Using Object Orientation in High Integrity Applications: A Case Study Alejandro Alonso 1 , Roberto L´ opez 1 , Tullio Vardanega 2⋆ , and Juan Antonio de la Puente 1 1 Departamento de Ingenier´ ıa de SistemasTelem´aticos Universidad Polit´ ecnica de Madrid, E-28040 Madrid, Spain 2 Directorate of Technical and Operational Support European Space Research & Technology Centre, 2200 AG Noordwijk, Netherlands {aalonso, lopezr, jpuente}@dit.upm.es, tullio@ws.estec.esa.nl Abstract. In this work we analyse the suitability of using object-ori- ented features in high integrity systems, and the interest of redesigning a system implementation to include these constructs. The analysis was based on retrofitting object-oriented programming into the pre-object oriented design of the OBOSS software package. The evaluation of the impact was measured in a number of ways. The implications of this approach, with respect to the requirements for high integrity systems are also discussed. The final conclusion is that in this particular case is not worthwhile retrofitting OOP. 1 Introduction OBOSS (On-BoardOperations Support Software) [8] is a software package that provides a reuse framework for on-board data handling systems in satellites. OBOSS was first produced as an evolution of a system used in flight and then used as baseline in several other flight projects. It was initially written in Ada 83, using special features available in the Aonix AdaWorld/ERC32 compilation system that implements some of the real-time capabilities of Ada 95. A modified version of OBOSS was successively developed [9]. The aim was to port OBOSS to Ada 95 [7] in a form compliant with the Ravenscar Profile [2] prescriptions. This version was tested with GNAT/ORK/ERC32. As part of the revisionwork,recommendationswereformulated,whichidentifiedareassuitable for further enhancement with object-oriented features, especially tagged types and dispatching operations. The GNAT/ORK compilation system [5] stems from the integration of two distinct components: the open-source Ada 95 GNAT compiler, currently sup- ported by Ada Core Technologies (ACT) [1], which constitutes the target-inde- pendent component of the product; and the Open Ravenscar Real–Time Kernel (ORK), an open-source, small-size, reliable and efficient kernel that implements the tasking model defined by the Ravenscar Profile. GNAT/ORK is currently availableonLinuxplatformsasacrosscompilationsystemtargetingtheERC32, a radiation tolerant version of the SPARC v7 computer architecture [3]. ⋆ Currently at the Universit`a degli Studidi Padova, Italy J. Blieberger and A. Strohmeier (Eds.): Ada-Europe 2002, LNCS 2361, pp. 357–366, 2002. c  Springer-Verlag Berlin Heidelberg 2002