- Email: [email protected]
Using ADA for compilers and operating systems
UsingADAfor compilersand operatingsystems
I’
by JOHN BARNES
AlthoughADA started as a pro~a~ng languagefor defence work, it can alsobe used in commercial work
Abstract: ADA and its related APSE (ADA Programming SupportEnviroment) offer hope of control over the ptobkms of dkvebing and maintaining kaqe software systems. This article discussessome of these probtems and why ADA w*ll help in their sohion. &&ywor&:ADA,
APSE, software
e?lgineeTi?lg. John Bames is a director of the Abingdol Technical Centre of SPL International ant project director at Ada Group Limited.
22
~11~84~84/~22~~3.~
W
e all know that programming is a problem. It seems so simple to the novice working alone on a personal computer, but unfortunately this simplicity does not extrapolate to the large program involving many programmers. The problems of ~de~t~~g the specification, designing the solution, controlling the programming, testing the product and the final drudge and difficulty of eternal maintenance are all too familiar to the professional. Indeed it sometimes seems a miracle that programs ever work at all; the whole business appears on the very boundary of the capability of the human mind. The difficulty is complexity and the solution is organization to control and hide it. Fashionable phrases currently in use are the ‘software life cycle’ and ‘software engineering’. By analogy with other forms of engineering it seems that two things are needed - a disciplined way of working (organization) and reusable components (hiding the detail). ADA
The ADA language, which originated from the US Department of Defense’s need for a standard language for embedded systems, contains features which, as we shall see, are particularly suited to the production of reusable
@ 1984 Butterworth 81Co (Publishers) Ltd.
software components. The development of ADA coincided with awareness of the life cycle problems and the need for a disciplined way of working and resulted in the concept of an APSE (ADA Prolog Support Environment) that would provide the required organization and control. Thus, the ADA language and a suitable APSE together offer a potential solution to the software managers problem. The final development of an APSE is a complex story and in this article we will concentrate on the ADA language itself.
Advantages of ADA ADA’S notable
advantages fall into four
main groups: * better control of errors l better control of visibility l wider portability * facilities for reusable components
Errors enables many common programming errors to be detected at an early stage in the development process. Moreover, they are detected in an organized way and not by uncontrolled processes such as groping about in dumps. This saves time and effort. ADA has inherited the ideas of strong typing from PASCAL. This means that a programmer can express ADA
data processing
concepts in a more precise way and the compiler can then detect muddled thinking. Thus, an enumeration type declaration: type COLOUR is (RED, AMBER, GREEN); enables us to declare a variable C : COLOUR; which can only take the values RED, AMBER and GREEN. If we also declare an integer I and then mistakenly attempt to mix colours and integers by for example the assignment I : = c; then the compiler will mark this as an error and the program cannot be executed. In older Ianguages this facility was not available and colours would have to be treated as integers. Any accidental mixing would not be detected during compilation since the dist~ction woul only be in the mind of the programmer and not in the text of the program; the program would then run but do silly things and the detection of the error would be made more difficult because it had moved to a Iater and less manageable part of the development process. The above example is very simple and has been used merely to illustrate the point. However, the advantage of strong typing (the separation of cfasses of objects into abstract types) is well known by the PASCAL user. In ADA, the ideas have been extended and sharpened. As a consequence, the discipline imposed means that the achievement of a clean compilation is a major step. Most errors will by then have been found, the program wilI execute respectably and only minor errors of detail will usually remain. Of course not all logical errors can be found by the static compilation process. Those which arise as a consequence of a dynamic computation (such as the generation of an out-ofbound array subscript) can only be found during execution. Such errors are trapped by the ADA system and
~0126no 6 july/august 1984
cause the raising of an exception. An exception is an event that says something has gone wrong. There are various predefined exceptions and the programmer can declare his/her own. A program can look out for exceptions by name and take appropriate recovery actions. This enables a program to be partitioned in such a way that errors in one part can be contained so that they do not interfere with the correct running of another part. This is obviously of major importance in many applications such as process control, where continuous running is the goal and stray errors in some esoteric optimization routine must not be allowed to interfere with the basic control process. The exception mechanism thus formalizes and makes more manageable the detecting of dynamic errors.
