Tutorials of  the International Conference on Reliable Software Technologies, June 8 - 12, 1998.

Ada 95 as a Foundation Language for Undergraduate Programs, Michael B. Feldman

Java for Ada Programmers, Ben Brosgol

Software systems architecture: a practical architecture method, David Emery, Rich Hilliard, Timothy Rice

Distributed Systems Annex of Ada 95 and An Inside Look At The GLADE ImplementationLaurent Pautet (Télécom Paris University), and Samuel Tardieu (Télécom Paris University)

The End of the Age of Miracles, Richard T. Dué

Ada-based systems engineering with O4S, Ingmar Ögren

Building development tools for use with GNAT, Cyrille Comar, Sergey Rybin

Ada, Java & GNAT: A Manager's and Developer's Roadmap, Franco Gasperoni, Edmond Schonberg

Guaranteeing Timing Requirements under Real-Time POSIX, Michael Gonzalez Harbour

SPARK, John Barnes, Peter Amey

Ada 95 as a Foundation Language for Undergraduate Programs

Michael B. Feldman



Audience background

Attendees should have interest and experience in teaching undergraduate academic courses in computing. No extensive familiarity with Ada is assumed.
Particpants will leave the tutorial armed with materials, references, and knowledge sufficient to make an informed choice for Ada 95 in undergraduate curricula, as well as "ammunition" they will find useful in persuading colleagues to choose Ada as well.


This tutorial will present the advantages of Ada 95 as a foundation - introductory - programming language for undergraduate computing curricula, including details of prototypical first- and second-level courses. Ada 95 combines the clear syntax and programming discipline of Pascal with a range of standard, industrial-strength features for encapsulation, template- and inheritance-based object-oriented programming, and language-defined multitasking.


Ada is currently the foundation language in over 100 institutions worldwide. Teachers of Ada 95 are building on a ten-year base of experience with Ada 83 as a foundation language; moreover, Ada 95 is supported by a range of undergraduate textbooks (including at least five at introductory level), as well as several stable and inexpensive compilers and toolsets for the most popular academic computing platforms.


Michael Feldman.GIF (17518 bytes) Michael Feldman is a Professor in the Department of Electrical Engineering and Computer Science at The George Washington University, Washington, DC, where he has been a faculty member since 1975. He has taught a CS2-level course with Ada every year since 1985, and a CS1-level course with Ada every year since 1991. Both courses are now in their third academic year using Ada 95.
Prof. Feldman also teaches File Structures using Ada 95, and is now offering Real-Time Systems with Ada 95. The real-time course is built around a scale model of the Washington, D.C. rapid transit (metro) system, with Ada 95 controls.
Prof. Feldman has published numerous articles on Ada in undergraduate courses and related issues. He is the author of two well-received 1996 textbooks, "Ada 95 Problem Solving and Program Design (with Elliot Koffman)" and "Software Construction and Data Structures with Ada 95". These are texts at CS1 and CS2 level, respectively.


Monday, June 8, full day, 8h30-12h00 and 13h30-17h00 with two half hour breaks.

Java for Ada Programmers

Ben Brosgol


Audience background

Some knowledge of Ada 83 is necessary. Exposure to Object Orientation is quite helpful but is not strictly required. Exposure to Ada 95 is likewise helpful but is not required.


This tutorial presents the Java language through examples and by comparison with Ada. It describes Java's approach to Object Orientation, summarizes some of the principal sets of classes in the Application Program Interface, and presents the main elements of the Abstract Windowing Toolkit, including applets.


BenBrosgol.GIF (29176 bytes) Ben Brosgol is chief Ada technologist with Aonix, in Burlington, Massachusetts (USA). A well-known figure in the international Ada community, Dr. Brosgol has been directly involved with the Ada effort since its inception, as a language designer, implementor, user, and teacher. He participated in the Ada 95 language revision, where he was responsible for the Information Systems facilities. He has conducted Ada-related courses since 1982, and has delivered tutorials at Ada Europe, Tri-Ada, and WAdaS. He has long been active in the Ada professional community and is currently the chairman of ACM’s SIGAda (Special Interest Group on Ada).
Dr. Brosgol delivered the tutorial "Java for Ada Programmers" at the Tri-Ada ’97 conference, where it received high acclaim.


