programming languages and software construction

Programming Languages andSoftware Construction

Franco Gasperonigasperon@act-europe.fr

http://libre.act-europe.fr/Software_Matters

2http://libre.act-europe.fr © ACT Europe under the GNU Free Documentation License

Copyright Notice

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; provided its original author is mentioned and the link to http://libre.act-europe.fr/ is kept. A copy of the license is included in available at:

http://www.fsf.org/licenses/fdl.html

The Construction Analogy*

Development tools:•Editor, compiler, debugger•Config. mgmt, testing tools,…

•Programming languages•Libraries•Reusable components

Materials

Analysis & design documents(e.g. UML diagrams)

Architectural

drawings

Software ConstructionBuilding Construction

Class1

Class2 Class3«uses»

*Analogy from Tucker Taft invited talk at the Tools USA 99 conferencehttp://www.tools-conferences.com/usa_99/keynotes.html#taft

Software Phases Affected by the P.L.

DesignDesignCreate a software structure Create a software structure (architecture) around which (architecture) around which code will be built code will be built

CodingCodingFill in the software Fill in the software structure with codestructure with code

Testing (Unit Testing)Testing (Unit Testing)Check that the code does what Check that the code does what it is supposed to (functionality, it is supposed to (functionality, performance, reliability, …)performance, reliability, …)

Importance of Tools’ & Materials’ Quality

Imagine working with a compiler that crashes every 3 compilations or that generates executables that run very slowly

Imagine using a hammer whose head flies off if you do not hit the nails perfectly

Imagine using a graphics library where 1 in 4 routines has a bug

Imagine building a wall where 1 in ever 4 bricks breaks when you place it on the wall

Imagine programming with a language which accepts everything that you type and tries to guess what to do

Imagine nailing wooden panels where nails bent if you do not hit them perfectly in their axis

Software ConstructionBuilding Construction

A GoodGood Programming Language …

Helps you build software that is:• Reliable• Safe• Secure• Evolvable

A good programming language will make your life easier. It will NOT do the job for you.

A PoorPoor Programming Language …

Will make it harder to build software that is:• Reliable• Safe• Secure• Evolvable

It is possible to write good software with a poor language. It will require more experienced engineers.In any event it will take longer and will be more COSTLY than with a good language.

Facts of Life in Software Construction

Properties of a Good Programming language

Make it harder to write incorrect code

Support abstraction

Help write readable code

Support modular software organization

Portable

Human Factors

Affecting Programming

Humans make mistakes

People move on• The code authors are not the ones

that will fix bugs, port or add new features to the software

Software evolves constantly

Software evolves constantly. You must deliver software to your clients before it is actually finished (important to have feedback). Furthermore, once delivered you have to correct bugs, and add new features.

Support modular software organization

Software evolves constantly. You must port it to new hardware.Portable

Humans make mistakes. Especially programmers who are constantly submersed with work.

Make it harder to write incorrect code

People move on. Especially programmers. To preserve your software investment other people must be able to understand the code quickly.

Help write readable code

Humans make mistakes & People move on. Be able to write a program at a conceptual level close to the application domain. This makes the code easier to write & understand.

Support abstraction

ExplanationRequirement for a GoodProgramming Language

Programming Languages Examples

A Programming Example

Can you tell in less than 20 seconds whether the following 3 routines in the following 3 programming languages do the following correctly:

Return the n-bit field of a 32 bit word from • Bit position p• To bit position p-n+1

Bit position 0 is at the right end

n bits

………Bit

0………

p-n+1…………

unsigned get_bits (unsigned x, int p, int n) {return (x >> (p-n+1)) & ~(~0 << n);

Ada 95

function Get_Bits (X : Bit_Array; P : Bit; N : Offset) return Bit_Array isbegin

return X (P – N + 1 .. P);end Get_Bits;

History of Some Imperative Languages1950 1960 1970 1980 1990 2000

PL/I(66)

Basic(66)

Pascal(70)

Cobol(58)

Algol(60)

Simula(67) Smalltalk(80)

C++(89)

Ada(83)

Eiffel (86)Ada(95)

Java(96)

Fortran(54)

imperative

1970 1980 1990 2000 2005

Java(96)

C++(89)

Eiffel (86)

ISO C++(98)

ANSI C(88)

Ada(0X)Ada(95)

Ada(83)

Pascal(70)???

C(72) ISO C(99)

Programming Language Design Goals

C• A portable, higher-level assembly language• No safety or security concerns

C++• An object-oriented language upwardly compatible with C• No safety or security concerns

Java• Fix C++ insecurity problems (i.e. cannot create a virus in Java)• No and safety concerns

SECURE != RELIABLESECURE != SAFE

Java is a secure language• That is you cannot create viruses with Java programs

Java (like C and C++) is NOT a safe language• It is easy for a programmer to make mistakes in Java both during regular

development and during software evolution • and create programs that behave incorrectly

Sun Microsystems does not want Java to be used in safety-critical contexts

Contents of the Windows 2000 LicenseNOTE ON JAVA SUPPORT

THE SOFTWARE PRODUCT MAY CONTAIN SUPPORT FOR PROGRAMS WRITTEN IN JAVA.

JAVA TECHNOLOGY IS NOT FAULT TOLERANT AND IS NOT DESIGNED, MANUFACTURED, OR INTENDED FOR USE OR RESALE AS ON-LINE CONTROL EQUIPMENT IN HAZARDOUS ENVIRONMENTS REQUIRING FAIL-SAFE PERFORMANCE, SUCH AS IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF JAVA TECHNOLOGY COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE.

