Más contenido relacionado Similar a Programming Languages and Software Construction (20) Más de Gneuromante canalada.org (12) Programming Languages and Software Construction1. Programming Languages and
Software Construction
Franco Gasperoni
gasperon@act-europe.fr
http://libre.act-europe.fr/Software_Matters
© ACT Europe under the GNU Free Documentation License 2. Copyright Notice
© ACT Europe under the GNU Free Documentation License
Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation
License, Version 1.1 or any later version published by the Free
Software Foundation; provided its original author is mentioned
and the link to http://libre.act-europe.fr/ is kept. A copy of the
license is included in available at:
http://www.fsf.org/licenses/fdl.html
http://libre.act-europe.fr 2
© ACT Europe under the GNU Free Documentation License 3. The Construction Analogy*
Building Construction Software Construction
Architectural Analysis & design documents
Class1
drawings (e.g. UML diagrams) «uses»
Class2 Class3
languages
•Programming
Materials •Libraries
components
•Reusable
Development tools:
Tools compiler, debugger
•Editor,
mgmt, testing tools,…
•Config.
*Analogy from Tucker Taft invited talk at the Tools USA 99 conference
http://www.tools-conferences.com/usa_99/keynotes.html#taft
http://libre.act-europe.fr 3
© ACT Europe under the GNU Free Documentation License 4. Software Phases Affected by the P.L.
Testing (Unit Testing)
Check that the code does what
it is supposed to (functionality,
performance, reliability, …)
Design
Coding
Create a software structure
Fill in the software
(architecture) around which
structure with code
code will be built
http://libre.act-europe.fr 4
© ACT Europe under the GNU Free Documentation License 5. Importance of Tools’ & Materials’ Quality
Building Construction Software Construction
Imagine nailing wooden panels where Imagine programming with a language
nails bent if you do not hit them which accepts everything that you
perfectly in their axis type and tries to guess what to do
Imagine building a wall where 1 in ever
Imagine using a graphics library where
4 bricks breaks when you place it on
1 in 4 routines has a bug
the wall
Imagine working with a compiler that
Imagine using a hammer whose head
crashes every 3 compilations or that
flies off if you do not hit the nails
generates executables that run very
perfectly
slowly
http://libre.act-europe.fr 5
© ACT Europe under the GNU Free Documentation License 6. A Good Programming Language …
Helps you build software that is:
Reliable
•
Safe
•
Secure
•
Evolvable
•
A good programming language will make your life easier.
It will NOT do the job for you.
http://libre.act-europe.fr 6
© ACT Europe under the GNU Free Documentation License 7. A Poor Programming Language …
Will make it harder to build software that is:
Reliable
•
Safe
•
Secure
•
Evolvable
•
It is possible to write good software with a poor language.
It will require more experienced engineers.
In any event it will take longer and will be more COSTLY
than with a good language.
http://libre.act-europe.fr 7
© ACT Europe under the GNU Free Documentation License 8. Facts of Life in Software Construction
Properties of a Good
Human Factors
Programming language
Affecting Programming
Make it harder to write incorrect code
Humans make mistakes
Support abstraction
People move on
The code authors are not the ones
• Help write readable code
that will fix bugs, port or add new
features to the software
Support modular software organization
Software evolves constantly
Portable
http://libre.act-europe.fr 8
© ACT Europe under the GNU Free Documentation License 9. Why?
Requirement for a Good
Explanation
Programming Language
Make it harder to write Humans make mistakes. Especially programmers who are
incorrect code constantly submersed with work.
Humans make mistakes & People move on. Be able to write a
Support abstraction program at a conceptual level close to the application domain.
This makes the code easier to write & understand.
People move on. Especially programmers. To preserve your
Help write readable
software investment other people must be able to understand
code
the code quickly.
Software evolves constantly. You must deliver software to your
Support modular clients before it is actually finished (important to have
software organization feedback). Furthermore, once delivered you have to correct
bugs, and add new features.
Portable Software evolves constantly. You must port it to new hardware.
