You are using an outdated browser. Please upgrade your browser to improve your experience.
| Project No. | ISO/IEC TR 15942:2000 |
|---|
| Title | <p><b>1 Scope</b></p>
<p>This Technical Report provides guidance on the use of Ada when producing high integrity systems. In producing such</p>
<p>applications it is usually the case that adherence to guidelines or standards has to be demonstrated to independent bodies.</p>
<p>These guidelines or standards vary according to the application area, industrial sector or nature of the risk involved.</p>
<p>For safety applications, the international generic standard is [IEC 61508] of which part 3 is concerned with software.</p>
<p>For security systems, the multi-national generic assessment guide is [ISO CD 15408].</p>
<p>For sector-specific guidance and standards there are:</p>
<p><b>Airborne civil avionics</b>: [DO-178B]</p>
<p><b>Nuclear power plants</b>: [IEC 880]</p>
<p><b>Medical systems</b>: [IEC 601-4]</p>
<p><b>Pharmaceutical</b>: [GAMP]</p>
<p>For national/regional guidance and standards there are the following:</p>
<p><b>UK Defence</b>: [DS 00-55]</p>
<p><b>European rail</b>: [EN 50128]</p>
<p><b>European security</b>: [ITSEC]</p>
<p><b>US nuclear</b>: [NRC]</p>
<p><b>UK automotive</b>: [MISRA]</p>
<p><b>US medical</b>: [FDA]</p>
<p><b>US space</b>: [NASA]</p>
<p>The above standards and guides are referred to as Standards in this Technical Report. The above list is not exhaustive but</p>
<p>indicative of the type of Standard to which this Technical Report provides guidance.</p>
<p>The specific Standards above are not addressed individually but this Technical Report is synthesized from an analysis of their</p>
<p>requirements and recommendations.</p>
<p><b>1.1 Within the scope</b></p>
<p>This Technical Report assumes that a system is being developed in Ada to meet a standard listed above or one of a similar</p>
<p>nature. The primary goal of this Technical Report is to translate general requirements into Ada specific ones. For example, a</p>
<p>general standard might require that dynamic testing provides evidence of the execution of all the statements in the code of the</p>
<p>application. In the case of generics, this is interpreted by this Technical Report to mean all instantiations of the generic should</p>
<p>be executed.</p>
<p><b>ISO/IEC TR 15942:2000 (E)</b></p>
<p><b>2 </b>© ISO/IEC 2000 - All rights reserved</p>
<p>This Technical Report is intended to provide guidance only, and hence there are no ?shalls'. However, this Technical Report</p>
<p>identifies verification and validation issues which should be resolved and documented according to the sector-specific</p>
<p>standards being employed.</p>
<p>The following topics are within the scope of this Technical Report:</p>
<p>_ the choice of features of the language which aid verification and compliance to the standards,</p>
<p>_ identification of language features requiring additional verification steps,</p>
<p>_ the use of tools to aid design and verification,</p>
<p>_ issues concerning qualification of compilers for use on high integrity applications,</p>
<p>_ tools, such as graphic design tools, which generate Ada source code which is accessible to users.</p>
<p>Tools which generate Ada source code require special consideration. Where generated code may be modified or extended,</p>
<p>verification of the extensions and overall system will be assisted if the guidelines have been taken into account. Even where</p>
<p>modification is not planned, inspection and analysis of the generated code may be unavoidable unless the generator is trusted or</p>
<p>?qualified' according to an applicable standard. Finally, even if generated code is neither modified nor inspected, the overall</p>
<p>verification process may be made more complicated if the code deviates from guidelines intended to facilitate testing and</p>
<p>analysis. Potential users of such tools should evaluate their code generation against the guidance provided in this Technical</p>
<p>Report.</p>
<p><b>1.2 Out of scope</b></p>
<p>The following topics are considered to be out of scope with respect to this Technical Report:</p>
<p>_ Domain-specific standards,</p>
<p>_ Application-specific issues,</p>
<p>_ Hardware and system-specific issues,</p>
<p>_ Human factor</p> |
