Vice Admiral Tuttle on Ada and on Formal Methods

[Multiple forwarding deleted; Gayn Winters comments "I read this as the
beginning of the end for Ada.  The part on formal specs for highly secure,
distributed, and parallel systems is quite interesting."]

[Sorry, I don't know what SEW and COTS are. --JH]

------- Forwarded Message

From: althouse@itd.nrl.navy.mil (Ed Althouse)
Subject: Vice Admiral Tuttle's Remarks
Status: R

The following  is  an excerpt from ADM Tuttle's remarks at the Second Annual
SEW  Technical  Conference  on 4 May 1993.  It follows the lines of thinking
that  Dr Shumaker has been pushing for some time.  I thought that many of us
would  be interested in Adm Tuttles's views so I had my secretary retype the
pertinent info and broadcast it on the email system.


We should  reexamine  our software policies and standards with a view toward
removal  of  impediments to the use of the best current industrial tools and
practices.   DOD  is  no longer a dominant market force in driving languages
and  software  standards  -- and we need ongoing means for adopting the best
commercial  standards  available.  Techniques such as object-oriented design
and programming and support for distributed computing and massively parallel
processors  are  supported  through industry-standard languages.  Our single
chosen  language,  ADA  has not evolved, and cannot evolve rapidly enough to
provide timely access to the best new methods.

Object-oriented methods  have  proven  effective  for  development  of large
industrial  applications  and  have  features  well  suited  to  our goal of
software reuse.  We are already employing networks of distributed computers,
and  the next generation desktop machines will almost certainly be massively
parallel  processors.   ADA  does  not  effectively  support object-oriented
programming  --  distributed  computing -- and massively parallel processors
now  --  and  ADA  9X  will  not  provide  many  capabilities already widely
available through C++ and parallel implementations of C.

We must  facilitate access for system developers to COTS computing languages
that  effectively  support  both  object-oriented  programming and massively
parallel  processing.   We  must  modernize  our current antiquated software
specification  procedures  to  permit  -- even mandate -- the best automated
methods available.

I have recently signed our correspondence to Emmett Paige, our new Assistant
Secretary of Defense for C3I, recommending development of a new strategy for
accommodation  of  new  software  practices  in a timely manner and relaxing
adherence  to policies originally adopted to enforce good practice that have
now become an anchor.

I propose  in  that correspondence to address process models -- design tools
--  languages  and documentation standards in an entirely new manner akin to
the  way  we  now  handle hardware, rather than through the glacial revision
process for our outmoded software documentation procedures and languages.

I have  volunteered  to  take  the lead in this adventure.  Included in this
strategy  should  be  measures  to  encourage  the  use of fourth generation
computer languages better suited than ADA and others of the third generation
to problem-oriented programming.  Explicit language features directed toward
timing -- security policy and task priority should be included -- as well as
generous  support  for  programming in new, diverse parallel and distributed
computing architectures.

Secondly, I  have  recommended to the Chief of Naval Research a focus in the
computer  technology techbase on technologies directed toward specifying and
producing correct, supportable and timely software.  As most costly software
faults are introduced during specification and early design, I have selected
this phase of development for special early emphasis.

My highest  priorities  are  the  following:  Formal  methods  for  software
specification  -- Formal methods for parallel and distributed computation --
and  specification - Driven prototyping methods.  ONR's level of support for
software  basic  research  in  these areas is adequate; however, exploratory
development  is  marginal and advanced development is inadequate to meet our

Once available,  these  specification  languages  --  automated verification
tools  --  and  advanced  prototyping  techniques  must be made available to
software  developers.  These new methods and the COTS software that supports
them must be fully supported in policy and procedure.

The matter  of  formal  methods  for  requirements  generation  and software
specification   merits  special  attention.   Increasingly  in  our  systems
assurance  is  the  watchword.  In mission planning, for example -- with the
diversity  and  sensitivity of many of our surveillance -- reconnaissance --
and  intelligence resources, multilevel security is essential.  In achieving
true trusted software at the B3 and higher levels that are necessary in this
process, very strict, formal software design rules must be followed.  Formal
methods technology is the keystone to achieving this level of assurance.

A second  example  may be even more compelling from a standpoint of cost and
system performance.  The combat system community has not migrated rapidly to
COTS  and  to  our  series of tactical advanced computers -- nor has it been
willing  to  connect its systems interactively with C3I systems.  The levels
of  assurance  required  in  weapon  systems are so demanding that they have
dwelt  in  a  self-contained system design and operational environment.  Now
that commercial hardware has advanced to the point that it should meet their
needs  for  survivability, formal software methods can bring them the degree
of  confidence  in  system  reliability  and performance assurance needed to
bring  them  fully  into an open-system environment -- both in design and in
operational  integration  with C3 systems.  This paradigm shift would result
in a major cost-saver and performance enhancer for Navy.

Thirdly, I  have  established  a  quality  management  board  to address the
software  development  process  from  top to bottom.  This board, comprising
member   of  my  staff,  the  Navy  Laboratories,  the  Academic  World  and
Software-Oriented  Industrial  Activities  such as the Software Productivity
Consortium  and  the  Software  Engineering  Institute, has begun already to
bring  about  a  new  strategy for military software development that I will
volunteer to DOD as the backbone of a new DOD-wide strategy.

A year  ago my irrepressible chief scientist showed you a slick viewgraph of
a  sleek -- streamlined -- hand-crafted Duesenberg -- complete with mahogany
trim  and  50  coats  of  hand-rubbed  lacquer -- the product of a coachwork
artist.   The  caption said "This is your brain".  He put beside it a grainy
black-and  white  photo of a model-T with the caption "This is your brain on
ADA".   The  point was that in order to make software affordable -- reliable
-- reproducible we were forced to design and configuration control processes
that  limited  performance and acceptability much as the Model-T was limited
by 1920s-era assembly-line technology.

Ladies and  gentlemen,  the  software  revolution  is  upon  us.  If we deal
successfully   with  the  software  technology  challenge,  we'll  have  the
performance  of  a Dusenberg at the cost and reproducibility of a Model-T --
the Twenty-First Century Lexus.  Thank you for your kind attention.

------- End of Forwarded Message