international conference on reliable software technologies ... · tive manifesto for dependable...
TRANSCRIPT
ii
“program” — 2005/5/2 — 10:23 — page 1 — #1 ii
ii
ii
10th International Conference on
Reliable Software Technologies
Ada-Europe 2005
York, UK, June 20{24, 2005
ADVANCE PROGRAMME
http://www.ada-europe.org/conference2005.html
ii
“program” — 2005/5/2 — 10:23 — page 2 — #2 ii
ii
ii
PresentationThis year the 10th International Conference on Re-liable Software Technology takes place in York dur-ing the week of June 20th–24th . The conferencehas a number of highlights including three keynotepresentations by John McDermid, Martyn Thomasand Bev Littlewood, a full three day technical pro-gramme of fully refereed papers (including one dayon industry focused presentations), an industrial ex-hibition with more than ten exhibitors, two daysof tutorials including a special half day presenta-tion on the new Ada 2005 language by four of itsdesigners: John Barnes, Alan Burns, Pascal Leroyand Tucker Taft.
The conference offers an international forum forresearchers, developers and users of reliable soft-ware technologies. Presentation and discussionscover applied and theoretical work currently con-
ducted to support the development and mainte-nance of software systems.
York is a beautiful and historical (small) cityin the north of the UK. It has a first class uni-versity with one of the best Computer Science de-partments in the world. The department has beeninvolved with the development of programming lan-guages for a number of years (indeed it ran the firstseries of technical meetings on Ada in the 1970s). Itis pleased to host this meeting on reliable softwaretechnology.
York can be reached easily by train from Lon-don (approximately two hours) or Manchester air-port. The conference is held at the Royal York Ho-tel which is adjacent to the York train station a fewminutes from the centre of York and the Minster(Cathedral).
Overview of the WeekMorning Late Morning After Lunch Afternoon
MondayJune 20thTutorials
J.-P. RosenDeveloping Web-aware Applications in Ada with AWS
J. L. Tokar & B. LewisSAE Architecture Analysis and Design Language
P. Amey & N. WhiteCorrectness by Construction—A Manifesto for High
Integrity Engineering
B. DobbingHigh-Integrity Ravenscar Using SPARK
B. M. BrosgolReal-Time Java for Ada Programmers
TuesdayJune 21stSessions &Exhibition
Invited Talk:John McDermid
Model-based Developmentof Safety-critical Software:
Opportunities andChallenges
Applications Formal Methods Ada and Education,Distributed Systems
Design and SchedulingIssues Vendor Session
WednesdayJune 22ndSessions &Exhibition
Invited Talk:Martyn ThomasExtreme Hubris
IndustrialPresentations
IndustrialPresentations
IndustrialPresentations
ThursdayJune 23rdSessions &Exhibition
Invited Talk:Bev Littlewood
Assessing theDependability of
Software-based Systems: AQuestion of Confidence
Certification andVerification Language Issues Ravenscar Technology
FridayJune 24thTutorials
J. Barnes, A. Burns, P. Leroy, S. T. TaftAda 2005
M. HeaneyProgramming with the Ada 2005 Standard Container
Library
W. BailRequirements Engineering for Dependable Systems
P. RogersSoftware Fault Tolerance
J. McDermid, R. WeaverSoftware Safety Cases
2 Ada-Europe 2005
ii
“program” — 2005/5/2 — 10:23 — page 3 — #3 ii
ii
ii
Invited SpeakersModel-based Development ofSafety-critical Software:Opportunities and ChallengesJohn McDermid,University of York, UK
Tuesday June 21st , 9:00
There is a growing use of model-based software develop-ment, including the automatic generation of code fromthe models, in mainstream software engineering. Thereis a perception that the use of such technology couldreduce the cost of safety critical software development.The use of model-based approaches offers some bene-fits, including better validation of designs, and shorterchange cycles. However, it also has some problems, in-cluding the trustworthiness of code generation methodsand tools, and the comparatively low level of abstrac-tion at which the tools operate. The talk will discussthe opportunities and challenges of model-based devel-opment, including the role of program-level verification,aiming to identify the likely future development of suchtechnology.
PresenterJohn McDermid has beenProfessor of Software Engi-neering at the University ofYork since 1987. He runs theHigh Integrity Systems Engi-neering research group whichis probably the world’s largestacademic group focusing onsystems and software safety.He has undertaken researchon a range of topics including
hazard and safety analysis, safety cases, requirements en-gineering and formal methods, and has been successfulin transferring research results into industry, especiallythe aerospace and defence industries. He has been influ-ential in the development of standards for safety criticalsystems and software, including guiding the developmentof Issue 3 of Defence Standard 00-56.
Extreme HubrisMartyn Thomas,Thomas Associates, UK
Wednesday June 22nd , 9:00
The software industry frequently behaves like a fashionbusiness, with crazes taking hold on the basis of novelty,an attractive name, and a few memorable slogans. Thecurrent infatuation with “extreme programming” is onesuch craze that combines several valuable but largely un-original approaches to software development with severalthat are original but unhelpful or actively dangerous.
This talk examines the principles of XP, distinguish-ing the sane from the absurd, and proposes an alterna-tive Manifesto for Dependable Software Development.
Presenter
Martyn Thomas is an inde-pendent consultant softwareengineer. He specialises inthe assessment of large, real-time, safety-critical, softwareintensive systems, softwareengineering, and engineeringmanagement. He is a mem-ber of the Expert Witness In-stitute and acts as an expertwitness where complex soft-
ware engineering issues are involved.He is Visiting Professor in Software Engineering at
the University of Oxford, and a Visiting Professor atthe University of Bristol and the University of Wales,Aberystwyth.
In 1983, he founded Praxis, to exploit modern soft-ware development methods. Martyn Thomas serves onthe IT policy-making bodies of both UK professionalcomputing institutions, the British Computer Society(BCS) and the Institution of Electrical Engineers (IEE).He chairs the steering committee for the UK’s majorresearch collaboration in dependable systems, DIRC,and he is the only European member of a US NationalAcademy of Sciences study into Certifiably DependableSoftware.
