[SystemSafety] Safety and programming languages
Stefano Costa
stefano.costa at bluewind.it
Wed Mar 16 11:47:51 CET 2022
Totally agree and will think more about somehow advertising ADA and Rust
capabilities, might be worth trying and find nice needs for those
already. I know a lot of safety critical systems are based on C/C++
while should be built from more solid foundations, particularly when
starting from scratch as it's often the case of small drones (but also
electric aeroplanes...). This widely happens in automotive, where huge
investments are sometimes seen for tools and engineering efforts put
into C/C++ when other languages would reduce investments a lot.
But at the same time there's space for improving embedded development in
complex systems in situation (less interesting to this list's members)
where Safety is not an issue, while performance and defects-free is a
big concern.
Latest example in our portfolio of developments: refrigeration systems
for trucks. Very complex, an intersection of tens of state machines,
lots of mechanical parts that can fail in unpredictable ways and a
process to be taken under control. No safety in practical terms but very
expensive in case of failure.
On 15/03/22 20:14, Thomas Netter wrote:
> Ciao Stefano,
>
> If I remember correctly, Rust was discussed sometime ago on the list.
> Possibly the exchange can be found in the list's archives. Possible that
> Peter Ladkin was involved in the exchange.
>
> Although I'm no longer active in software development, I think the most
> important when selecting a language is whether you can hire developers
> and afford seeing them leave the company after a few years. I would
> assume that for safety critical system development, Ada would be in a
> better position than Rust. Adacore is just starting with this at the
> moment so there is still a long way to go.
> https://www.embedded.com/adacore-and-ferrous-systems-partner-to-develop-mission-critical-rust/
> Then there's the question of certification. Here again, Ada wins.
>
> I'm based in Zurich. I see that most drone and electric flight start-ups
> here use C/C++ rather than Ada. I don't think this is the safest choice
> and every time I hear that I think there will be a day of reckoning for
> their decision which I think is primarily guided by their lack of
> experience with Ada.
>
> Consequently, even if you are not specifically developing for
> transportation applications, I can imagine that if you state that your
> company codes in Ada you could gain a competitive and differentiating
> quality advantage with respect to all the others who stick to C/C++,
> which has a higher error rate per line of code. And Ada can easily
> interface with C/C++ libraries anyway.
>
> All the best,
>
> Thomas
>
>
> On 15/03/2022 19:40, Stefano Costa wrote:
>> Hope this is not too much too much a side/off topic.
>>
>> I'd like to hear from list members: percentage of deviation from C/C++
>> as a programming language for Safety Critical systems or products
>> development, based on your experience?
>>
>> Are Ada, Rust, etc. an option out of very specific context?
>>
>> We will for sure start using both Rust and ADA in the near future in
>> automotive and industrial w/Fusa, starting from context where our
>> client or partner is not dictating the rules about which language to
>> use. And going out of C/C++ is today a serious option.
>>
>> Thanks for sharing thoughts and experience.
>>
>
--
Stefano Costa
M +39 335 6565749
http://www.bluewind.it
More information about the systemsafety
mailing list