[Prev][Next][Index]
Vice Admiral Tuttle on Ada and on Formal Methods
-
To: larch-interest
-
Subject: Vice Admiral Tuttle on Ada and on Formal Methods
-
From: horning
-
Date: Tue, 06 Jul 93 12:00:27 -0700
[Multiple forwarding deleted; Gayn Winters comments "I read this as the
beginning of the end for Ada. The part on formal specs for highly secure,
distributed, and parallel systems is quite interesting."]
[Sorry, I don't know what SEW and COTS are. --JH]
------- Forwarded Message
From: althouse@itd.nrl.navy.mil (Ed Althouse)
Subject: Vice Admiral Tuttle's Remarks
Status: R
The following is an excerpt from ADM Tuttle's remarks at the Second Annual
SEW Technical Conference on 4 May 1993. It follows the lines of thinking
that Dr Shumaker has been pushing for some time. I thought that many of us
would be interested in Adm Tuttles's views so I had my secretary retype the
pertinent info and broadcast it on the email system.
-------------------------------------------------------------------------
We should reexamine our software policies and standards with a view toward
removal of impediments to the use of the best current industrial tools and
practices. DOD is no longer a dominant market force in driving languages
and software standards -- and we need ongoing means for adopting the best
commercial standards available. Techniques such as object-oriented design
and programming and support for distributed computing and massively parallel
processors are supported through industry-standard languages. Our single
chosen language, ADA has not evolved, and cannot evolve rapidly enough to
provide timely access to the best new methods.
Object-oriented methods have proven effective for development of large
industrial applications and have features well suited to our goal of
software reuse. We are already employing networks of distributed computers,
and the next generation desktop machines will almost certainly be massively
parallel processors. ADA does not effectively support object-oriented
programming -- distributed computing -- and massively parallel processors
now -- and ADA 9X will not provide many capabilities already widely
available through C++ and parallel implementations of C.
We must facilitate access for system developers to COTS computing languages
that effectively support both object-oriented programming and massively
parallel processing. We must modernize our current antiquated software
specification procedures to permit -- even mandate -- the best automated
methods available.
I have recently signed our correspondence to Emmett Paige, our new Assistant
Secretary of Defense for C3I, recommending development of a new strategy for
accommodation of new software practices in a timely manner and relaxing
adherence to policies originally adopted to enforce good practice that have
now become an anchor.
I propose in that correspondence to address process models -- design tools
-- languages and documentation standards in an entirely new manner akin to
the way we now handle hardware, rather than through the glacial revision
process for our outmoded software documentation procedures and languages.
I have volunteered to take the lead in this adventure. Included in this
strategy should be measures to encourage the use of fourth generation
computer languages better suited than ADA and others of the third generation
to problem-oriented programming. Explicit language features directed toward
timing -- security policy and task priority should be included -- as well as
generous support for programming in new, diverse parallel and distributed
computing architectures.
Secondly, I have recommended to the Chief of Naval Research a focus in the
computer technology techbase on technologies directed toward specifying and
producing correct, supportable and timely software. As most costly software
faults are introduced during specification and early design, I have selected
this phase of development for special early emphasis.
My highest priorities are the following: Formal methods for software
specification -- Formal methods for parallel and distributed computation --
and specification - Driven prototyping methods. ONR's level of support for
software basic research in these areas is adequate; however, exploratory
development is marginal and advanced development is inadequate to meet our
needs.
Once available, these specification languages -- automated verification
tools -- and advanced prototyping techniques must be made available to
software developers. These new methods and the COTS software that supports
them must be fully supported in policy and procedure.
The matter of formal methods for requirements generation and software
specification merits special attention. Increasingly in our systems
assurance is the watchword. In mission planning, for example -- with the
diversity and sensitivity of many of our surveillance -- reconnaissance --
and intelligence resources, multilevel security is essential. In achieving
true trusted software at the B3 and higher levels that are necessary in this
process, very strict, formal software design rules must be followed. Formal
methods technology is the keystone to achieving this level of assurance.
A second example may be even more compelling from a standpoint of cost and
system performance. The combat system community has not migrated rapidly to
COTS and to our series of tactical advanced computers -- nor has it been
willing to connect its systems interactively with C3I systems. The levels
of assurance required in weapon systems are so demanding that they have
dwelt in a self-contained system design and operational environment. Now
that commercial hardware has advanced to the point that it should meet their
needs for survivability, formal software methods can bring them the degree
of confidence in system reliability and performance assurance needed to
bring them fully into an open-system environment -- both in design and in
operational integration with C3 systems. This paradigm shift would result
in a major cost-saver and performance enhancer for Navy.
Thirdly, I have established a quality management board to address the
software development process from top to bottom. This board, comprising
member of my staff, the Navy Laboratories, the Academic World and
Software-Oriented Industrial Activities such as the Software Productivity
Consortium and the Software Engineering Institute, has begun already to
bring about a new strategy for military software development that I will
volunteer to DOD as the backbone of a new DOD-wide strategy.
A year ago my irrepressible chief scientist showed you a slick viewgraph of
a sleek -- streamlined -- hand-crafted Duesenberg -- complete with mahogany
trim and 50 coats of hand-rubbed lacquer -- the product of a coachwork
artist. The caption said "This is your brain". He put beside it a grainy
black-and white photo of a model-T with the caption "This is your brain on
ADA". The point was that in order to make software affordable -- reliable
-- reproducible we were forced to design and configuration control processes
that limited performance and acceptability much as the Model-T was limited
by 1920s-era assembly-line technology.
Ladies and gentlemen, the software revolution is upon us. If we deal
successfully with the software technology challenge, we'll have the
performance of a Dusenberg at the cost and reproducibility of a Model-T --
the Twenty-First Century Lexus. Thank you for your kind attention.
------- End of Forwarded Message