http://libre.act-europe.fr 9
© ACT Europe under the GNU Free Documentation License 11. A Programming Example
Can you tell in less than 20 seconds whether the following 3 routines in
the following 3 programming languages do the following correctly:
Return the n-bit field of a 32 bit word from
Bit position p
•
To bit position p-n+1
•
Bit position 0 is at the right end
n bits
Bit Bit Bit Bit
……… ………… ………
31 p p-n+1 0
http://libre.act-europe.fr 11
© ACT Europe under the GNU Free Documentation License 12. C
unsigned get_bits (unsigned x, int p, int n) {
return (x >> (p-n+1)) & ~(~0 << n);
}
http://libre.act-europe.fr 12
© ACT Europe under the GNU Free Documentation License 13. Ada 95
function Get_Bits (X : Bit_Array; P : Bit; N : Offset) return Bit_Array is
begin
return X (P – N + 1 .. P);
end Get_Bits;
http://libre.act-europe.fr 13
© ACT Europe under the GNU Free Documentation License 14. History of Some Imperative Languages
1950 1960 1970 1980 1990 2000
PL/I(66) Eiffel (86)
Ada(95)
Ada(83)
Cobol(58)
ASSEMBLY
Pascal(70)
Java(96)
Algol(60)
C(72) C++(89)
Fortran(54)
Simula(67) Smalltalk(80)
imperative
Basic(66)
http://libre.act-europe.fr 14
© ACT Europe under the GNU Free Documentation License 15. 1970 1980 1990 2000 2005
Ada(0X)
Ada(95)
Ada(83)
Pascal(70)
Eiffel (86) ???
Java(96)
ISO C++(98)
C++(89)
C(72) ANSI C(88) ISO C(99)
http://libre.act-europe.fr 15
© ACT Europe under the GNU Free Documentation License 16. Programming Language Design Goals
C
• A portable, higher-level assembly language
• No safety or security concerns
C++
• An object-oriented language upwardly compatible with C
• No safety or security concerns
Java
• Fix C++ insecurity problems (i.e. cannot create a virus in Java)
• No and safety concerns
http://libre.act-europe.fr 16
© ACT Europe under the GNU Free Documentation License 17. SECURE != RELIABLE
SECURE != SAFE
Java is a secure language
• That is you cannot create viruses with Java programs
Java (like C and C++) is NOT a safe language
• It is easy for a programmer to make mistakes in Java both during regular
development and during software evolution
• and create programs that behave incorrectly
Sun Microsystems does not want Java to be used in safety-
critical contexts
http://libre.act-europe.fr 17
© ACT Europe under the GNU Free Documentation License 18. Contents of the Windows 2000 License
NOTE ON JAVA SUPPORT
THE SOFTWARE PRODUCT MAY CONTAIN SUPPORT FOR PROGRAMS
WRITTEN IN JAVA.
JAVA TECHNOLOGY IS NOT FAULT TOLERANT AND IS NOT DESIGNED,
MANUFACTURED, OR INTENDED FOR USE OR RESALE AS ON-LINE
CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-
SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR
FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR
TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS
SYSTEMS, IN WHICH THE FAILURE OF JAVA
TECHNOLOGY COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR
SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.
Sun Microsystems, Inc. has contractually obligated Microsoft to make this
disclaimer.
http://libre.act-europe.fr 18
© ACT Europe under the GNU Free Documentation License 20. Ada
Industrial-strength version of Pascal designed to build:
Safe, and secure software
•
Software that needs to evolve
•
Systems where software matters (e.g. real-time systems)
•
Mixed-language software
•
Language designed by an international team
• 1983: First version of the language
Object- based language, not object oriented
-
• 1995: First standard revised (e.g. OO programming added)
First object-oriented language to be an ISO standard
-
Only language to have a formal compiler validation
procedure
• Validation procedure is an ISO standard (> 4,000 compiler tests)
http://libre.act-europe.fr 20
© ACT Europe under the GNU Free Documentation License 21. Ada: Use it for Safety-Related Systems
Safety standards recommend the use of Ada for the highest
integrity levels
Even the MISRA-C document recommends the use of Ada:
Guidelines for the Use of the C Language in Vehicle Based Software:
• “… it should be recognized that there are other languages available which
are in general better suited to safety-related systems, having (for
example) fewer insecurities and better type checking. Examples of
Languages generally recognized to be more suitable than C are Ada and
Modula 2. If such languages could be available for a proposed system
then their use should be seriously considered in preference to C.” page 3.
