IS0/IEC JTC1/SC22/WG9 N 332 Proposed New Work Item: Guidance for the use of Ada in High Integrity Systems This New Work Item has been prepared with support of WG9. WG9 PROPOSAL FOR A NEW WORK ITEM Date of presentation of proposal: TBD Proposer: WG9 Secretariat: SC22 ISO/IEC JTC: 1 A proposal for a new work item shall be submitted to the secretariat of the ISO/IEC joint technical committee concerned, with a copy to the ISO Central Secretariat. Presentation of the proposal - to be completed by the proposer Guidelines for proposing and justifying a new work item are given in ISO Guide 26. For ease of reference an extract is given overleaf. ________________________________________________________________________________ Title (subject to be covered and type of standard, e.g. terminology, method of test, performance requirements, etc.) Guidance for the use of Ada in High Integrity Systems Scope (and field of application) Guidance on the use of the Ada programming language ISO/IEC 8652 (the Ada95 Reference Manual) within systems which require high integrity in the software. Purpose and justification - attach a separate page as annex, if necessary To ensure those producing high integrity applications can do so with confidence by following internationally agreed guidelines. Programme of work If the proposed new work item is approved, which of the following document(s) is (are) expected to be developed? _ _ a single International Standard _ _ more than one International Standard (expected number: ____) _ _ a multi-part international Standard consisting of ____ parts _ _ an addendum or addenda to the following International Standard(s) ................................................ _X_ a technical report, type 3 ........................... Relevant documents to be considered None, but New Project Acceptance Criteria included below. Cooperation and liaison Informal liason has been established with a number of international and national groups in the area of high integrity systems. It is not thought that formal liason is needed with any specific ISO group (other than SC22/WG9, of course). Preparatory work offered with target date(s) First working draft in November 1997. First CD ballot by July 1998. Final CD ballot November 1998. Signature _________________________________________ ________________________________________________________________________________ Will the services of a maintenance agency or registration authority be required? yes ____ no __X__ If yes, have you identified a potential candidate: N/A If yes, indicate name: ........................................... Are there any known requirements for coding? yes ____ no __x__ If yes, please specify on a separate page: Does the proposed standard concern known patented items? yes ____ no __x__ If yes, please provide full information at annex: N/A ________________________________________________________________________________ Comments and recommendations of the JTC secretariat - attach a separate page as annex, if necessary Comments with respect to the proposal in general, and recommendations thereon It is proposed to assign this new item to SC ________________________________________________________________________________ Voting on the proposal Each P-member of the ISO/IEC joint technical committee has an obligation to vote within the time limits laid down (normally three months after the date of circulation) Date of circulation _______________ Closing date for voting _______________ Signature of the JTC secretary _______________ FORM 3 (ISO/IEC) See overleaf [note => overleaf defines contents of fill-in-the-blanks above.] NP Acceptance Criteria: Proposed Guidelines Introduction This document is a copy of ISO/IEC JTC1 N4477, to which has been added, in italics, the relevant information on the proposed Guidelines. Principle for NP Acceptance The existing JTC 1 Directives (cl 6.2.1.3) require the commitment of five National bodies; in addition the criteria (proforma) defined in this paper shall also be satisfied. WG9 has active support from members from the following countries: Canada, France, Japan, Netherlands, UK, and USA. We are hoping for activity participation from Germany. Assumptions That the proposed NP acceptance criteria be applied at the initialization and the approval stages. That in accordance with existing procedures NP's may be initiated by SC's and or NB's. The working assumption was that the NP would be initiated by SC22, with support from UK, Canada and WG9. That SC's shall have a business plan which defines and justifies their work plan. Ada 95 is specifically designed to handle high integrity applications. Large high integrity applications almost always involve more than one country, and therefore international guidance is required which system certifiers can use. The system certifiers are often not Ada experts and therefore need guidance in which they can have confidence. Ada 95 is not currently being used for high integrity application, but this will change shortly. Hence it is important that the Guidelines are produced with a short period to satisfy the future requirement. That NP's shall fall within the scope of the JTC1 Business Plan and where applicable the SC Business Plan. That when a NP is initiated the proposer