Ada on ARM Cortex

Go To Last Post
85 posts / 0 new
Author
Message
#1
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

AdaCore recently released a GPL version of their ARM bare board Ada eco-system.

A how to:

Libre: Free Software and Open-Source Development with Ada (AdaCore)

Select "GNAT GPL" Expected: Download GNAT GPL and SPARK GPL Editions

Select the "Free Software or Academic Development" button.

Select the "Build Your Download Package" button at page bottom. Expected: "Select Configurations ..." in the title bar.

At mid-page, "Select your platform:" pull-down menu, select a combination of target (ARM ELF) and host (Linux or Windows) for "GNAT GPL 2014" (next pull-down menu). Expected: GNAT Ada GPL 2014

Select "GNAT Ada GPL 2014". Expected: Possible files in your download. These files are a readme, the install, and multiple source code archive files.

For each file in the download, select the box next to its file name. Expected: Each box contains a check mark.

At the page's bottom, select the download's "Bundle format:" radio button then select the "Download Selected Files" button. Expected: dependent on the web browser.

Notes: Based on GCC 4.7

Targets: ARM Cortex-M3, ARM Cortex-M4F, ARM Cortex-R4F.

Further information in the ARM Cortex-M4F part of the GNAT Cross User's Guide:

Q. Tutorial: Embedded ARM Ada Project (AdaCore, documentation, GNAT Pro User's Guide Supplement for Cross Platforms)

More:

GNAT GPL for Bare Board ARM (AdaCore, Libre)

Though 2 years old this demonstrates some of this post: Installing GNAT GPL Edition (AdaCore05 on YouTube)

"Dare to be naïve." - Buckminster Fuller

Last Edited: Sat. Nov 6, 2021 - 08:48 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Thanks, have you tried that? Any forums, experiences, discussions?

What I am especially interested in is debugging.
Or rather - writing Ada (on uC) is pointless without a decent debugger.
Unfortunately avr-ada does not debug at all..

I would like to know what kind of GDB-arm is there and what is/is not supported. The FAQ suggests some st-util to be used as GDB server, also only their GPS IDE is mentioned. The ideal scenario would be if I could just download the raw toolchain itself and use my own IDE with Mi (Eclipse + CDT), my own gdb server (OpenOCD) and any Cortex that lies around here.

No RSTDISBL, no fun!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
Thanks, have you tried that?
No.
Reason is current effort is for AVR with an eventual 32 bit remote support MCU; that was AVR32 UC3 but now considering SAM3 or SAM4 (programming in the large, etc., etc.)
So, you lead me by a kilometer or a mile!
Brutte wrote:
Any forums, experiences, discussions?
A review; though it's of the commercial version, the GPL version is likely close.
Ada 2012 Comes to ARM Cortex M3/M4 by Michael Silva (EmbeddedRelated, Apr 25 2014)
Operator support - for the commercial version there's GNAT Tracker.
Though I haven't interacted with AdaCore in quite sometime (some projects ago), AdaCore's commercial support was excellent; Q&A, problems identified as either bugs I created or in the compiler and such, RTOS/GNAT runtime "burp" oddity investigation (a defect somewhere, a relatively infrequent fault, but not a failure).
Don't know how it's done for GNAT GPL.
Brutte wrote:
Or rather - writing Ada (on uC) is pointless without a decent debugger.
:twisted:
Worked on one Ada on a MPU where the target was the equivalent of buttoned up behind cast aluminum.
Didn't even consider using a debugger; if so it would of been via a bus riser card, etc. (iow a headache in the making).
Did see the value of a debugger but via a target simulator that was created to run on the PC.
Used AdaCore GPS and their version of GDB on Windows.
Got the app working well on a PC, replaced the stubs with the target's code, rebuilt, burned it, ran.
Well ... almost; forgot a bus endian swap that was the obvious educated guess.
Brutte wrote:
Unfortunately avr-ada does not debug at all..
Here's a different take that uses GNAT GPL for AVR on an Arduino Mega 2560; it's GCC 4.5 though instead of AVR-Ada's GCC 4.7:
Adaino (GitHub)
In the readme that's displayed, go to the page bottom for " Using the Atmel mkII debugger to Arduino Mega".
Will add to Torby's AVR Ada thread.
Brutte wrote:
I would like to know what kind of GDB-arm is there and what is/is not supported.
Don't know how to answer that.
Could try downloading
gdb-7.7-gpl-2014-src.tar.gz 47.5 MB Mar 17, 2014
and browsing that.
Might be quicker to ask an GNAT ARM ELF operator like Michael Silva.
Brutte wrote:
... also only their GPS IDE is mentioned. The ideal scenario would be if I could just download the raw toolchain itself and use my own IDE with Mi (Eclipse + CDT),
I could not locate gnatbench in the list of GNAT ARM ELF source code files.
GNATbench is a part of GNAT GPL for platforms Linux and Windows.
GNATbench – Ada Plug-in for Eclipse (Libre, AdaCore)
Brutte wrote:
... my own gdb server (OpenOCD) and any Cortex that lies around here.
I can see the appeal.
GDB support usually appears first from the MCU manufacturers by their eco-systems.
An example is Atmel Studio's use of GDB for ARM Cortex-M.

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Quote:
A review; though it's of the commercial version, the GPL version is likely close.

(After some 4h struggling) I am finally debugging my first bare-metal STM32 blinky in Ada!

No RSTDISBL, no fun!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Well done!
And, thank you for this information.
IDE: Eclipse / GNATbench, or, AdaCore GPS?
If Eclipse, which plug-in(s)?
TIA

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

gchapman wrote:
Well done!

I had to run through examples for native compiler first just to have some basic experience on how all the Ada stuff works (although I do know Ada a little bit).
After that - there is an STM32F4-Discovery blinky example with tutorial included and it "blinks out of the box"!

gchapman wrote:
IDE: Eclipse / GNATbench, or, AdaCore GPS?

Unfortunately it is GPS right now. GPS is not that bad (it is usable) but it lacks tons of plug-ins and features that Eclipse offers.

I have downloaded the GNATBench (Eclipse plug-in for Ada, 163MB) and I have plans to give it a go in the evening.
vzgzb

EDIT: I have successfully installed and tried GNATBench for CDT, version 2.8.1.20140109.

My first step was to "Hello World" with native x86 compiler, I did some testing, debugging, etc.
Works very much like with any other toolchains I have tried.

    Compiling: no problems, Debugging: gdb, no surprises,
    Call stack: works,
    watch variables:checked,
    registers: a lot of them,
    memory view: fine,
    disassembly: looks ok,
    breakpoins: sure,
    stepping: F6,
    ..

I could not find any tutorials on GNATBench so I am currently trying to figure out how to control all the available settings/features.

I didn't try any cross compilers under Eclipse yet as I realized I have to (re)gain some Ada experience with x86 before I jump to embedded stuff with that.
l4djk

EDIT2: Ok, so the GNATBench plug-in comes with the tutorial :oops: It is integrated with Eclipse help system.
vjc4j

No RSTDISBL, no fun!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
I didn't try any cross compilers under Eclipse yet ...
http://docs.adacore.com/gnatbench-docs/src/running/executing_embedded_apps.html
That is sparse.

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Well, I am sure my STM32 would work under Eclipse more or less the same way as under GPS as this is just IDE but you know - embedded stuff is more challenging than x86. I think that simple Ctrl+C/V from GPS to Eclipse wouldn't work (or: I wouldn't learn much) as it requires at least a basic understanding of the toolchain.

The most problematic is debugging - Cortex M needs some Text.IO (semihosted or UARTed), exceptions must end up with some meaningful message on a console (or at least must halt a uC in a violating location when something went wrong). Add to that all toolchain settings, CRT, linker and alike.. I want to understand how underlying layer works, at least to the same extent as with gcc-arm-embedded toolchain I use.

Right now I have no bloody idea what a definite subtype is nor at what circumstances a constraint exception is raised..

