Ada: a worthwhile OSdeving language?

As part of my regular attempts to improve my computer culture, I have recently ended up taking a look at the Ada programming language. The main goal there was to understand why its proponents were claiming that it was more suitable than others for developing software which have to be extremely reliable such as that of trains and airplanes. In the process, and in particular while looking at this paper from John Barnes which tries to summarize what this language is good at, I couldn’t help but notice that the language could be an interesting choice for OSdeving. To be more precise, here’s my current view of the pros and cons of using Ada for that purpose.

Pros

  • OS code is notoriously hard to debug, so any help from the programming language to avoid classical programming errors is welcome. Ada tries to do this in a number of ways, such as by having true type safety, providing a “named notation” for easily managing functions with lots of optional parameters and structures with lots of fields, and enforcing appropriate caution in the handling of pointers and array types.
  • The language also attempts to help debugging more subtle logic errors, by allowing a developer to clearly specify things such as code preconditions and postconditions, limits of integral types and arrays, or restrictions on the ways a piece of code can be used (e.g. “limited” objects that can’t be copied).
  • In spite of this focus on programmer safety, the language also targets embedded and real-time programming as a core use case, meaning that it provides quite a lot of control on data representations and storage, along with a relatively predictable performance, without having to resort to nonstandard and ill-readable compiler pragmas.
  • A lot of care has been taken to make the language communicate well with code written in other languages, such as Assembly, Fortran, C, C++, Python, Java and .Net languages, even if it does often require use of toolchain-specific mechanisms.
  • While too many programming languages require some code to be directly written in headers, or do away with headers altogether, violating the principle of implementation hiding, Ada strives to provide a very good control on code visibility, allowing for optimal separation between a code’s interface (called “specification” in Ada parlance) and its implementation. When some implementation details do have to be exposed for technical reasons, such as allowing for separate compilation, it is possible to make them private so that external code cannot directly access them.
  • Multitasking and concurrency are treated as a first-class concern, and handled with an amount of care that is rarely seen in languages that are also suitable for low level programming.

Cons

  • Using a relatively obscure programming language means depriving oneself from the assistance of most system developers and written resources, which tend to use other programming languages like C or C++
  • Although the language seems to lend itself pretty well to bare-metal development, implementation support for this use case may vary. The OSdev Ada Bare bones tutorial, as an example, shows the fair level of complexity that is involved when building a proper cross-compiling OS development toolchain for Ada based on the popular GNAT environment.
  • There might be other issues which I do not know yet as an Ada newbie, and I’d like to try the language out on a few simple projects to see how much it is actually worth in everyday use. Just to end this with a lame pun, the few bits which I have read about Ada so far certainly SPARKed some interest in me…

5 thoughts on “Ada: a worthwhile OSdeving language?

  1. Cleverson July 10, 2013 / 4:30 pm

    Have you heard of the Nimrod language? It’s community is small, yet dedicated. See it at http://nimrod-code.org/

    Here’s an excerpt from its FAQ:
    What is Nimrod’s take on concurrency?
    Nimrod primarily focusses on thread local (and garbage collected) heaps and asynchronous message passing between threads. Each thread has its own GC, so no “stop the world” mechanism is necessary. An unsafe shared memory heap is also provided.
    Future versions will additionally include a GC “per thread group” and Nimrod’s type system will be enhanced to accurately model this shared memory heap.

  2. Nick P November 30, 2013 / 11:42 pm

    Ada is a worthwhile OS developing language in the technical sense. It’s been used in many high-integrity applications from embedded control systems to a certificate authority. The language was also used to develop high integrity OS’s back in the day. I recall it being used in Army Secure Operating System (A1 class) and Secure Ada Target program. The BiiN project for tagged hardware, typesafe, resilient OS wrote everything in Ada [and failed for other reasons]. MarteOS is a hard RTOS that’s mostly written in Ada and still in production use IIRC.

    Ada’s one of those languages with plenty of misinformation on it. For instance, it’s often said it was designed by a committee as if suit types threw random stuff together. Language decisions were actually often made by people who knew what they were doing and with a focus to benefit developers in target field (embedded military applications). A US govt study on languages, including Ada and C++, found Ada programmers to be more productive with fewer errors and easily maintained code. A vulnerability report comparing what vulnerabilities several languages could experience showed Ada to have fewer than many. One defense contractor said they kept Ada for critical stuff not just because of its high integrity features, but because it’s tools and standard libraries have been extremely stable over a decade. C++, Java, or C# “standards” are more like fads that are replaced every few years. Note that Ada still gets updated with new features: they standards are just backward compatible and conservative.

    It seemed to have a few reasons for not taking off. In short, it was a combination of being too expensive, a knee-jerk negative reaction to the govt mandate, a bit of a performance issue on certain weaker hardware back then, and that C/C++ popularity was displacing everything. Today, the language is obscure compared to the mainstream languages with implications in available libraries, tools, and developers. Nonetheless, Ada Core, Aonix, IBM, and others provide plenty of great tools and documentation for Ada development. There is also quite a bit of sample code.

    My recommendation is to start with something like OS kit and build something usable on top of it with Ada. Use native code with careful interfaces for the absolute lowest level stuff. Maybe something like Typed Assembly Language, COSMOS project’s X#, or Verve OS’s techniques for lowest levels. Wrap that with Ada, then leverage Ada’s type system from there. Pay special attention to both effects of compiler on the code and interactions between multiple languages where one might make a different assumption than another. Might turn out to be something useful.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s