Visibility A major difficulty with progra~~g is that detail often pervades unnecessarily from one part of a program to another. This causes disasters since the use of detail is often not well documented. Thus, if it becomes necessary to change the detail of some data structure in one part of a program, there may be unexpected effects on some other part because a ‘clever’ programmer took advantage of his/her knowledge of the detail. What we need, of course, are mechanisms to prevent detail from becoming unnecessarily visible so that information is only available on a need-toknow basis. ADA provides two such mechanisms, the package and the private type. ADA package The ADA package is what ADA is all about. A package is a group of software entities, typically procedures and functions but often variables and constants as well. A package is in two parts, the specification which gives its interface to other parts of the program, and the
body which gives the ~plemeRtation detail. As a trival academic example consider: package STACK is procedure PUSH (X : INTEGER); function POP return INTEGER; end STACK; which is the specification of a package called STACK. It indicates that the package contains a procedure PUSH which takes an INTEGER parameter and a parameterless function POP which, when called, returns an INTEGER result. Thus, the specification gives all the information needed to call PUSH and POP successfully and thereby manipulate the stack, but it says absolutely nothing about how the stack is implemented. That detail is hidden in the body which might be as follows: package body STACK. is MAX : constant : = 100; S : array (1 .-MAX) of INTEGER; TOP : INTEGER range 0.. MAX: = 0; procedure PUSH (X : INTEGER) is begin TOP:=TOP+l; S (TOP) : = X; end PUSH; function POP return INTEGER begin TOP: =TOP-I; return S (TOP + 1); end STACK;
is
The package body, thus, encapsulates the detail and prevents it from being used outside the package. We then know that we can change the details in the body without having to change other parts of the program. (This example is a bit too simple; the user perhaps should know the maximum size of the stack and what happens if he/she attempts to exceed it. This could be made available.) In practice the package is very successful. The specification gives a crisp definition of the interface which,
23
ah.h~Ughnot ~bm~g the dynd aspects, neve~thekss, simply and precisely states the static aspects. It enables system interfaces to be written down at an early stage in a project in their final form and to be checked by a compiler. This gives management positive early milestones which can be monitored. The writing of the bodies can then be done by different programmers. Of course the very di@icuh question of the precise speciGeation of tire run-time shalom is a research topic which ADA does not tackle; nevertheless ADA controls the static aspects very well.
q~~~~ high quality ADA compiiers and scient%c fibraries in ADA me a prerequisite. Much education is also needed. Furthermore, FORTRAN If we want truly reusable software keeps evolving and gathering some then it has to be portable from one modem facilities, though there is a ~plem~tation to another. Ali high Iimit to how much the old framework level languages achieve this to some wih bear and it could be that the extent; ADA m&es further advances present FOWRAN 88 proposals conby increasing the bresdth of aspects tain the seeds of their own destruction. Input~~~ut is worth mentioning. addressed, Exam&s of this are in the It is a problem area because a difficult areas of m~titas~g (or parallel proand cessing), ~~~c~ precision and in- compromise between shorty ffe~b~~ is required. Languages put-output. which include input-output such as ADA is the first practical language to FORTRAN and PASCAL become inflexinclude multitasking in the language ible for many applications. Languages itself. Multitasking is vital for resiAl3A @‘hate tjrpe time embedded applications and pre- which ignore the whole topic, ALGOL 60 was the classic example, run the vious languages have typically relied me other ~A~~t~~w~e~~~~tr~~S on a procedural interface to the un- risk of con&zing He facto stsndards ~~~~~isthe~-~~privatetype. in this