Description of BS ISO/IEC TR 15942:2000 2000

This Technical Report provides guidance on the use of Ada when producing high integrity systems. In producing such applications it is usually the case that adherence to guidelines or standards has to be demonstrated to independent bodies. These guidelines or standards vary according to the application area, industrial sector or nature of the risk involved.

For safety applications, the international generic standard is [IEC 61508] of which part 3 is concerned with software.

For security systems, the multi-national generic assessment guide is [ISO CD 15408].

For sector-specific guidance and standards there are:

• Airborne civil avionics:[DO-178B]

• Nuclear power plants:[IEC 880]

• Medical systems:[IEC 601-4]

• Pharmaceutical:[GAMP]

For national/regional guidance and standards there are the following:

• UK Defence:[DS 00-55]

• European rail:[EN 50128]

• European security:[ITSEC]

• US nuclear:[NRC]

• UK automotive:[MISRA]

• US medical:[FDA]

• US space:[NASA]

The above standards and guides are referred to as Standards in this Technical Report. The above list is not exhaustive but indicative of the type of Standard to which this Technical Report provides guidance.

The specific Standards above are not addressed individually but this Technical Report is synthesized from an analysis of their requirements and recommendations.

1.1 Within the scope

This Technical Report assumes that a system is being developed in Ada to meet a standard listed above or one of a similar nature. The primary goal of this Technical Report is to translate general requirements into Ada specific ones. For example, a general standard might require that dynamic testing provides evidence of the execution of all the statements in the code of the application. In the case of generics, this is interpreted by this Technical Report to mean all instantiations of the generic should be executed.

This Technical Report is intended to provide guidance only, and hence there are no 'shalls'. However, this Technical Report identifies verification and validation issues which should be resolved and documented according to the sector-specific standards being employed.

The following topics are within the scope of this Technical Report:

• the choice of features of the language which aid verification and compliance to the standards,

• identification of language features requiring additional verification steps,

• the use of tools to aid design and verification,

• issues concerning qualification of compilers for use on high integrity applications,

• tools, such as graphic design tools, which generate Ada source code which is accessible to users.

Tools which generate Ada source code require special consideration. Where generated code may be modified or extended, verification of the extensions and overall system will be assisted if the guidelines have been taken into account. Even where modification is not planned, inspection and analysis of the generated code may be unavoidable unless the generator is trusted or 'qualified' according to an applicable standard. Finally, even if generated code is neither modified nor inspected, the overall verification process may be made more complicated if the code deviates from guidelines intended to facilitate testing and analysis. Potential users of such tools should evaluate their code generation against the guidance provided in this Technical Report.

1.2 Out of scope

The following topics are considered to be out of scope with respect to this Technical Report:

• Domain-specific standards,

• Application-specific issues,

• Hardware and system-specific issues,

• Human factor issues in the application (as opposed to human factors in the use of the Ada language which is in scope).

About BSI

BSI Group, also known as the British Standards Institution is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies certification and standards-related services to businesses.