>> Website Resources
.. >> Library: TechXchange
.. .. >> TechXchange: Embedded Software
.. .. .. >> Topic: Ada and SPARK
In terms of language popularity, much of the late 90s and early 2000s revolved around so called "managed" languages, such as Java or C#. Currently however, industry seems to be turning back more and more to native languages, and in particular two mainstream ones - C++ and Ada. Interestingly, both of these languages have been undergoing major revisions, resulting in the almost synchronized releases of C++ 11 and Ada 2012. This article will describe the most notable additions to the two languages, and show how they relate one to the other.
Table of Contents
- Introduction - On Efficiency and Safety
- Heap Memory
- Parameter Types
- Contracts and Safety
- Custom Iteration
- Concurrency
- 结论
Introduction - On Efficiency and Safety
C++ and Ada have a long and intricate history. They emerged roughly at the same time in the early 80s and each was designed as a general-purpose language. Each was touted, at least among its most vocal advocates, as the language of its time, and each failed. In the late 90s and beginning of the 2000s, the language trend had migrated to the world of Java, or Java-like languages (such as C#). And once again, these languages failed to live up to their billing.
So-called managed languages are of course very appealing on paper. They're generally easier to learn, allow developers to avoid thinking about technical issues such as memory management, and provide lots of features allowing rapid prototyping and development. Hiding this complexity unfortunately has major drawbacks - as hiding isn't quite like removing. Requiring automatic dynamic memory management ("garbage collection") is several orders of magnitude less efficient than letting developers use stack and manual memory management, and allowing fast development with little architectural design can easily end with applications that are difficult to maintain over time.
一个周期的eems to be closing, and industry is realizing that rapid development doesn't really matter when the end code doesn't fit the purpose it was developed for. Where safety is important, the past few years have seen a growing interest in Ada, with more and more people using this language to build highly reliable, secure and safe applications. This is in particularly true for industries where safety and security are mandated such as avionics, space, railroad or military. As a matter of fact, with the significant increase in the role of software, this club has grown recently and welcomed newcomers such as the medical devices and automotive industries, both of which are looking at adopting Ada or similar safety-centric languages.
From the efficiency point of view, organizations that used to adopt Java/C# as a standard have come back on their decision and are now returning to C++ when speed of execution is an issue. The example of Microsoft is particularly interesting in this regard. According to Herb Sutter (inhis talk at this year's Lang.Next会议)虽然他们几乎是一家单语言公司,并在C#中进行了所有新发展的政策,但他们已经在2011年的C ++语言修订中投入了认真的资源,现在让项目决定最适合他们的内容,取决于他们约束。
It's no surprise then that, following this renewal of interest, both C++ and Ada have been going through major revisions - C++ with C++11 and Ada with Ada 2012 - but the synchronization is amusing. It is no surprise either that these two revisions are promoting features for which they are well-known; i.e., safety-related features for Ada 2012 and efficiency-related features for C++ 11.
这并不意味着ADA中开发的程序的效率比C ++中开发的效率较低。相反,在ADA中开发的程序比在需要ADA质量的应用中开发的程序更有效:即,需要在长时间和/或复杂嵌入式目标上进行大型系统中需要维护的应用程序。应用程序和语言之间的拟合是关键。
Heap Memory
Pointer safety has always been one of the main sources of program vulnerabilities, and all modern languages have been looking at mitigation strategies. The first version of Ada was extremely conservative with regard to what could be done with pointers, and the pointer mechanism was substantially extended in the next revision. In comparison to C, C++ has somewhat reduced the need of pointers in a number of situations, thanks to references. But no matter how hard you try, no matter which language you use, there are still programs that require proper indirect access semantics.
C ++ 11提供了标准的智能指针机制,允许指针跟踪其引用的次数,并在没有进一步参考的情况下及其内容进行了处理。为了效率,这不是Java的垃圾收集器。开发人员仍然承担确保理解代码结构的负担,例如解决循环依赖案例。但是,与以前的情况相比,这无疑是一种改进,在保持可比性能的同时允许更加干净的代码。ADA在减轻指针的需求方面做得非常好,并且需要指示甚至明确参考的情况更少。但是,如果需要,可以轻松实现智能指针,尤其是通过ADA 2012用户定义的参考功能。默认情况下,一些提供编译器的库已经提供了这些库。
Other capabilities that Ada has provided in this area for a long time include accessibility checks and memory pools. The former allows the developer to avoid a number of dangling reference issues by making sure that a pointer cannot point to a piece of memory that has a shorter lifetime than itself. This is particularly useful when pointing to data located on the stack. The latter allow the developer to specify an area for allocating / deallocating storage (the "memory pool"), thus permitting the monitoring of its usage or the deallocation of an area as a whole. These two capabilities were available long before Ada 2012, but they have been greatly enhanced by the new version of the language.
So it's fair to say that the two languages are making progress on heap management issues from different angles. Some cross fertilization could probably be beneficial here. A word to the wise...
Parameter Types
There is a major paradigm difference between the way Ada and C++ specify the parameter passing conventions. In C++ a programmer can specify how a parameter is passed (as a copy, as a reference or as a pointer). Ada takes care of this automatically but requires identifying how the parameter is used (as an input, as a result, or as an input and result). With C++11, the language goes one step further and introduces a new reference-passing mode, the rvalue reference. In short this states that the value from which the reference is built is temporary, and that it will not exist outside of a given call lifetime. This feature allows great optimization of patterns such as constructor by copy and assignments operators that are very common in C++ and probably one of the biggest performance-bottlenecks in the standard library.