Assessing the Dependability ofSoftware-based Systems: AQuestion of Confidence
Bev Littlewood,City University, London, UK
Thursday June 23rd , 9:00
Issues of uncertainty lie at the heart of dependabilityassessment. Most obviously, we cannot predict with cer-tainty when a system will fail—that’s why we use proba-bilistic measures of dependability (mean time to failure,failure rate, probability of surviving mission time, etc.).Less obviously—and often ignored—is the uncertaintyassociated with assessments of uncertainty. Claims suchas ‘this system has a probability on demand better than10−3’ can never be made with certainty. Uncertaintyabout the truth of such a claim might come from weak-ness (or paucity) of supporting evidence for the claim; itmight arise because we are uncertain about the truth ofsome underlying assumptions. In the talk I shall suggestthat we need to associate with dependability claims anacknowledgement (and assessment) of this uncertaintyabout the truth of a claim. Essentially, we need tosay how confident we are in the truth of the claim. Ishall argue that probability is sometimes an appropri-ate formalism to represent confidence. I shall speculateabout similarities between confidence in arguments anddependability of systems. For example, I shall claimthat just as we can use design diversity to increase the
Ada-Europe 2005 3
ii
“program” — 2005/5/2 — 10:23 — page 4 — #4 ii
ii
ii
dependability of a system, so we can use argument di-versity (multi-legged arguments) to increase confidencein claims. I shall suggest that, in addition to ALARP(As Low As Reasonably Practicable), which concerns thelevel of dependability of a system, we need ACARP (AsConfident As Reasonably Practicable). Needless to say,some of this stuff might be a bit controversial...
PresenterBev has worked for many years on problems associatedwith the modelling and evaluation of dependability ofsoftware-based systems, and has published many papersin international journals and conference proceedings andhas edited several books. He is a member of IFIP Work-ing Group 10.4 on Reliable Computing and Fault Tol-erance, of the BCS Safety-Critical Systems Task Force,and of the UK Computing Research Committee. He is
currently serving his secondterm as Associate Editor ofthe IEEE Transactions onSoftware Engineering, and ison the editorial boards of sev-eral other international jour-nals. He is a member of theUK Nuclear Safety AdvisoryCommittee, and of its Re-search Committee; he is a Fel-
low of the Royal Statistical Society.Bev Littlewood has degrees in mathematics and statis-tics, and a PhD in Statistics and Computer Science. Hefounded the Centre for Software Reliability at City Uni-versity, London, in 1983 and was its Director from thenuntil 2003. He is currently Professor of Software Engi-neering at City University.
Special Tutorial: Ada 2005
This tutorial is at a reduced price for those attending the main conference (and includes lunch).
Ada 2005
John Barnes, Alan Burns, Pascal Leroy,S. Tucker Taft
Friday June 24th, morning
Another ten years has passed, and it is time to updatethe Ada standard. This tutorial focuses on the new ver-sion of the language that is currently being finalised.
Ada people will recall that the development of Ada95 from Ada 83 was an extensive process funded bythe USDoD. Formal requirements were established af-ter comprehensive surveys of user needs and competitiveproposals were then submitted resulting in the selectionof Intermetrics as the developer under the leadership ofTucker Taft. The whole technical development processwas then comprehensively monitored by a distinct bodyof Distinguished Reviewers. Of course, the process wasalso monitored by the ISO committee concerned and thenew language finally became an ISO standard in 1995.
The development of Ada 2005/6 from Ada 95 hasbeen (and continues to be) on a more modest scale. Thework has almost entirely been by voluntary effort withsupport from within the industry itself through bodiessuch as the Ada Resource Association and Ada-Europe.The Ada Rapporteur Group (the ARG) is drafting therevised standard. The editor, who at the end of the dayactually writes the words of the standard, is the inde-fatigable Randy Brukardt. The current aim is to havethe amendment to the language (the new version of Adais strictly speaking an amendment of the Ada 95 stan-dard) completed by mid 2005, with formal acceptanceof the document defining the changes occurring towardsthe end of 2005 or early 2006 (so it might be Ada 2006).
This tutorial will give an overview of the Ada 2005/6language. The presenters are four of the key members ofthe ARG—John Barnes, Alan Burns, Pascal Leroy (chair ofARG) and Tucker Taft.
The scope of the changes can be summarised as fol-lows:
1. Improvements to the OO model, including the useof Java-like Object.Op notation
2. Introduction of Java-like interfaces (interface is anew reserved word)
3. More flexible access types4. Enhanced structure and visibility control, including
a new limited with clauses which permit types intwo packages to refer to each other.
5. Tasking and real-time improvements, including:• new dispatching policies (non-preemptive, round
robin and earliest deadline first—EDF) that workindividually or together to support hierarchicaldispatching,
• various forms of budget control (for individualtasks and for groups of tasks),
• dynamic ceilings for protected objects,• timing event that are executed when external
time reaches a specified value,• handlers that are executed when tasks terminate,
and• protected, task and synchronized interfaces.
6. Improvements to exceptions, generics etc.7. Extensions to the standard library packages, in-
cludes a comprehensive Container library (coveredin another tutorial)Together these changes represent a significant en-
hancement to Ada. Now is the time to improve yourknowledge of Ada 2005.
4 Ada-Europe 2005
ii
“program” — 2005/5/2 — 10:23 — page 5 — #5 ii
ii
ii
TutorialsDeveloping Web-awareApplications in Ada with AWS
Jean-Pierre Rosen, Adalog, France
Monday June 20th, morning
This tutorial describes AWS, the Ada Web Server, andhow to use it for the development of web-aware applica-tions. It describes the principles of AWS, from the mostbasic functionality to more advanced functions (authen-tication, SOAP interface, session management, hotplugs,multi-server applications, etc.). The seminar emphasisespractical usage of AWS, and presents design patternsthat have proved effective for developing existing appli-cations. It compares the development process with AWSto other techniques.
The tutorial provides attendees with the informationneeded to assess whether AWS is appropriate to theirneeds, and the necessary knowledge to start writing full-scale Web applications.
Presenter
J.-P. Rosen graduated fromENST in 1975, and obtainedhis PhD in 1986.
He started as a softwareengineer at the computingcenter of ENST. After a Sab-batical at New York Univer-sity on the Ada/ED Project,he worked as Professor atENST, where he was respon-sible for the teaching of Soft-ware Engineering and Ada.
He has now formed Ada-log, a company specialized in high level training, consul-tancy, and software development in the fields of Ada andOOD.
J.-P. Rosen is Chairman of the AFNOR (Frenchstandardization body) group for Ada, and the authorof “Methodes de Genie Logiciel avec Ada 95” (SoftwareEngineering Methods with Ada 95) and “HOOD: an in-dustrial approach for software development”.
Why should you participate in this tutorial?
AWS is more than a simple Web server, it allows incor-poration of Web technology into applications where theWeb interface is only part of the problem. By attendingthis tutorial, participants will gain in-depth understand-ing of the issues of Web interfaces, and will discover newsolutions to common problems, like using a browser asa GUI or providing control through Web interfaces toreal-time programs.
Correctness by Construction—AManifesto for High IntegrityEngineering
Peter Amey & Neil White, Praxis HighIntegrity Systems, UK
Monday June 20th, morning
Two of the major recurring issues in systems and soft-ware engineering are unacceptably high defect rates, andlack of ability to make changes over a significant periodof time in a reliable manner. These issues frequentlycause major impact on the usability and maintainabilityof systems, and this impact becomes intolerable whencomponents of the system become unmaintainable, orwhen high levels of security accreditation or safety cer-tification must be achieved.
