
Airbus Chooses GNAT Pro Ada for Development of Unmanned Aerial System - jayp1418
https://www.manufacturing.net/aerospace/news/21175187/airbus-chooses-gnat-pro-ada-for-development-of-unmanned-aerial-system
======
3gg
Not an expert in ADA, but after playing around with it for a while, I don't
know why this language doesn't get more praise. It seems to solve a lot of the
memory problems Rust solves, albeit in a different way. Its first-class arrays
and strong type system seem to go a long way into not having to deal with
pointers often, for example. These "features" today would likely be considered
part of "a better C", except that none of this is even new; ADA dates all the
way back to the 80s. And then ADA/Spark allows for formal verification, which
C/Rust do not have to my understanding.

Why is ADA not adopted more broadly?

~~~
bsder
> Why is ADA not adopted more broadly?

I would argue that Ada suffered because IDEs weren't a common thing when it
had its heyday.

For example, Ada (and VHDL which took after it) is really verbose and a single
change to a declaration can ripple all over the place.

"Refactoring" is no big deal today. IDEs chop through it really easily.

Back in 1990, on the other hand, you wanted to _strangle_ a language that made
you ripple a domain change of 0..255 to 0..65535 through all the code _by
hand_. _EVERYWHERE_.

There is a reason programmers are so huffy about "type inference", you know.

Currently popular languages are quite "path dependent"\--they needed to be
popular before IDEs existed but still gain benefits when IDEs became
commonplace.

Now that IDEs are common, I suspect that some languages like Ada may slowly
gain ground over time. There is far less need for a language to be "stupid
editor" friendly.

Edit: Change ADA to Ada.

~~~
foerbert
I agree with you, but I just have to say that if you're having to change a
bunch of 255s to 65535 everywhere, you've done things poorly. Ada has a bunch
of nice features to refer to these sorts of limits by names or methods that
won't need to be changed. For those not familiar with Ada, one way might be
MyInteger'Last, which will give the largest valid value for the type.

I may or may not be a little crazy about Ada...

~~~
bsder
> I agree with you, but I just have to say that if you're having to change a
> bunch of 255s to 65535 everywhere, you've done things poorly.

Sure, but that was just one example that stuck in my head from using Ada 30+
years ago. I also remember one of my project partners threatening me with
bodily harm because I wanted to change a name, and it was going to ripple
through his modules.

Perhaps there were better ways to do this in contemporary Ada. However, the
fact that people using the language didn't find them says something, no?

A whole class of us absolutely _LOATHED_ Ada because of this kind of stuff. An
entire engineering class learned to reach for FORTRAN (unsurprising as it was
just beginning its decline) and C (a little surprising as it really wasn't a
juggernaut yet) instead of Ada. That says something about Ada, and it isn't
good.

Sure, we weren't geniuses, but we weren't stupid. If Ada had been useful help
to our classes, we would have used it. The HP-28/HP-48 came out in a similar
timeframe and _EVERYBODY_ in our class jumped on those in spite of them being
$400+ (1988-1990 money) and having to use RPN--being able to chew through
matrices on a calculator was _huge_.

Maybe modern Ada doesn't suffer from these kinds of problems (or, at least has
decent IDE support to deal with it), but it certainly pertains to the path
dependence about why Ada isn't popular.

~~~
foerbert
I'm not sure why changing a name would be so particularly bad in Ada. If
anything, as Lucretia09 pointed out, Ada probably tends to be a bit easier to
change names in than other languages.

I'm not surprised an engineering class tended away from Ada. It's really
designed to ensure robust software is produced than it is anything else. It
tends to want to force you to write down far more of your mental model than
other languages, and it will hold you to it. While I find this very helpful in
ensuring my programs actually do what I intended, I think it also incurs some
up-front costs. It's harder to just start writing _anything_ and then slowly
twist it into a solution. It also takes a little more time before you run it
for the first time. The certainty that it actually works at that point is what
makes it all worth it.

