MP1: languages for safety-critical software: issues and assessment

Level - Intermediate.

This intermediate-level tutorial is aimed at people with a technical background in software development. No previous experience with safety-critical standards is required. Some familiarity with one or more of C, C++, Ada, or Java would be useful.

Safety-critical systems (whose anomalous behavior could cause catastrophic or major failure involving loss of life) are becoming increasingly prevalent. Standards such as DO-178B, originally developed for commercial avionics, are attracting attention in other segments. The requirement to comply with such standards imposes constraints (on quality assurance, traceability, etc.) much beyond what is typical for Commercial-Off-The-Shelf Software. One of the major decisions that affects safety certification is the choice of programming language(s). Specific language features, either by their presence of absence, may make certification easier or harder. (Practicalities such as tool support and programmer experience are of course also important but are outside the scope of the tutorial).

This tutorial first summarizes existing safety standards, with a focus on DO-178B, and explains how they affect the requirements on a programming language. It specifically addresses the challenges imposed by Object-Oriented Technology and summarizes the work currently underway on DO-178C. The tutorial then assesses three language technologies - C (including C++), Ada, and Java - with respect to suitability for meeting these requirements through appropriate subsetting. MISRA C, SPARK, and the in-progress Safety-Critical Java Technology are specifically identified and reviewed.