Merging legacy software into contemporary system design

As defense industry software developers transition from Ada to Java and upgrade their hardware, they must do so in a way that protects existing application software. Mixed language development tools that support real-time and safety-critical Java as well as stalwarts such as Ada and C provide a seamless upgrade path that enhances productivity while preserving legacy code.

The defense industry faces an increasing need to address military hardware obsolescence and the lack of support for aging software programs. Increasingly, the DoD and the defense contractors seek to migrate current applications onto new hardware and use contemporary programming languages to enhance system capabilities while preserving as much of the original software investment as possible. Enhanced versions of Java and multi-language development tools support such merging of legacy and contemporary software while reducing the risks and cost of system enhancement.

Ada's advantages over C/C++, Java

Military systems typically outlive by decades the technology used in their creation, making it exceedingly difficult to enhance or even maintain the system's capabilities. The problem is particularly acute for software written in the Ada language - once mandatory for military system design. Support for Ada development, in terms of tool availability and numbers of experienced programmers, lags far behind contemporary programming languages such as C, C++, and Java. As a result, many defense contractors seek to migrate such systems to a contemporary language basis to ease maintenance and future enhancement. At the same time, however, they want to minimize the cost of migration by reusing legacy software where possible and utilizing standards-based Integrated Development Environments (IDEs) instead of proprietary toolsets.

But contemporary languages do not adequately mirror capabilities and attributes built into Ada that are essential for military applications.

Ada was designed for embedded systems and includes real-time operation as well as the ability to directly access and manipulate the system's underlying hardware. Ada is also a "safe" language, with an architecture and tool set that prevent programming errors or detect them early in the development process.

Contemporary languages fall short in one or more of these attributes. Traditional Java lacks determinism and the ability to directly manipulate underlying hardware. Both C and C++ lack the programming safeguards, making these languages inherently unsafe and complicating military system development. Errors such as memory leaks or references to nonexistent objects can cause fatal system behavior in the field, yet easily escape detection during development of C and C++ programs. Larger aerospace and defense developers have found that they needed to add more than 250 design rules to C and C++ development to ensure robust software design.

Java gets real Ö and safe

The situation is improving, however, with the development of specialized Java profiles. Real-Time Java (RTSJ), available for several years now, addresses the determinism needs of real-time embedded systems and the hardware-level interface can be handled through C. In addition, Java as such includes safeguards and language features that support mission-critical system software development (see Table 1). These attributes make RTSJ similar to Ada in its ability to address military system requirements while leveraging the wide availability of Java tools and programmers.

Figure 1
(Click graphic to zoom by 1.7x)

There is also a new drive within the Java community to expand the language's applicability to safety-critical systems. The JSR-302 Expert Group is defining a "safety-critical" Java profile (SC Java). This subset of RTSJ eliminates many class libraries as well as functions such as garbage collection and dynamic class loading, which can make for unpredictable - and potentially unsafe - code execution; this also allows ready creation of programs that perform at the highest levels of reliability. The JSR-302 Expert Group is aiming to at least meet the requirements of the DO-178B standard, Level A, used for certifying avionics system software. A draft version of the safety-critical Java specification is expected to be released for review in mid-2008, with first implementations of SCJ by year's end.

Legacy migration is inevitable

A complete solution to the problem of legacy military systems must include more than an appropriate language; however, it must also support the reuse of code that is still effective. Rewriting applications in a new language can be risky because it invariably introduces change. Ada, for instance, uses objects while C does not, and C++ uses objects but in a different manner. Accommodating such differences can easily introduce behavioral changes into system operation. Rewriting code also triggers a need to retest the code, and testing for mission- and safety-critical systems can be laborious and expensive.

A key element for a complete migration solution, then, is a development environment that has the ability to mix legacy languages such as Ada, C and C++, and Java into a tightly coupled solution. Such tools, like DDC-I's Eclipse-based OpenArbor framework, allow each program element, in any language, to be able to call into the others; they also allow developers to compile and debug them simultaneously from the same session. Coupled with a robust language such as SC Java for future development, mixed-language development and debugging tools provide developers with an ability to reuse legacy software and merge it into contemporary language programs to maintain and enhance military systems at a reasonable cost.

Ole N. Oest is one of DDC-I's founders. He is a graduate of the Technical University of Denmark, and holds an MS in Electrical Engineering and a PhD in Software Engineering, with special interest in programming languages and compiler construction as well as formal specification and development of programs.