tour” onThursday 20th.

member Ada-Europe or ACM SIGAda non membernon academia academia non academia academia

Early registration(by May 25th) 530 EUR 470 EUR 590 EUR 530 EUR

Late registration(after May 25th) 590 EUR 590 EUR 650 EUR 650 EUR

Individual day registration(per day) 270 EUR 270 EUR 300 EUR 300 EUR

Tutorial Registration Fee:

Prices are per tutorial, including tutorial notes and coffee breaks.Lunches are only included when registered for full day tutorial or two half day tutorials on the same day.

half day full day or two halveson same day

Workshop(by invitation only)

Early registration(by May 25th) 120 EUR 230 EUR 50 EUR

Late registration(after May 25th) 150 EUR 290 EUR 70 EUR

Overview of Tutorials:

MondayJune 17th

T 1 full day SPARK, an “Intensive overview” – Amey/Barnes

T 2 full day MaRTE OS: Bringing Embedded Systems and RT POSIX Together –Gonzalez/Aldea

T 3 morning Principles of Physical Software Design in Ada 95 – HeaneyT 4 afternoon Implementing Design Patterns in Ada 95 – Heaney

FridayJune 21st

T 5 full day CORBA 3 and CORBA for Embedded Systems – Oliver

T 6 morning Using Open Source Hardware and Software to Build Reliable Systems –Sherrill/Gaisler

T 7 afternoon Cleanroom Software Engineering: An Overview – Bail

W morning Workshop: Standard Container Library for Ada –Lamm (by invitation only)

T 8 afternoon Exceptions – What You Always Wanted to Know About Exceptions,But Were Afraid to Ask – Colket

Note: No registration request will be confirmed until payment has been received. CANCELLATIONSmust be in writing. A Cancellation fee of 120 EUR will be applied to all cancellations. No refunds will begiven for cancellations postmarked after June 1st. Substitutions will be accepted. The hotel informationcan be found through the web page of the conference. Additional lunch tickets will be on sale throughoutthe conference.For latest information see the web page at http://www.ada-europe.org/conference2002.html, or sendemail to ae2002-info@auto.tuwien.ac.at.For any information, please contact:Bettina Hainschink (Conference Secretariat), CON.ECT Tel: ++43 1 522 36 36CON.ECT, Event Management GesmbH Fax: ++43 1 522 36 36-10Kaiserstr. 14, A-1070 Vienna, Austria Email: events@conect.at

“program” — 2002/5/18 — 23:18 — page 15 — #15ii

ii

ii

ii

Program Committee

Angel Alvarez, Technical University of Madrid,SpainLars Asplund, Uppsala University, SwedenNeil Audsley, University of York, UKJohn Barnes, UKGuillem Bernat, University of York, UKMaarten Boasson, University of Amsterdam,The NetherlandsBen Brosgol, ACT, USABernd Burgstaller, TU Vienna, AustriaUlf Cederling, Vaxjo University, SwedenRoderick Chapman, Praxis CriticalSystems Limited, UKPaolo Coppola, INTECS HRT, ItalyDirk Craeynest, Offis nv/sa & K.U.Leuven,BelgiumAlfons Crespo, Universidad Politecnicade Valencia, SpainPeter Dencker, Aonix GmbH, GermanyRaymond Devillers, Universite Libre de Bruxelles,BelgiumBrian Dobbing, Praxis Critical Systems Limited,UKWolfgang Gellerich, IBM, GermanyJesus M. Gonzalez-Barahona, ESCET,Universidad Rey Juan Carlos, SpainMichael Gonzalez Harbour, Universidad deCantabria, SpainThomas Gruber, ARC Seibersdorf research,AustriaHelge Hagenauer, University of Salzburg, AustriaAndrew Hately, Eurocontrol, BelgiumGunter Hommel, TU Berlin, GermanyWolfgang Kastner, TU Vienna, AustriaJan van Katwijk, Delft University of Technology,The Netherlands

Hubert B. Keller, Forschungszentrum Karlsruhe,GermanyYvon Kermarrec, ENST Bretagne, FranceJorg Kienzle, Swiss Federal Institute ofTechnology Lausanne, SwitzerlandAlbert Llamosı, Universitat de les Illes Balears,SpainKristina Lundqvist, Massachusetts Institute ofTechnology, USAFranco Mazzanti, Istituto di Elaborazione dellaInformazione, ItalyJohn W. McCormick, University of NorthernIowa, USAPierre Morere, Aonix, FranceLaurent Pautet, ENST Paris, FranceErhard Plodereder, University Stuttgart, GermanyJuan A. de la Puente, Universidad Politecnica deMadrid, Spain

Gerhard Rabe, TUV Nord e.V., Hamburg,GermanyJean-Marie Rigaud, Universite Paul Sabatier,Toulouse, FranceAlexander Romanovsky, University of Newcastle,UKJean-Pierre Rosen, Adalog, FranceBo Sanden, Colorado Technical University, USABernhard Scholz, TU Vienna, AustriaEdmond Schonberg, New York University & ACT,USATullio Vardanega, Dept. of Pure and AppliedMath., Univ. of Padova, ItalyStef Van Vlierberghe, Eurocontrol CFMU,BelgiumAndy Wellings, University of York, UKIan Wild, Eurocontrol CFMU, BelgiumJurgen Winkler, Friedrich-Schiller-Universitat,Jena, GermanyThomas Wolf, Paranor AG, Switzerland

Further Information

The conference web site gives up-to-date details ofthe program. Also on the web site are details on thevenue including travel information and hotel accom-modation. In case of unavailable web-access pleasecontact the Conference Secretariat regarding hotelaccommodation and to receive further information.

Bettina HainschinkAda-Europe 2002 Conference SecretaryCON.ECT Event Management GesmbHKaiserstr. 14, A-1070 Vienna, AustriaTel: ++43 1 522 36 36 Fax: ++43 1 522 36 36-10Email: events@conect.at

http://www.ada-europe.org/conference2002.html

“program” — 2002/5/18 — 23:18 — page 16 — #16ii

ii

ii

ii

Organization

Conference ChairGerhard H. SchildtTechnical University of ViennaDepartment of Computer-AidedAutomationSchildt@auto.tuwien.ac.atProgram Co-ChairsJohann BliebergerTechnical University of ViennaDepartment of Computer-AidedAutomationBlieberger@auto.tuwien.ac.at

Alfred StrohmeierSwiss Fed. Inst. of TechnologyLausanneSoftware Engineering LabAlfred.Strohmeier@epfl.ch

Tutorial Chair

Helge HagenauerUniversity of SalzburgDept. Comp. Science & SystemAnalysishagenau@cosy.sbg.ac.at

Exhibition Chair

Thomas GruberARC Seibersdorfresearch GmbHthomas.gruber@arcs.ac.at

Publicity Chair

Dirk CraeynestOffis nv/sa & K.U.LeuvenDirk.Craeynest@cs.kuleuven.ac.be

Local Organization Chair

Bernd BurgstallerTechnical University of ViennaDepartment of Computer-AidedAutomationBurgstaller@auto.tuwien.ac.at

In cooperation with

SIGAda

The organizers thank the exhibitors (preliminary list)

and the supporters (preliminary list) of the conference.

The City of Vienna

Document Version 1.8