This tutorial presents the Correctness by Construc-tion high integrity approach to systems and software en-gineering. Correctness by Construction is based on aset of principles, distilled from practical project expe-rience, to realize systems and software engineering out-puts with very low defect rate and very high resilience tochange. These principles can be applied most effectivelyto new developments and upgrades. However some ofthe same principles can also be applied retrospectivelyto improve the maintainability and upgradability of ex-isting systems.
Topics covered in the tutorial include:1. The challenges that we face2. How Correctness by Construction addresses the
challenges(a) Validating the concepts of operation(b) Risk-directed requirements engineering(c) Formal specification(d) Rigorous design and implementation based on
static analysis(e) Making the case for safety and security(f) Maintaining correctness through long-term up-
grades3. Correctness by Construction in action—project ex-
amples
Presenter
Neil White is an experiencedsoftware engineer and a spe-cialist in high-integrity sys-tems. He has designed, built,validated, and certified sys-tems in the aerospace, naval,telecommunications and fi-nancial domains. The soft-ware he has worked on is cur-rently serving on ships, sub-marines, a variety of aircraft,and in over a million televi-
sion set-top boxes in homes around the country. Re-cently he has been developing a rigorous framework forthe disciplined use of UML to document designs.
Ada-Europe 2005 5
ii
“program” — 2005/5/2 — 10:23 — page 6 — #6 ii
ii
ii
Peter Amey is an aero-nautical engineer by origi-nal professional training. Heserved as an engineering of-ficer in the Royal Air Forceand spent several years at theBoscombe Down test estab-lishment working on the certi-fication of aircraft armamentsystems. Peter joined Pro-gram Validation Limited in1992 to develop SPARK and
the SPARK Examiner and continues that work todaywith Praxis High Integrity Systems. As well as devel-oping SPARK he has used it on major programmes in-cluding Tornado, Eurofighter and the Lockheed C130J.Peter, now Chief Technical Officer at Praxis, teachesSPARK and Ada on a regular basis and has lecturedwidely on the development of critical systems.
Why should you participate in this tutorial?
The challenge of producing software that has anacceptably-low defect rate is hard enough. To do so un-der time and budget pressures is harder still. Yet thepressures grow ever stronger and the trust we place insoftware-intensive systems continues to rise. There is apressing need to find ways of producing high-integritysoftware at an acceptable cost.
Over the past 16 years, Praxis has evolved a practi-cal approach to software development which delivers ex-ceptionally low defect rates with very high productivity.The approach eschews the use of fashionable technolo-gies and silver bullets preferring an engineering approachwhich favours error prevention and relentless error elim-ination at every stage of development. The result is adevelopment process that generates a continuous forwardflow from requirements to implementation.
The tutorial will describe how this approach, whichhas come to be called Correctness by Construction worksand how it has been applied to significant, real-worldprojects.
Real-Time Java for AdaProgrammers
Benjamin M. Brosgol, AdaCore, USA
Monday June 20th, full day
Although the term “real-time Java” may sound self-contradictory, serious technical activity has been under-way since early 1999 on extending the Java platform tosatisfy the requirements for real-time systems, and sev-eral implementations exist. This work is relevant to theAda community as both a challenge and an opportu-nity. On the one hand, it may compete with Ada in thereal-time marketplace, but on the other hand some of itsideas may be worthy of consideration in a future versionof the Ada language.
This tutorial will focus on the Real-Time Specifi-cation for Java (“RTSJ”), which was developed by theReal-Time for Java Expert Group under the auspices ofSun Microsystems’ Java Community Process. The tuto-rial will analyze/critique the Java platform with respect
to real-time support, summarize/illustrate the main el-ements of the RTSJ, and compare/contrast the designwith Ada’s real-time features (both in Ada 95 and un-der consideration for Ada 05). The tutorial will alsooutline the main aspects of the J-Consortium’s “CoreExtensions” (a competing real-time Java approach), willdescribe a proposed high-integrity profile for the RTSJ,and will provide a status update on the real-time Javawork and its usage and prospects.• Introduction
1. Requirements for real-time programming2. Background and goals of real-time Java activities3. Summary of Java thread model4. Critique of Java platform for real-time support
• Pervasive technical issues1. Priority inversion management2. Garbage collection3. Object Oriented Programming and real-time sys-
tems• The Real-Time Specification for Java
1. Summary2. Concurrency, scheduling and synchronization3. Memory management4. Asynchrony5. Other features6. Comparison with “Core Extensions” from the J-
Consortium7. Comparison with Ada8. High-integrity profile
• Conclusions1. Status of the definition and implementation of
Real-Time Java2. Assessment of Real-Time Java3. What Ada can learn from Real-Time Java.
Presenter
Dr. Brosgol has over 25years of experience in thecomputer software industry,with a focus on programminglanguages, software develop-ment methods, and real-timesystems. He was a primarymember of the Real-Time forJava Expert Group and aco-author of the Real-Time
Specification for Java. He is currently a member of theTechnical Interpretations Committee for the RTSJ, andhe has also served as a reviewer of the J-Consortium’sCore Extensions. He has delivered Java tutorials andcourses since 1997, and the proposed tutorial will bean up-to-date version of the “Real-Time Java for AdaProgrammers” tutorial that he delivered at Ada Europe2004 and SIGAda 2004.
Dr. Brosgol is an internationally-recognized experton Ada. He participated in both the initial language de-sign and the Ada 95 revision, and he is a past chairmanof the ACM’s Special Interest Group on Ada (SIGAda).He has published numerous papers on Ada, has deliveredpresentations and tutorials at many Ada Europe andSIGAda conferences, and has been conducting courseson real-time programming in Ada since the late 1980s.He was an invited keynote speaker at the 2003 SIGAda
6 Ada-Europe 2005
ii
“program” — 2005/5/2 — 10:23 — page 7 — #7 ii
ii
ii
conference, where his topic was “Ada and Real-TimeJava: Cooperation, Competition, or Cohabitation?” Heis a senior member of AdaCore’s technical staff in theUS, in the Boston area.
Why should you participate in this tutorial?
• You will learn the pros and cons of the Java threadmodel, both in general and for real-time applications.
• You will see how real-time Java addresses the apparent“show stopper” problem of garbage collection.
• You will be able to judge whether real-time require-ments can be met by a “pure” Object-Oriented Lan-guage.
• You will understand the effect of a dynamic and flex-ible scheduling approach, in terms of expressibility,predictability, and performance.
• You will discover who is using real-time Java, and forwhat sorts of. applications.
