Guidelines and Test Methods

This category includes standards that relate to important issues such as avoiding vulnerabilities in programming languages. Other guidance and some test methods are included in this section as well.

ISO/IEC TR 10176:2003

Information technology - Guidelines for the preparation of programming language standards

ISO/IEC TR 10176:2003(E) provides guidelines for the preparation of Programming Language Standards.

Standards for programming languages are developed by many committees from many countries, with many different editors supporting the effort. ISO thus considered it necessary to develop guidelines so that these standards cover at least the following subjects:

Consistent terminology

Consistent structure

Syntax and semantics

Error and exception handling

Provisions of options

Presentation of source programs

Processor dependences

Binding strategies to functional standards

Conformance definition

Internationalization and support of multiple languages

Cultural convention related functionality

Use of expanded character repertoire for identifiers

User documentation

The constant additions to ISO/IEC 10646, the Universal character set, necessitate timely updates of ISO/IEC TR 10176 to allow the use of local scripts and characters in programming languages. Annex A of ISO/IEC TR 10176:2003 provides such an expanded collection of characters, recommended for use in programming languages.

ISO/IEC TR 10182:2016

Information technology - Programming languages, their environments and system software interfaces - Guidelines for language bindings

ISO/IEC TR 10182:2016 is based on experience gained in the standardization of two major areas in information processing. One area covers programming languages. The other area is composed of the services necessary to an application program to achieve a goal. The services are divided into coherent groups, each referred to as a SYSTEM FACILITY, that are accessed through a FUNCTIONAL INTERFACE. The specification of a system facility, referred to as a FUNCTIONAL SPECIFICATION, defines a collection of SYSTEM FUNCTIONS, each of which carries out some well-defined service.

Since in principle there is no reason why a particular system facility should not be used by a program, regardless of the language in which is written, is the practice of system facility specifiers to define an 'abstract' functional interface that is language independent. In this way, the concepts in a particular system facility may be refined by experts in that area without regard for language peculiarities. An internally coherent view of a particular system facility is defined, relating the system functions to each other in a consistent way and relating the system functions to other layers within the system facility, including protocols for communication with other objects in the total system.

However, if these two areas are standardized independently, it is not possible to guarantee that programs from one operating environment can be moved to another, even if the programs are written in a standard programming language and use only standard system facilities. A language binding of a system facility to a programming language provides language syntax that maps the system facility's functional interface. This allows a program written in the language to access the system functions constituting the system facility in a standard way. The purpose of a language binding is to achieve portability of a program that uses particular facilities in a particular language. Examples of system facilities that have had language bindings developed for them are GKS, NDL, and SQL (see Clause 3). It is anticipated that further language binding development will be required. Some system facilities currently being standardized have no language bindings and additional system facilities will be standardized. There is a possibility of n ╫ m language bindings, where n is the number of languages and m the number of system facilities.

The scope of this Technical Report is to classify language binding methods, reporting on particular instances in detail, and to produce suggested guidelines for future language binding standards.

Note that the language bindings and the abstract facility interfaces must have a compatible run time representation, but the abstract facility does not necessarily have to be written in the host language. For example, if the application program is using a Pascal language binding and the corresponding facility is written in FORTRAN, there must be a compatible run time representation in that operating environment. How this compatibility is achieved is outside the scope of these guidelines. This is generally a property of the operating environment defined by the implementor, and is reviewed briefly in this Technical Report.

ISO/IEC TR 10034:1990

Guidelines for the preparation of conformity clauses in programming language standards

Recognizing the dissimilarity of various language standards, the objective of this Technical Report is to provide guidelines for the preparation of conformity clauses for processors and conformity clauses for programs in language standards, together with an annex containing a checklist to aid in this preparation. It was not considered practical to provide model statements that would be suitable for inclusion in all language standards. Therefore, examples have been given to illustrate the type of Issues that should be addressed and it is anticipated that these will be adapted, where appropriate, for inclusion in a particular language standard.

It should be borne in mind when reading this document that not all concepts will be applicable to all languages. As examples, language standards do not all specify subsets or permit extensions, and elements that are fully specified by one language standard may be dependent on the processor in another.

ISO/IEC TR 19758:2003

Information technology - Document description and processing languages - DSSSL library for complex compositions

ISO/IEC TR 19758:2003 provides a DSSSL (ISO/IEC 10179:1996) library that makes it feasible to describe DSSSL specification for documents described by SGML (ISO 8879:1986) or XML (Extensible Markup Language).

The library can deal with some complex compositions programmed by a number of complicated DSSSL specification statements. Those compositions consist of the formatting objects: paper size, paper placement, unit, basic composition style, font, character size, headline, page number, note, inlinenote, emphasizing mark, superscript/subscript, word-length adjustment, character space adjustment, clause, list, table, heading, ruby, paragraph indentation, score, rule, and inline.