It's a bunch of trade-offs ill-suited for a large number of simple programs.

Emotionally I think it's also a bit of a harder sell because of it. I spend
far more time trying to get it to compile than you do in other languages.
Particularly if you are in a rush, it can feel worse. You don't even have an
executable yet - and it's the damned language/compiler that won't let you make
one! Never mind that the reason it's stopping you is that the theoretical
executable wouldn't work properly. I can't decide if it is actually a matter
of delayed gratification, or if it's merely very similar. But either way, I
think that's one of the adoption issues I haven't seen talked about much.

------
acomjean
At the beginning of the century I worked at a company that used Ada for radar
software. As it became clear the hpux and Solaris (pa-risc and sparc) where
being replaced by Linux On x86 and my company had AdaCore come in and do
training in the new toolset (rational not providing Ada compilers for Linux)

AdaCore were quite knowledgeable as a company company offering a supported
vendor of gnu Ada. I think they’re Still involved heavily in the development
of the free ada compiler “GNAT” (part to gcc)

[https://www.adacore.com/get-started](https://www.adacore.com/get-started)

Defense companies liked open source vendors to take risk off and I’m not sure
how it worked but some Ada compilers were “validated”

I grew to like Ada, (it has some warts, strings for example, but we didn’t use
them often)

GNAT Wikipedia page.
[https://en.m.wikipedia.org/wiki/GNAT](https://en.m.wikipedia.org/wiki/GNAT)

------
blippage
I've never written in Ada, but I did come across m2os the other day: an Ada-
based system for Arduino Uno microcontroller (and a couple of others) that
features a simple scheduling policy.

This is actually quite intriguing: a language that includes the concept of
tasks at the language level, rather than trying to hammer in a bunch of macros
or somesuch into C to achieve a similar result.

It makes you wonder if Ada really ought to be the "next" system programming
language instead of Rust.

~~~
micronian2
Ada is a really good system programming language, especially if you have to
get very low level, where the language allows for very fine control over
memory layout and for interfacing with hardware. All that _without_
sacrificing type safety. In addition, if you want to make your software even
more bullet proof, you should consider the SPARK subset of Ada and statically
prove the Absence of Runtime Errors, which includes memory safety.
Furthermore, with SPARK you can prove various higher level properties of your
software, thus reducing the number of unit tests needed.

------
1ba9115454
There's an online book for Ada for anyone that's interested in what it looks
like. [https://learn.adacore.com/courses/intro-to-
ada/index.html](https://learn.adacore.com/courses/intro-to-ada/index.html)

------
nraynaud
It has to be said that Adacore is a French company, there is more to it than
just a technical decision

~~~
micronian2
AdaCore was formed by various individuals at New York University who were
involved in the creation of GNAT, which was a DoD funded project. The company
is still based in New York. Over the years they have expanded into various
parts of Europe.

------
na85
I don't care at all for the underscore-heavy style but otherwise Ada is
actually a great language for developing high-reliability systems like
avionics. Formal specification and verification are only going to grow more
important in aircraft certification as time goes on.

Nice to see the defense/aerospace sector giving a nod to free software like
gnat.

------
CraigJPerry
Ada 95 was the language for 1st year Comp Sci at the University of Glasgow at
the start of the millennium. There was a small revival in Ada at that time.

I remember the first lecture introduced a little graphical rocket simulation
in Ada and us students would write code to land the rocket. I liked that.

Then i think the semester after this they introduced us to Haskell (ghc =
Glasgow Haskell Compiler). Another good course but one i wished i’d paid more
attention to at the time!

~~~
desideratum
Glasgow alumni here. The Haskell course was incredibly well taught, though the
the free learning material for Haskell (e.g. learnyouahaskell) is of
significantly higher quality than for most other programming languages.

------
ogre_codes
I'm not sure if this is still the case, but one of the reasons I learned Ada
in college is because it was used by the DOD. I'm not sure if it's still a
requirement for DOD projects, but I believe it was at the time. Which would
perhaps explain why Airbus chose Ada. Either that or simply the engineers who
are on the project were exposed to/ used Ada during other DOD projects.

Since college, I've never touched it again.