SAE Architecture Analysis andDesign Language
Joyce L. Tokar, Pyrrhus Software, USA,Bruce Lewis, US Army, USA
Monday June 20th, afternoon
The Architecture Analysis and Design Language(AADL) is an architecture description language (ADL)that has been developed under the auspices of the Inter-national Society of Automotive Engineers (SAE), Avion-ics Systems Division (ASD) Embedded Computing Sys-tems Committee (AS-2). The AADL was approved asan SAE standard in November of 2004.
The language has been defined to provide a consis-tent and concise notation, both textual and graphical,to be used to develop models of complex, real-time, crit-ical systems such as those used in automotive, avionics,medical, robotic, and space-based systems. The AADLprovides the notation to perform various types of analy-sis of the complex critical systems.
In the early stages of design, the AADL enables thedefinition of the preliminary connectivity between ap-plication and execution platform components. As anAADL model is developed, additional components andproperties are specified. The properties provide the in-formation needed by analysis tools to determine the be-haviour and performance of the system being modelled.The AADL has been designed to facilitate the develop-ment of tools that provide automatic code generationof the system both in terms of the application softwarecomponents and the underlying execution environment.The AADL may be used to verify an actual systemagainst the specified model.
With automatic code generation, the AADL offersa system model that maintains significant informationabout a system that is useful throughout the lifetime ofthe system. Thus, the AADL offers support for all stagesof system development.
This tutorial will provide an introduction to theAADL language from a textual and graphical perspec-tive. It will also demonstrate the relationship betweenexisting systems and AADL models. The tutorial will
present several uses of the AADL in the design and anal-ysis of safety-critical real-time systems. The tutorial willalso demonstrate the relationship between AADL mod-els and UML models.
Presenter
Joyce Tokar has investedmore than seventeen years ofresearch and development inthe improvement of embed-ded systems technology, highlevel computing languages,and software and systems ar-chitectures. A recognizedleader in the embedded sys-tems community, Dr. Tokarhas received numerous awards
for her contributions including the Outstanding AdaCommunity Contribution Award 2000. Dr. Tokar hasco-authored numerous papers and reports including theSociety of Automotive Engineering Architecture Analy-sis and Description Language standard. Dr. Tokar re-ceived her PhD in Computer Engineering from ClemsonUniversity. She holds an MS and a BS in ComputerScience from the University of Pittsburgh.
Bruce Lewis is a seniorexperimental developer forthe US Army’s Aviation andMissile Command, Research,Development and Engineer-ing Laboratory, Software En-gineering Directorate (SED).His work has focused on soft-ware architecture, reuse, andsystem evolution since 1991.He has served as the gov-
ernment lead on various DARPA projects related toADLs and real-time systems, including those developingMetaH. He is the chairman of the AADL standardizationcommittee.
Why should you participate in this tutorial?
The AADL is designed to support the declaration andanalysis of systems comprised of software and hardwaremodules. As such, an understanding of AADL how soft-ware and execution platform components are representedand how they interact in an AADL model is beneficialto a variety of users.
This tutorial is useful to software and systems man-agers responsible for the development and integrationof complex critical systems. This tutorial will providea tool vendor with the information necessary to de-velop tools to support the development and analysis ofsource code and AADL models. Programmers will learnabout the relationship between source code and the cor-responding AADL specifications. This tutorial will beuseful to system integrators who are responsible for de-veloping a definition of the form of components that areacceptable for integration.
This tutorial is suitable for senior software and sys-tems engineers as an introductory course; the tutorialdoes not presume prior knowledge of AADL. The atten-dees should have an understanding of the fundamentalsof the development of complex, critical real-time sys-
Ada-Europe 2005 7
ii
“program” — 2005/5/2 — 10:23 — page 8 — #8 ii
ii
ii
tems.Attendees may learn more about AADL at
www.aadl.info
High-Integrity Ravenscar UsingSPARK
Brian Dobbing, Praxis High IntegritySystems, UK
Monday June 20th, afternoon
SPARK is a well-established, unambiguous and fully-analysable annotated subset of Ada. In its original formSPARK excluded all forms of concurrency because weak-nesses in the Ada tasking model made it incompatiblewith the design goals of SPARK. The advent of theRavenscar Profile has provided an opportunity to ex-tend SPARK to include concurrency and to enable theSPARK Examiner to analyse concurrent programs.
The tutorial will describe the way SPARK has beenextended to include the Ravenscar Profile and how staticanalysis techniques can eliminate all of the erroneousbehaviour, bounded errors and implementation-definedbehaviour that remain in the concurrency model definedby the Profile.
The outcome of the tutorial will be an apprecia-tion of how the RavenSPARK language and supportingtoolset can be used to develop concurrent programs thatare suitable for deployment at the highest safety andsecurity integrity levels.
Topics will include:1. An introduction to the Ravencar Profile2. An introduction to SPARK3. Errors and problems inherent in the Profile4. RavenSPARK in practice
(a) Program building blocks(b) Sample program—how errors are detected stat-
ically(c) Partition-wide flow analysis
Presenter
Brian Dobbing has presentedpapers and tutorials at ma-jor international conferencesfor the past twenty years. Hehas been actively involved inall aspects of Ada since 1979,including language standard-ization, Ada product develop-ment environments, and for-mal safety certification of Adaruntime systems. Brian is oneof the main designers of theRavenscar Profile Ada task-
ing subset for high integrity systems, and has played amajor role in its inclusion in the forthcoming Ada 2005standard. Within Praxis High Integrity Systems, Brianis a leading member of the Correctness by Constructionteam, which includes the SPARK language and productcapabilities. Brian was a key designer of the additionof support for the Ravenscar profile to the SPARK lan-guage and toolset, which is the subject of this tutorial.
Why should you participate in this tutorial?
All software engineers should aspire to the goal of gen-erating programs that have very low numbers of defectsand very high resilience to change. This goal shouldapply not only to high integrity software, but to allprofessionally-produced programs. As programs becomemore complex, the use of concurrency and interrupts hascaused traditional verification techniques based on test-ing alone to become insufficient. One of the key compo-nents in establishing the absolute correctness of softwareis static analysis of the design and the code, since this isbased on formality rather than on test sampling. If youare involved in complex software engineering, you needto appreciate what the RavenSPARK language can offerin terms of establishing the correctness of programs with-out resorting to hugely elaborate and exhaustive testing.
Software Safety Cases
John McDermid, Rob Weaver,University of York, UK
Friday June 24th, full day
Current best practice in the development of safety criti-cal software requires the construction of a software safetycase to demonstrate the acceptability of software in itssystem context. This is a process that should go hand inhand with software development to ensure that appro-priate software safety evidence is obtained. This tutorialexplains the role safety cases play in the developmentand certification of safety critical software. Specifically,the tutorial will consider the construction and presenta-tion of software safety cases.
