7

It looks like many military/space/aviation instruments are programmed in Ada or Spark. Because these languages claimed and proved their safety. What if your system is not written in these languages? Will that influence FAA giving it the airworthiness certificate?

DJClayworth
  • 3,728
  • 17
  • 32
Westack
  • 351
  • 2
  • 5

2 Answers2

7

In my experience, the programming language selected is less important than other factors such as:

  • the development team's experience with the language.
  • the complexity of the product being developed
  • the safety criticality of the product, which, as Gerry pointed out, can drive the selection of a certified compiler
selectstriker2
  • 2,573
  • 1
  • 12
  • 24
  • 5
    That last bullet typically drives the discussion to the selection of the compiler(s) to be used, especially with DAL A software. Having an FAA qualified compiler; e.g., Greenhills or Wind River, will greatly simplify the verification effort. – Gerry Dec 08 '21 at 19:52
  • Cannot believe it, it really does. So a certified compiler means language selection. And the greenhills and windriver you mentioned must be costive propritery compilers, I must guess – Westack Dec 09 '21 at 06:23
  • 5
    Yes, Wind River and Greenhills development tools (which include a compiler) are not cheap. But trying to certify your code using a non-qualified compiler means a lot more work for you (schedule impact) with no guarantees and potentially even more expenses. And they also keep their tools up to date as the target processors evolve. Given that avionics can have a service life of 20 years or more there will be the need to update the products as components become obsolete. Having these tools means being able to recompile the old source code for the new targets with minimal effort. – Gerry Dec 09 '21 at 18:06
  • @Gerry I've seen validation on some lower assurance level, and my impression is that it involved quite a bit of cargo cult and missing the point, because nobody really understood what is required. People who really understand and can do the validations efficiently are few and far between, so not needing to find someone is always welcome. On the other hand, Space-X was apparently able to certify a hybrid (browser-based) UI for space flight, so competent people clearly can get almost any technology certified. – Jan Hudec Dec 09 '21 at 21:59
  • 1
    @JanHudec I won't disagree with you. In the SW development world, aerospace is a niche business. Working with the FAA, NASA and DoD has it's challenges. If you have the right people leading the effort, a good organization with solid processes and procedures in place, and regular communication with your certification authority it can all go relatively smooth. If not, it can be a real challenge. I've seen some pretty "creative" non-traditional solutions over the years get certified. It mostly comes down to money and your tolerance for risk (to the program). – Gerry Dec 10 '21 at 03:56
7

Software development for airborne systems is typically covered by DO-178C (C being the latest revision). When the certification authorities look at your project, they will be looking to ensure that you have met all of the objectives set out in this document, have documented processes to satisfy those objectives and evidence that you have followed them.

DO-178C does not mandate any particular language over another, it is all about process. As mentioned, using a qualified/qualifiable compilers allows you to claim credit for many of the objectives around source to object code traceability i.e. does the C code that I wrote match what the compiler output. There are cases where a compiler may optimise out certain decisions in the code depending on the optimisation settings. Developers have to understand these settings and stick within the guidelines set-out by the compiler developer.

If you don't have a qualified compiler, you will have to conduct the source-object code trace manually or use a qualified verification tool to check the output.

In addition to DO-178C there are a number of supplements including DO-332 which covers Object-Oriented programming techniques to support languages such as C++.

In short: The language doesn't matter as much as the process does.

scotty3785
  • 424
  • 4
  • 10