Ada'95 for High Integrity Systems

With the rapid deployment of computerized systems throughout society, many organizations are now substantially dependent upon the correct and robust performance of these systems. Failure of computerized systems can result in consequences ranging from inconvenience through to substantial financial or personal damages. Consequently, there is an increasing demand for high integrity systems developed using "best practice." Best practice incorporates discipline, careful design and thorough analysis.

Not all language features, and not all designs, are amenable to the types of analysis demanded of high integrity development, nor are all features easy to use safely or efficiently. Developers need to understand how to use the language in ways that facilitate analysis and safety, and how to avoid error prone or hard to analyze features.

For high integrity systems, our analysis of various development standards identified four broad criteria: predictability, analyzability, traceability, and engineering. It is difficult to find a programming language that satisfies these criteria: analyzability and engineering support are not met in languages that are low-level; predictability, analyzability, and traceability are difficult to achieve in languages that are high-level and offer sophisticated features.

For a number of years, Ada has been the language of choice for the development of large high integrity software systems. The strong type checking, modularity, and support for checkable separate compilation provided excellent support for team design and implementation. Like other wide-spectrum languages, however, the full language has some features that are not suitable for use in high integrity systems.