ISO/IEC JTC 1/SC 22/WG 9 - Ada

This document specifies the form and meaning of programs written in Ada. Its purpose is to promote the portability of Ada programs to a variety of computing systems. This document specifies: — The form of a program written in Ada; — The effect of translating and executing such a program; — The manner in which program units can be combined to form Ada programs; — The language-defined library units that a conforming implementation is required to supply; — The permissible variations in conformance to the rules of this document, and the manner in which they are to be documented; — Those violations of the requirements of this document that a conforming implementation is required to detect, and the effect of attempting to translate or execute a program containing such violations; — Those violations of the requirements of this document that a conforming implementation is not required to detect. This document does not specify: — The means whereby a program written in Ada is transformed into object code executable by a processor; — The means whereby translation or execution of programs is invoked and the executing units are controlled; — The size or speed of the object code, or the relative execution speed of different language constructs; — The form or contents of any listings produced by implementations; in particular, the form or contents of error or warning messages; — The effect of unspecified execution; — The size of a program or program unit that will exceed the capacity of a particular conforming implementation.

1 Scope This Technical Report provides guidance on the use of Ada when producing high integrity systems. In producing such applications it is usually the case that adherence to guidelines or standards has to be demonstrated to independent bodies. These guidelines or standards vary according to the application area, industrial sector or nature of the risk involved. For safety applications, the international generic standard is [IEC 61508] of which part 3 is concerned with software. For security systems, the multi-national generic assessment guide is [ISO CD 15408]. For sector-specific guidance and standards there are: Airborne civil avionics: [DO-178B] Nuclear power plants: [IEC 880] Medical systems: [IEC 601-4] Pharmaceutical: [GAMP] For national/regional guidance and standards there are the following: UK Defence: [DS 00-55] European rail: [EN 50128] European security: [ITSEC] US nuclear: [NRC] UK automotive: [MISRA] US medical: [FDA] US space: [NASA] The above standards and guides are referred to as Standards in this Technical Report. The above list is not exhaustive but indicative of the type of Standard to which this Technical Report provides guidance. The specific Standards above are not addressed individually but this Technical Report is synthesized from an analysis of their requirements and recommendations. 1.1 Within the scope This Technical Report assumes that a system is being developed in Ada to meet a standard listed above or one of a similar nature. The primary goal of this Technical Report is to translate general requirements into Ada specific ones. For example, a general standard might require that dynamic testing provides evidence of the execution of all the statements in the code of the application. In the case of generics, this is interpreted by this Technical Report to mean all instantiations of the generic should be executed. ISO/IEC TR 15942:2000 (E) 2 © ISO/IEC 2000 - All rights reserved This Technical Report is intended to provide guidance only, and hence there are no ?shalls'. However, this Technical Report identifies verification and validation issues which should be resolved and documented according to the sector-specific standards being employed. The following topics are within the scope of this Technical Report: _ the choice of features of the language which aid verification and compliance to the standards, _ identification of language features requiring additional verification steps, _ the use of tools to aid design and verification, _ issues concerning qualification of compilers for use on high integrity applications, _ tools, such as graphic design tools, which generate Ada source code which is accessible to users. Tools which generate Ada source code require special consideration. Where generated code may be modified or extended, verification of the extensions and overall system will be assisted if the guidelines have been taken into account. Even where modification is not planned, inspection and analysis of the generated code may be unavoidable unless the generator is trusted or ?qualified' according to an applicable standard. Finally, even if generated code is neither modified nor inspected, the overall verification process may be made more complicated if the code deviates from guidelines intended to facilitate testing and analysis. Potential users of such tools should evaluate their code generation against the guidance provided in this Technical Report. 1.2 Out of scope The following topics are considered to be out of scope with respect to this Technical Report: _ Domain-specific standards, _ Application-specific issues, _ Hardware and system-specific issues, _ Human factor