This Ada compiler is very picky and verifies absolutely everything that can be verified. And even when the compilation passes - uC verifies everything again at run-time (that part is configurable).
rdzn5

EDIT: Here it is, a GDB session of Ada/Ravenscar running on STM32 under Eclipse (windoze version).

Attachment(s): 

No RSTDISBL, no fun!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

A press release:
AdaCore releases GNAT GPL for Bare Board ARM by Toni McConnel (embedded.com; July 30, 2014)
Two profiles: small footprint, Ravenscar.
Small footprint appears to be a subset of Ravenscar.
From a read of the complete press release (by "More information" at above URL):
- Dr. Pat Rogers (AdaCore) and the 20USD ARM boards.
- Dr. Uwe R. Zimmer (Australian National University) and "academia-affordable".

Runtime Profiles (AdaCore)
3. The Predefined Profiles (AdaCore, High Integrity Edition, Documentation)
Q. Tutorial: Embedded ARM Ada Project (AdaCore, GNAT Pro User's Guide Supplement for Cross Platforms)

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I would have thought that Ravenscar is to 'fluffy' to run on embedded (real life application)? As far as I remember from my uni days, Ravenscar includes select and tasks?

:: Morten

 

(yes, I work for Microchip, yes, I do this in my spare time, now stop sending PMs)

 

The postings on this site are my own and do not represent Microchip’s positions, strategies, or opinions.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

meolsen wrote:
I would have thought that Ravenscar is to 'fluffy' to run on embedded (real life application)?
Yes and no.
Worked on one embedded Ada application that used the zero footprint profile (ZFP) as that was more than adequate and was the best match amongst the available profiles at that time.
If a POSIX OS interface is available then a run-time that implements the complete profile, or the Ravenscar profile, can be relatively easy to create or port.
Otherwise, multiple instances of the Ravenscar profile have been created without POSIX, RTOS, or an operating system.
Two (or three) instances of ZFP for AVR and now two instances of Ravenscar for ARM Cortex (M3, M4, R4); no need to pull on one's bootstraps.
Now likely not enough demand for this on AVR32 UC3.
P.2 Porting the ZFP run-time library (AdaCore, P. Customized Ravenscar Library Topics, GNAT Pro User's Guide Supplement for Cross Platforms)
P.4 Porting the Ravenscar run-time library (AdaCore, ibid)
meolsen wrote:
As far as I remember from my uni days, Ravenscar includes select and tasks?
No and mostly yes.
"No select statements"
"No task entries (and thus no accept statements)"
and some more linked to possible characteristics of tasks.
3.5.1 Ada Restrictions in the Ravenscar Profiles (AdaCore, GNAT Pro User's Guide Supplement for GNAT Pro Safety-Critical and GNAT Pro High-Security, 3.5 The Ravenscar Profiles)

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

No RSTDISBL, no fun!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

And from there to:

http://www.ganssle.com/rants/ada...
http://www.ganssle.com/rants/ada...
http://www.ganssle.com/rants/ada...

Perhaps someone who knows and uses Ada on an AVR could show an LED flasher using a timer interrupt (say) as an example and point out what in it makes Ada "better" than C.

I have to admit it's not something I've ever really explored much beyond a Wiki page:

http://en.wikipedia.org/wiki/Ada...

and the examples.

Jack Ganssle seems to be suggesting the runtime range checking is a/the major plus. Is there more? And if range checking is the big plus then what's the overhead in generated assembly?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:
Perhaps someone who knows and uses Ada on an AVR could show an LED flasher using a timer interrupt (say) as an example ...
tkoskine, arduino-blog / examples / deep-sleep / main.adb by Tero Koskinen (on Bitbucket)
Browsing there to 'sleeper.adb' shows use of CTC.
Tero uses and modifies AVR-Ada (a variant of AVR GCC 4.7).

avr-timers.adb by Rego (on GitHub)
Rego's examples though are only USART.
Rego uses AdaCore GPL Ada for AVR (a variant of AVR GCC 4.5) in ...
"Adaino is a toolset written in Ada, to develop Ada applications on Arduinos on a host Windows machine."

clawson wrote:
... Ada "better" than C.
I agree with your use of quotes.
Each has its place.
Ada has a C interface package if one wants to use or reuse C; if one has a working wheel it's usually better (by fit/form/function/price/cost/schedule) to use it.
clawson wrote:
Is there more?
Technical Benefits (AdaCore, Libre, Ada Answers, Benefits and Features[/url]
One language not mentioned there is Python; an ARM Cortex-M instance of that is Micro Python.
Python is not for real-time but Python does have a C API.
Python/C API Reference Manual (Python 3)
clawson wrote:
And if range checking is the big plus then what's the overhead in generated assembly?
Which MCU architecture?
Which, if any, RTOS or OS?
Is POSIX available?
There is a sizing overhead and a timing overhead.
For timing, some Ada run-times use the architecture's hardware "exceptions" and some don't; some use interrupts and some don't; etc.
Zero-cost exceptions may be available and may be used.
Else, the fallback is usually what one uses in C (longjmp, etc.).
Multiple ways to create an Ada run-time.
"With 32 bits and many of these controllers have gobs of memory on board, Ada makes an awful lot of sense even for relatively small control applications." - Jack Ganssle
by the link in Brutte's post.
May be a moot point with 1 to 2 MB of flash and a core clock of 120 MHz (Atmel; faster by competitors).
Looks like a major Atmel competitor will have to keep up with the Jones' (come on MIPS / Imagination Technologies / you know who)
But not a Who as in Horton Hears a Who! (2008) (IMDb)

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

In particular I read

http://libre.adacore.com/adaansw...

but you could say almost all of that about C++. I'm still looking for what the "Ada advantage" is - is it purely this range checking thing or what?

I also looked at the example code but apart from the different syntax (which is quite "readable" in fact) I'm still looking for what would motivate one to make a move from C to Ada. Ganssle said it would reduce programming errors to 1/10th. That's a bold claim. I'm just not seeing how. He seemed to be suggesting that because the syntax is so "fussy" that getting something that will actually compile is such a challenge that you expend so much thought getting it right that the code itself is just bound to work. Is that it?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Quote:
is it purely this range checking thing or what?

What I have noticed is that there is a whole set of static(compile time) link(link time)and dynamic(run time) tricks that make Ada exceptional.
In theory you could also implement strict type checking, static range checking, exceptions on overruns, divisions by zero, interprocess communication, dynamic priorities, asynchronous change of flow, solve priority inversion etc in C/C++ but the point is that this is not standardised. With Ada that is a part of the language so you do not have to worry about those details.
So if you are looking for one definite advantage of Ada over C/C++ then you won't find it I am afraid.
The size of the Ada application is bigger than C? It uses more flash? Runs slower? I have heard that before when we were discussing advantages of asm over C..

No RSTDISBL, no fun!

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:
I'm still looking for what the "Ada advantage" is - is it purely this range checking thing or what?
Brutte wrote:
So if you are looking for one definite advantage of Ada over C/C++ then you won't find it I am afraid.
A computer language standard for concurrency; likely more if I searched.
Though the following is dated (it's based on Ada95 instead of Ada 2012) it may be worth a browse:
Ada-95: A guide for C and C++ programmers (Ada Home, Intellectual Ammunition Department)
As you can see, Ada aficionados can be a bit touchy having to break out the ammunition and such ;-)
C++11 and Ada 2012 - renaissance of native languages? by Quentin Ochem (Electronic Design; Jun 22, 2012)
is less dated and appears to be a summary.
Ada as a Second Language, Second Edition (December 1995) by Norman Cohen (McGraw-Hill Higher Education) is a great, though big, read; has excellent exercises.
Personally, 3 months of part-time reading and doing most of the exercises and I was up on Ada95.