area. This enables a data type to be de- derlying operating system. This of which destroy ~~ab~~ course varies from machine to ma- ADA comprises by not including in&red but keeps its inner structure put-output intrinsicshy in the hinbidden from the user. Such a type is chine and so these aspects of prodeclared in a package specification as grams have not been portable. By guage itself, but rather by providing a private and the details are then given includiug tasking in the language in a set of predefined standard packagesThese packages can be used for most in the so-called private part. Thus, we unique (albeit perhaps controversial) portway, ADA, theiX?fOre, increaSeS the applications, thereby, atta~g might have a type DATE: portability of programs in the import- ability, but need not be used for package P is special ap~Ii~~ons where they are m-t high growth embedded system .ff ~ppropr~re. The p~os~phy is a ares. type DATE is private; The scienti& and engineering area good one but the present set of 1.. standard packages needs some imhas Iong been a FORTRAN stronghold. private - from here is the private provement and extension. Although many small applications part Another and very important aspect have recently dispersed onto personal - the contents are not machines with languages such as of portability is the determination of visible outside the US DoD that ADA compilers BASIC,FORTH and PASCAL, the big type DATE is should implement standard ADA and science communitys nuclear physics record not subsets or supersets. (Supersets and so on, with its imatiabk appetite range I,. DAY : INTEGER are a trick of vendors to woo unwary for number crunching, remains faith 31; fuf to FORTRAN. Two key reasons are users to becoming trapped onto the : INTEGFR range MONTH the high quality optimized code pro- vendor range of hardware,) The DOD L.12; duced by very mature FORTRAN com- has two weapons. First, the name PEAR : INTEGER; pilers and a huge investment in nu- ADA is trademarked in most countries end record; merical libraries. However, ADA is and second, a validation suite is being end P; developed so that compilers can be potentially far better than FORTRAN The point is that all external access for numerical applications for all the rigorously tested. This suite is important and it is notable that it is now in tu objects of the type DATE have to usual software engineering reasons. be via procedures declared in the Moreover, it addresses numerid pre- use web before the ava~ab~ty of package and direct access to the fields cision from the user’s point of view many compilers. This should prevent of the of the record is forbidden. This means and not from the machine’s point of accidential ~s~te~retati~~ ADA standard and consequent diverthat the layout can be ahered or view (which FORTRAN does) and, thereby, enables programs to be writ- sity of implementation. At the time of extended later and we know that nothing outside the package will de- ten in a more portable manner. How- writing, the suite does not fully emever, ADA wiilnot displace FORTS pend on the detail. Again the ~i~b~ty of the fine detail is eontrolkzd.
The database is held in each country on a central computer, and updated weekly. If the specialist can find no mention of a problem in the system, it is possible to use Sperry’s network (Units) to search the databases held in the other IS support and development centres worldwide. All of these centres are in various stages of development. The UK SSC is one of the most advanced, although original developments started at the Roseville, MN centre as far back as 1972.
Hardware problems When a user with a hardware fault calls in, the specialist sends a message to the local engineering office. The local terminal will ‘beep’ until the message is acknowledged. It is then up to the local office to get an engineer out to the site. A step forward from immediate response to ma~ten~ce calls would
Using ADA for compilers and operating systems ~~~~~~~ frompcage 24 brace all aspects of ADA. Nevertheless, it is a searching test and the number of compilers which have passed is small. In the long term, the rigour is welcome but there are those who who fear that it is delaying confidence in the language.
