49
$\begingroup$

I recently had a discussion with people who were active in the aviation industry and told me that one of the main languages/tools they use is Python.

On the other hand I have always known that people avoid C++ or eg Linux due to certification reasons for avionics. Certification is also one of the reasons you don't see AI and computer vision in C++ on aircraft. Yet, those people use Python all the time.

I didn't have (and never will have) the opportunity to ask why and for what they used it. Could someone explain why and for what people would still use Python although it may be very difficult to get it certified?

Improve this question
$\endgroup$
9
  • 12
    $\begingroup$ there are more computers on a plane than avionics, especially on a airliner. also there are more computer in the industry than ones on a airplane. they can write their website in php, their booking server in cobol, infotainment in java, or data base in sql, whatever. $\endgroup$
    – user3528438
    Commented Oct 12, 2017 at 3:45
  • 49
    $\begingroup$ Also, just because they use it doesn't mean they use it on the plane. I work on (less critical) embedded software and the whole test system is written in Python even though the actual software is in C. $\endgroup$
    – Stack Exchange Supports Israel
    Commented Oct 12, 2017 at 4:57
  • 9
    $\begingroup$ What do you mean by certified? $\endgroup$
    – LangeHaare
    Commented Oct 12, 2017 at 11:49
  • 60
    $\begingroup$ This is begging for a 'snakes on a plane' joke.... $\endgroup$
    – Roddy of the Frozen Peas
    Commented Oct 12, 2017 at 13:18
  • 8
    $\begingroup$ To add a further comment about C++, Lockheed specifically wrote a coding standard for its use on the F-35 program: stroustrup.com/JSF-AV-rules.pdf. So yes, C++ is used. $\endgroup$
    – Synchrondyne
    Commented Oct 13, 2017 at 20:38

3 Answers 3

Reset to default
105
$\begingroup$

Just because aviation developers use Python, does not mean that Python actually goes flying.

Lots of aviation development is about testing, stressing, validating, analyzing, and documenting the code that does go flying.

Python is an excellent language for all that validation work, even though it stays on the ground.

Improve this answer
$\endgroup$
15
  • 4
    $\begingroup$ Yep, Python is a common scripting language used with automating test equipment. The primary languages that I'm aware of that actually fly are Ada/SPARK, C/C++, and assembler $\endgroup$
    – selectstriker2
    Commented Oct 11, 2017 at 21:09
  • 11
    $\begingroup$ It isn't the language that causes certification issues. Things like dynamic memory, exception handling, inheritance, and function overloading can increase the amount of certification (verification) work needed. The biggest certification burden is when you use an RTOS rather than write for bare metal. $\endgroup$
    – selectstriker2
    Commented Oct 11, 2017 at 21:35
  • 4
    $\begingroup$ And just because code is flying does not mean it's safety critical. These days people are using iPads as part of their avionics setup - IPADS!! But these are normally used for navigation and charting - the iPad never gets to control any control surfaces or landing gear or anything mechanical $\endgroup$
    – slebetman
    Commented Oct 12, 2017 at 2:28
  • 5
    $\begingroup$ There are comprehensive guidelines puiblished for software development in C and C++. These prohibit using the more "troublesome" parts of the languages. See misra.org.uk/Publications/tabid/57/Default.aspx. Ada "seemed like a good idea at the time" but it has never become a mainstream language, which means the user base is (probably unsustainably) small - unless you believe it does have a long term future which you want to be part of, you would most likely avoid getting involved with it. $\endgroup$
    – alephzero
    Commented Oct 12, 2017 at 2:33
  • 24
    $\begingroup$ @LandonZeKepitelOfGreytBritn: "Plane C" - is that a deliberate joke? :-) $\endgroup$
    – psmears
    Commented Oct 12, 2017 at 8:55
34
$\begingroup$

As a software engineer who works at a defence company that develops and sells mission critical (but not safety critical) systems, I can confirm that there's a pretty even split between development in Ada (95) for our legacy products and various flavours of C/C++ for our new products. Development in both is of course done to the appropriate standards.

Python is largely limited to plugins for our IDEs or validation and verification activities (being used by both software and systems engineers).