The tutorial will start with the basics of safety casesand how they can be used to show that safety require-ments are satisfied by a set of safety evidence. The roleof the safety argument within the safety case will be ex-plained, including how its development can be used toidentify suitable items of safety evidence to support thesafety case. Building upon this we will examine softwaresafety cases, in particular the principles and standardsthat affect their development. We shall consider con-struction and presentation of software safety cases fromthe perspective of the principles of software safety andthe requirements laid down in standards such as Issue 3of DS 00-56, MoD’s main safety standard. The role of asoftware safety case in the software development lifecy-cles will be discussed.
The tutorial will combine presentations with exer-cises to familiarise the attendees with the concepts in-troduced. Examples will be used throughout to demon-strate how software safety cases can be practically devel-oped. The exercises will give an opportunity for handson experience of constructing software safety arguments.This will help expand attendee’s skills at identifyingtypes of software safety evidence and their understand-ing of how evidence is combined to show the acceptabilityof software with respect to safety.
Presenter
John McDermid—see Biography in Invited Speaker Sec-tion
8 Ada-Europe 2005
ii
“program” — 2005/5/2 — 10:23 — page 9 — #9 ii
ii
ii
Dr. Rob Weaver is aTeaching Fellow in the De-partment of Computer Sci-ence and the University ofYork. Rob has been a full-time academic since 1999, thefocus of his research beingSafety. In particular Rob’s re-search concerns the effect ofsoftware on system safety and
the construction and presentation of safety cases. Helectures on the advanced MSc in Safety Critical SystemsEngineering as well as presenting on industrial coursesin System Safety Engineering and Management.
Why should you participate in this tutorial?
This tutorial will give you an opportunity to learn aboutcurrent best practice in software safety case develop-ment. The tutorial will explain how, as part of thisprocess, software safety evidence is first identified andthen combined to show safety. This process goes handin hand with software design and implementation, andthus forms an integral part of the safety critical softwaredevelopment lifecycle.
The tutorial will give you a view of the changing em-phasis in system safety cases. Previous practice relied ona process-based approach to development of safety crit-ical software, but such standards inevitably lag behindtechnology, and can be seen as restrictive. Emerging bestpractice uses an evidence-based approach to demonstrat-ing software safety as part of a system safety case.
Requirements Engineering forDependable Systems
William Bail, The MITRE Corporation,USA
Friday June 24th, morning
The development of large, complex software-intensivesystems has proven to be a significant and persis-tent challenge, despite continuing optimism about thechances for success. The experience of government andindustry has been less than encouraging, yet the needfor new complex systems is ever-increasing. We havehad some dramatic failures, yet we still have needs fornew and improved systems. When we look at systemsthat have a need to be highly dependable or even safety-critical, we recognize the urgency in finding solutions—the current situation is clearly untenable. Unfortunately,as we mature our understanding of software developmentand improve our processes, it seems that the complexityof the systems we want to develop grows almost exponen-tially. In post-mortem analyses of project failures and“near-failures”, one common root cause that has beenidentified has been the (mis)treatment of requirements.This result is not surprising since requirements form thefoundation of all development. A fragile foundation doesnot provide a good basis for a sound, dependable system.
This tutorial will examine in detail the nature androle of requirements. It will discuss the various types ofrequirements and their role in development, as well astheir impact to system success. The different ways that
requirements need to be handled will be analyzed, andrecommended techniques for process improvements willbe discussed. An overview of traditional approaches willbe provided, with an assessment of their strengths andweaknesses. In addition, a set of common challenges willbe presented, together with strategies for how to managethem. Sample challenges include the impact of changingrequirements and uncertain operational environments.While the tutorial will not specifically address particu-lar approaches to requirements definition (such as toolsand techniques), it will characterize classes of these tech-niques, and provide recommendations for how to selectthe appropriate ones for projects of interest.
The overall goal of the tutorial is to enable the at-tendees to effectively identify and handle requirementsin their systems, as well as to implement improvementsto their development processes to avoid common pitfallsthat have historically plagued projects. The tutorial willalso assist attendees in identifying risk areas within theirprojects, and in planning for effective mitigation activi-ties.
PresenterSince 1990, Dr. Bail hasworked for The MITRE Cor-poration in McLean VA asa Computer Scientist in theSoftware Engineering Center(SWEC). MITRE is a not-for-profit corporation charteredto provide systems engineer-ing services to the U.S. Gov-ernment agencies, primarilythe DoD, the FAA, and theIRS. Within MITRE, the
SWEC focuses on supporting various programs with con-sultation, particularly transitioning emerging technolo-gies into practice.
Dr. Bail’s technical areas of focus include depend-able software design and assessment, error handling poli-cies, techniques for software specification development,design methodologies, metric definition and application,and verification and validation. At MITRE, Dr. Bailis currently supporting the U.S. Navy, focusing on thepractice of software engineering within PEO IWS (Inte-grated Warfare Systems), particularly as applied to largereal-time systems. Prior to 1990, Dr. Bail worked at In-termetrics Inc. in Bethesda MD.
Previously, Dr. Bail taught part-time at The Univer-sity of Maryland from 1983-1986 in the Computer Sci-ence Department for undergraduate courses in discretemathematics, computer architecture, and programminglanguage theory. Since 1989 he has served as a part-timeAdjunct Associate Professor at the University of Mary-land University College where he develops instructionalmaterials and teaches courses in software engineering,in topics such as Software Requirements, Verificationand Validation, Software Design, Software Engineering,Fault Tolerant Software, and others.
Why should you participate in this tutorial?If you are responsible for the development of a criti-cal software intensive system, this tutorial will help youplan for and implement effective requirements processes,
Ada-Europe 2005 9
ii
“program” — 2005/5/2 — 10:23 — page 10 — #10 ii
ii
ii
helping you to manage your requirements from inceptionthrough deployment, and assist in avoiding many of thecommon pitfalls that many projects have encountered.
Software Fault TolerancePatrick Rogers, AdaCore, USAFriday June 24th, afternoon
Software for current safety-critical applications, e.g.,flight control systems, is both large and complex, suchthat full testing is not feasible. Furthermore, completeproofs of correctness are at best inherently limited bythe potential for specification errors. The combination ofpotential specification errors and overall complexity de-fine a problem of handling unanticipated software faults.Software fault tolerance is the use of software mecha-nisms to deal with these unanticipated software faults.
This half-day tutorial explores the software-basedtechniques and mechanisms available for toleratingunanticipated software design faults in safety-criticalsystems. We examine the rationale for tolerating soft-ware faults, the similarities to mechanisms for toleratinghardware faults, and the advantages and disadvantagesof the common techniques. Special attention is paid tothe concept of design diversity as the underlying theoryfor the most widely-used mechanisms (e.g., N-VersionProgramming) and, in particular, whether design diver-sity can achieve the extremely low failure rates requiredfor safety-critical systems. The mechanisms explored areillustrated with concrete implementations using Ada 95.This leads to a discussion of the issues of concurrencyand exceptions in safety-critical applications and the ap-propriate application of language features.
