Annex H
(normative)
High Integrity Systems
{
AI95-00347-01}
{safety-critical systems}
{secure systems}
This Annex addresses requirements for high integrity
systems (including safety-critical systems and security-critical systems).
It provides facilities and specifies documentation requirements that
relate to several needs:
Understanding program execution;
Reviewing object code;
Restricting language constructs whose usage might
complicate the demonstration of program correctness
Execution understandability is supported by pragma
Normalize_Scalars, and also by requirements for the implementation to
document the effect of a program in the presence of a bounded error or
where the language rules leave the effect unspecified.
{unspecified
[partial]}
The
pragmas
Reviewable and Restrictions relate to the other requirements addressed
by this Annex.
1 The
Valid
attribute (see
13.9.2) is also useful in
addressing these needs, to avoid problems that could otherwise arise
from scalars that have values outside their declared range constraints.
Discussion: The Annex tries to provide
high assurance rather than language features. However, it is not possible,
in general, to test for high assurance. For any specific language feature,
it is possible to demonstrate its presence by a functional test, as in
the ACVC. One can also check for the presence of some documentation requirements,
but it is not easy to determine objectively that the documentation is
“adequate”.
Extensions to Ada 83
{
extensions to Ada 83}
This
Annex is new to Ada 95.
Wording Changes from Ada 95
{
AI95-00347-01}
The title of this annex was changed to better reflect its purpose and
scope. High integrity systems has become the standard way of identifying
systems that have high reliability requirements; it subsumes terms such
as safety and security. Moreover, the annex does not include any security
specific features and as such the previous title is somewhat misleading.