On the other hand, Ada 2012 now allows extension of the parameter mode with the "aliased" keyword, forcing a parameter to be passed by reference while previously it was the compiler that decided the most efficient mode. Has C++ been inspired by Ada when introducing a usage-related mode and Ada by C++ when introducing an implementation-related mode?
Contracts and Safety
What is striking to an Ada developer is that the C++ notion of safety concerns heap allocation safety only. With this view, Java and its garbage collector represent the pinnacle of software safety, and using smart pointers (as implemented in C++11) is one way to move in that direction. Safety-critical Ada programs often ban pointers from the start, or extensively constrain their usage, and consider safety as the ability to write verifiable contracts on language entities.
In previous versions of the language, strong typing, parameter modes, encapsulation, generic (also known as templates) specifications, and value ranges already provided a comprehensive set of static and dynamic contracts that developers can define for their software. Ada 2012 brings this to a whole new level by adding the notions of preconditions, postconditions, invariants, and predicates. These contracts can formally define the requirements that must be fulfilled before a subprogram call as well as the expectations that may be assumed after the call. They will also allow the developer to specify constraints on a type that have to be fulfilled throughout the entire application. Technically, contracts take the form of Boolean expressions checked at well-defined places in the application.
这些功能的好处是多重的。首先,具有使用该语言的标准语法指定合同的能力,并检查它们是否正确编译,以确保它们与程序本身保持一致。随着代码的发展,以评论形式编写的合同往往会随着时间的推移而降低,因为在代码更改中保持最新情况是相当乏味的。尽管部署后可能不会运行合同检查测试,但为了避免其他例外情况和降级性能,可以在测试中激活它们,从而确保实际执行它们。它们也可以通过静态分析工具将其用作附加数据源,以提供更准确的结果并检查更多属性。甚至更进一步,有了适当的约束,它们甚至可以正式证明是正确的,但对该计划将满足其安全性和/或安全要求的信心。
这些功能在工业就绪的编程语言领域相当独特,对高融合应用程序社区引起了极大的兴趣。对于那些正在寻求快速原型制作并且可以接受更高缺陷率的人来说,它们无疑会不太受欢迎。不同的社区,不同的需求,不同的答案。
静态推理的C ++ 11-引言说明了有关软件安全性的不同观点。使用自动关键字代替变量声明中的类型,将自动从初始化表达式中推导。这在开发应用程序的C ++方式中解决了一个真正的问题,在该应用程序中,类型可以很长时间写作和何时涉及名称空间和仿制药。不用说,对于ADA开发人员而言,一种类型是合同,甚至考虑让编译器为您决定,这是一种异端。同样,这里没有黑色和白色,不同的领域导致不同的功能...
Custom Iteration
The absence of custom iterations, and the famous "for each" loop, has definitely been a source of frustration for a lot of developers. Whoever has tasted iterators in other languages will have a hard time going back to the awkward pattern requiring manually declaring an iterator, writing a while loop with the correct condition, extracting the element from the iterator, and remembering to put the "next" call at the end of the loop. Associated with the "for each" kind of loop, this feature sounds like a no-brainer. After its introduction in Java 1.5, it is finally part of the C++ and Ada feature set.
简而言之,这允许开发人员使用“ for”循环在每个类型的容器的内容(数组,列表,映射,设置...)上编写循环,从迭代。可读性得到了极大的增强,在ADA的情况下,正式的证明变得更加容易在此类代码上执行。例如,证明循环终止变得微不足道。
很高兴见到这两个球员了same conclusions at the same time!
Concurrency
语言支持并发已经存在ince the very first version of Ada through tasking (mapping a thread). It was then enhanced in Ada 95 with protected objects (which provide advanced data protection against concurrent access). Ravenscar - a deterministic, deadlock-safe, subset of the Ada tasking features used since the late 90s - was standardized in Ada 2005 for monocore systems. It can now be extended to multicores thanks to the Ada 2012 ability to select the core on which a given task is running. It's nice to see C++11 standardizing concurrency management, namely thread and mutex. There's no doubt that this will improve portability of such code, whereas previously a concurrent program had to rely either on operating system primitives or vendor extensions. The level of the services provided by the new language is more or less comparable to what is available in Java. It allows manipulation of low-level notions such as thread or lock, abstracting them away from the actual system API. The introduction of lambda calculus in C++11 provides a more function-oriented interface than Java though, which requires the use of classes.
As of today, C++ thread capabilities can be viewed as a low-level subset of Ada's tasking facilities. It still lacks Ada's higher-level abstractions for processing synchronization (rendezvous), advanced data structure protection (protected objects) and safe-by-construction multi-tasking (Ravenscar). No doubt, however, that the enhancements provided in the C++11 version are already a huge improvement over what was available previously.
结论
The most successful software projects are those that have been able to select the languages that were the most appropriate to their need. Looking at the big picture, seeing Ada and C++ re-emerging at the same time along with their new revisions and targeting what they've been designed for is definitely a great sign of the market maturity.
One could argue that most of the developers that come out of university are Java-trained, and might find it difficult to shift to another formalism. Training will be a requirement but training is always a requirement, especially when high performance levels and/or safety is required. Learning another language is the easy part - and having the right language from the start will help newcomers become more productive more quickly. Not to mention the benefits in terms of software quality. As a final word, more than ever, with regards to today's software engineering challenges, one size doesn't fit it all.
>> Website Resources
.. >> Library: TechXchange
.. .. >> TechXchange: Embedded Software
.. .. .. >> Topic: Ada and SPARK
