Annex H
(normative)
High Integrity Systems Safety and Security
1/2
{
AI95-00347-01}
{safety-critical systems}
{secure systems}
This Annex addresses requirements for
high
integrity systems
(including that
are safety
- critical
systems and or
have security
-critical systems) constraints. It provides facilities and specifies documentation
requirements that relate to several needs:
2
- Understanding program execution;
3
4
- Restricting language constructs whose
usage might complicate the demonstration of program correctness
4.1
Execution understandability
is supported by pragma Normalize_Scalars, and also by requirements for
the implementation to document the effect of a program in the presence
of a bounded error or where the language rules leave the effect unspecified.
{unspecified [partial]}
5
The pragmas Reviewable
and Restrictions relate to the other requirements addressed by this Annex.
6
1 The
Valid
attribute (see
13.9.2) is also useful in
addressing these needs, to avoid problems that could otherwise arise
from scalars that have values outside their declared range constraints.
6.a
Discussion: The Annex tries to provide
high assurance rather than language features. However, it is not possible,
in general, to test for high assurance. For any specific language feature,
it is possible to demonstrate its presence by a functional test, as in
the ACVC. One can also check for the presence of some documentation requirements,
but it is not easy to determine objectively that the documentation is
“adequate”.
Extensions to Ada 83
6.b
{
extensions to Ada 83}
This
Annex is new to Ada 95.
Wording Changes from Ada 95
6.c/2
{
AI95-00347-01}
The title of this annex was changed to better reflect
its purpose and scope. High integrity systems has become the standard
way of identifying systems that have high reliability requirements; it
subsumes terms such as safety and security. Moreover, the annex does
not include any security specific features and as such the previous title
is somewhat misleading.