"The following chart provides an overview of evolution of the major features of the Ada programming language." - Ada Comparison Chart (Ada 2012)

Most or maybe all of the features of Ada 2012 are present and standardized in other computer languages with Python being one of those.

Ada 2012 redux by Jack Ganssle (embedded.com; January 14, 2013) might answer some questions.

clawson wrote:
I'm still looking for what would motivate one to make a move from C to Ada. Ganssle said it would reduce programming errors to 1/10th. That's a bold claim. I'm just not seeing how.
For defects/KSLOC it's 1/7 per
Comparing Development Costs of C and Ada by Stephen F. Zeigler, Ph.D. (Rational Software Corporation; March 30, 1995; archive of Ada Information Clearinghouse); try "Why Does Ada Work Better Than C?".
The US's Ada Information Clearinghouse has EOL'd; seems that function, and Ada activity, has moved to Europe.
That's appropriate since the creator of Ada is in Europe and there's a lot of Ada development in Europe.
clawson wrote:
Is that it?
You REALLY need a language-sensitive editor for Ada.
You'll remember the well used parts of Ada but likely not the less used parts.
One reason for Ada is programming-in-the-large and Ada is large.
Your preferred Ada textbook will become well worn ;-)

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
... that make Ada exceptional.
Another is SPARK that's Ada used for formal methods.
Toyota has had an awful experience in US courts with their more recent ECUs.
Toyota is researching use of SPARK in Toyota ECUs.
If one doesn't want to use SPARK there's Frama-C.
Brutte wrote:
With Ada that is a part of the language so you do not have to worry about those details.
Still do because some of those problems are still possible; one problem is task starvation can occur.
A solution is to reduce the solution space by using a Ravenscar profile.
Brutte wrote:
The size of the Ada application is bigger than C? It uses more flash? Runs slower? I have heard that before when we were discussing advantages of asm over C.
Bemchmarking is iffy.
The best benchmark is of the algorithm that's the long pole in one's tent.
My experience with benchmarking Ada is dated (MPU instead of MCU, vehicle batteries instead of a coin cell, an old Ada compiler) and showed a wide variablilty in timing; iow sometimes significantly less and sometimes significantly more.

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

gchapman wrote:
Ada 2012 Comes to ARM Cortex M3/M4 by Michael Silva (EmbeddedRelated, Apr 25 2014)
Ada 2012 for ARM M3/M4 Released for Download by Mike Silva (EmbeddedRelated, Aug 4 2014)

Note:

  • Mike's custom motherboard

  • LED and LCD source code

  • Source code for registers and GPIO

  • Source code with an Ada task

 

 

 

"Dare to be naïve." - Buckminster Fuller

Last Edited: Thu. Sep 11, 2014 - 10:33 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
Any forums, experiences, discussions?
gchapman wrote:
Don't know how it's done for GNAT GPL.
"One can't get the level of support with the free versions of GNAT, but there is support on /r/ada, StackOverflow, and comp.lang.ada." by marc-kd at Boeing Flies on 99% Ada (reddit).

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 1

Brutte wrote:

Thanks, have you tried that? Any forums, experiences, discussions?

I've got a couple of blog posts up about it, starting with this one:

http://www.embeddedrelated.com/s...

 

I saw further on that you got it running - congrats.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:

...Ganssle said it would reduce programming errors to 1/10th. That's a bold claim. I'm just not seeing how. 

I can add a very personal datapoint.  I've done almost all of my embedded work in C, and encountered some vicious bugs during that time.  When I learned about Ada (not available on the HW I was using), I started tracking in my head "would this bug have happened in Ada?".  My conclusion over a large number of bugs is that the great majority would not have gotten past the Ada compiler (e.g. if a variable foo is defined as range 1..5, writing foo := 6 will generate a compiler error).  Those that did get past would almost always have been caught by the Ada runtime checking (which you can turn on and off on a per-variable basis, so it's not an all-or-nothing thing).  I had nasty pointer indirection bugs that took days or weeks to track down, that the Ada runtime would have identified in minutes.  My own data would easily support the 1/10 figure, especially as a figure of time spent fixing bugs.

 

On my embeddedrelated.com blog, mentioned in a previous post, I'm going to next post an example of this runtime checking.  The runtime catches a value going out of range and indicates on the device LCD the file name and line number where the error happens.  Pretty easy to debug after that!  In C or C++ you'd have to manually code all of those checks, and you'd never get them all right (not to mention that they would horribly clutter up the code, leading to even more errors).

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I have to disagree... compile-time checks like this (with a constant)

 (e.g. if a variable foo is defined as range 1..5, writing foo := 6

Treat a tiny few cases. The real time-wasting bugs occur at run-time with variables. And our small memory embedded (even on ARM M0/M3) prohibit run time bounds checking and exceptions. As does code speed needs.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

stevech wrote:

I have to disagree... compile-time checks like this (with a constant)

 (e.g. if a variable foo is defined as range 1..5, writing foo := 6

Treat a tiny few cases.

What are you disagreeing with?  Of course I gave a ridiculously simple example, but it is certainly the case that most Ada bugs are caught at compile time.

 

Quote:
The real time-wasting bugs occur at run-time with variables. And our small memory embedded (even on ARM M0/M3) prohibit run time bounds checking and exceptions. As does code speed needs.

And yet I have in front of me just such checking and exceptions, writing out file name and line number of the error-generating statement on the LCD display.  BTW, the compiler had first warned me that the statement could generate an error, but the compiler will not be able to determine that in every case.  And again, you don't HAVE to enable any runtime checking.  All, none, or something in between - it's all up to the programmer.

 

Ada has been used in military and space systems that had much less memory than the parts we can now buy for a few dollars.

 

Having another good embedded language available is a GOOD thing.  Having more choices is a GOOD thing.

 

Last Edited: Thu. Sep 11, 2014 - 05:15 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Having more languages is a very good thing.

I used Ada way back, when working in Defense - in the era where the US DoD was close to a mandate, subsequently dropped. The run time overhead was just too much. Perhaps OK when doing unit test.

 

I think Pascal is a good compromise in terms of computer science, but it never really escaped Academia. It was my first exposure to strongly typed languages.

Last Edited: Thu. Sep 11, 2014 - 05:35 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

stevech wrote:

Having more languages is a very good thing.

I used Ada way back, when working in Defense - in the era where the US DoD was close to a mandate, subsequently dropped. The run time overhead was just too much. Perhaps OK when doing unit test.

Unfortunately the technology wasn't up to the promise of the language back then.  I heard stories of unbelievably long compilation times, terrible code generation, etc.  Those stories (and the high cost of Ada tools then) put a hurt on the language that still hasn't gone away.  But that was 20-30 years ago - so much has changed.  Do people judge modern C++ based on C++ from 1983?

Quote:

I think Pascal is a good compromise in terms of computer science, but it never really escaped Academia. It was my first exposure to strongly typed languages.

Ada without runtime checks (ZFP - zero footprint) is a Really Modern Pascal-like Language. :)

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
In C or C++ you'd have to manually code all of those checks, and you'd never get them all right (not to mention that they would horribly clutter up the code, leading to even more errors).
"Apart from generating tests to ensure coverage, PathCrawler can be used to detect all run-time errors, anomalies such as uninitialized variables or integer overflows and unreachable code." - Frama-C

Try a snippet of some C in their on-line version.

What is Frama-C

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

In my experience, the toughest run-time bugs in embedded are related to preemption and concurrency - atomicity, deadlocks in semaphores/queues, and so on.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
Ada has been used in military and space systems that had much less memory than the parts we can now buy for a few dollars.
ESA contractors are using Ada on a hardened, and sometimes also fault tolerant, 32-bit application processor.

GNAT Pro Safety-Critical, Platforms, Bare Board ERC32 / LEON (AdaCore)

Leon3 (Aeroflex Gaisler)

Compilers (Aeroflex Gaisler)

Ada is on one CubeSat but as a host-to-host then a cross compiler; this because Ada is not available on that 16-bit MCU.

