Python for air traffic control?

[Bengt Richter]

On Tue, 03 Jul 2001 06:36:44 GMT, "Fredrik Lundh"
<fredrik at pythonware.com> wrote:

>Bengt wrote:
>>
>> I am wondering if using non-deterministic[1] memory allocation is
>> permissible in a safety-critical system.
>
>note that CPython uses reference counting, which is at least as
>deterministic as malloc/free or auto_ptr stuff.
>
Reference counting is one way to decide when it's ok to
free something, but UIAM it doesn't say much about the freeing
mechanism, or when that's actually going to be done, nor what
may or may not be guaranteed about the state of the pool
and the ability to satify future requests for space within
an acceptable delay time, or at all.

I would expect that malloc/free would not be permissible in a
safety-critical system, except perhaps restricted uses such as
pre-allocating static space during startup. Part of that space
might possibly be used for creating static pools of very well
controlled and analyzed reusable space, which could be allocated
and freed by specialized methods, as predictably in time and space
as a stack push in a fully defined context. Speaking of stacks,
no recursion, unless you could prove max stack depth (for which space
would have to be pre-allocated to handle proved worst case, I would
think).

>(if you keep feeding a CPython program the same kind of data, it
>tends to either leak all the time, or not at all).
>
>> What kind of testing could you specify to guarantee that code
>> would continue to run?
>
>I've built mission-critical, real-time Python systems.  With careful
>design, and a few months in a "sandbox" environment, such systems
>tend to run just fine.
>
I hear you, but do they sign off safety-critical systems on 'tend' ?

>And I'm pretty sure people doing safety-critical systems know a lot
>more about advanced testing than we do.
>
Sure hope so ;-/

>So I agree with Gordon: "Go for it (just be careful)."
>
Um, so where and when will this system first be operational?