Reusable components A long-term goal is the development of a professional software components industry which embraces more than the libraries we have today. It will not happen quickly but prerequisites which ADA provides are parameterization and control of interfaces. Software is rarely reusable without alteration. The idea of procedure parameters is thirty years old and provided the basis for the satisfactory development of numerical libraries in the sixties. ADA also includes a mechanism, known as generics, which enables parameterization to occur on a broader scale with continu-
~0126
no 6 julyfaugust 1984
be to carry out maintenance before a fault occurs. Sperry’s 1100140 and System 80 users have now been brought online to a prognostic trace service, run from the support centre. Sperry can access a m~tenance processor attached to the user’s system, and collect a summary of that week’s hardware faults. If a board looks like it is about to fail completely, the local engineer can replace it next time he is at the site. This obviously presents security problems if Sperry can get into a user’s computer system remotely, but the organization of permissions has been worked out sufficiently to satisfy even defence establishments, says Sperry. The reasoning behind the move toward excellence in maintenance service is the need to survive in a market increasingly dominated by IBM, says manager of special programmes, Gareth Geis. He sees the ‘acceptable’ cost of hardware m~nten~ce contin-
uing to fall, until it reaches zero. So suppliers must work to get their maintenance costs down. For example, travelling time represents between 10% and 15% of total costs. So if the engineer can go out to a customer site prepared with the right parts to fix a fault, costs can be cut. By feeding maintenance information back to product development, systems can be improved, thereby reducing the risk of failure. Even when there will still be bugs in software, the ability to access easily the work other people have done on fixing them will save time and money that might have been expended doing the work again. Sperry does not see the work it has done as complete. It hopes to extend these sorts of service to customers using all its systems, and is open to suggestions on how the service might be further improved to suit its users. 0
ing guarantee of correctness. In essence, this gives us modifiable software in an organized manner. The control of interfaces is provided through the package specification mechanism described above. The separate comp~ation facilities of ADA are such that it is impossible to put together a program that has inconsistent parts, in the sense that any unit using a package and the package itself always relate to the same version of the interface. This is implemented by various relations known as dependencies between the separately compiled ADA units held in the so-called ADA program library for that total program. The above discussion leads into the concept of an APSE. Ideally, the program library is implemented using a database and all the tools for configuration control, etc., can then act on that database. The development of APSES is progressing very slowly. This is partly because what is needed is not agreed and because of changes in methods of working from centra-
lized to distributed systems. Four APSE designs are being developed. Two are emerging as simple prototypes - the US Army ALS system and the EEC PAPS system whereas the two more sophisticated ones - the USAF AIE system and the UK M-Chapse system - are currently still only designs.
Conclusion In conclusion, ADA is an important advance because it offers a welcome opportunity for bringing organization into the software development process. It has been an ANSI standard for just over a year but production compilers are not yet widely available. Over the next year or so this position will change and the penetration of q ADA could then be quite rapid.
The Ada Group Limited, F’restcoid Building, Station Road, Theale, Reading RG7 4AF, UK. Tel: (0734) 303485.
29
I’
by JOHN BARNES
AlthoughADA started as a pro~a~ng languagefor defence work, it can alsobe used in commercial work
Abstract: ADA and its related APSE (ADA Programming SupportEnviroment) offer hope of control over the ptobkms of dkvebing and maintaining kaqe software systems. This article discussessome of these probtems and why ADA w*ll help in their sohion. &&ywor&:ADA,
APSE, software
e?lgineeTi?lg. John Bames is a director of the Abingdol Technical Centre of SPL International ant project director at Ada Group Limited.
22
~11~84~84/~22~~3.~
W
e all know that programming is a problem. It seems so simple to the novice working alone on a personal computer, but unfortunately this simplicity does not extrapolate to the large program involving many programmers. The problems of ~de~t~~g the specification, designing the solution, controlling the programming, testing the product and the final drudge and difficulty of eternal maintenance are all too familiar to the professional. Indeed it sometimes seems a miracle that programs ever work at all; the whole business appears on the very boundary of the capability of the human mind. The difficulty is complexity and the solution is organization to control and hide it. Fashionable phrases currently in use are the ‘software life cycle’ and ‘software engineering’. By analogy with other forms of engineering it seems that two things are needed - a disciplined way of working (organization) and reusable components (hiding the detail). ADA
The ADA language, which originated from the US Department of Defense’s need for a standard language for embedded systems, contains features which, as we shall see, are particularly suited to the production of reusable
@ 1984 Butterworth 81Co (Publishers) Ltd.
software components. The development of ADA coincided with awareness of the life cycle problems and the need for a disciplined way of working and resulted in the concept of an APSE (ADA Prolog Support Environment) that would provide the required organization and control. Thus, the ADA language and a suitable APSE together offer a potential solution to the software managers problem. The final development of an APSE is a complex story and in this article we will concentrate on the ADA language itself.