~~~
Jtsummers
It hasn't been a requirement for a long time, though it is used in some DOD
projects still.

~~~
p_l
Last I heard, the first major project that had blanket allowance to not use
Ada was F-35...

... And I honestly don't think it benefitted from that exception ;)

~~~
Jtsummers
That's still 20 years, and the mandate wasn't terribly successful. Lots of
systems from the late 80s and 90s were developed in non-Ada languages,
including new development (not just continuations of older systems). Now,
whole platforms, that was probably harder to move away from the mandate until
later. But components could be and were developed in other languages.

------
etaioinshrdlu
Does anyone use Ada for general purpose programming, like for where one might
otherwise use Python, Go, nodejs, or something like that? Is it used for any
low-reliability areas?

~~~
doctor_eval
I understand that pl/pgsql, the sql function language of Postgres, is based on
Ada.

I quite like it.

~~~
Avamander
I've seen two huge webpages built with PL/PgSQL and I've never after or before
seen anything that would come close in terms of functionality, speed,
stability, flexibility and safety.

------
theamk
That's certainly one way to minimize amount of code in the system, making it
easier to review and presumably certify.

I feel that with more common languages, it is so easy to grab some open-source
library and use it without any code review whatsoever. Even if you prohibit
third-party code, there might still be some copy-paste from open source
projects and even Stack Overflow.

Mandating that everything is written in Ada language neatly prevents all this
stuff.

~~~
jolux
[https://stackoverflow.com/questions/tagged/ada](https://stackoverflow.com/questions/tagged/ada)

------
marsRoverDev
Airbus seems to use ADA mainly for drone software. Everything else is MISRA C,
or MISRA C with a layer of abstraction overlaid that allows for generation of
assembly from the same codebase as well.

~~~
Nokinside
The language used is less important than the development process as a whole,
including static analysis tool used to verify the code.

I believe Airbus uses Astree (abstract interpretation static analysis)
verified MISRA C. It's really good tool.
[https://www.absint.com/astree/index.htm](https://www.absint.com/astree/index.htm)

------
anderspitman
The first real programming task of my apprenticeship when I was 17 was porting
a Boeing Ada avionics project to C. Looking back years later that just feels
wrong.

~~~
micronian2
yes, that is a big step backward. One of the details that people don't realize
is that the Ada code probably had runtime checks inserted by the compiler to
help catch issues. In addition, the Ada code most likely restricted the set of
input values or prevented accidental mixing of different numerical values
using its strong type system. When you convert to C, you lose all of that. If
there is a code change down the road, you could have an error occur that might
have been caught by the Ada compiler at compile time, or if not then by an Ada
runtime check. Yes, testing has to be really good to minimize these cases, but
we all know it's difficult and very time consuming to develop test for every
possible combination. In addition, when you have to do code reviews, you have
to worry about a much wider range of possible bad values that can be passed
around which can screw up the results.

------
rbanffy
Can we also get a Rational R1000 to work with? ;-)

Looked impressive.

------
Autowired
To my shame I had never tried ADA before, but after a cursory look I find the
syntax similar to Oracle's PL/SQL, which evokes many bad memories. I am sure I
will be able to enjoy the language once I pass this barrier.

------
ggm
Pascal < modula < ada

~~~
pjmlp
Only the first ISO Pascal, ISO Extended Pascal is more in line with Modula-2.

There there are all the offsprings from UCSD Pascal and Object Pascal, and
same applies to Modula, with Modula-2+ and Modula-3.

~~~
ggm
I was a CS student at York University shortly after Wirth had a residency
there in the 1970s. Pascal of that time, was informative of Modula, but Modula
was more informing of ADA because it was still a candidate language model
going forward before Ichbiah's pick won out. The whole steelman process was
the backdrop to my comparative computer language courses