Monday, June 8, full day, 8h30-12h00 and 13h30-17h00 with two half hour breaks.

Software systems architecture: a practical architecture method

David Emery, Rich Hilliard, Timothy Rice


Audience background

This tutorial is aimed at people who have an inerest in and experience with very large software systems development, where an architectural approach is critical.


Abstract For the last five years, we have been applying a practical architecture approach to a variety of software-intensive systems, with considerable success [1]. Drawing upon our experiences to date, this tutorial introduces our approach, and relates it to other software and systems architectural approaches.

Keywords: architecture, software-intensive systems, views and viewpoints. Description: The forthcoming IEEE Recommended Practice for Architectural Description defines architecture this way [2]:

An architecture is the highest level concept of a system in its environment. What differentiates architecture from design is that architecture is outward looking, viewing the system in context, while design concentrates on the inward structure of the system itself. Thus, while all systems have an architecture, the challenge for systems development is to articulate a "good" architecture for the target system.

The tutorial begins with an overview of architecture as a major part of the system life cycle. Within this framework, we describe the steps in developing an architecture, showing the responsibilities of system architects, acquisition authorities, user representatives, design engineers and maintainers, and the resulting architectural products. Our approach designates some architectural products as the responsibility of the client; this ensures that the system can meet client needs.

We then present an approach to architectural description, based on a "architectural metamodel," allowing an architecture to be described as a set of interrelated views, where each view is composed of components, connections and constraints.

We demonstrate the selection and definition of architectural views from case studies based on existing systems from the domains of Command and Control and Information Systems.

The tutorial concludes with a look at related work, including ISO's Reference Model for Open Distributed Processing, IEEE's Recommended Practice for Architectural Description and the US DOD's C4ISR Architecture Framework.

Course Outline: The tutorial is organized into the following parts. The Architectural Metaphor In this part, we motivate the discipline of software systems architecture with reference

to architecture in other fields, particularly traditional building architecture. We contrast this sense of architecture with "Software Architecture" as currently being investigated.

The Architect's Job We locate architecture as an activity within the system life cycle, and the architect's role relative

to those of other system stakeholders (users, the client, acquisition agents, designers, maintainers, etc.).

The Practical Architecture Method In this part, we outline an approach we have used to analyze, evaluate and

develop software systems architectures within a life cycle setting. It is a multi-phased approach, as follows:

1. System of Systems Analysis - Articulation of vision, goals, needs, scenarios for the system. \Lambda Person to contact about this submission.

2. Viewpoint Analysis - Selection and definition of architectural viewpoints. Development of architectural models ("views") satisfying those viewpoints.

3. Architecture Integration - Establishment of traceability between architectural views and coverage of all needs by the architecture.

4. Overseeing System Construction - Role of the architect during the development phase.

5. System Acceptance - Role of the architect at system delivery.

6. Architecture Maintenance - Evolution of the architecture.

System of Systems Analysis The architect's job begins with a thorough understanding of the needs for a system. This involves identifying the key stakeholders of that system (users, the client, maintainers, acquisition agents, etc.) and working with them to articulate their immediate needs, larger goals, and long-term vision for the system. Analysis techniques and tools for this phase will be presented. Needs analysis will be contrasted with traditional system requirements analysis.

Architecture Descriptions The next part focuses on the foundations of representation and documentation of archi

tectural decisions through modeling. We introduce a "metamodel" of architectural description which defines viewpoints and views, and their constituents: components, connections and constraints.

Architectural Modeling We work through the process of creating an architectural description from the selection and definition of viewpoints, through their modeling and integration. We provide techniques for view selection and definition, choice of modeling languages appropriate to different views, and techniques for model checking and integration for consistency and traceability.

Architecture Assessment In this part, we show how the architectural approach we have introduced can also be applied to the assessment of architectures. We provide an overview of the Architecture Quality Assessment technique [3] and compare it with other approaches to architectural evaluation. This technique plays a role not only in independent analyses of architectures, but in the life cycle activities of Overseeing System Construction and System Acceptance.

Case Studies Throughout the tutorial, examples will be given to motivate key concepts and approaches based on actual systems we have developed.

Wrap Up In the final section we will contrast the presented approach with other contemporary approaches to software and systems architecture, including other architectural frameworks and methods, Architecture Description Languages, and other technologies for the architect.