Participants will have an appreciation of the neces-sity for tolerating software faults as well as a firm founda-tion for further study and informed application of avail-able mechanisms. A bibliography of suggested readingis provided to that end.
PresenterPatrick Rogers is a seniorMember of the Technical Staffwith Ada Core Technologies,specializing in high-integrityapplication support. Acomputing professional since1975 and an Ada devel-oper since 1980, he has ex-tensive experience in real-time applications in Adaand C++ in both embed-ded and Linux/Unix/POSIX-
based environments. An experienced lecturer andtrainer since 1981, he has provided numerous tutori-als and courses in software fault tolerance, hard real-time schedulability analysis, object-oriented program-ming, and the Ada programming language. He holdsB.S. and M.S. degrees in Computer Science from theUniversity of Houston and a Ph.D. in Computer Sciencefrom the University of York in the Real-Time SystemsResearch Group on the topic of software fault tolerance.
Why should you participate in this tutorial?
Systems software architects and developers responsiblefor safety-critical software will gain an appreciation forsoftware fault tolerance facilities, including their limi-tations, and will have a firm foundation for informedapplication of available mechanisms as well as furtherstudy.
Programming with the Ada 2005Standard Container Library
Matthew Heaney, On2 Technologies,USA
Friday June 24th, afternoon
This tutorial provides an overview of the standard con-tainer library, describing its design and philosophy andpresenting techniques for using the library most effec-tively. Containers are divided into two main categories:sequence containers, to insert elements at specified posi-tions, and associative containers, which insert elementsin order by key. The library includes vectors and lists(from the former category), and hashed and sorted setsand maps (from the latter). All containers have variantsto support elements (or keys) that have an indefinitesubtype. Containers have various mechanisms (includ-ing both active and passive iterators) for designating andaccessing container elements.
Presenter
Matt is the author of Charles,a container library for Adaclosely modeled on the STL.Charles was the basis of theproposal selected by the ARGfor the Ada standard con-tainer library (described inAI-302). He has given manyAda tutorials on topics thatinclude object-oriented pro-gramming, design patterns,
and software systems and library design.
Why should you participate in this tutorial?
The standard container library is an important additionto the Ada language, since developers need data struc-tures with semantics more sophisticated than simple ar-rays or linked lists. For example, one often needs tomap an element to some other type (typically String),but an array is not general enough since it only pro-vides support for mapping to a discrete index subtype.The developer also needs abstractions that scale well tolarge numbers of elements, with specified time behav-ior. The standard container library solves these kindsof problems, and thus greatly simplifies many program-ming tasks that would be tedious or just very difficultotherwise. You should attend this tutorial to learn aboutthe standard container library, what features it provides,and how it solves typical programming problems.
10 Ada-Europe 2005
ii
“program” — 2005/5/2 — 10:23 — page 11 — #11 ii
ii
ii
Tutorial Schedule
MondayJune 20th
T 1 morning Jean-Pierre Rosen, Adalog, FranceDeveloping Web-aware Applications in Ada with AWS
T 2 morning Peter Amey & Neil White, Praxis High Integrity Systems, UKCorrectness by Construction—A Manifesto for High Integrity Engineering
T 3 full day Benjamin M. Brosgol, AdaCore, USAReal-Time Java for Ada Programmers
T 4 afternoon Joyce L. Tokar, Pyrrhus Software, USA, Bruce Lewis, US Army, USASAE Architecture Analysis and Design Language
T 5 afternoon Brian Dobbing, Praxis High Integrity Systems, UKHigh-Integrity Ravenscar Using SPARK
FridayJune 24th
T 6 morning John Barnes, Alan Burns, Pascal Leroy, S. Tucker TaftAda 2005
T 7 full day John McDermid, Rob Weaver, University of York, UKSoftware Safety Cases
T 8 afternoon Matthew Heaney, On2 Technologies, USAProgramming with the Ada 2005 Standard Container Library
T 9 afternoon Patrick Rogers, AdaCore, USASoftware Fault Tolerance
T 10 morning William Bail, The MITRE Corporation, USARequirements Engineering for Dependable Systems
Lunch is included for those attending full-day programmes or two half day tutorials on the same day.Additional lunch tickets are on sale throughout the conference.Tutorials will take place from 9:00 to 12:30 (morning session), and from 14:00 to 17:30 (afternoon session).There will be half-hour tea/coffee breaks at 10:30 and 15:30 on Monday and Friday.
ExhibitionThe exhibition opens in the mid-morning break onTuesday and runs until the end of the afternoonbreak on Thursday. The exhibitors include thefollowing vendors: AdaCore, Green Hills, LDRA,Praxis, ILogix, TNI, ARTiSAN, Esterel, PolySpace,Aonix and Silver Software.
The coffee breaks are held in the same exhibitionarea. Most breaks Tuesday–Thursday are one hourto allow the attendees a comfortable visit to theexhibition.
Guide to the Social Program
Wednesday Evening: Banquet andMuseum
The Conference dinner will take place at theNational Railway Museum. This York-based Mu-seum is the largest railway museum in the world,responsible for the conservation and interpretation
of the British national collection of historically sig-nificant railway vehicles and other artifacts. TheMuseum contains an unrivaled collection of locomo-tives, rolling stock, railway equipment, documentsand records.
Dinner is served amongst the exhibits and therewill be time to look over the whole Museum.
Additional tickets for the banquet can be purchased at registration.
Ada-Europe 2005 11
ii
“program” — 2005/5/2 — 10:23 — page 12 — #12 ii
ii
ii
Conference
Schedule
Pre
lim
inary
ver
sion
Tuesd
ay
21st
Wednesd
ay
22nd
Thurs
day
23rd
9:00
–10:
00
Invi
ted
Tal
k:Jo
hnM
cDer
mid
,U
nive
rsity
ofY
ork,
UK
Mod
el-b
ased
Dev
elop
men
tofS
afet
y-cr
itica
lSo
ftwar
e:O
ppor
tuni
ties
and
Cha
lleng
es
Invi
ted
Tal
k:M
arty
nT
hom
as,
Tho
mas
Ass
ocia
tes,
UK
Ext
rem
eH
ubri
s
Invi
ted
Tal
k:B
evLit
tlew
ood,
City
Uni
vers
ity,
Lon
don,
UK
Ass
essi
ngth
eD
epen
dabi
lity
ofSo
ftwar
e-ba
sed
Syst
ems:
AQ
uest
ion
ofC
onfid
ence
10:0
0–11
:00
Exhib
itio
nO
pen
ing
&C
offee
Exhib
itio
n&
Coff
eeExhib
itio
n&
Coff
ee
Applica
tion
sD
esig
nan
dSch
eduling
Issu
esIn
dust
rial
Pre
senta
tion
s1
Dis
trib
ute
dSyst
ems
11:0
0–11
:30
N.R
owde
nIL
TIS—
The
Lega
cyof
aSu
cces
sful
Pro
duct
S.Sa
ez,V
.Lor
ente
,S.