1.1 This International Standard establishes requirements for certifying an assessment that an Ada language processor conforms to the requirements of the Ada language standard, ISO/IEC 8652. It places requirements on the organization that performs the assessment, the assessment procedures, and the test suite used in the assessment. Finally, it places requirements on the form for the certificate of conformity. 1.2 This International Standard concerns only the assessment of conformity to the language requirements of ISO/IEC 8652. It does not concern the assessment of any other characteristics of a language processor or of the construction process used by the manufacturer of the language processor. NOTE In the sense of [ISO/IEC Guide 23], the Ada language standard, ISO/IEC 8652, is to be regarded as a standard for a specific property rather than a comprehensive product standard. 1.3 This International Standard is intended to be primarily suitable for use by a third party authority although portions of it may also be applied by a supplier (first party) or by a user or purchaser (second party). 1.4 An Ada language processor may be claimed to conform to the requirements of ISO/IEC 8652 regardless of the application of this International Standard. This International Standard prescribes the method for obtaining a certification that an Ada language processor conforms to ISO/IEC 8652. Customers desiring to acquire a language processor certified as conforming should explicitly require that certification by citing this International Standard. 1.5 Certification should not be construed as guaranteeing that the certified product is free of non-conformities or defects; it only certifies that no evidence of non-conformity was found during the certification process.

The Ada Semantic Interface Specification (ASIS) is an interface between an Ada environment (as defined by ISO/IEC 8652:1995) and any tool requiring information from this environment. An Ada environment includes valuable semantic and syntactic information. ASIS is an open and published callable interface which gives CASE tool and application developers access to this information. ASIS has been designed to be independent of underlying Ada environment implementations, thus supporting portability of software engineering tools while relieving tool developers from needing to understand the complexities of an Ada environment’s proprietary internal representation. Examples of tools that benefit from the ASIS interface include: automated code monitors, browsers, call tree tools, code reformators, coding standards compliance tools, correctness verifiers, debuggers, dependency tree analysis tools, design tools, document generators, metrics tools, quality assessment tools, reverse engineering tools, re-engineering tools, safety and security tools, style checkers, test tools, timing estimators, and translators. This International Standard specifies the form and meaning of the ASIS interface to the Ada compilation environment. This International Standard is applicable to tools and applications needing syntactic and semantic information in the Ada compilation environment.

ISO/IEC 8652:2012 specifies the form and meaning of programs written in the programming language Ada. Its purpose is to promote the portability of Ada programs to a variety of computing systems. This third edition of ISO/IEC 8652 focuses on improvements in those user domains where safety and criticality are prime concerns. It enhances the functionality of containers, improves the ability to write and enforce contracts for Ada entities (for instance, via preconditions), and adds to the capabilities of Ada to perform on multicore and multithreaded architectures. Ada is designed to support the construction of long‐lived, highly reliable software systems. The language includes facilities to define packages of related types, objects, and operations. The packages may be parameterized and the types may be extended to support the construction of libraries of reusable, adaptable software components. The operations may be implemented as subprograms using conventional sequential control structures, or as entries that include synchronization of concurrent threads of control as part of their invocation. Ada supports object‐oriented programming by providing classes and interfaces, inheritance, polymorphism of variables and methods, and generic units. The language treats modularity in the physical sense as well, with a facility to support separate compilation. The language provides rich support for real‐time, concurrent programming, and includes facilities for multicore and multiprocessor programming. Errors can be signaled as exceptions and handled explicitly. The language also covers systems programming; this requires precise control over the representation of data and access to system‐dependent properties. Finally, a predefined environment of standard packages is provided, including facilities for, among others, input‐output, string manipulation, numeric elementary functions, random number generation, and definition and use of containers. Foremost in the design of Ada is the intent to increase the reliability of programs by compiletime checking and rejection of unsafe programs.

ISO/IEC TR 24717:2009 specifies the interfaces and behaviour of a common class library for managing sets of object references in COBOL. The purpose of ISO/IEC TR 24717:2009 is to promote a high degree of portability in implementations of the class library, even though some elements are subject to trial before completion of a final design suitable for standardization. ISO/IEC TR 24717:2009 builds on the syntax and semantics defined in ISO/IEC 1989:2002.

Is intended to define a standard Ada library for hard real time (HRT) to support application portability at the source level. This is intended for application software developers as well as for Ada real time executive developers.

Specifies the syntax and semantics of a database programming language, the SQL/Ada Module Description Language, SAMeDL. Does not define the Programming Language Ada nor the Database Language SQL. The SAMeDL is defined with respect to entry level SQL.