2013.B.1.1 Interplanetary High Reliability CubeSat Software with SPARK/Ada by Carl Brandon and Peter Chapin (Vermont Technical College, USA)

Note the peaceful use of Minuteman ICBM parts.

Software Components (CubeSat Laboratory, Vermont Technical College)

CubeSat Kit, Datasheets (I don't recall any Ada compilers for any of the MCUs there)

Edit: added "Software Components".

"Dare to be naïve." - Buckminster Fuller

Last Edited: Thu. Sep 18, 2014 - 02:23 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

stevech wrote:
I used Ada way back, when working in Defense - in the era where the US DoD was close to a mandate, subsequently dropped. The run time overhead was just too much.
An opposite experience but that was on 32-bit MPUs, DRAM, SCSI mass storage, hardware watchdogs, mechatronics, etc.

stevech wrote:
Perhaps OK when doing unit test.
Similar.

Ported a non-Ada application from a 16-bit MPU to Ada on a 32-bit MicroVAX, ran tests with the goal of identiying common bugs, found some bugs, fixed the original application.

stevech wrote:
... escaped Academia.
Like herding cats.

"Herding Cats" Super Bowl Sunday Super Bowl Ad NFL (YouTube)

Seriously, there's a need for the research that won't see day light for a decade to two; the principle of the incubator.

"Dare to be naïve." - Buckminster Fuller

Last Edited: Thu. Sep 11, 2014 - 11:31 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
Ada without runtime checks (ZFP - zero footprint) ...

It is possible to raise the predefined Ada exceptions, as well as user-defined exceptions and handle them locally.

3.2.6 Exceptions and the Last Chance Handler - ZFP and Ravenscar SFP (AdaCore, GNAT Pro User's Guide Supplement for GNAT Pro Safety-Critical and GNAT Pro High-Security: The Predefined Profiles)

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

gchapman wrote:

 

kk6gm wrote:

Ada has been used in military and space systems that had much less memory than the parts we can now buy for a few dollars.

ESA contractors are using Ada on a hardened, and sometimes also fault tolerant, 32-bit application processor.

 

GNAT Pro Safety-Critical, Platforms, Bare Board ERC32 / LEON (AdaCore)

Leon3 (Aeroflex Gaisler)

Compilers (Aeroflex Gaisler)

Ada is on one CubeSat but as a host-to-host then a cross compiler; this because Ada is not available on that 16-bit MCU.

2013.B.1.1 Interplanetary High Reliability CubeSat Software with SPARK/Ada by Carl Brandon and Peter Chapin (Vermont Technical College, USA)

Note the peaceful use of Minuteman ICBM parts.

CubeSat Kit, Datasheets (I don't recall any Ada compilers for any of the MCUs there)

As well as the then-ubiquitous MIL-STD-1750A, a 16-bit design that could directly address only 64k words, more with bank switching.  Ada 83 and 95 was often used on this device.

Last Edited: Fri. Sep 12, 2014 - 12:36 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

had nasty pointer indirection bugs that took days or weeks to track down, that the Ada runtime would have identified in minutes.

Can you give more detail of that - I'd really like to understand more about this?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:

had nasty pointer indirection bugs that took days or weeks to track down, that the Ada runtime would have identified in minutes.

Can you give more detail of that - I'd really like to understand more about this?

Well, it's been about 15 years now, but it was a specialized PLC that took a downloaded program and generated lots of pointers to functions and data objects.  In Ada you don't use pointers nearly so much, you tend to use array indexes, and like all discrete types you can specify the valid range of array indexes, and any attempt to access an array with an index out of bounds will generate (if you have enabled this) a runtime exception.  Catch that exception and you know immediately where the bad access originated, before you've fetched and worked with invalid data and gone down the rabbit hole.

 

In Ada you almost never just work with an Integer, you specify the bounds of integers and work with those types (and subtypes of those types, which may be constrained even further).  The compiler will generate checks wherever such a value is assigned or used, if it cannot already know that the value is legal.

 

Another type of check performed is for integer overflow/underflow.  I've seen bugs where intermediate values overflowed/underflowed, thus trashing the results.  Sometimes those bugs can live in code for years because the values that cause the OVF/UNF are unusual, and all you get from the field is a report that the software screwed up.  In Ada you'd see (or the field guys would tell you) that suddenly the software reported a constraint error in file goober.adb, line 345, and that line would be where the OVF/UNF occurred, not far later when the bad resultant value caused a crash.

 

Sometimes people respond with "yeah, but you can put those checks in C or C++ code too."  Well, they don't.  Maybe for space/military code, but not for any code I've ever seen.  In addition, manually writing code for checking just opens you up to more sources of programming error, which the compiler is not subject to (ignoring the rare case that the compiler check-writing code itself may have a bug it it).  Further, cluttering the code with checks everywhere leads to very hard to read code.  I've seen code e.g. for an RTOS that had so many #ifdefs and #asserts that it was nearly impossible to follow the flow of the code.

 

And none of this even touches on the contracts now available on Ada 2012, or on SPARK, which is built on top of Ada.

 

A British MoD study that found that code certified to DO-178B written in Ada had 1/10 the "significant safety-critical errors" of DO-178B certified code written in C, and code written in SPARK had 1/100 the errors of DO-178B certified code written in C.  This included code developed to the highest level, Level A.

 

There was an ACM article about "My Hariest Bug War Stories" and of the 17 bugs discussed, an analysis showed that 15 of them could not have happened in Ada.

 

I'll just finish by saying that I much prefer writing code in Ada.  It feels more like writing pseudo-code, where you just express what should happen, rather than trying to convert what should happen into instructions for the portable assembler known as C.  This is often discussed as working in the problem space vs. working in the solution space.  Ada lets programmers work much more in the problem space, and that is far more enjoyable.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
In C or C++ you'd have to manually code all of those checks, and you'd never get them all right (not to mention that they would horribly clutter up the code, leading to even more errors).

Q: What is a typical error that can be detected with runtime analysis? 
A: Out of bounds, arithmetical errors and memory inconsistency errors.

http://www.iar.com/Products/C-RUN/C-RUN-FAQ/

This is for IAR EWARM.

"Dare to be naïve." - Buckminster Fuller

Last Edited: Sat. Sep 13, 2014 - 06:47 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

gchapman wrote:

 

kk6gm wrote:

In C or C++ you'd have to manually code all of those checks, and you'd never get them all right (not to mention that they would horribly clutter up the code, leading to even more errors).

 

Q: What is a typical error that can be detected with runtime analysis? 
A: Out of bounds, arithmetical errors and memory inconsistency errors.

http://www.iar.com/Products/C-RUN/C-RUN-FAQ/

This is for IAR EWARM.

 

Also from the FAQ: 

By inserting test code into an application, a runtime analysis tool can find real and potential errors in the code...

So, you put the checks in yourself, or you buy an app that puts them in as an additional step.  OK.  Nobody is arguing that you can't bolt stuff onto C/C++, using additional apps and additional steps, that helps detect additional errors.  As a longtime user of C and C++, it's still lipstick on a pig, IMO.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

gchapman wrote:

 

kk6gm wrote:

In C or C++ you'd have to manually code all of those checks, and you'd never get them all right (not to mention that they would horribly clutter up the code, leading to even more errors).

 

Q: What is a typical error that can be detected with runtime analysis? 
A: Out of bounds, arithmetical errors and memory inconsistency errors.

http://www.iar.com/Products/C-RUN/C-RUN-FAQ/

This is for IAR EWARM.

 

Also from the FAQ: 

By inserting test code into an application, a runtime analysis tool can find real and potential errors in the code...

So, you put the checks in yourself, or you buy an app that puts them in as an additional step.  OK.  Nobody is arguing that you can't bolt stuff onto C/C++, using additional apps and additional steps, that helps detect additional errors.  As a longtime user of C and C++, it's still lipstick on a pig, IMO.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Umm, stupid forum software won't let me delete an accidental double post...