Advantages of ADA ADA’S notable
advantages fall into four
main groups: * better control of errors l better control of visibility l wider portability * facilities for reusable components
Errors enables many common programming errors to be detected at an early stage in the development process. Moreover, they are detected in an organized way and not by uncontrolled processes such as groping about in dumps. This saves time and effort. ADA has inherited the ideas of strong typing from PASCAL. This means that a programmer can express ADA
data processing
concepts in a more precise way and the compiler can then detect muddled thinking. Thus, an enumeration type declaration: type COLOUR is (RED, AMBER, GREEN); enables us to declare a variable C : COLOUR; which can only take the values RED, AMBER and GREEN. If we also declare an integer I and then mistakenly attempt to mix colours and integers by for example the assignment I : = c; then the compiler will mark this as an error and the program cannot be executed. In older Ianguages this facility was not available and colours would have to be treated as integers. Any accidental mixing would not be detected during compilation since the dist~ction woul only be in the mind of the programmer and not in the text of the program; the program would then run but do silly things and the detection of the error would be made more difficult because it had moved to a Iater and less manageable part of the development process. The above example is very simple and has been used merely to illustrate the point. However, the advantage of strong typing (the separation of cfasses of objects into abstract types) is well known by the PASCAL user. In ADA, the ideas have been extended and sharpened. As a consequence, the discipline imposed means that the achievement of a clean compilation is a major step. Most errors will by then have been found, the program wilI execute respectably and only minor errors of detail will usually remain. Of course not all logical errors can be found by the static compilation process. Those which arise as a consequence of a dynamic computation (such as the generation of an out-ofbound array subscript) can only be found during execution. Such errors are trapped by the ADA system and
~0126no 6 july/august 1984
cause the raising of an exception. An exception is an event that says something has gone wrong. There are various predefined exceptions and the programmer can declare his/her own. A program can look out for exceptions by name and take appropriate recovery actions. This enables a program to be partitioned in such a way that errors in one part can be contained so that they do not interfere with the correct running of another part. This is obviously of major importance in many applications such as process control, where continuous running is the goal and stray errors in some esoteric optimization routine must not be allowed to interfere with the basic control process. The exception mechanism thus formalizes and makes more manageable the detecting of dynamic errors.
Visibility A major difficulty with progra~~g is that detail often pervades unnecessarily from one part of a program to another. This causes disasters since the use of detail is often not well documented. Thus, if it becomes necessary to change the detail of some data structure in one part of a program, there may be unexpected effects on some other part because a ‘clever’ programmer took advantage of his/her knowledge of the detail. What we need, of course, are mechanisms to prevent detail from becoming unnecessarily visible so that information is only available on a need-toknow basis. ADA provides two such mechanisms, the package and the private type. ADA package The ADA package is what ADA is all about. A package is a group of software entities, typically procedures and functions but often variables and constants as well. A package is in two parts, the specification which gives its interface to other parts of the program, and the
body which gives the ~plemeRtation detail. As a trival academic example consider: package STACK is procedure PUSH (X : INTEGER); function POP return INTEGER; end STACK; which is the specification of a package called STACK. It indicates that the package contains a procedure PUSH which takes an INTEGER parameter and a parameterless function POP which, when called, returns an INTEGER result. Thus, the specification gives all the information needed to call PUSH and POP successfully and thereby manipulate the stack, but it says absolutely nothing about how the stack is implemented. That detail is hidden in the body which might be as follows: package body STACK. is MAX : constant : = 100; S : array (1 .-MAX) of INTEGER; TOP : INTEGER range 0.. MAX: = 0; procedure PUSH (X : INTEGER) is begin TOP:=TOP+l; S (TOP) : = X; end PUSH; function POP return INTEGER begin TOP: =TOP-I; return S (TOP + 1); end STACK;
is
The package body, thus, encapsulates the detail and prevents it from being used outside the package. We then know that we can change the details in the body without having to change other parts of the program. (This example is a bit too simple; the user perhaps should know the maximum size of the stack and what happens if he/she attempts to exceed it. This could be made available.) In practice the package is very successful. The specification gives a crisp definition of the interface which,
23
ah.h~Ughnot ~bm~g the dynd aspects, neve~thekss, simply and precisely states the static aspects. It enables system interfaces to be written down at an early stage in a project in their final form and to be checked by a compiler. This gives management positive early milestones which can be monitored. The writing of the bodies can then be done by different programmers. Of course the very di@icuh question of the precise speciGeation of tire run-time shalom is a research topic which ADA does not tackle; nevertheless ADA controls the static aspects very well.