David Emery is a Principal Engineer with The MITRE Corporation in Washington, DC, where he is currently applying this architectural method to the U.S. Army's Distance Learning program. Prior to his return to MITRE, he worked for Hughes Aircraft of Canada on the Canadian Automated Air Traffic System (CAATS). CAATS is one of the primary applications of the "4 + 1" architectural approach described by P. Kruchten. Previously, Emery worked for The MITRE Corporation in Bedford, MA, on software architecture, Ada and Ada bindings. He was Technical Editor for IEEE Std 1003.5-1992, The Ada Binding to POSIX System Services, has served as ACM SIGAda Secretary and Treasurer, and is a member of the ACM Technical Standards Committee. Emery received a B.S. in Mathematics from Norwich University, Northfield, VT. He is a member of the IEEE, IEEE CS and ACM. Address: The MITRE Corporation, MS W538, 1820 Dolley Madison Blvd, McLean, VA 22102 Email:emery@mitre.org Phone: +1 703 883 7606 Fax: +1 703 8783 6143

Rich Hilliard is Lead Architect at The MITRE Corporation, assigned to the Air Force's Chief Architects' Office. He is Secretary and Technical Editor for the IEEE's Architecture Working Group, which is developing a Recommended Practice for Architectural Description. He was a member of the Ada 9X Mapping/Revision Team that defined the Ada 95 revision to the Ada language. Address: DII-AF Chief Architects' Office, The MITRE Corporation, Mail Stop X073, Bedford, MA 01730 Email: rh@mitre.org Phone: +1 781 377 6856 Voicemail: +1 781 271 2724
FAX: +1 781 862 8429

Timothy B. Rice is vice-president for Software Engineering, at ISIS 2000. He has been applying the practical architecture method to developing software systems for several years. Prior to joining ISIS 2000, he was Lead Architect in the Air Force's Chief Architects' Office, where he was the team leader of the Air Force's Command and Control System Target Architecture. He also managed the MITRE Software Center Open Systems Engineering group, focusing on the application of standards to the development of software systems. He received an MS in Applied Mathematics from Northeastern University and a BA in Mathematics from Bates College. Address: 5151 E Broadway, Suite 1400 Tucson, AZ 85711 Email: tim.rice@isis2000.com Phone: +1 520 745 3999 Fax: +1 520 745 3775


[1] David E. Emery, Richard F. Hilliard, and Timothy B. Rice. Experiences applying a practical architectural method. In Alfred Strohmeier, editor, Reliable Software Technologies - Ada-Europe '96, number 1088 in Lecture Notes in Computer Science. Springer, 1996.

[2] Walter J. Ellis, Richard F. Hilliard, Peter T. Poon, David Rayford, Thomas F. Saunders, Basil Sherlund, and Ronald L. Wade. Toward a recommended practice for architectural description. In Proceedings of 2nd IEEE International Conference on Engineering of Complex Computer Systems, Montreal, Quebec, Canada, October 21- 5, 1996, 1996.

[3] Richard F. Hilliard, Michael J. Kurland, and Steven D. Litvintchouk. MITRE's Architecture Quality Assessment. In 1997 MITRE Software Engineering and Economics Conference, April 2-3, 1997, 1997.


Monday, June 8, half day, 13h30-17h00 with one half hour break.

Distributed Systems Annex of Ada 95 and An Inside Look At The GLADE Implementation

 Laurent Pautet (Télécom Paris University), and Samuel Tardieu (Télécom Paris University)



Audience background

This tutorial is intended for designers and programmers of Ada applications that will be executed on a distributed system. Attendees should have experience or concerns in programming distributed applications, or be familiar with classical approaches (UNIX network programming, client/server model).


Ada 95 presents an approach for programming distributed systems which is quite complete. Nevertheless, the potentials of the language are not immediate and the reader of the Reference Manual might become puzzled with the number of restrictions which are stated.
The first part of the tutorial is devoted to the benefits of Ada 95 and to its paradigms: client/server, distributed objects and shared memory. Our aim is to present a programmer's view of distributed applications.
The second part of the tutorial will be devoted to a presentation of GLADE which is our approach for configuring distributed applications, and to the current implementation of the Distributed Systems Annex in GNAT. This will give the attendees the opportunity to experiment with the paradigms studied in the first part.
The information will also be of practical interest for those who need to incorporate additional features in our current implementation.


pautet.jpeg (6930 bytes) Dr. Laurent Pautet is assistant Professor at ENST, Paris and member of the GNAT team. His research interests include software engineering, distributed systems, and real­time systems. He is one of the main architects of the Ada 95 Distributed System Annex implementation for GNAT (called GLADE). He is one of the principals of the Ada-France association and the authors of several freely available communication packages in Ada and other programming languages.