Ter
rasa
,A
.C
resp
oE
ffici
entA
ltern
ativ
esfo
rIm
plem
entin
gFi
xed-
prio
rity
Sche
dule
rs
A.C
alve
rt(M
onde
x,M
aste
rcar
dIn
t’l)
Des
ign
and
Mai
nten
ance
ofth
eM
ULT
OS
KM
A—
AH
igh-
Secu
rity
Ada
App
licat
ion
J.R
owla
nds
(BA
ESy
stem
s,U
K)
MD
Afo
rA
daSo
ftwar
eE
ngin
eers
J.-P
.R
osen
(Ada
log,
Fran
ce)
On
the
Ben
efits
for
Indu
stri
als
ofSp
onso
ring
Free
Softw
are
Dev
elop
men
t
O.H
ainq
ue(A
daC
ore,
Fran
ce),
R.W
hite
(MB
DA
Mis
sile
Syst
ems,
UK
)B
indi
ngth
ePo
wer
PC
Alti
Vec
Ext
ensi
ons
inA
da—
Mot
ivat
ion,
Dev
elop
men
tand
Indu
stri
alFe
edba
ck
D.A
yavo
o,M
.J.
Pon
t,S.
Par
ker
Obs
ervi
ngth
eD
evel
opm
ento
faR
elia
ble
Em
bedd
edSy
stem
11:3
0–12
:00
F.O
rtiz
,D
.A
lons
o,B
.A
lvar
ez,
J.A
.Pas
tor
AR
efer
ence
Con
trol
Arc
hite
ctur
efo
rSe
rvic
eR
obot
sIm
plem
ente
don
aC
limbi
ngVe
hicl
e
M.B
ordi
n,T
.V
arda
nega
AN
ewSt
rate
gyfo
rth
eH
RT-
HO
OD
toA
daM
appi
ng
J.M
.M
artı
nez,
M.G
onza
lez-
Har
bour
RT-
EP
:AFi
xed-
Pri
ority
Rea
l-tim
eC
omm
unic
atio
nP
roto
colo
ver
Stan
dard
Eth
erne
t
12:0
0–12
:30
L.M
.P
inho
,L.N
ogue
ira,
R.B
arbo
saA
nA
daFr
amew
ork
for
QoS
-Aw
are
App
licat
ions
T.V
ergn
aud,
L.Pau
tet,
F.K
ordo
nU
sing
the
AA
DL
toD
escr
ibe
Dis
trib
uted
App
licat
ions
From
Mid
dlew
are
toSo
ftwar
eC
ompo
nent
s
M.M
asm
ano,
J.R
eal,
A.C
resp
o,I.
Rip
oll
Dis
trib
utin
gC
ritic
ality
Acr
oss
Ada
Part
ition
s
12:3
0–14
:00
Lunch
Lunch
Lunch
ii
“program” — 2005/5/2 — 10:23 — page 13 — #13 ii
ii
ii
Conference
Schedule
(con
t.)
Pre
lim
inary
ver
sion
Tuesd
ay
21st
Wednesd
ay
22nd
Thurs
day
23rd
For
mal
Met
hods
Ven
dor
Ses
sion
1In
dust
rial
Pre
senta
tion
s2
Lan
guag
eIs
sues
14:0
0–14
:30
D.A
tiya
,S.
Kin
gE
xten
ding
Rav
ensc
arw
ithC
SPch
anne
ls
R.S
trah
le,P.
Sand
berg
(SA
AB
Syst
ems,
Swed
en)
Livi
ngin
Tow
ers
J.M
iran
da,E
.Sc
honb
erg,
G.D
ism
ukes
,Th
eIm
plem
enta
tion
ofA
da20
0In
terf
ace
Type
sin
the
GN
ATC
ompi
ler
14:3
0–15
:00
S.E
vang
elis
ta,C
.K
aise
r,C
.Paj
ault
,J.
F.P
rada
t-Pey
re,
P.R
ouss
eau
Dyn
amic
Task
sVe
rific
atio
nw
ithQ
uasa
r
See
final
prog
ram
for
sche
dule
B.St
adlm
ann
(Uni
vers
ity
ofA
pplie
dSc
ienc
es,W
els,
Aus
tria
)A
daD
evel
opm
entf
ora
Bas
icTr
ain
Con
trol
Syst
emfo
rR
egio
nalB
ranc
hlin
es
M.A
ldea
-Riv
as,J.
Mir
anda
,M
.G
onza
lez-
Har
bour
Inte
grat
ing
App
licat
ion-
Defi
ned
Sche
dulin
gw
ithth
eN
ewD
ispa
tchi
ngPo
licie
sfo
rA
daTa
sks
15:0
0–15
:30
R.E
.Sw
ard,
L.C
.B
aird
III
Pro
ving
func
tiona
lequ
ival
ence
for
prog
ram
slic
ing
inSP
AR
KTM
A.B
rand
on(A
RA
)Th
eA
daE
mbe
dded
Syst
ems
Mar
ketT
oday
and
Tom
orro
w
P.R
oger
s,A
.J.
Wel
lings
The
App
licat
ion
ofC
ompi
le-t
ime
Refl
ectio
nto
Softw
are
Faul
tTol
eran
ceU
sing
Ada
95
15:3
0–16
:00
Exhib
itio
n&
Coff
eeExhib
itio
n&
Coff
ee
Exhib
itio
n&
Coff
ee
Rav
ensc
arTec
hnol
ogy
16:0
0–16
:30
J.F.R
uiz
GN
ATP
rofo
rO
n-B
oard
Mis
sion
-Cri
tical
Spac
eA
pplic
atio
ns
Ada
and
Educa
tion
Ven
dor
Ses
sion
2In
dust
rial
Pre
senta
tion
s3
16:3
0–17
:00
D.Si
mon
,G
.V
ogel
,E
.P
lode
rede
rTe
achi
ngSo
ftwar
eE
ngin
eeri
ngw
ithA
da95
M.A
dam
s(Q
inet
iQ,U
K)
Indu
stri
alE
xper
ienc
esof
Com
plia
nce
Ana
lysi
sof
Con
trol
Syst
emSo
ftwar
e
R.B
erre
ndon
ner,
J.G
uitt
onTh
eE
SAR
aven
scar
Ben
chm
ark
17:0
0–17
:30
B.M
.B
rosg
olA
Com
pari
son
ofth
eM
utua
lE
xclu
sion
Feat
ures
inA
daan
dth
eR
eal-
Tim
eSp
ecifi
catio
nfo
rJa
vaTM
See
final
prog
ram
for
sche
dule
N.D
avid
son
(BA
ESy
stem
s,U
K)
Safe
tyC
ritic
alSo
ftwar
ew
ithU
ML,
Art
isan
and
SPA
RK
Clo
sing
Ses
sion
&A
war
ds
Cer
tifica
tion
and
Ver
ifica
tion
17:3
0–18
:00
P.A
mey
,R
.C
hapm
an,N
.W
hite
Smar
tCer
tifica
tion
ofM
ixed
Cri
tical
itySy
stem
s
A.M
arri
ott
(Whi
teE
leph
ant
Gm
bH,
Swit
zerl
and)
Ada
Bug
Find
er
18:0
0–18
:30
K.Lun
dqvi
st,J.