q~~~~ high quality ADA compiiers and scient%c fibraries in ADA me a prerequisite. Much education is also needed. Furthermore, FORTRAN If we want truly reusable software keeps evolving and gathering some then it has to be portable from one modem facilities, though there is a ~plem~tation to another. Ali high Iimit to how much the old framework level languages achieve this to some wih bear and it could be that the extent; ADA m&es further advances present FOWRAN 88 proposals conby increasing the bresdth of aspects tain the seeds of their own destruction. Input~~~ut is worth mentioning. addressed, Exam&s of this are in the It is a problem area because a difficult areas of m~titas~g (or parallel proand cessing), ~~~c~ precision and in- compromise between shorty ffe~b~~ is required. Languages put-output. which include input-output such as ADA is the first practical language to FORTRAN and PASCAL become inflexinclude multitasking in the language ible for many applications. Languages itself. Multitasking is vital for resiAl3A @‘hate tjrpe time embedded applications and pre- which ignore the whole topic, ALGOL 60 was the classic example, run the vious languages have typically relied me other ~A~~t~~w~e~~~~tr~~S on a procedural interface to the un- risk of con&zing He facto stsndards ~~~~~isthe~-~~privatetype. in this area. This enables a data type to be de- derlying operating system. This of which destroy ~~ab~~ course varies from machine to ma- ADA comprises by not including in&red but keeps its inner structure put-output intrinsicshy in the hinbidden from the user. Such a type is chine and so these aspects of prodeclared in a package specification as grams have not been portable. By guage itself, but rather by providing a private and the details are then given includiug tasking in the language in a set of predefined standard packagesThese packages can be used for most in the so-called private part. Thus, we unique (albeit perhaps controversial) portway, ADA, theiX?fOre, increaSeS the applications, thereby, atta~g might have a type DATE: portability of programs in the import- ability, but need not be used for package P is special ap~Ii~~ons where they are m-t high growth embedded system .ff ~ppropr~re. The p~os~phy is a ares. type DATE is private; The scienti& and engineering area good one but the present set of 1.. standard packages needs some imhas Iong been a FORTRAN stronghold. private - from here is the private provement and extension. Although many small applications part Another and very important aspect have recently dispersed onto personal - the contents are not machines with languages such as of portability is the determination of visible outside the US DoD that ADA compilers BASIC,FORTH and PASCAL, the big type DATE is should implement standard ADA and science communitys nuclear physics record not subsets or supersets. (Supersets and so on, with its imatiabk appetite range I,. DAY : INTEGER are a trick of vendors to woo unwary for number crunching, remains faith 31; fuf to FORTRAN. Two key reasons are users to becoming trapped onto the : INTEGFR range MONTH the high quality optimized code pro- vendor range of hardware,) The DOD L.12; duced by very mature FORTRAN com- has two weapons. First, the name PEAR : INTEGER; pilers and a huge investment in nu- ADA is trademarked in most countries end record; merical libraries. However, ADA is and second, a validation suite is being end P; developed so that compilers can be potentially far better than FORTRAN The point is that all external access for numerical applications for all the rigorously tested. This suite is important and it is notable that it is now in tu objects of the type DATE have to usual software engineering reasons. be via procedures declared in the Moreover, it addresses numerid pre- use web before the ava~ab~ty of package and direct access to the fields cision from the user’s point of view many compilers. This should prevent of the of the record is forbidden. This means and not from the machine’s point of accidential ~s~te~retati~~ ADA standard and consequent diverthat the layout can be ahered or view (which FORTRAN does) and, thereby, enables programs to be writ- sity of implementation. At the time of extended later and we know that nothing outside the package will de- ten in a more portable manner. How- writing, the suite does not fully emever, ADA wiilnot displace FORTS pend on the detail. Again the ~i~b~ty of the fine detail is eontrolkzd.