shall, in addition to existing requirements, complete the new proforma and submit it along with the NP. This proforma shall be circulated with the NP ballot. Existing proforma is at the front of this document. That NB's during the balloting stage understand that in case of serious doubt, giving a form negative vote would be helpful to ensure relevance and utilization of critical resources with JCT1. The HRG, a group working under WG9, has the resources to undertake this work. The JCT1 provide input and direction to emphasize these criteria as a new approach for NPl planning and NB balloting. That the JTC1 secretariat engage in modification to the JCT1 procedures related to NP's and their balloting. NB Procedure for NP Ballot The following proforma is proposed for providing evaluation criteria for NP acceptance. The procedure for NB determination of a NP ballot as in the existing procedure at the NB level. There is now with this proposal proforma additional information to aid NB's in their determination. The NB's when responding to the NP shall, where possible, relate any comments to the criteria assessments made by the proposer on the Proforma. Notes to Proforma Business Relevance. That which identifies market place relevance in terms of what problem is being solved and or need being addressed. There is an international market in high integrity software within aircraft, defence and railways systems (for instance). Many of these systems are being written in Ada. International Guidelines will directly support this market. A1. Market Requirement. When submitting a NP, the proposer shall identify the nature of the Market Requirement, assessing the extent to which it is essential, desirable or merely supportive of some other project. It is frequently the case that the prime contractor for a system subcontracts the high integrity software to another company, even in another country. If safety is involved, such as with aircraft, there will be a certification process involving a regulatory. Hence three parties are involved here, but with large projects many more parties need to work together in a framework which will produce a satisfactory product. For using Ada 95, it is thought that Guidelines are virtually essential. A.2 Technical Regulation. If a Regulatory requirement is deemed to exist - e.g. for an area of public concern, e.g. Information Security, Data protection, potentially leading to regulatory/public interest action based on the use of this voluntary international standard - the proposer shall identify this here. Almost all high integrity software is covered by some regulation. However, the actual regulations vary with the application domain (safety, security, etc) and industrial sector (defence, civil avionics, railways, etc). The proposed Guidelines are being designed to support all these regulations. B Related Work. Aspects of the relationship of this NP to other areas of standardization work shall be identified in this section. The Guidelines are totally dependent upon the Ada standard, ISO 8652. B.1 Competition/Maintenance. If this NP is concerned with completing or maintaining existing standards, those concerned shall be identified here. Sector-specific standards to be considered are such as: DO-178B (Civil avionics) CENELEC Draft prEN 50128 (European Railway signaling) IEC 880 (Nuclear) Interim DEFSTAN 00-55 (UK Defence) ITSEC (European Union IT Security) IEC 1508 (Generic Draft standard, part 3 is concerned with software) Informal contact has been established with most of the groups responsible for these standards. B.2 External commitment. Groups, bodies, or fora external to JTC1 to which a commitment has been made by JTC for cooperation and or collaboration on this NP shall be identified here. No formal commitments exist, but as noted above, informal contacts have already been made. B.3 External Std/Specification. If other activities creating standards or specifications in this topic area are known to exist or be planned, and which might be available to JTC1 as PAS, they shall be identified here. The only standard not part of the ISO/IEC/European Union standardization process is the Civil Avionics standard DO-178B, but no plan is known for this to be submitted to JTC1 as PAS. Technical Status. The proposer shall indicate here an assessment of the extent to which the proposed standard is supported by current technology. C.1 Mature Technology. Indicate here the extent to which the technology is reasonably stable and ripe for standardization. High integrity applications have been developed successfully in Ada 83, the previous Ada standard. This proposal will exploit the specific additions in the current Ada standard. C.2 Prospective Technology. If the NP is anticipatory in nature on expected or forecasted need, this shall be indicated here. The only anticipation is that of high integrity applications moving from Ada 83 to the current Ada standard. C.3 Models/Tools. If the NP relates to the creation of supportive reference models or tools, this shall be indicated here. It is expected that software suppliers will provides tools to assist in the application of the proposed Guidelines. D Any other aspects of background information justifying this NP shall be indicated here. None.