The DSSSL library contains the simple parameter data and the four files:

  • full parameter generator;
  • function set;
  • page model set;
  • flow object construction rules.

Their actual data are specified in ISO/IEC TR 19758:2003.

ISO/IEC TR 24718:2005

Information technology - Programming languages - Guide for the use of the Ada Ravenscar Profile in high integrity systems

ISO/IEC TR 24718:2005 gives a complete description of the motivations behind the Ada Ravenscar Profile, to show how conformant programs can be analysed and to give examples of usage. The profile is a subset of the Ada tasking model, restricted to meet the real-time community requirements for determinism, schedulability analysis and memory-boundedness, as well as being suitable for mapping to a small and efficient run-time system that supports task synchronization and communication, and which could be certifiable to the highest integrity levels. The profile has been designed such that the restricted form of tasking that it defines can be used even for software that needs to be verified to the very highest integrity levels.

ISO/IEC TR 24772-1:2019

Programming languages - Guidance to avoiding vulnerabilities in programming languages - Part 1: Language-independent guidance

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. Language-specific descriptions of these vulnerabilities are provided in other parts of the ISO/IEC 24772 series.

It is applicable to the software developed, reviewed, or maintained for any application.

This document does not address software engineering and management issues such as how to design and implement programs, use configuration management tools, use managerial processes, and perform process improvement. Furthermore, the specification of properties and applications to be assured are not treated.

Vulnerabilities are described in a generic manner that is applicable to a broad range of programming languages.

ISO/IEC TR 24772-2:2020

Programming languages - Guidance to avoiding vulnerabilities in programming languages - Part 2: Ada

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this document is applicable to the software developed, reviewed or maintained for any application.

Vulnerabilities described in this document present the way that the vulnerability described in ISO/IEC TR 24772-1 are manifested in Ada.

ISO/IEC TR 24772-3:2020

Programming languages - Guidance to avoiding vulnerabilities in programming languages - Part 3: C

This document specifies software programming language vulnerabilities to be avoided in the development of systems where assured behaviour is required for security, safety, mission-critical and business-critical software. In general, this guidance is applicable to the software developed, reviewed, or maintained for any application.

This document describes the way that the vulnerabilities listed in ISO/IEC TR 24772-1 are manifested or avoided in the C language.

ISO/TR 9547:1988

Programming language processors - Test methods - Guidelines for their development and acceptability

This Technical Report type 3 describes a methodology for determining whether a programming language processor possesses the required characteristics stated in the International Standard for the particular programming language for which it is intended.

IEC/TR 61131-8 Ed. 3.0 en:2017

Industrial-process measurement and control - Programmable controllers - Part 8: Guidelines for the application and implementation of programming languages

IEC TR 61131-8:2017(E) applies to the programming of program¡mable controller systems using the programming languages defined in IECá61131-3. The scope of IEC 61131-3 is applicable to this part.
 This document provides
 a)áá guidelines for the application of IEC 61131-3,
 b)áá guidelines for the implementation of IEC 61131-3 languages for programmable controller systems,
 c)áá programming and debugging tool (PADT) recommendations.
 For further information see IECá61131-4 which describes other aspects of the application of programmable controller systems, e.g. electromagnetic compatibility or functional safety. This third edition cancels and replaces the second edition published in 2003. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: This third edition is a compatible extension of the second edition. The main extensions are new data types and conversion functions, references, name spaces and the object oriented features of classes and function blocks (see listing in Annex B of IECá61131-3:2013). 



ISO/TS 10303-27:2000

Industrial automation systems and integration -- Product data representation and exchange -- Part 27: Implementation methods: Java TM programming language binding to the standard data access interface with Internet/Intranet extensions

This part of ISO 10303 specifies a binding of the Java1) programming language to application data modelled in EXPRESS, ISO 10303-11 and to the standard data access interface, ISO 10303-22. It also specifies an import and export mechanism for data according to the clear text encoding of the exchange structure, ISO 10303-21. A further extension is that SDAI repositories can be created, deleted and linked while the SDAI session is open. Dynamically linking SDAI repositories through a network like Internet or Intranet allows accessing and changing of remote data.

In addition to the scope of ISO 10303-22 the scope of this part of ISO 10303 contains:

  • creating, deletion and linking of the data repositories during an SDAI session;
  • specific support for linking a remote data repository through a network like Internet or Intranet;
  • convenience interfaces, classes, fields and methods suitable to this Java programming language binding;
  • implementation mechanisms for the handling of errors as specified in ISO 10303-22;
  • import from and export to the clear text encoding of the exchange structure as specified in ISO 10303-21.