http://libre.act-europe.fr 21
© ACT Europe under the GNU Free Documentation License 22. Ada-Inspired Programming Features
C++
• Templates (Generics)
• Exceptions
Java
• Array index checking
• Division by zero checks
http://libre.act-europe.fr 22
© ACT Europe under the GNU Free Documentation License 23. Some Languages Derived from Ada
SPARK
• Subset of Ada used to design the most safety-critical systems
VHDL
• Used for chip design
PL SQL
• New programming language designed to extend SQL and make it a full
programming language
http://libre.act-europe.fr 23
© ACT Europe under the GNU Free Documentation License 24. Some Industrial Applications in Ada
Business-critical
Canal+ Technologies: Pay-per-view, access control
•
BNP: Trading Language
•
Philips: Semiconductor assembly equipment
•
Helsinki radiotelescope
•
Mission-critical
Astree: European-wide railroad signaling
•
Weirton Steel - process controller
•
Mondex electronic money
•
Scanning Electron microscope
•
Safety-critical
• Airbus A340
• Boeing 777
http://libre.act-europe.fr 24
© ACT Europe under the GNU Free Documentation License 25. Ada & Software Costs
© ACT Europe under the GNU Free Documentation License 26. Ada and Software Costs (1995 Study)
1800
1600
1000s of 1994 Dollars
Ada 270,000 LOC
1400
Other HOLs
1200 C 225,000 LOC
1000 135,000 LOC
800 150,000 LOC
600 112,500 LOC
400
75,000 LOC
200
0
350 700 1,050 1,400 1,750 2,100
Function Points
Source: MITRE (Avionics domain)
http://libre.act-europe.fr 26
© ACT Europe under the GNU Free Documentation License 27. Ziegler’s Study: Comparing C & Ada
1995 study on the VADS compiler
• 60 engineers, from 1984 ..1994 with MS degrees in computer science
• All knew C at hire. All programmed in both C and Ada.
VADS
• About 4.5 million lines of code, 22000 files, cost >$28m over 10 years
2500000
2000000
1500000
ll in s
AL e
1000000
500000
0
C Code Ada Code Make Scripts Miscellany
http://libre.act-europe.fr 27
© ACT Europe under the GNU Free Documentation License 28. Costs Per Feature During Implementation
cost/feature:
$350
$300
$250
$200
$150
$100
$50
$0
C C, including Makefiles ADA
http://libre.act-europe.fr 28
© ACT Europe under the GNU Free Documentation License 29. Post-Delivery (User-Reported) Defects
1200
1000
800
C
600
Ad a
400
200
0
Critical De fects Seve re Defe cts Minor d efects T o ta l Defects
http://libre.act-europe.fr 29
© ACT Europe under the GNU Free Documentation License 30. Some Non-Reasons for Ada’s Advantage
Not because of people:
• The same people used both languages
Not because of process:
• The same process was used, for design, for testing, for debugging, for
source control, for management, and so forth
• C required ‘makefiles’, but had tighter coding standards
Not because of Ada’s highest level constructs:
• VADS used few generics or tasks
Not because of reuse:
• This study considers only unique code, factoring out reuse
http://libre.act-europe.fr 30
© ACT Europe under the GNU Free Documentation License 31. Some Reasons for Ada’s Advantage
Ada Enabled Better Error Locality
• Most errors caught at compile-time
• Runtime errors are easier to trace
Ada Enabled Better Tool Support
• Ada’s richer semantic model allows computers to help more
• For example, builds are automated and guaranteed consistent
Ada Reduced Effective Complexity
• Function of language complexity and application complexity
• Standard language complexity is easier to learn and use
Ada Encouraged Better Program Organization
• Packages, with specifications and private parts
http://libre.act-europe.fr 31
© ACT Europe under the GNU Free Documentation License 32. Summary
Developing software in Ada is 60% cheaper than in C
Code developed in Ada has 9 times less bugs than in C
Was Ada consistently better? *YES*
Over different subsets of VADS
•
For experienced AND inexperienced programmers
•
For both C experts AND Ada experts
•
For the highest AND lowest rated programmers
•
Was Ada harder to learn? *No*
Was Ada code more reliable? *YES*
http://www.adaic.com/whyada/ada-vs-c/cada_art.html
http://libre.act-europe.fr 32
© ACT Europe under the GNU Free Documentation License 34. From an Education Perspective
Ada is a good language to teach good software practice
• Reliability, safety, security
Ada 95 allows to design functionality-oriented as well as
object-oriented software
• Ada allows the construction of software that can evolve
Today there is a Free Software high-quality Ada 95 compiler
available to all
• GNAT (GNU Ada)
• Linux, Solaris, Windows, …
http://libre.act-europe.fr 34
© ACT Europe under the GNU Free Documentation License 35. You Should Know Several Languages
No single programming language is appropriate in every
circumstance
Today most systems use a mixture of programming
languages
http://libre.act-europe.fr 35
© ACT Europe under the GNU Free Documentation License 36. Example: MULTOS CA
Multiple application OS for smart cards
30%: SPARK (Ada subset)
“Security kernel” of tamper- proof software
•
Certified at the HIGHEST security level
•
30%: Ada 95 Infrastructure
(concurrency, inter- task and inter- process communications, database interfaces
•
etc.), bindings to ODBC and Win32
30%: C++
GUI (Microsoft Foundation Classes)
•
5%: C
Device drivers, cryptographic algorithms
•
5%: SQL Database stored procedures
http://libre.act-europe.fr 36
© ACT Europe under the GNU Free Documentation License