Why you should use the Ada language to program your system



The Ada programming language was born in the mid-1970s when the US Department of Defense and the British Department of Defense decided to replace hundreds of specialized programming languages ​​for embedded computing systems, which were increasingly used in military projects. The Ada language was designed so that it was the only language capable of working on all of these embedded systems, and at the same time providing reliability and performance at a level no worse than specialized ones.

After the update from 1995, the language was adapted for general-purpose systems, adding object-oriented programming, without losing sight of the key values ​​- reliability, ease of support and efficiency. Today, software written in Ada forms the basis of not only military equipment, but also commercial projects in the field of avionics and air traffic control systems. The Ada code controls missiles such as Arian 4 and 5, many satellites, and countless other systems in which small malfunctions can have serious consequences.

Perhaps Ada is suitable for use in your next embedded project.

Military Quality Planning


To select a new programming language, the Ministry of Defense assembled a “ High Order Language Working Group (HOLWG)], consisting of military and scientific experts whose task was to compile a list of queries and select candidate languages. As a result, the so-called " Stillman's requests ":

The main points of the requests were:


The report concluded with the opinion that the first line of defense against software problems is to prevent programmers from making mistakes. By eliminating the possibility of making a subtle mistake, for example, through implicit type conversions or other dangerous constructions, we automatically make the code safer and facilitate its support.

The group concluded that although none of the languages ​​that existed at that time was suitable for the needs of the Ministry of Defense, it was quite realistic to create a new language that would suit all of these issues. Four designers got it done. The intermediate selection process picked up the two most suitable working methods, and as a result, only one language won the competition and was called " Ada ".



Built-in default protection


The type system in Hell is not just strict - it is sometimes called super-strict because it does not allow any implicit type conversion. Take, for example, this C code snippet:

typedef uint32_t myInt; myInt foo = 42; uint32_t bar = foo; 

This is a valid code; it will compile, start up and produce an obvious result indicating the answer to the main question of life, the universe and all that. In Hell, this will not work:

 type MyInt is Integer; foo: MyInt; bar: Integer; foo := 42; bar := foo; 

The compiler will throw an error, because Integer and MyInt are not the same thing. The main advantage of this approach is that if the programmer then changes the type definition, thousands of implicit type conversions throughout the code base will not blow up the program. Instead, types must be explicitly cast - this promotes good code, preventing confusion of types that are "fairly similar."

Any programmer stuck in a swamp from a mixture of standard definitions of types C, Linux and Win32 can appreciate the lack of the need to rummage through countless pages of documentation and poorly formatted code to understand which typedef or macro contains a real definition of something that only what prevented compilation or crawled out during debugging.



Ada adds additional layers of protection in checks at the compilation and launch stages. In Ada, the programmer must explicitly specify the closing statements for the blocks and the boundaries into which the value of the variable should fit. Ada does not define standard types like int or float, but requires the programmer to create types with a specific range from the very beginning. This is true for strings - with the exception of unlimited strings, all strings have a fixed length.

At the work stage, you can check errors such as incorrect access to memory, buffer overflows, exceeding set limits, errors ± 1, access to the array. They can then be processed safely, instead of dropping the entire application.

Ada implements a model of reference types instead of low-level pointers. Each reference type is processed by the memory pool, either by default or by a specific programmer, if necessary, to work with more exotic NUMA memory implementations. A programmer never has to access memory directly; he must use a memory pool handler.

Finally, the compiler or program at runtime decides how to pass data to or from the function. And although it is necessary to indicate the direction of transmission of each parameter ('in', 'out', or 'in out'), the final decision about whether data is transferred through registers, heaps or by reference is made by the compiler or program at run time, but not a programmer. This prevents stack overflow problems.

The Ravenscar profile and the SPARK dialect are subsets of Ada, with the latter focusing on contracts. Over time, the features of these subsets have been transferred to the specification of the main language.

Ada programming today


ANSI established the Ada 83 specification in 1983. Then the Intel 80286 was just released, and the Motorola 68000 was only four years old. It was the dawn of home computers, as well as a clumsy transition from the 1970s to the 80s, when the popularity of microcontrollers began to grow. Imagine the Intel 8051 microcontroller and its stunning 4kb EPROM and 128B of RAM.



Microcontrollers that are popular today are many times more powerful than those that were in 1983. You can take any ARM, AVR, RISC-V, etc. (or Lego Mindstorms NXT kit) and start developing for it using the same C-based tools. It is not surprising that the popular GNAT Ada compiler is based on GCC. Also under development within the DragonEgg project are tools based on LLVM.

There are two versions of the GCC-based Ada Tools. The AdaCore option is supported commercially, but has its own characteristics. The Free Software Foundation option is naturally free and comparable in functionality to AdaCore.

For an easy start, use either the GNAT Programming Studio IDE (GPS), which comes bundled with AdaCore (a copy on Github ), or write the code in a text editor and compile it manually, or using Makefiles. The toolkit here is a bit more complicated than that of C or C ++, but the development is facilitated by the gnatmake utility, which includes all the tools, and works approximately like GCC.



An example of a small but non-trivial project in Ada written by your humble servant in the form of a command line argument parser. There you will find the Makefile located in the ada / project folder, where the folders are defined where you can find the package specification files (.ads) and the packages themselves (.adb).

These files roughly correspond to files with headers and code from C and C ++, but they also have important differences. Unlike C, Ada does not have a preprocessor, and she does not combine code and headers to create compiled files. Instead, there is a link to the package name specified in the specification. The name of the .ads file also does not have to match the name of the package. This gives you more flexibility and prevents common C problems with cyclic dependency or the need to link headers in a specific order.

Where to go next


After downloading the GNAT toolkit, starting GPS or Vim / Emacs, and for a while looking at the blinking cursor on a blank page, you can think about where to start. Fortunately, we recently covered an Ada-based project using the PicoRV32 RISC-V core. It uses the popular ICE40LP8K CPLD, which is supported by open source FPGAs, such as Yosys.



In terms of documentation, there are introductory articles for beginners aimed at Java and C ++ developers, an AdaCore reference, a WikiBooks reference , and, of course, Programming in Ada 2012 documentation. These are perhaps the most comprehensive references, with the exception of the 945-page Ada 2012 Language Reference Manual (LRM).

The Ada language, albeit a rather rare one for programming lovers, is a completely open language with reliable development tools with commercial support, and is used to create software for everything from intercontinental ballistic missiles and F-15 to firmware of medical devices. Although this is a rather complicated language, if you go beyond the basic limits, it should definitely be included in the list of languages ​​that you have ever used in your projects - even to make your resume look cooler.

Source: https://habr.com/ru/post/469671/


All Articles