Srin
ivas
an,
S.G
orel
ovN
on-i
ntru
sive
Syst
emLe
vel
Faul
t-To
lera
nce
18:3
0–A
da-
Euro
pe
Gen
eral
Ass
embly
Con
fere
nce
Ban
quet
ii
“program” — 2005/5/2 — 10:23 — page 14 — #14 ii
ii
ii
Registration and AccommodationConference Registration
Three days of conference (June 21st–June 23rd ) including one copy of the proceedings, coffee breaks,lunches, as well as the museum and banquet on Wednesday 22nd. All prices in British Pounds Sterling.
member Ada-Europe or ACM SIGAda non membernon academia academia non academia academia
Early registration(by May 23rd)
£380 £340 £410 £380
Late registration(after May 23rd)
£410 £410 £450 £450
Individual day registration(per day) £190 £190 £210 £210
Tutorial Registration
The prices are per tutorial, including tutorial notes and coffee breaks. Lunches are only included whenregistered for a full day tutorial or two half day tutorials on the same day.
Ada 2005 Tutorial half dayfull day or twohalf days on the
same dayEarly registration(by May 23rd)
£75 £95 £170
Late registration(after May 23rd)
£85 £105 £190
Please Note
No registration request will be confirmed until the payment has been processed. Cancellations must begiven in writing. A cancellation fee of £100 will be applied to all cancellations. No refunds will be givenfor cancellations received after June 1st. Substitutions will be accepted. To save on administrative costsand postage, receipts will be given out at the conference.For latest information see the web page at http://www.ada-europe.org/conference2005.html. Foradditional information, please contact: Alan Burns (conference chair), Department of Computer Sci-ence, University of York, York, YO10 5DD, UK. Tel: +44 1904 2779, Fax: +44 1904 434331. Email:[email protected]
Accommodation
We have negotiated specially reduced rates at the Royal York (booking deadline applies) and Marriott.Please consult their own web sites, or the following for more information about these hotels and otherestablishments before making your booking. There are also numerous online booking agencies which canprovide a good rate.
Further information is available on the conference website:http://www.ada-europe.org/conference2005.html.
Please book accommodation as early as possibleYork gets very busy at this time of year.
14 Ada-Europe 2005
ii
“program” — 2005/5/2 — 10:23 — page 15 — #15 ii
ii
ii
10th International Conference on Reliable Software Technologies - Ada-Europe 2005
York, UK, June 20-24, 2005
REGISTRATION FORM
Online registration available: http://www.ada-europe.org/conference2005.html
PARTICIPANT Please use block capitals
Ms/Mrs [ ] Mr [ ] TitleFamily name First nameAffiliation/OrganizationStreetCity Post/Zip code CountryTelephone Fax EmailSpecial requirements (e.g. diet)Reduced registration fee
[ ] member Ada-Europe; national organization [ ]academia[ ] member ACM; membership number
Additional CommentsRegistration time Early registration (by May 23rd) [ ] Late or on site (after May 23rd) [ ]
REGISTRATION FEES (see table on previous page)Conference registration feeThree day conference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . £Individual days (Tue [ ] Wed [ ] Thu [ ]) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . £Tutorial registration Please indicate the tutorials for which you want to register:
Monday, June 14th T1 [ ] T2 [ ] T3 [ ] T4 [ ] T5 [ ]Friday, June 18th T6 [ ] T7 [ ] T8 [ ] T9 [ ] T10 [ ]
Tutorial registration fee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . £Extra Banquet ticket: tickets @ £39 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . £Extra proceedings: proceedings @ £20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . £
TOTAL PAYMENT DUE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .£
PAYMENT METHODBy credit card. Credit card information:
[ ] Visa [ ] Mastercard Credit Card Number:
Cardholder Name:
Credit Card Expiration Date:
Signature:
By bank draft to account number: GB37MIDL40473120898201. The account is for the University of York and is held atHSBC Bank, 13 Parliament Street, York, Y01 8XS, UK. Please give a clear reference to the bank i.e. ‘Ada-Europe 2005’ andparticipant’s name. Also please attach a copy of the bank draft to this form.
Post or fax this form to: Mrs Sue Helliwell, Department of Computer Science, University of York, Heslington, York,YO10 5DD, U.K. Fax : (+44) 1904 434331
There are a number of other “in cooperation” conferences in this area (such as the ACM SIGAda Conference). Tick this
box if you do not want to receive information about these conferences: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [ ]
Ada-Europe 2005 15
ii
“program” — 2005/5/2 — 10:23 — page 16 — #16 ii
ii
ii
Organization
Conference ChairAlan BurnsUniversity of YorkDept of Computer ScienceYork, YO10 5DD, [email protected]
Program Co-chairsTullio VardanegaUniversita di PadovaDipartimento di MatematicaVia Belzoni 7, 35131 Padova, [email protected] WellingsUniversity of YorkDept of Computer ScienceYork, YO10 5DD, [email protected]
Tutorial ChairIain BateUniversity of YorkDept of Computer ScienceYork, YO10 5DD, [email protected]
Exhibition ChairRod ChapmanPraxis High Integrity Systems20 Manvers Street, Bath,BA1 1PX, [email protected]
Publicity Co-chairsIan BrosterUniversity of YorkDept of Computer ScienceYork, YO10 5DD, [email protected]
Dirk CraeynestAubay Belgium & K.U. LeuvenB-1180 Brussels, [email protected]
Local OrganizationAdministratorSue HelliwellUniversity of YorkDept of Computer ScienceYork, YO10 5DD, [email protected]
Ada-Europe ConferenceLiaisonLaurent PautetENST Paris, F-75013 Paris, [email protected]
In cooperation with:
The organisers thank the exhibitors (preliminary list):
Praxis High IntegritySystems
http://www.ada-europe.org/conference2005.html