Samuel Tardieu is a PhD student at ENST, Paris and member of the GNAT team. His research areas include distributed, embedded and real-time systems. He is participating in the implementation of the Ada 95 Distributed System Annex for GNAT (called GLADE) and is currently adding strong fault tolerancy support to this implementation for his PhD work. He is one of the principals of the Ada-France association, and the authors of several freely available communication packages in Ada and other programming languages.

The End of the Age of Miracles

Richard T. Dué


Audience background

Senior Analysts, Project Mangers, and Mangers with some background and experience in Object Technology application development projects who are looking for fundamentally new approaches to Object-Oriented Analysis and Design and project organization.


An interactive tutorial based upon Richard T. Dué's article in the July 1997 issue of Ed Yourdon's American Programmer. The "End of the Age of Miracles" is a systems development approach which allows end users, analysts, and designers to independently develop integrated systems.
The tutorial will explore the use of Proxy and Broker patterns in a new approach to the project management and architecture of Object Technology application systems. The tutorial will also explore the use of these patterns with the "software piranha" and "duck" design philosophies. The "software piranha" philosophy uses event-driven design to stimulate the behaviors and responsibilities of independent objects. The "duck" philosophy places all interpretation of behavior into separate observing objects. The goal of the "End of the Age of Miracles" is the elimination of the "miracles" that are required to transform analysis to design and design to code in traditional software engineering approaches.
The exploration, evaluation, and improvement of the "End of the Age of Miracles" approach and the "piranha" and "duck" philosophies. Ed Yourdon calls the "End of the Age of Miracles" approach, "novel and intriguing", but wonders how it will fare in the marketplace over the next few years. The prime objectives of this session will be to critique and enhance the approach.


RichardDue.GIF (20698 bytes) Richard T. Dué has 33 years of Information Technology experience as a programmer, analyst, manager, consultant, university professor, author, and expert witness. He is a frequent speaker at many international conferences including OOPSLA, ECOOP, CAiSE, TOOLS, and Software Development. His Object Technology articles have appeared in Object Magazine, Database Programming and Design, American Programmer, Datamation, and Object Expert. Since 1989, he has been the Information Economics columnist for the journal, Information Systems Management. Richard has organized and conducted seminars in over 25 countries in North and South America, Asia, and Europe since 1986. Richard is a member of the OPEN methodology consortium.


Monday, June 8, half day, 13h30-17h00 with one half hour break.

Ada-based systems engineering with O4S

Ingmar Ögren



Audience background

Expected audience is Ada software engineers interested in knowing more about how to apply their Ada knowledge on the system level.


Systems Engineering concerns update and new production of complex systems, where operators cooperate with software and hardware components to complete missions. In this session it is shown how Ada 95 is used by the method O4S (Objects For Systems) as a basis to create system descriptions, which are reasonably formal and still understandable to end users.
The session demonstrates how to use O4S to analyze a system in its context with "Universe Of Discourse" entity-relationship graphs. It also explains how to continue from analysis into object identification. It covers the development process, design with requirements and problem management, and prototyping. It further discusses how O4S can help its users to produce compact system documentation, which complies with standards, such as EIA 12207 and how to manage quality and configuration management. It is also shown how formalized system descriptions, based on Ada 95, can be used to analyze dependability for critical systems with Fault Tree Analysis and Failure Mode Effects Analysis. The tutorial explains some important principles for efficient systems development work, such as the "developer corral" and the "hard and easy meeting".
Through the tutorial, examples are given from real applications in aerospace and automobile systems visualized with the tool kit Tofs (Tool For Systems).


