Python and spacecraft onboard or ground control scripting

[Peter Hansen]

Dave Kuhlman wrote:
> 
> Cameron Laird wrote:
> > While I understand the observations that Python, Tcl,
> > and so on surely aren't safe enough for medical devices,
> > nuclear plants, air traffic control, military devices,
> > and so on, I have reasonably certain knowledge of instances
> > of each of these.
> 
> The idea that Python, Tcl, and so on aren't safe enough for medical
> devices sounds like conventional wisdom to me.  
[...]
> Are there examples and evidence that Python fails when applied to
> long-running, mission critical tasks?

No, and in fact there is significant evidence that Python is quite
suitable for long-running, mission critical tasks, as a number of
us have indicated here.  My group is writing applications which
are expected to run for years without stopping and we're by no
means the extreme.

> By the way, I write C++ code.  And, the idea that C++ code is safer than
> Python code seems screwy to me.  Can you say "seg fault"?  I thought so.

I would definitely write safety-critical code in Python before I
would write it in C++.

I would also spend *significant* (read very expensive) effort
qualifying the interpreter as a component in such a system before
I released my product.

There is nothing wrong with Python the language in a safety 
(even life) critical application.  There is, however, something 
wrong with ignoring the fact that the CPython interpreter has 
not been designed with these types of applications in mind and, 
more to the point, has not been carefully analyzed with such 
a use in mind.  There's nothing except the cost stopping anyone 
who wants to do this from doing so.  It's quite possible,
as suggested by Cameron's comments above, that some groups
have already done so (but for perhaps obvious reasons will
not be releasing any of their changes back to the community).

-Peter