Version 1.5 of ais/ai-00347.txt

Unformatted version of ais/ai-00347.txt version 1.5
Other versions for file ais/ai-00347.txt
!standard H.00          05-08-08 AI95-00347/04
!standard 1.1.2(13)
!standard 13.12(10)
!standard H.00(1)
!standard H.04
!standard H.04(2)
!class amendment 03-08-11
!status Amendment 200Y 03-10-23
!status WG9 Approved 03-12-12
!status ARG Approved 10-0-0 03-10-03
!status work item 03-08-11
!status received 03-08-11
!priority Medium
!difficulty Easy
!subject Title of Annex H
!summary
The name of Annex H is changed to High Integrity Systems to bring it in line with the term used extensively for these systems. Wording is introduced to make it clear that the Ravenscar profile is appropriate to high integrity systems.
!problem
Since 1995 the general term, high integrity systems, has become the standard way of identifying systems that have high reliability requirements and are typically subject to extensive amounts of static analysis. It subsumes terms such as safety and security. It is also true that the Annex does not identify any security specific issues and hence the current title is somewhat confusing.
One possible reading of the Annex is that no tasking features should be used in high integrity systems. There is a need to explicitly refer to the Ravenscar profile in this Annex.
!proposal
The HRG proposes the following word changes. WG9 has sanctioned the change to the title of this annex (June 2003 meeting).
!wording
Change 1.1.2(13) to * Annex H, "High Integrity Systems"
Change title of Annex H to High Integrity Systems
Change first sentence of H(1) to This Annex addresses requirements for high integrity systems (including safety-critical systems and security-critical systems).
Change title of H.4 to H.4 High Integrity Restrictions
Add the following sentence to the end of paragraph H.4(2) Pragma Profile(Ravenscar) applies in this Annex.
Change 13.11(10):
Restrictions intended to facilitate the construction of efficient tasking run-time systems are defined in D.7. {Restrictions intended for use when constructing high integrity systems}[Safety- and security-related restrictions] are defined in H.4.
!discussion
(See problem.)
!example
Not appropriate.
!corrigendum 1.1.2(13)
Replace the paragraph:
by:
!corrigendum 13.12(10)
Replace the paragraph:
30 Restrictions intended to facilitate the construction of efficient tasking run-time systems are defined in D.7. Safety- and security-related restrictions are defined in H.4.
by:
30 Restrictions intended to facilitate the construction of efficient tasking run-time systems are defined in D.7. Restrictions intended for use when constructing high integrity systems are defined in H.4.
!corrigendum H.00(00)
Replace the paragraph:
Safety and Security
by:
High Integrity Systems
!corrigendum H.00(1)
Replace the paragraph:
This Annex addresses requirements for systems that are safety critical or have security constraints. It provides facilities and specifies documentation requirements that relate to several needs:
by:
This Annex addresses requirements for high integrity systems (including safety-critical systems and security-critical systems). It provides facilities and specifies documentation requirements that relate to several needs:
!corrigendum H.04(00)
Replace the paragraph:
Safety and Security Restrictions
by:
High Integrity Restrictions
!corrigendum H.04(02)
Replace the paragraph:
The following restrictions, the same as in D.7, apply in this Annex: No_Task_Hierarchy, No_Abort_Statement, No_Implicit_Heap_Allocation, Max_Task_Entries is 0, Max_Asynchronous_Select_Nesting is 0, and Max_Tasks is 0. The last three restrictions are checked prior to program execution.
by:
The following restrictions, the same as in D.7, apply in this Annex: No_Task_Hierarchy, No_Abort_Statement, No_Implicit_Heap_Allocation, Max_Task_Entries is 0, Max_Asynchronous_Select_Nesting is 0, and Max_Tasks is 0. The last three restrictions are checked prior to program execution. Pragma Profile(Ravenscar) applies in this Annex.
!ACATS test
No test is needed.
!appendix

From: Alan Burns
Sent: Monday, August 11, 2003  8:20 AM

Here is a new AI from HRG that proposes the change in
the title of Annex H - is this the shortest AI? [This is version /01 - ED]

****************************************************************

From: Robert A Duff
Sent: Monday, August 11, 2003  8:51 AM

Perhaps, but I doubt if it will engender the shortest discussion.  ;-)

****************************************************************

From: Alan Burns
Sent: Monday, August 11, 2003  9:07 AM

Thats OK - shortest discussion is usually 'no way, next AI'.

****************************************************************

From: Robert Dewar
Sent: Monday, August 11, 2003  9:16 AM

I am sure someone has pointed this out, but this means that H is now
mnemonic (H for high integrity).

That means the HRG can now consider itself the high integrity Ada
rapporteur group

****************************************************************
Questions? Ask the ACAA Technical Agent