Last Edited: Sat. Sep 13, 2014 - 07:17 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Off by one error?

 

<innocent whistling>

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

barnacle wrote:

Off by one error?

 

<innocent whistling>

Dunno, give some real world examples...

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Sometimes people respond with "yeah, but you can put those checks in C or C++ code too."  Well, they don't.

You pre-empted what I was going to say. You can use arrays rather than pointers in C and you can bounds check the array indices with assert() or validate().

 

You say "they don't" - on the whole, we do ;-)

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:

Sometimes people respond with "yeah, but you can put those checks in C or C++ code too."  Well, they don't.

You pre-empted what I was going to say. You can use arrays rather than pointers in C and you can bounds check the array indices with assert() or validate().

 

You say "they don't" - on the whole, we do ;-)

Well, on the whole...

 

I don't think it's humanly possible to put proper checks in all the required places in any but the most trivial piece of software.  I think only a compiler or other tool could hope to get that right.

 

EDIT: And when the programmer is in charge of putting in such checks, that is a loss of productivity, another potential source of error, and a cluttering of the code.

 

Last Edited: Mon. Sep 15, 2014 - 05:34 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Well surely the Ada programmer thinks just as equally hard when he writes:

define x = 1 .. 5;

(or whatever the actual syntax is) as the C programmer does when he writes:

assert((x > 0) && (x < 6));

in fact the C programmer could wrap this up in something like:

#define check_range(x, lo, hi) assert((x > (lo -1)) && ((x < (hi + 1)))

then just use:

check_range(x, 1, 5);

(well, OK, I haven't thought too hard or tested that - I need to stringify x or something - but I think you get the idea?).

 

However I do see the difference in the C programmer having to explicitly add the checks while in Ada it's implicit. I guess that's nice. (bit like _flash versus PROGMEM ;-)

Last Edited: Tue. Sep 16, 2014 - 12:54 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

gchapman wrote:
Ada is on one CubeSat but ...

Vermont Tech's CubeSat is in orbit and sending down photos and data

http://www.adacore.com/uploads/newsletter/spring-summer-2014.pdf (721KB, go to page 2)

 Photo of earth from Vermont Technical College’s CubeSat - Ada Resource Association

http://www.adaic.org/2014/03/photo-vtc-cubesat/

"Dare to be naïve." - Buckminster Fuller

Last Edited: Tue. Sep 23, 2014 - 11:07 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:
Is there more?
Not an answer but a creation.

The Muen Separation Kernel

via http://www.adacore.com/uploads/newsletter/spring-summer-2014.pdf (721KB, page 1, Muen Separation Kernel developed using SPARK and GNAT)

An alternative to Muen Separation Kernel is OKL4 from Open Kernel Labs.

http://www.ok-labs.com/faq#whatProcessorsAreSupported

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
Right now I have no bloody idea what a definite subtype is nor at what circumstances a constraint exception is raised..

“Programming in Ada 2012″ is now available

brukardt

http://www.adaic.org/2014/06/programming-in-ada-2012/

"(of ever expanding size!)"

It's shipped at 4.4lb (2kg).

Don't drop it on your foot wink

http://www.cambridge.org/be/academic/subjects/computer-science/software-engineering-and-development/programming-in-ada-2012

"Dare to be naïve." - Buckminster Fuller

Last Edited: Tue. Sep 23, 2014 - 11:52 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

gchapman wrote:
... though it's of the commercial version, the GPL version is likely close.
The press release for the commercial version:

AdaCore Releases GNAT Pro Safety-Critical for ARM Processors

Ada now available for popular bareboard platform

NEW YORK, PARIS and NUREMBERG, Germany, February 27, 2013 – Embedded World Conference

https://www.adacore.com/press/gnat-pro-safety-critical-for-arm/

The following tools are in GNAT Pro and not in GNAT GPL:

  • Static analysis (stack, metrics, coding standard)
  • Unit testing that extends GPL AUnit (Ada unit testing framework)
  • Ada source code to XML
  • SQA
  • Customer support

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
The ideal scenario would be if I could just download the raw toolchain itself and use my own IDE with Mi (Eclipse + CDT), my own gdb server (OpenOCD) and any Cortex that lies around here.
OpenOCD on Windows and Atmel SAM4S Xplained Pro are mentioned in

AdaCore

GNAT Pro Insider

Autumn-Winter 2015

...

  • Newsflash

http://www.adacore.com/uploads/newsletter/GNAT_Pro_Insider_Autumn-Winter_2014-2015.pdf (866kB, go to page 6)

GNAT Industrial User Day 2014

...

Topics included Ada 2012, Ravenscar and SPARK running on an Atmel ARM M4 using a Tetris example, ...

...

The slides from the event are available online at https://www.adacore.com/gnatpro-day/2014-gnatpro-day-slides

  • Go to the second presentation titled "Ada 2012, Ravenscar and SPARK running on an Atmel ARM M4 (Tetris Example)" presented by Quentin Ochem.
  • First 9 of 31 slides for SAM4S and Tetris.

http://www.atmel.com/tools/ATSAM4S-XPRO.aspx 

http://www.atmel.com/tools/ATOLED1-XPRO.aspx

SourceForge

OpenOCD 0.8.0 release « Open On-Chip Debugger

April 27th, 2014 at 12:39 pm

http://openocd.sourceforge.net/2014/04/openocd-0-8-0-release/

...

Flash Layer:

  • ...
  • Atmel SAM4L, SAMG5x support.
  • Atmel AT91SAM3SD8[a,b], AT91SAM3S8[a,b,c], AT91SAM4S, AT91SAM3N0[a,b,0a,0b] support, bugfixes.
  • Atmel SAMD support.
  • ...
  • More ATmega parts supported.
  • ...

Board, Target, and Interface Configuration Scripts:

  • ...
  • Atmel Xplained initial support.
  • ...

Server Layer:

  • Auto-generation of GDB target description for ARMv7-M (XML support in GDB is mandatory for this architecture now), ARM4, nds32, OR1K, Quark.
  • GDB File-I/O Remote Protocol extension support.
  • Default GDB flashing events handlers to initialise and reset the target automatically when “load” is used.

...

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

clawson wrote:
Is there more?
In the context of security for medical devices and the importance of selecting a computer language :

AdaCore

GNAT Pro Insider

Autumn-Winter 2015

http://www.adacore.com/newsletter/autumn-winter-2015

...

  • Workshop on Medical Device Software Security

http://www.adacore.com/uploads/newsletter/GNAT_Pro_Insider_Autumn-Winter_2014-2015.pdf (866kB, go to the bottom of page 4, right column)

...

The workshop identified a number of memory safety errors: buffer overflow, null pointer dereference, pointer usage after being freed (“dangling reference”), use of uninitialized memory, and illegal free (i.e., freeing an already-freed pointer or a non-malloced pointer).

The full Ada language prevents the first two errors and with appropriate encapsulation of uses of Unchecked_Deallocation can also prevent dangling references and illegal free.
...

Edit : additional URL.

"Dare to be naïve." - Buckminster Fuller

Last Edited: Fri. Mar 6, 2015 - 05:30 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

 

No malloc()/free() on small/embedded micros, in most professional endeavors.

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

True though seems most medical devices software is no longer small and no longer on typical embedded MCUs;

can recall an article about porting a medical device application from multiple 8bit MCUs (IIRC Z80) to a single MCU.

If an application works on Linux or OS X or Windows, port it (different OS, different CPU).

Re-use of the data protocols and security protocols means more memory, I/O, and CPU.

Severe reliability and security requirements may move an application onto proven micro-kernels; therefore, away from no memory protection unit (MPU), no MMU, and onto some compute iron.

Wouldn't be surprised if most medical devices have been re-ported well away from 8 bit and 16 bit MCUs.

The medical device security aspect is a concern due to the required connectivity with operators.

