The Ada95 Trustworthiness Study has resulted in three documents
that show how Ada95 can be used in the implementation of high
The main report,Guidance
on the Use of Ada95 in the Development of High Integrity Systems,concludes that Ada95 is appropriate for the development of high
integrity software, if its use is constrained in the recommended
ways. Constraints are needed because Ada95, like all programming
languages, contains features, characteristics, and interactions
between features that may have uncertain effects or be difficult
The three reports correspond to the three phases of the project.
The first phase established an analysis framework by reviewing the
requirements for high integrity systems. In this phase, ten
analytical categories, each with a rating system, were devised.
These are detailed in the report
Ada95 Trustworthiness Study: A Framework for Analysis.
The second phase of the project applied the criteria to the
Ada95 language. The resulting document,Ada95 Trustworthiness Study: Analysis of Ada95 for Critical Systems (Part 1) and (Part 2), contains the detailed ratings in its Appendix B.
The final phase of the project determined the necessary
constraints on the use of Ada95 in critical systems. The resulting
report follows the organization of the
Ada 95 Reference Manual. It identifies features that contribute to integrity and features
(or combinations of features) that should be avoided or used with
caution. Furthermore, the report identifies alternatives to
troublesome features, and discusses how the proposed restrictions
can be enforced. The guidelines appear in the report
Ada95 Trustworthiness Study: Guidance on the Use of Ada95 in the
Development of High Integrity Systems.