The database is held in each country on a central computer, and updated weekly. If the specialist can find no mention of a problem in the system, it is possible to use Sperry’s network (Units) to search the databases held in the other IS support and development centres worldwide. All of these centres are in various stages of development. The UK SSC is one of the most advanced, although original developments started at the Roseville, MN centre as far back as 1972.
Hardware problems When a user with a hardware fault calls in, the specialist sends a message to the local engineering office. The local terminal will ‘beep’ until the message is acknowledged. It is then up to the local office to get an engineer out to the site. A step forward from immediate response to ma~ten~ce calls would
Using ADA for compilers and operating systems ~~~~~~~ frompcage 24 brace all aspects of ADA. Nevertheless, it is a searching test and the number of compilers which have passed is small. In the long term, the rigour is welcome but there are those who who fear that it is delaying confidence in the language.
Reusable components A long-term goal is the development of a professional software components industry which embraces more than the libraries we have today. It will not happen quickly but prerequisites which ADA provides are parameterization and control of interfaces. Software is rarely reusable without alteration. The idea of procedure parameters is thirty years old and provided the basis for the satisfactory development of numerical libraries in the sixties. ADA also includes a mechanism, known as generics, which enables parameterization to occur on a broader scale with continu-
~0126
no 6 julyfaugust 1984
be to carry out maintenance before a fault occurs. Sperry’s 1100140 and System 80 users have now been brought online to a prognostic trace service, run from the support centre. Sperry can access a m~tenance processor attached to the user’s system, and collect a summary of that week’s hardware faults. If a board looks like it is about to fail completely, the local engineer can replace it next time he is at the site. This obviously presents security problems if Sperry can get into a user’s computer system remotely, but the organization of permissions has been worked out sufficiently to satisfy even defence establishments, says Sperry. The reasoning behind the move toward excellence in maintenance service is the need to survive in a market increasingly dominated by IBM, says manager of special programmes, Gareth Geis. He sees the ‘acceptable’ cost of hardware m~nten~ce contin-
uing to fall, until it reaches zero. So suppliers must work to get their maintenance costs down. For example, travelling time represents between 10% and 15% of total costs. So if the engineer can go out to a customer site prepared with the right parts to fix a fault, costs can be cut. By feeding maintenance information back to product development, systems can be improved, thereby reducing the risk of failure. Even when there will still be bugs in software, the ability to access easily the work other people have done on fixing them will save time and money that might have been expended doing the work again. Sperry does not see the work it has done as complete. It hopes to extend these sorts of service to customers using all its systems, and is open to suggestions on how the service might be further improved to suit its users. 0
ing guarantee of correctness. In essence, this gives us modifiable software in an organized manner. The control of interfaces is provided through the package specification mechanism described above. The separate comp~ation facilities of ADA are such that it is impossible to put together a program that has inconsistent parts, in the sense that any unit using a package and the package itself always relate to the same version of the interface. This is implemented by various relations known as dependencies between the separately compiled ADA units held in the so-called ADA program library for that total program. The above discussion leads into the concept of an APSE. Ideally, the program library is implemented using a database and all the tools for configuration control, etc., can then act on that database. The development of APSES is progressing very slowly. This is partly because what is needed is not agreed and because of changes in methods of working from centra-
lized to distributed systems. Four APSE designs are being developed. Two are emerging as simple prototypes - the US Army ALS system and the EEC PAPS system whereas the two more sophisticated ones - the USAF AIE system and the UK M-Chapse system - are currently still only designs.
Conclusion In conclusion, ADA is an important advance because it offers a welcome opportunity for bringing organization into the software development process. It has been an ANSI standard for just over a year but production compilers are not yet widely available. Over the next year or so this position will change and the penetration of q ADA could then be quite rapid.
The Ada Group Limited, F’restcoid Building, Station Road, Theale, Reading RG7 4AF, UK. Tel: (0734) 303485.
29