Most physicians, physician assistants, and nurses can or do operate medical devices by a remote data stream.

Nurses really need that data stream to and from their workstation.

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Brutte wrote:
After that - there is an STM32F4-Discovery blinky example with tutorial included and it "blinks out of the box"!

Electronic Design

ARMed and Ready

Sep 19, 2014

http://electronicdesign.com/dev-tools/armed-and-ready

...

I have also been successful in porting it to the STM32F417 Evaluation board and to the STM32F429 Discovery board. 

...

Ada on this 429 board is very nice!

...

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ada on an Atmel SAM3X8E :

Inspirel banner

Ada on ARM Cortex-M

tutorial with Arduino Due examples

http://www.inspirel.com/articles/Ada_On_Cortex.html

The URL sequence to the above :

Planet Ada

http://planet.ada.wtf/

Ada Resource Association

Ada Information Clearinghouse

Learning websites recently added

by brukardt

May 5 2015

http://www.adaic.org/2015/05/websites-recently-added/

Other :

Arduino

Arduino Due

http://www.arduino.cc/en/Main/ArduinoBoardDue

Inspirel banner

About Us

http://www.inspirel.com/about_us.html

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Ada on a Texas Instruments ARM Cortex-R4F, the RM46L852 (dual ARM Cortex-R4F, ECC flash, ECC local SRAM, FPU, MPU, 16-bit EMIF) :

Hackaday

Ada on an RM46 launchpad

A safety language on a safety processor.

https://hackaday.io/project/6178-ada-on-an-rm46-launchpad

(approx. 08-June-2015)

It's a Work-In-Progress though well along.


Texas Instruments

Hercules RM46x LaunchPad (LAUNCHXL2-RM46)

http://www.ti.com/ww/en/launchpad/launchpads-hercules-launchxl2-rm46.html

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

AdaCore

Press

AdaCore Introduces GNAT GPL 2015 for the Raspberry Pi 2

Latest version of AdaCore cross-development environment targets students and other developers of nonproprietary software

New York City and Paris, Sep 1, 2015

https://www.adacore.com/press/adacore-introduces-gnat-gpl-2015-for-the-raspberry-pi-2

...

With the release of GNAT GPL for Bare Board ARM in 2014, an implementation on the Raspberry Pi 2 running Linux on ARM was a natural follow-up

...

Raspberry Pi Foundation

Raspberry Pi 2 Model B

https://www.raspberrypi.org/products/raspberry-pi-2-model-b/

...

  • A 900MHz quad-core ARM Cortex-A7 CPU

...

"Dare to be naïve." - Buckminster Fuller

Last Edited: Sat. Sep 19, 2015 - 11:19 AM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
... and code written in SPARK had 1/100 the errors of DO-178B certified code written in C.

The AdaCore Blog

New Book About SPARK 2014

by Yannick Moy

Sep 13, 2015

http://blog.adacore.com/new-book-about-spark-2014

...

Prof. John McCormick from University of Northern Iowa and Prof. Peter Chapin from Vermont Technical College have written a truly essential book for getting up to speed with formal verification using SPARK.

...

I see this book as a glorified User's Guide to SPARK, and I recommend it to anybody who either wants to have a first look at SPARK, or actually starts using it for real.

...

For those in academia who would like to teach SPARK, the book is ideally structured with a summary and exercises closing each chapter.

...

You may also get a free copy of the book from Cambridge University Press to evaluate it for your course (see the publisher's webpage).

...

Cambridge University Press logo

Programming Languages and Applied Logic

Building High Integrity Applications with SPARK

http://www.cambridge.org/us/academic/subjects/computer-science/programming-languages-and-applied-logic/building-high-integrity-applications-spark

  • Date Published: August 2015

Building High Integrity Applications with SPARK

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The AdaCore Blog
Make with Ada: Formal proof on my wrist
by Fabien Chouteau
Nov 10, 2015
http://blog.adacore.com/make-with-ada-formal-proof-on-my-wrist
When the Pebble Time kickstarter went through the roof, I ...
https://www.pebble.com/pebble-time-smartwatch-features
...
Binding the C API to Ada
...
To use this binding I decided to port the formally proven Tetris written in SPARK by Yannick and Tristan.
...
The formal proof is focused on things that are impossible to test, in our case, the game system.
Can you think of a way to test that the code will reject invalid moves on any piece, in any orientation, at any position and for every board state possible (that's trillions or quadrillions of combinations)?  
...
This application was released on the Pebble app store under the name of PATRIS, and as of today more than 660 users downloaded it.
...
Persistent storage
...
Sources
...
(YouTube video)
...


Pebble watch from Santa - loving it already

by clawson

https://www.avrfreaks.net/forum/pebble-watch-santa-loving-it-already

"Dare to be naïve." - Buckminster Fuller

Last Edited: Thu. Nov 19, 2015 - 01:12 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

EE Times

Bringing Ada and GNAT to DIYers on Raspberry Pi

by Bernard Cole, Contributing Editor
9/15/2015 00:01 AM EDT

http://www.eetimes.com/author.asp?section_id=36&doc_id=1327687

The latest version of the AdaCore cross-development environment for Raspberry Pi 2 micro-PC allows students and other DIY developers to do software development in Ada, C, C++ or any combination of these.

...

"understanding just a single language promotes solutions that only approach a problem from a single perspective.

Knowing multiple languages allows the problem to be looked at from a variety of perspectives so that multiple solutions can be compared and the most natural solution for the problem can be selected."

- Greg Gicca, currently director of marketing at Verocel, previously director of safety and security product marketing at AdaCore

...

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The AdaCore Blog

Porting the Ada Runtime to a new ARM board

Jan 12, 2016

by Jérôme Lambourg (senior engineer, AdaCore)

http://blog.adacore.com/porting-the-ada-runtime-to-a-new-arm-board

...

Final words and refinements

...

Although part of the initial run-time for the STM32F429-Disco is delivered with GNAT, it is not necessarily well optimized (some missing interrupts and a non-optimal clock speed in particular).

So I included the sfp and full ravenscar run-times for it as well in the final source packages.

...

To go further in customized run-time, you can refer to the following documentation: ...

Attachments

...

  • STM32F429I-Discovery
  • STM32F469I-Discovery

  • STM32F746G-Discovery

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

AdaCore

Public Ada Training

https://www.adacore.com/public-ada-training/

April 11-15, 2016

UK Yeovil, US NYC

... hands-on lab sessions using the latest AdaCore tools and the STM32F4 Discovery Board, introduces software developers to the principal features of the Ada language with a special focus on embedded systems.

...

No previous Ada experience is required.

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

IoT content from Electronic Design

Comparing Ada and C

Both languages approach the reliability vs. efficiency tradeoff from different angles, but each has a place in embedded-systems programming.

Jan 27, 2016

by (AdaCore, Senior Technical Staff)

http://electronicdesign.com/iot/comparing-ada-and-c

...

"I am using it on more than two dozen different ARM boards and love having tasking without a separate RTOS and not having to spend near as much time with a debugger." - Jerry Petrey

...

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Fascinating. Has anyone seen an Ada file system? Pretty much eliminates the need for an operating system.

 

Imagecraft compiler user

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

bobgardner wrote:
Has anyone seen an Ada file system?
Partially; AdaCore has some packages that improve file system speed and abstract the file system for portability between operating systems (virtual files).

I have not used those but instead the usual method via Ada Text_IO (Ada -> complete Ada run-time -> RTOS or OS).

bobgardner wrote:
Pretty much eliminates the need for an operating system.
Dependent on the Ada run-time as described in its Footprint Profile.

For most embedded systems that don't have the Ada run-time on an RTOS there's either no file system (Zero Footprint Profile or ZFP) or a minimal one.

For ZFP, some ways around are :

  • RTOS - the Ada procedure and its ZFP run-time in a process, thread, or task within an RTOS; to and from the file I/O via the RTOS messaging or mailbox functions and Ada's C interface package.
  • C library - via Ada's C interface if the C library is per the pre-conditions for ZFP.

