Hello - Coming up to speed on what makes Python Python, especially for flight critical concerns.
Looking for any and all information for the following:
(1) Use of Python for flight critical applications,
(2) Python coding standards like MISRS, JSF, Cert C, etc.,
(3) Coverage analysis tools like VectorCast, Rapita, etc. for MC/DC coverage,
(4) Deployment on RTOS like LynxOS, GreenHills, WindRiver, etc.
(5) Metrics for the Python Virtual Machine, e.g., SLOC, memory, etc.
Thanks again for welcoming me into the community to come up to speed.
Flight critical systems, eh? That sounds interesting. I am a recreational pilot. I am interested in how people apply software tech to flight.
You have a lot of questions, on a lot of different areas. You might get farther making a separate forum topic for each subject area. That will make the discussion threads more manageable. Also, you use a lot of buzzwords that I don’t recognise. Consider turning each buzzword into a link pointing to a webpage that explains the buzzword. That makes it easier for people to a) learn something interesting, and b) understand what you mean and related it to what they know.
I will have a go at giving what answers I think I can.
I have not heard of anyone doing this, in so many words. However, you might start by asking, do the developers of Python think it is designed for safety-critical work of any kind? Much use of Python is in personal computing or server computing which is not safety-critical. If bugs occur, the program might crash, and life goes on. I imagine that is not the standard appropriate for flight critical applications.
Flight/Safety Critical Coding Standard:
For C++, Bjarne Stroustrup (creator of C++) created the JSF Coding standard to avoid some of the concerning and problematic features of C++ for the flight critical Joint Strike Fighter (JSF) program, e.g. reference: https://www.stroustrup.com/JSF-AV-rules.pdf.
In addition RTCA DO-332, was created to further indicate the features of OO languages that should avoided for flight critical environments. Similarly, ISO 61508-7 for industrial safety clearly indicates that Java (an interpreted language) should not be used, and for many years folks tried to create a Real-time Safety Critical Embedded version of Java, so it could be used in flight and safety critical environments.
As a Python N00B, my first step was to determine if anyone has already gone down this road, failed, given up, and moved on to more productive things. Or, determine if someone is actively working this area, and determine what’s being done.
I’ve reached out to many of the RTOS (Real-Time Operating System) vendors, e.g., WindRiver, GreenHills, LynxOs, etc. to see what they might be up to since the compiler and Virtual Machine will need to work on their RTOS in many flight critical deployed situations. Thus far crickets or negative feedback from that front. Won’t extrapolate from that data point, but definitely interesting.
Thanks again for all thoughts and feedback and recommendations, as investigating the maturity of usage cases for Python, and what could be done to help improve.
For what it’s worth, the CPython interpreter has an execution model broadly similar to what you cite for Java: the source code is compiled to a bytecode, and the bytecode is interpreted by a runtime interpreter. There are also many differences. But, if what ISO 61508-7 had to say is that the interpreted bytecode nature of the Java model was the reason it should not be used, I have to imagine that the same objections might well apply to Python.
Note that there is a difference between Python, the programming language, and CPython, PyPy, IronPython, and various other implementations of the interpreter and runtime environment. It might be that someone made an implementation of a Python interpreter which is robust enough for real-time and safety-critical applications. If that were true, then it would simultaneously be correct that “Python” (the common CPython implementation) is no good for safety-critical work, while “XYZ Python” (a particular implementation) is acceptable for safety-critical work.
Hello - Coming up to speed on what makes Python Python, especially for flight critical concerns.
Looking for any and all information for the following:
(1) Use of Python for flight critical applications,
I’m not completely sure I think Python is the right language for this.
Python is undeniably a compelling language, and it is my first choice for most projects, but I wouldn’t want to risk a garbage collection delaying things during takeoff or landing.
You may find that the exception checking is better in Java. It still suffers from garbage collection though.
If you don’t mind going a little bleeding edge, Rust’s design is probably even better than Java. Rust manages to get along nicely without garbage collection OR memory leaks, and it has outstanding error checking - even better than Go.
(2) Python coding standards like MISRS, JSF, Cert C, etc.,
Tools not rules: mypy, pyflakes, pycodestyle, pydocstyle.
mypy in particular can go a long way toward making python pretty bulletproof. But there are still those dang exceptions that just aren’t checked for as well as on something like Java. One of the best ways of handling those in CPython, is to be specific about what exceptions you’re expecting, and catch only them down in the leaves of your call tree. Then have ONE broad try+except tnear the root of the call tree hat catches everything that wasn’t already caught, logs about it thoroughly, and tries to start the program over “from the beginning”.
(3) Coverage analysis tools like VectorCast, Rapita, etc. for MC/DC coverage,
coverage.py
(4) Deployment on RTOS like LynxOS, GreenHills, WindRiver, etc.
I’ve not heard of CPython running on such an OS.
(5) Metrics for the Python Virtual Machine, e.g., SLOC, memory, etc.
A rudimentary SLOC can be had with the *ix utility wc -l.
You may want to check into McCabe Cyclomatic Complexity too - EG Radon.
Thanks again for welcoming me into the community to come up to speed.
HTH.