Choosing a programming language for realtime systems or "What language is the D2000 written in?"

Image Description

Peter Humaj

December 12 2017, 7 min read

One true Slovak proverb speaks of the impossibility of creating a tool for driving cattle made of low tensile strength material.

The essence of the proverb is the fact that different tools are needed for different tasks - and the success of a person (as well as how much they have to work to achieve the goal) depends strongly on the selected tool.

This general wisdom is also valid in the area of software development. There is a wide range of possible tools - programming languages and environments – and a number of criteria have to be taken into account when measuring suitability.

Some of the criteria are general – implementation speed, comfort and possibilities of development environment, pricing and licence terms.

Others are specific for the area of software use. What properties should the systems used in industry have - whether control systems, SCADA or MES systems - and which of these features are influenced by the choice of programming language?

Clearly - from the customer's point of view - it has to be stable and robust software capable of functioning reliably, without errors. It means no leakage of memory or other system resources after weeks or months of functioning. Then there is a fast detection, analysis, and fixing of problems when they occur. Support of multiple platforms or possibility of migrating between platforms as needed (e.g. generational transition from x86 to x64 architecture in case of a gradual growth of application’s size).

crashed billboard.jpg
Figure 1: crashed billboard of a local cable TV does not matter that much..

From the perspective of the developer, features such as long-term maintainability (including the ability to change the compiler and compatibility between compilers), code readability, modularity, compiler’s “robustness”, automatic detection of runtime errors...

So what language are the SCADA and MES systems written in? Some in C, C++ or C# (the most commonly used is the C language and its derivatives according to http://www.dpstele.com/scada/programming-concepts.php), the newer ones in Java or dotNet platform.

But what language is the D2000 Application Server written in? In Java or dotNet probably not, as it has been around for a quarter of a century. Is it C language then?

There is a language developed specifically for embedded and realtime systems, ordered by the US Department of Defence (DoD). After a study in 1973-74 showed that they spend annually $ 3 billion for software (more than half of which on embedded systems) and they use more than 450 programming languages, they decided to standardize. They chose a fairly interesting and systematic approach - based on a survey (more than 200 people from 85 DoD organizations, 26 supply companies, 16 universities and 7 other organizations) they wrote a language specification for embedded and realtime systems called Strawman and sent to experts for comments. Several rounds of processing the comments resulted in creating more detailed documents - Woodenman and later Tinman. Then they evaluated Tinman's requirements towards 23 programming languages, including Pascal, Cobol, Fortran and Algol.

breakdown.png
Figure 2: figure from a report „Common programming language for the department of defence – background and technical requirements“ about common language for DoD of June 1976 shows the distribution of annual DoD costs on computer systems. Conventional mainframes (scientific) were responsible for only 5% and almost without exception used Fortran and Cobol.

In January 1977, the evaluation ended with a conclusion that none of the existing languages meet the requirements - although Pascal, Algol 68 and PL/I would have been a good start. In parallel, another, even more detailed specification for the new language, Ironman, was coined. The DoD chose 4 of the 17 candidates who have been given the task of designing the language according to the specification (soldiers know what redundancy is and they also have the money for it..). Because of objectivity, selected candidates have been color-coded as green, red, blue and yellow teams (soldiers apparently also know what corruption and political pressures are). After a year of work, an extensive and public review was made (soldiers know that two heads are better than one), leaving only two finalists - red (Intermetrics) and green (Cii Honeywell Bull).

owerflow error.jpg
Figure 3: overflow error of a 16-bit Integer variable in the Ariane 5 inertial navigation system caused the destruction of a rocket with a load of four satellites at a total cost of about $ 500 million in 1996. The development of the carrier cost $ 7 billion. The picture shows the satellites called the Cluster.

In June 1978, the Steelman document was created, containing final language requirements that the finalists had to incorporate. In May 1979, the green team was chosen as the winner (so the language for American army was designed by French). The new language was called Ada in honor of Ada Lovelace, the first programmer (although she only programmed theoretically on paper, as Charles Babbage never built his mechanical programmable computer Analytical Engine).

It is important to understand that the role of color-coded teams was not implementation (i.e. not developing compilers), but only a thorough design of a new language.

In 1980, the Ada Reference Manual was published, which was subsequently subjected to public review and published in 1983 as Reference Manual 1815A and ANSI Standard. In the same year, the first Ada / Ed implementation was validated (in fact, it was not a compiler yet, just an Ada interpreter).