Otherwise, a typical GCC-based Ada has the Ada run-time on POSIX.

Therefore, a reasonably complete file system is available via an OS or some RTOS; an example is the port to Raspberry Pi 2.

 


http://libre.adacore.com/developers/documentation

http://libre.adacore.com/tools/gnat-component-collection/

Logo

GNATColl 17.0w documentation

6. Mmap: Reading and Writing Files

http://docs.adacore.com/gnatcoll-docs/mmap.html

...

GNATColl’s GNATCOLL.Mmap package provides a high-level abstraction on top of the mmap system call.

...

Logo

GNATColl 17.0w documentation

13. VFS: Manipulating Files

http://docs.adacore.com/gnatcoll-docs/vfs.html

...

13.3. Virtual files

...

Logo

GNAT User's Guide Supplement for GNAT Pro Safety-Critical and GNAT Pro High-Security 17.0w documentation

4. The Predefined Profiles

http://docs.adacore.com/gnathie_ug-docs/html/gnathie_ug/gnathie_ug/the_predefined_profiles.html

 http://www.adacore.com/press/adacore-introduces-gnat-gpl-2015-for-the-raspberry-pi-2/

 

"Dare to be naïve." - Buckminster Fuller

Last Edited: Mon. Mar 28, 2016 - 06:56 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Libre

Libre News

http://libre.adacore.com/news/

GNAT and SPARK GPL 2016 released!

New board support :

https://github.com/AdaCore/Ada_Drivers_Library/tree/master/boards/OpenMV2

OpenMV

Small - Affordable - Expandable

Machine Vision with Python!

About

https://openmv.io/about/

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

ARM Connected Community

Embedded: Ada Driver Library for ARM Cortex-M/R...

by Fabien Chouteau (AdaCore)

Jul 8, 2016

https://community.arm.com/groups/embedded/blog/2016/07/08/ada-driver-library

... (STM) with the intent of supporting additional Cortex-M and Cortex-R vendors in the future.

...

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The AdaCore Blog

GNAT GPL 2017 is out!

by Pierre-Marie de Rodat, Nicolas Setton

Jun 15, 2017

http://blog.adacore.com/gnat-gpl-2017-is-out

...

 

This release supports the ARM ELF bare metal target, hosted on Windows and Linux, as well as the following native platforms:

  • Mac OS (64 bits)
  • Linux (64 bits)
  • Windows (32 bits)

 

The GNATemulator technology has been added to the bare metal target, making it easier to develop and test on those platforms.

The compiler toolchain is now based on GCC 6. The native runtime comes with a Zero Foot Print runtime, and the ARM ELF compiler comes with runtimes for a variety of boards, including support for the Raspberry Pi 2.

The latest version of the GPS IDE comes with many bug fixes and enhancements, notably in the areas of debugger integration and support for bare-metal development.

...


http://libre.adacore.com/

http://docs.adacore.com/gnatemulator-docs/arm-elf-example.html

https://github.com/AdaCore/embedded-runtimes

http://libre.adacore.com/tools/gps/

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Libre has been folded into AdaCore.

AdaCore

Community
https://www.adacore.com/community

The Ada community is passionate about building dependable, high-integrity software.

...

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The AdaCore Blog

GNAT Community 2018 is here!

by Emma AdbyFabien Chouteau

Jun 26, 2018

https://blog.adacore.com/gnat-community-2018

...

 

What’s new?

 

BBC micro:bit first class support

We decided to adopt the micro:bit as our reference platform for teaching embedded Ada and SPARK. We chose the micro:bit for its worldwide availability, great value for a low price and the included hardware debugger. You can get one at:

...

 

RISC-V support

...

 

Find SPARK included in the package by default

...

 

Windows 64bit is finally here

...

 

Arm-elf hosted on Mac

...

P.S.

Another US source for BBC micro:bit is SparkFun via Mouser.

micro:bit - SparkFun Electronics

https://www.sparkfun.com/categories/284

https://www.mouser.com/new/sparkfun/sparkfun-bbc-microbit/

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The AdaCore Blog

Ada on the micro:bit

by Fabien Chouteau

Feb 26, 2018

https://blog.adacore.com/ada-on-the-microbit

Updated July 2018

...

 

In the meantime, here is an example of the kind of project that you can do with Ada on the Micro:Bit

[video 3m47s]

[open the video's comments to see the reply from Wintergatan]

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

I guess this whole thread started before there was an ARM Cortex forum - but should it now be moved to the ARM Cortex forum ... ?

 

Top Tips:

  1. How to properly post source code - see: https://www.avrfreaks.net/comment... - also how to properly include images/pictures
  2. "Garbage" characters on a serial terminal are (almost?) invariably due to wrong baud rate - see: https://learn.sparkfun.com/tutorials/serial-communication
  3. Wrong baud rate is usually due to not running at the speed you thought; check by blinking a LED to see if you get the speed you expected
  4. Difference between a crystal, and a crystal oscillatorhttps://www.avrfreaks.net/comment...
  5. When your question is resolved, mark the solution: https://www.avrfreaks.net/comment...
  6. Beginner's "Getting Started" tips: https://www.avrfreaks.net/comment...
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

No as AdaCore Community doesn't have much SAM (SAM 4S, SAM G55)

An advantage of a thread move would be to make it public by moving it out of the private Off Topic sub-forum.

 

https://github.com/AdaCore/bb-runtimes/tree/community-2018/arm/sam

via https://www.adacore.com/community

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

in addition to GNAT Community 2018, today's e-mail has :

...

 

Learn.adacore.com

As an added bonus to this year’s GNAT Community 2018 release, we are very happy to announce the launch of learn.adacore.com, an interactive learning platform designed to teach the Ada and SPARK programming languages!

This new website is designed for individuals who want to get up and running with Ada/SPARK, and also for teams or teachers looking for training or tutorial material. Read more about it here.

Feeling inspired and want to start Making with Ada today? Get started early for this year’s Make With Ada Competition! https://www.makewithada.org/

 

...

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Is AdaCore seeing much Ada being used on ARM, including the smaller M parts?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
Is AdaCore seeing much Ada being used on ARM, ...
A guess is a relative yes as AdaCore recently added several levels to their GNAT Pro product including a reduced price developer version (arm, RISC-V); 'relative' as PowerPC was primary (avionics, vehtronics, mechatronics)

kk6gm wrote:
... including the smaller M parts?
Yes at least for GNAT Community 2018 and arm Cortex-M0 (BBC micro:bit); 2017 and earlier was mostly on ST arm Cortex-M development boards.

 


AdaCore​

GNAT Pro Comparison

https://www.adacore.com/gnatpro/comparison

Electronic Design

Electronic Design

GNAT Pro Developer Cuts Ada, SPARK Development Costs

The affordability of AdaCore’s GNAT Pro Developer opens the door to more programmers who’d like to take advantage of Ada and SPARK.

by William Wong

Dec 07, 2017

https://www.electronicdesign.com/embedded-revolution/gnat-pro-developer-cuts-ada-spark-development-costs

...

AdaCore recently revamped and partitioned the product line into four editions: GNAT Pro Assurance, GNAT Pro Enterprise, GNAT Pro Developer, and the free, open-source GNAT Pro Community.

...

 

Developer and Community

The new Developer edition targets new Ada and SPARK developers.

...

Its pricing is on par with commercial C/C++ development suites. It provides direct support and access to the continuous patched releases. The community edition gets updated, but with a longer update cycle [1y].

...

All editions support bare-metal Arm platforms as well as embedded Linux. And all but the Community edition support QNX. This is significant, since QNX is used in high-reliability and safety application areas such as automotive.

...

Companies looking to develop safe, secure, bug-free code for their applications should consider the advantages of using Ada and SPARK. Getting started is now more economical.