Sun Microsystems, Inc. has contractually obligated Microsoft to make this disclaimer.

The Ada Programming Language

Industrial-strength version of Pascal designed to build:• Safe, and secure software• Software that needs to evolve• Systems where software matters (e.g. real-time systems)• Mixed-language software

Language designed by an international team• 1983: First version of the language

- Object- based language, not object oriented• 1995: First standard revised (e.g. OO programming added)

- First object-oriented language to be an ISO standard

Only language to have a formal compiler validation procedure

• Validation procedure is an ISO standard (> 4,000 compiler tests)

Ada: Use it for Safety-Related Systems

Safety standards recommend the use of Ada for the highest integrity levels

Even the MISRA-C document recommends the use of Ada:Guidelines for the Use of the C Language in Vehicle Based Software:• “… it should be recognized that there are other languages available which

are in general better suited to safety-related systems, having (for example) fewer insecurities and better type checking. Examples of Languages generally recognized to be more suitable than C are Ada and Modula 2. If such languages could be available for a proposed system then their use should be seriously considered in preference to C.” page 3.

Ada-Inspired Programming Features

C++• Templates (Generics)• Exceptions

Java• Array index checking• Division by zero checks

Some Languages Derived from Ada

SPARK• Subset of Ada used to design the most safety-critical systems

VHDL• Used for chip design

PL SQL• New programming language designed to extend SQL and make it a full

programming language

Some Industrial Applications in Ada

Business-critical• Canal+ Technologies: Pay-per-view, access control• BNP: Trading Language• Philips: Semiconductor assembly equipment• Helsinki radiotelescope

Mission-critical• Astree: European-wide railroad signaling• Weirton Steel - process controller• Mondex electronic money• Scanning Electron microscope

Safety-critical • Airbus A340• Boeing 777

Ada & Software Costs

Ada and Software Costs (1995 Study)

0200400600800

10001200140016001800

350 700 1,050 1,400 1,750 2,100Function Points

AdaOther HOLsC

270,000 LOC

225,000 LOC

150,000 LOC

135,000 LOC

112,500 LOC

75,000 LOC

Source: MITRE (Avionics domain)

Ziegler’s Study: Comparing C & Ada1995 study on the VADS compiler

• 60 engineers, from 1984 ..1994 with MS degrees in computer science• All knew C at hire. All programmed in both C and Ada.

VADS • About 4.5 million lines of code, 22000 files, cost >$28m over 10 years

500000

1000000

1500000

2000000

2500000

C Code Ada Code Make Scripts Miscellany

Costs Per Feature During Implementation

cost/feature:

C C, including Makef iles ADA

Post-Delivery (User-Reported) Defects

Critical Defects Severe Defects Minor defects Total Defects

Some Non-Reasons for Ada’s Advantage

Not because of people: • The same people used both languages

Not because of process: • The same process was used, for design, for testing, for debugging, for

source control, for management, and so forth• C required ‘makefiles’, but had tighter coding standards

Not because of Ada’s highest level constructs:• VADS used few generics or tasks

Not because of reuse:• This study considers only unique code, factoring out reuse

Some Reasons for Ada’s Advantage

Ada Enabled Better Error Locality• Most errors caught at compile-time• Runtime errors are easier to trace

Ada Enabled Better Tool Support• Ada’s richer semantic model allows computers to help more• For example, builds are automated and guaranteed consistent

Ada Reduced Effective Complexity• Function of language complexity and application complexity• Standard language complexity is easier to learn and use

Ada Encouraged Better Program Organization• Packages, with specifications and private parts

Summary

Developing software in Ada is 60% cheaper than in C

Code developed in Ada has 9 times less bugs than in C

Was Ada consistently better? *YES*• Over different subsets of VADS• For experienced AND inexperienced programmers• For both C experts AND Ada experts• For the highest AND lowest rated programmers

Was Ada harder to learn? *No*

Was Ada code more reliable? *YES*

http://www.adaic.com/whyada/ada-vs-c/cada_art.html

Ada & Education

From an Education Perspective

Ada is a good language to teach good software practice• Reliability, safety, security

Ada 95 allows to design functionality-oriented as well as object-oriented software

• Ada allows the construction of software that can evolve

Today there is a Free Software high-quality Ada 95 compiler available to all

• GNAT (GNU Ada)• Linux, Solaris, Windows, …

You Should Know Several Languages

No single programming language is appropriate in every circumstance

Today most systems use a mixture of programming languages

Example: MULTOS CA

Multiple application OS for smart cards

30%: SPARK (Ada subset)• “Security kernel” of tamper- proof software• Certified at the HIGHEST security level

30%: Ada 95 Infrastructure • (concurrency, inter- task and inter- process communications, database interfaces

etc.), bindings to ODBC and Win32

30%: C++• GUI (Microsoft Foundation Classes)

5%: C• Device drivers, cryptographic algorithms

5%: SQL Database stored procedures

programming languages and software construction

Technology

03-60-440: principles of programming languages...

cs 363 comparative programming languages evolution of...

1 the evolution of major programming languages concepts of...

programminglanguages programming languages parallel...

programming languages

term 2, 2011 week 1. contents problem-solving methodology...

cse 452: programming languages logical programming languages...

kay - programming and programming languages

programming languages chapter onemodern programming...

chapter 2 programming languages - ftms · programming...

programming languages. 2 outline definition of software ...

programming languages and design lecture 3 semantic...

programming languages

cse 452: programming languages logical programming languages...

cs 363 comparative programming languages logic programming...

programming, programming languages and programming methods

programming languages and compilers - studium … ·...

network programming languages - cornell university...

justification of programming languages – an...