|---|
| Registration number (WIID) | 29575 |
|---|
| Scope | <p><b>1 Scope</b></p>
<p>This Technical Report provides guidance on the use of Ada when producing high integrity systems. In producing such</p>
<p>applications it is usually the case that adherence to guidelines or standards has to be demonstrated to independent bodies.</p>
<p>These guidelines or standards vary according to the application area, industrial sector or nature of the risk involved.</p>
<p>For safety applications, the international generic standard is [IEC 61508] of which part 3 is concerned with software.</p>
<p>For security systems, the multi-national generic assessment guide is [ISO CD 15408].</p>
<p>For sector-specific guidance and standards there are:</p>
<p><b>Airborne civil avionics</b>: [DO-178B]</p>
<p><b>Nuclear power plants</b>: [IEC 880]</p>
<p><b>Medical systems</b>: [IEC 601-4]</p>
<p><b>Pharmaceutical</b>: [GAMP]</p>
<p>For national/regional guidance and standards there are the following:</p>
<p><b>UK Defence</b>: [DS 00-55]</p>
<p><b>European rail</b>: [EN 50128]</p>
<p><b>European security</b>: [ITSEC]</p>
<p><b>US nuclear</b>: [NRC]</p>
<p><b>UK automotive</b>: [MISRA]</p>
<p><b>US medical</b>: [FDA]</p>
<p><b>US space</b>: [NASA]</p>
<p>The above standards and guides are referred to as Standards in this Technical Report. The above list is not exhaustive but</p>
<p>indicative of the type of Standard to which this Technical Report provides guidance.</p>
<p>The specific Standards above are not addressed individually but this Technical Report is synthesized from an analysis of their</p>
<p>requirements and recommendations.</p>
<p><b>1.1 Within the scope</b></p>
<p>This Technical Report assumes that a system is being developed in Ada to meet a standard listed above or one of a similar</p>
<p>nature. The primary goal of this Technical Report is to translate general requirements into Ada specific ones. For example, a</p>
<p>general standard might require that dynamic testing provides evidence of the execution of all the statements in the code of the</p>
<p>application. In the case of generics, this is interpreted by this Technical Report to mean all instantiations of the generic should</p>
<p>be executed.</p>
<p><b>ISO/IEC TR 15942:2000 (E)</b></p>
<p><b>2 </b>© ISO/IEC 2000 - All rights reserved</p>
<p>This Technical Report is intended to provide guidance only, and hence there are no ?shalls'. However, this Technical Report</p>
<p>identifies verification and validation issues which should be resolved and documented according to the sector-specific</p>
<p>standards being employed.</p>
<p>The following topics are within the scope of this Technical Report:</p>
<p>_ the choice of features of the language which aid verification and compliance to the standards,</p>
<p>_ identification of language features requiring additional verification steps,</p>
<p>_ the use of tools to aid design and verification,</p>
<p>_ issues concerning qualification of compilers for use on high integrity applications,</p>
<p>_ tools, such as graphic design tools, which generate Ada source code which is accessible to users.</p>
<p>Tools which generate Ada source code require special consideration. Where generated code may be modified or extended,</p>
<p>verification of the extensions and overall system will be assisted if the guidelines have been taken into account. Even where</p>
<p>modification is not planned, inspection and analysis of the generated code may be unavoidable unless the generator is trusted or</p>
<p>?qualified' according to an applicable standard. Finally, even if generated code is neither modified nor inspected, the overall</p>
<p>verification process may be made more complicated if the code deviates from guidelines intended to facilitate testing and</p>
<p>analysis. Potential users of such tools should evaluate their code generation against the guidance provided in this Technical</p>
<p>Report.</p>
<p><b>1.2 Out of scope</b></p>
<p>The following topics are considered to be out of scope with respect to this Technical Report:</p>
<p>_ Domain-specific standards,</p>
<p>_ Application-specific issues,</p>
<p>_ Hardware and system-specific issues,</p>
<p>_ Human factor</p> |
|---|
| Status | Standarts spēkā |
|---|
| ICS group | 35.060 |
|---|