IngemarÖgren.GIF (19725 bytes) Ingmar Ögren was graduated from the Royal Technical University in Stockholm in 1966, with a graduation work concerning integration of a military flight simulator with a Sector Operation Center. From then he has been active in systems engineering of military and industrial systems. He now leads Romet, a method and tools company, located on a seaside farm some 100 kilometers north of Stockholm. He has given multiple presentations and tutorials on Ada-based systems engineering with TRI-Ada, Ada Europe, INCOSE and STC. He also does regular teaching at the Swedish "Försvarshögskolan" (Defense University).

Building development tools for use with GNAT

Cyrille Comar, Sergey Rybin



Audience background

Participants should have a good understanding of Ada semantics. Basic experience on programming with GNAT is helpful, but not required.


The tutorial will explain, how you can build your own development and program analysis tools when working with GNAT. The existing GNAT toolset and different approaches to tool development will be presented. Using ASIS (the Ada Semantic Interface Specification) as the effective technology for building the wide range of useful tools will be discussed in details. The discussion will include presenting of concrete ASIS-based tools and of the ASIS implementation for GNAT.
GNAT is the fully-validated multi-platform industrial-strength Ada 95 implementation. ASIS is an interface between an Ada environment and any tool requiring information from it. ASIS has been designed to be independent of the underlying Ada environment implementation, thus supporting portability of software engineering tools. The tools to be considered at the tutorial include, but are not limited to, library management tools, metric tools, style checkers, code optimization tools etc.


Cyrille Comar (comar@gnat.com) is a member of Ada Core Technologies (ACT) and a founder of ACT Europe. He is one of the key architects of GNAT, he has implemented the Ada 95 object-oriented features and the GNAT library model.

SergeyRybin.GIF (23507 bytes) Sergey Rybin (rybin@gnat.com) is a Senior Researcher at the Moscow State University, and he also works as a consultant for ACT. He is the principal architect and the main developer of the ASIS implementation for GNAT. He is an active member of the ISO ASIS Working Group and ASIS Rapporteur Group.


Friday, June 12, half day, 13h30-17h00 with one half hour break.

Ada, Java & GNAT: A Manager's and Developer's Roadmap

Franco Gasperoni, Edmond Schonberg

gasperon@inf.enst.fr, schonberg@gnat.com


Audience background

Any manager, project leader, software engineer or programmer that is interested in understanding the Java technology, its opportunities and how Ada can be used on this platform.


The objectives of this tutorial are:
* Help participants demistify the Java technology and by that token go beyond the hype that surrounds it. Aspects of the technology that will be adressed in various degrees of depth include:
The Java virtual machine, the Java API, JavaBeans (the Java software component model), JNI (the interface that allows native aplications to interface with Java).
* Help managers and developers understand the opportunities represented by this emerging technology which spans applications ranging from internet applets to fully featured information systems running on mainframes, PCs or workstations to embedded systems such as intelligent automobiles, smart cards, telephones with built-in Web browsers and state-of-the-art cellular telephones.
* Provide a roadmap for project managers & software engineers to help them understand where Ada fits in the world of Java and how companies can take advantage of their Ada investments for the Java platform. More important, this tutorial will illustrate how the use of Ada can provide a competitive advantage on this emerging platform.
* Explain how one can write Ada applications for the Java platform using the GNAT compiler which has recently been targeted to this platform. This includes writing new Ada applications as well as porting existing Ada code. Seamless interoperability between Ada and the Java programming language as well as the use of the Java API (Application Programming Interface) from Ada will be discussed in depth.
The tutorial will contain down to earth examples and a large number of demos to help participants acquire a concrete grasp of the concepts presented.


FrancoGasperoni.GIF (18109 bytes) Franco Gasperoni is a professor of Computer Science at Telecom Paris, in France and is one of the founders of ACT Europe. Franco has taught courses in various areas of computer science: programming languages, compiler design, computer architecture and operating systems at Telecom Paris and New York University. In addition, the presenter is one of the main architects of the GNAT to Java effort that is currently underway.

Edmond Schonberg is professor of Computer Sciences at New York University, and vice-president of Ada Core Technologies. He has been involved in the implementation of Ada compilers for 15 years. He has taught courses in programming languages, compilers, object-oriented languages, algorithms, and software engineering for 25 years. Most recently he has introduced a Java-based Honors course for CS101 students at NYU.


Friday, June 12, half day, 8h30-12h00 with one half hour break.

