[erlang-questions] erlang in Air Traffic Management ?
Dominic Williams
xpdoka@REDACTED
Thu Mar 8 07:54:03 CET 2007
Hello Jeff,
> As a side question and really what I'm curious to know is
> what requirements, regulations, informal pressure is there
> that governs the use of certain languages, etc both in the
> aeronautics industry and other "high reliablity"
> industries?
When I was in the railway signalling industry a few years
ago, we applied Cenelec's EN 50128 standard. It defines 4
safety integrity levels (SIL), of which only 2 are really
used, 2 and 4. SIL 4 applies to the critical systems: the
ones that directly control signals, points and automatic
train control or automatic train protection. SIL 2 applies
to things like central control rooms, SCADA etc.
The standard doesn't stipulate explicitly which languages
can be used, but it does stipulate certain language features
that are required or prohibited. The traditional
interpretation of the standard is that at SIL4, only Ada can
be used, but at SIL2, C/C++ can be (and is) used, although
with some restrictions that can be addressed by coding
standards.
There is no doubt that, as far as the standard is concerned,
a good case can be made for Erlang (for SIL2 systems only):
it has many features that are recommended by the standard -
its only weakness is that it has automatic memory
management, but in practice C/C++ systems rarely manage to
avoid using dynamic memory (strongly discouraged, if my
memory serves me right, by the standard), so obviously a
garbage collector is better than doing malloc/free or
new/delete manually. But, in principle, one could (and
should) write a C/C++ system using only static and automatic
memory allocation - which you can't do in Erlang.
The real problem is that the industry is very conservative,
and there is great informal pressure not to do things any
differently from how they've been done in the past. There is
even a holy principle, whose name I forget, which is in the
standards, and basically means: we guarantee this is as
safe as (i.e. not worse than) previously designed systems.
Regards,
Dominic Williams
http://www.dominicwilliams.net
----
More information about the erlang-questions
mailing list