 

arm Cortex-M1 in FPGA :

https://github.com/AdaCore/bb-runtimes/tree/community-2018/arm/igloo

https://www.microsemi.com/product-directory/fpgas/1689-igloo#igloo-e

 

nRF51 (arm Cortex-M0) on BBC micro:bit :

https://github.com/AdaCore/bb-runtimes/tree/community-2018/arm/nordic

https://www.nordicsemi.com/eng/Products/Bluetooth-low-energy/nRF51822

 

Edit : 2nd URL

 

"Dare to be naïve." - Buckminster Fuller

Last Edited: Fri. Jul 27, 2018 - 10:50 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Electronic Design

Electronic Design

You Can Now Learn SPARK and Ada Online

AdaCore’s "learn.adacore.com" site teaches Ada and SPARK programming using interactive sessions.

by William Wong

Jul 26, 2018

https://www.electronicdesign.com/embedded-revolution/you-can-now-learn-spark-and-ada-online

...

If you like some heavy reading, then check out John Barne’s Programming in Ada 2012. This rather hefty book is in depth and a useful reference, but not a great idea for novice Ada programmers.

Instead, I recommend AdaCore’s new learn.adacore.com website (Fig. 1)

...

The Ada and SPARK courses are extensive but not exhaustive.

...

[AdaCore's CWE mitigations]

...

 

P.S.

Using programming languages like C and C++ to develop these types of applications [safe, secure, and reliable], so that developers can improve the quality of their code, usually means relying on additional software such as static-analysis tools.

lint and assert go a long way at zero price and low cost.

Static-analysis tools may implement software development process requirements for safety and/or security.

 

P.P.S.

Ada and it subset, SPARK, incorporate most features addressed by static-analysis tools.

One of the Ada static-analysis tools :

https://www.adacore.com/codepeer

 


What is "Static Code Analysis"?

by ka7ehk

https://www.avrfreaks.net/forum/what-static-code-analysis

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

GNAT Community 2019 is here! - The AdaCore Blog

by Nicolas Setton

Jun 05, 2019

...

  • RISC-V hosted on Linux

  • ARM 32 bits hosted on 64-bit Linux, Mac, and Windows

...

 

Check out the README for some additional platform-specific notes.

[macOS - Xcode 10 or subsequent is required, OpenSUSE - an ld correction, Linux - a udev USB how to]

 

...

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Do you know if the CCG (Common Code Generator), that translates an Ada subset into C, is available in the community version?

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

Not available in GNAT Community Edition though CCG should be in GNAT Pro Developer as that can also build C.

Haven't inquired the price of GNAT Pro Developer though it was created to reduce the gap between GNAT Community Edition and GNAT Pro Enterprise (that's expensive)

 

1. Getting Started — GNAT Pro Common Code Generator User's Guide Supplement 20.0w documentation

(nearly complete fixed point math, last chance exception handling that's akin to how exceptions are done in C, no overflow checks so consider enabling assertions)

 

GNAT Pro Comparison - Adacore

 

more :

https://www.avrfreaks.net/forum/jack-ganssles-reason-8-why-embedded-software-projects-run-trouble#comment-2594186

 


AVR - IIRC, there's a post in this forum stating a successful build of AVR GNAT from FSF GCC 8 or from GNAT Community Edition; AVR-Ada was recently updated.

CCG would be a fit for PIC, PIC24, and dsPIC; PIC32 - MIPS is in FSF GCC so simply build the Ada part of FSF GCC (runtime would be some effort though doable for some functionality besides Zero Footprint Profile [ZFP])

SAM - a few are already there; for others :

bb-runtimes/doc/porting_runtime_for_cortex_m at community-2018 · AdaCore/bb-runtimes · GitHub

RISC-V - that may take some thought (CPU configuration is very flexible)

MSP430TM - in FSF GCC (add the Ada part to the C part, likely will be ZFP)

 

https://sourceforge.net/p/avr-ada/mailman/avr-ada-devel/?viewmonth=201903

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

SAM - a few are already there;

additional is

https://github.com/AdaCore/bb-runtimes/tree/master/arm/sam/samv71

 

Add Microsemi CoreCortexM1 BSP · AdaCore/bb-runtimes@1fd54d0 · GitHub

 


SAM V MCUs | Microchip Technology

Scale Space Applications with COTS-to-Radiation-Tolerant and Radiation-Hardened Arm® Core MCUs | Microchip Technology

[end of first paragraph]

Based on the automotive-qualified SAMV71, the SAMV71Q21RT radiation-tolerant and SAMRH71 radiation-hardened MCUs implement the widely deployed Arm® Cortex®-M7 System on Chip (SoC), enabling more integration, cost reduction and higher performance in space systems.

FPGAs | Microsemi

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

kk6gm wrote:
Ada has been used in military and space systems that had much less memory than the parts we can now buy for a few dollars.
Some traction somewhat due to new customers.

Witnessing the Emergence of a New Ada Era - The AdaCore Blog

by Quentin Ochem

Jan 21, 2020

...

Even if we’ve been able to report some successes over the years, we were falling short of the critical mass.

Or so it seemed.

The tide has turned. 

...

 

The Established User Base

[avionics, defense]

...

Some applications are still maintained today on hardware dating as far back as Motorola 68K or Intel i386 series, while others are deployed on the latest ARM Cortex or RISC-V cores.

...

 

The Emerging Adopters

[academia, automotive, medical devices (Real Heart, ECG : Hillrom | Enhancing outcomes for patients and their caregivers), security]

[standards lead to requirements : reliability, safety, security]

...

 

Wrapping Up

...

Everything considered, this is a very exciting time for the Ada and SPARK languages. 

...

 

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

"Dare to be naïve." - Buckminster Fuller

Last Edited: Thu. Oct 15, 2020 - 11:03 PM
  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

"Dare to be naïve." - Buckminster Fuller

  • 1
  • 2
  • 3
  • 4
  • 5
Total votes: 0

The ones at AdaCore are ceasing the GNAT Community releases in lieu of releases on Alire.

A New Era For Ada/SPARK Open Source Community | The AdaCore Blog

by Fabien Chouteau

Jun 02, 2022

...

 

Policy for new software libraries

[Apache v2 away from GPLv3 (with GPL GCC run-time exception)]

...

People using these libraries either through GitHub or through our commercial services will still be able to create proprietary software. This will not impact the license of the tools or compilers that we distribute either.

 

Modernizing the ecosystem

...

This [GNAT Pro and GNAT FSF] results in a decision by AdaCore to stop further releases of GNAT Community and have the community handle its successor.

...

 

[fourth paragraph]

Those thoughts led to our sponsorship and contribution to the Alire package manager created by Alejandro Mosteo from the Cen­tro Uni­ver­si­tario de la Defen­sa de Zaragoza. I said in a previous blog post that Alire is a game changer for the Ada/SPARK ecosystem and it really is. After two years of such collaboration, we feel like the project is now ready to become the main tool for the Ada/SPARK open source programming community.

 

[sixth paragraph]

So today we announce the end of the GNAT Community releases with 2021 being the last one. We encourage all GNAT Community users to transition to Alire going forward. Full details and explanations on how to transition to Alire can be found at alire.ada.dev/transition_from_gnat_community.html.

 

...

 

Fabien Chouteau  a day ago

We will be at the Ada-Europe conference in two weeks, don't hesitate to come the AdaCore booth if you have questions or want to discuss.

 


Commercial software solutions for Ada, C and C++ | AdaCore (Community) 

Release gnat-11.2.0-4 · alire-project/GNAT-FSF-builds · GitHub

[17-Mar'22; 64-bit hosts : Windows, macOS, Linux; targets : Arm, AVR, RISC-V 64-bit, AMD64]

 

edit : strikethru

 

edit2 :

Ada-Europe 2022

 

"Dare to be naïve." - Buckminster Fuller

Last Edited: Fri. Jun 3, 2022 - 03:36 PM