Unlike other languages designed by individuals (for example, C language designed by Mr. Kernighan & Ritchie, Pascal and Module by Mr. Wirth, Java by Mr. Gosling from Sun company), Ada has been designed from the start to meet a fairly wide range of requirements of professional public. Part of language are tasks (multithreading) and synchronous communication between them, strong type control, modularity, runtime checks (e.g. check of array against index overflow), extensive time support and many other features. There are no 'variants' of Ada language - compilers have to meet extensive specifications and therefore the code is highly portable between platforms. Ada is designed to develop large-scale projects - it has a module specification separated from the body so the modules can be compiled independently of each other.

In 1995, the Ada83 standard was replaced by Ada95, which added support for object programming, protected objects (with serialized access from multiple tasks), specifications for extended standard libraries and specialized annexes for system and realtime programming (standard was being developed since 1988). Ada95 was the first internationally standardized object-oriented language (ISO, ANSI, FIPS standards). Two other standards were created in 2005 and 2012, with only minor improvements.

mars.jpg
Figure 4: Mars Climate Orbiter disintegrated in 1998 during an attempt to take a stable orbit around Mars. From the Earth, it was given a command to turn on traction in Anglo-Saxon units (pound-force), and the probe software expected metric (force in newtons), causing too close approach to the planet. Its sister probe Mars Polar Lander was destroyed due to a 40-meter fall during the landing manoeuvre when the software mistakenly evaluated that the probe was already standing.

There is a high probability that the readers have not yet heard of Ada language. It is much less known than Java, C ++ or Visual Basic. Who uses it and for what purposes?

In addition to military use (DoD, NATO, Eurofighter, Apache helicopters), for example Airbus, Boeing (777 has 99.9% of its code written in Ada language, the rest is a built-in entertainment system for passengers created in C++), Air Traffic Control Systems, French and Korean TGV high speed trains (onboard system as well as track control), space program (NASA, most of ISS code is in Ada, various satellites) and others – see e.g. http://www2.seas.gwu.edu/~mfeldman/ada-project-summary.html.

How did D2000 get to Ada? The original implementation of the D2000 (1993) was on OS/2 platform using Modula-2 language. After a few years, there was a need to port the D2000 on Windows NT platform where Modula-2 was not available. After a thorough research the language was switch over to Ada (ObjectAda Compiler from Aonix company). In 2002, the compiler was changed to Gnat by AdaCore, which enabled the first 64-bit D2000 port to be created for OpenVMS and later, in 2008, also a port for HP-UX. In 2012, the 64-bit version of D2000 was released for Windows, and in 2017 a port for Linux is being released.

our system.png
Figure 5: our systems must function for a very.. very.. very.. long time ‌‌Redundant system with more than 5 and half year of running without an outage (2071 days).

A bit of subjective view? I have been programming in Ada since 2003, having previously worked with C/C++ (Visual Studio, Solaris, FreeBSD), also a bit with Pascal, assembler. Switching to Ada was relatively simple, syntax was readable and clear. Comparing to C language one has to write more, but on the other hand the invested effort will be repayed by ease of viewing and editing codes (both one’s own and others’) and hunting for errors (both one’s own and others’). I’d like to quote the statement of M. Kunsch that Kernighan & Ritchie were cryptomaniacs.. the more efficient and time-saving the syntax of C is for writing, the harder it is for a reader of code.

Recently, for example I was correcting errors in a communication protocol, which was written in C languages on client's request (as an external dll for the D2000 KOM process) and delivered to the client with the source code. I managed to eliminate the local variable as a part of my modification - the compilation passed, but the result did not work, because the name of the variable (which was originally of a pointer type) remained forgotten in one place, and the compiler considered it an item of the enum type (i.e. integer type) defined in the header file. Such mixing of apples and pears would have been detected by a compiler in Ada…

I feel a bit sorry that the Ada language does not get the attention it deserves for its qualities. On the other hand, I hope that with an increase in the number of mission-critical systems in real life, quality will start to be promoted and number of programmers in Ada will also grow in the commercial sphere. The D2000 Real Time Software is just one example of successful use of this language.

Subscription was successful

Thank you for submitting form.

Image Description

Your message was successfully sent.

Thank you for submitting the form.

Image Description