Rod Chapman, Praxis HIS, UK

This presentation will look at the many problems of designing and building high-integrity software and the processes, languages and tools that are currently used. The need to "engineer" our software implies that discipline and reasoning are required, yet most processes and languages seem to obstruct rather than assist such attempts. To help understand why, we consider the history of programming language design, and how this has shaped the way we think about software and constrained our ability to engineer it.
In this generally gloomy picture some good news can be found: the emergence of design-by-contract facilities in languages such as Eiffel and SPARK has made a strong impact in some niche areas. In those areas, we have made a rather unusual observation: customers (some having "flirted" with this week's fashionable approach) are "coming back to Ada", recognizing the language's strengths, particularly for high-integrity applications. The presentation will close by considering why Praxis still uses (and chooses) Ada, and the role that Ada has to play in the future of high-integrity software.

Roderick Chapman received MEng and DPhil degrees from the University of York, England in 1991 and 1995 respectively. He is currently products manager at Praxis Critical Systems, leading the design and development of the SPARK language and toolset. Before joining SPARK team, Rod was involved in the implementation high-integrity real-time and embedded systems, including SHOLIS (the first system implemented to the Def Stan 00-55 SIL4 standard), the Lockheed Martin C130J Mission Computer, and the MULTOS CA. Rod has presented tutorials, papers and panel sessions at many conferences, including SIGAda, Ada Europe, and SSTC.
 

Henrique Madeira, University of Coimbra, Portugal

Component-based software development is a well-established practice. Even mission-critical applications, where rigorous verification and validation is mandatory, are now using off-the-shelf (OTS) components and reusing previously developed code. An important concern in using OTS components is the impact of possible failures in theses components, as OTS components are not generally designed for strict timing and/or safety-critical environments. Furthermore, the new operational conditions derived from component reuse may differ substantially from those the components were initially designed for, which may expose software faults that had not been disclosed before. Therefore, the software industry needs practical and effective methods to help estimating (and reducing) the risk of using OTS components or helping in choosing the most reliable option when alternative components are available.
This presentation describes a new methodology for experimental risk assessment based on software fault injection. The usual risk evaluation equation is used to consider specific aspects evaluated by fault injection, such as the probability of fault activation and fault impact, as well as the use software complexity metrics to estimate the probability of residual defects in software components. The injected faults emulate typical programming errors using fault injection operators derived from extensive field data study on software faults. Examples of using the proposed approach in two different systems representing realistic component-based applications developed in Java and C and using OTS components such as RTEMS real time operating system.

Henrique Madeira is an associate professor at the University of Coimbra. His main research interests focus on experimental evaluation of dependable computing systems, fault injection, error detection mechanisms, and transactional systems dependability, subjects on which he has authored or co-authored more than 90 papers in refereed conferences and journals. He has coordinated or participated in tens of projects funded by the Portuguese government and by the European Union. Henrique Madeira was the Vice-Chair of the IFIP Working Group 10.4 Special Interest Group (SIG) in Dependability Benchmarking from the establishment of the SIG in the summer of 1999 until 2002. He has organized several Workshops and scientific events and was the Program Co-Chair of the International Performance and Dependability Symposium track of the IEEE/IFIP International Conference on Dependable Systems and Networks, DSNPDS2004. He has also been asked to be referee for many international conferences and journals and he has served on program committees of the major conferences of the dependability and database areas. Henrique Madeira is co-developer of several fault injection too such as RIFLE and Xception, which have been used in several universities worldwide and in space agencies such as INPE, ESA, and NASA. He is a co-founder of the company Critical Software, SA.
 

Miguel Angel de Miguel, Technical University of Madrid, Spain

Safety critical software components require complex development processes, and the early evaluation of software architectures is a basic mean for the reduction of safety critical software costs. In Model Driven Developments (MDD) models are on the critical path of software development. MDD assumes a sequence of development based on different types of models, in general platform independent and platform specific. But safety critical software applies some other types of models that provide support for the verification of safety characteristics. The integration of different modeling approaches reduces problems of inconsistencies and model development costs, but this integration requires the adaptation of traditional MDD model paths, and some tool integration support.
MDD infrastructures (e.g. Meta Object Facilities and UML extensions) provide facilities to support the integration of safety critical modeling methods. But some improvements are needed; these improvements include the invocation of services in other tools, and solutions to interchange modeling tools components that adapt model driven facilities to domains and technologies.

Miguel A. de Miguel is associate professor at the Technical University of Madrid, in the Telecommunications School. He got his PhD in this university and he has collaborated as research visitor at the University of Illinois in Urbana-Champaign and INRIA and he has been working several years in Thales Research and Technology. Mr de Miguel has been chairman in some OMG standardization groups.
His research interests include the description of modelling notations for the specification and development of high integrity systems, and the integration of these notations in software development cycles.
 

John L. Hill, Sun Microsystems, USA

This presentation is a call to action addressing five macro problems affecting practically every aspect of the information and communications technology industry. The inertia of the installed base of code, software quality, increasing complexity, intellectual property rights practices, and the methods of teaching software technologies each impede the progress of Mankind throughout the world. Radical improvement is needed. The presentation proceeds by making disturbing recommendations about cooperation in the marketplace, elimination of vulnerabilities in programming languages, application of high-order software development methods, innovation, and education about software.

John Hill has spent 30 years in the Information and Communications Technology industry with the past 18 years in industry standards. He is currently employed by Sun Microsystems, where he is responsible for implementing strategies to improve the efficiency and effectiveness of ICT standardization.
While with Sun Microsystems, AMP, Compaq, and Unisys, Hill obtained extensive experience in industry standards, software and hardware engineering, data processing operations, strategic marketing, and technical negotiation. He has influenced industry standards for computer programming languages and operating systems. Throughout his career, Hill has participated actively and held numerous elected positions in a wide range of standardization organizations including ECMA, JTC 1/ SC22, INCITS, JTC 1 TAG, IEEE, and VITA.
Hill has received numerous awards including the 1998 National Committee for Information Technology Standards Chairman’s Award, the IEEE Certificate of Appreciation (1996), and The Wall Street Journal Award in 1971 for a research paper entitled “The Economic Cost of the Oil Import Quota, 1959-1970.”