Guaranteeing Timing Requirements under Real-Time POSIX

Michael Gonzalez Harbour


Audience background

The audience should be familiar with the development of real-time applications, in order to understand the different concepts. Knowledge on the Ada tasking model is desired, since most of the examples will refer to systems that are built in Ada. Some experience with using UNIX or another operating system to program applications is desirable.


The Real-Time Annex of the Ada 95 language provides a very good support for developing both hard and soft real-time applications under highly predictable scheduling and synchronization mechanisms. In addition to the facilities provided by the Ada language, many real-time systems built today require operating systems services such as network communications, graphical user interfaces, or file systems. In this context, it is extremely important that the underlying operating system provides bounded response time services, to be able to guarantee that the timing requirements of the application will be met.
This tutorial focuses on design and analysis techniques for guaranteeing the timing requirements of applications built in Ada and under a real-time POSIX operating system. The tutorial is divided in two parts. The first part is a review of the techniques that can be used to design and analyze a real-time application, so that we can predict if it is going to meet all of its timing requirements. This part of the tutorial is based on the collection of methods known as rate monotonic analysis.
The second part of the tutorial discusses the main real-time operating system services defined in the POSIX standards. These services allow application developers to write portable applications that meet their real-time requirements. The tutorial reviews the different services from the perspective of an Ada application, and discusses which of the different options and services are more suitable for developing real-time applications in Ada.


MichaelGonzalez.GIF (16447 bytes) Michael Gonzalez Harbour is an Associate Professor in the Department of Electronics and Computers at the University of Cantabria. He works in software engineering for real-time systems, and particularly in the analysis of distributed real-time systems using rate monotonic analysis. He is a co-author of "A Practitioner's Handbook on Real-Time Analysis". He has been involved in several projects using Ada to build real-time controllers for robots.
Michael is an active member of the POSIX real-time working group. He is the Technical Editor of the IEEE POSIX.1d and IEEE POSIX.1j standards.


Part I: Real-Time Analysis
1.    Introduction
2.    Analyzing sets of periodic tasks
3.    Extending the basic theory
4.    Task synchronization
5.    Handling aperiodic tasks
6.    Lessons learned from RMA experience

Part II: Real-Time POSIX
1.    Introduction. Real-time operating systems
2.    The basic POSIX standard and its Ada bindings
3.    Real-time extensions
4.    Threads extension
5.    Additional real-time extensions
6.    POSIX subsets
8.    Design and analysis of real-time applications
7.    Selecting a POSIX-conforming OS
8.    Summary and conclusions


Friday, June 12, full day, 8h30-12h00 and 13h30-17h00 with two half hour breaks.


John Barnes, Peter Amey


Audience background

Attendees will be expected to be familiar with the mainstream ideas of Ada (83 or 95). No knowledge of SPARK will be assumed. No prior knowledge of formal methods is required. Note: This tutorial is not for the novice but nor will it contain heavy indigestible proof stuff so it is classed as Intermediate.


This tutorial will provide a general appreciation of the goals and capabilities of SPARK illustrated by a number of examples.
The first part of the tutorial will commence with an overview of the key principles behind SPARK. This will be followed by a survey of the concepts of abstraction, refinement and flow analysis and an introduction to the ideas of how a program might be proved to be correct with respect to its specification.
The second part will briefly survey the various features of SPARK as a subset of Ada and show how these have been constrained by a number of general principles designed to reduce misunderstandings and eliminate ambiguities and uncertainties.
The final part of the tutorial will look at the tools associated with SPARK in a bit more detail. This will include the techniques used by the Examiner for flow analysis and the use of the Simplifier and Proof Checker for generating proofs.
In summary, the main purpose is to give attendees an appreciation of the scope of SPARK and what might be achieved by its use in practise. An important goal is to show that the SPARK approach can bring useful benefits without every programmer having to have a doctorate in formal methods!


JohnBarnes.GIF (21581 bytes) John Barnes read Mathematics at Trinity College Cambridge. Fellow of the British Computer Society.
Member of Ada 83 and Ada 95 design teams. Principal author of Rationale for Ada 95. Author of Programming in Ada 95. Author of High Integrity Ada - The SPARK Approach.

Peter Amey is Product Manager of Praxis Critical Systems. He is the principal author of the Examiner, the key tool for the analysis of SPARK programs.


Friday, June 12, full day, 8h30-12h00 and 13h30-17h00 with two half hour breaks.