Improve this answer
$\endgroup$
9
  • 5
    $\begingroup$ I enjoyed Ada 83 a lot when it was taught in my college, partly in order to create a level playing field for the students. I found that when I put its features to good use my programs were a lot less likely to crash than with C or C++. I find especially C++ extraordinarily toublesome as a language (and I have been using it for >20 years now, and read the last three standards -- ok, maybe that's why). C is not exactly safe but at least a small language which is easy to completely grasp (the language, not the libraries). So is Ada indeed phased out even in avionics? That would be sad. $\endgroup$
    – Peter - Reinstate Monica
    Commented Oct 12, 2017 at 12:59
  • 1
    $\begingroup$ @Peter The SPARK/Ada people claim it sees use in the EuroFighter and Rolls-Royce engines. I really like the idea of language provability, but it definitely seems like a niche feature. $\endgroup$
    – mbrig
    Commented Oct 12, 2017 at 17:50
  • 2
    $\begingroup$ @FreeMan I'd imagine that EuroFighter and Rolls use the U.S. DoD-developed Internet, too. :) DoD develops a lot of things. $\endgroup$
    – reirab
    Commented Oct 12, 2017 at 22:42
  • 2
    $\begingroup$ @mbrig Currently working on the Eurofighter so I can confirm, it's all over the Typhoon (and the Tornado). I believe it was mandated by the MOD way-back-when. $\endgroup$
    – T. Archer
    Commented Oct 13, 2017 at 6:50
  • 1
    $\begingroup$ @PeterA.Schneider: A major problem with C is that while the Standard notes that implementations often usefully expose documented features of the execution environment in cases where the Standard would otherwise impose no requirements, and low-level programming often requires use of such features, there's no standard means by which code can indicate that it requires e.g. the ability to use relational operations to test whether two pointers identify overlapping regions of storage. Linear-address systems will generally define a global transitive ordering relation among all pointers... $\endgroup$
    – supercat
    Commented Oct 13, 2017 at 19:27
14
$\begingroup$

There are three basic areas of coding for aviation engineers. Software code that runs on flight computers and other avionics equipment, software that formally verifies and creates that code, and scripting to automate informal work tasks. Python has different use cases in all of them.

First, for actual on-airplane software. There are different safety levels here and different required levels of testing. Python would be a nightmare to certify for a critical display, autopilot, or ground-proximity warning unit. C's lack of object-oriented programming and complaints when you abuse variable types may be annoying, but they also lead to easy verification that the software isn't doing something wrong behind your back. On the other hand, I've heard of noncritical systems like in-flight entertainment and maintenance even using systems like Windows NT.

Code generation and formal verification (the kind that's documented to prove to certification authorities that you won't, well, kill anyone), do have to be formally qualified sometimes. You can't just write a Python script to test all your software by simulation, formal methods, etc, then say to certification authorities that your Python script showed no problems. To be more specific, DO-330 provides guidance that if you're using a tool to replace DO-178 processes (like testing, code generation, or configuration control), then that tool needs to either be formally qualified or its output needs to be checked (yes, even if the output is more fool-proof then a human doing the same analysis).

Finally, a lot of engineers' jobs involve scripting, and there are few langugages more popoular right now for scripting than python. By scripting I mean solving problems like:

  • What issues am I working on in this area?
  • How do I add a description to a hundred files at once?
  • Is this criteria statistically different from that criteria?
  • How can I pull hundreds of lines of data from our database and dump it into a spreadsheet for my project engineer?
  • How can I email my boss every day asking for a promotion?

In these non-critical but quotidian affairs, python scripting can help wrangle lots of complex or repetitive tasks and make them manageable.

Improve this answer
$\endgroup$
9
  • $\begingroup$ I've seen more than a few airport terminals running Win NT - you can tell by the BSOD! (Yup, I've seen a few.) Of course, that's aviation related, but not aircraft specific. $\endgroup$
    – FreeMan
    Commented Oct 12, 2017 at 21:07
  • $\begingroup$ For sure we spend a good chunk of time writing fancy Excel spreadsheets full of VBA to process data! $\endgroup$
    – T. Archer
    Commented Oct 13, 2017 at 6:52
  • $\begingroup$ ...hacks away at that promotion script $\endgroup$
    – pipe
    Commented Oct 13, 2017 at 12:43
  • 2
    $\begingroup$ I like how you put "How can I email my boss every day asking for a promotion?" as a problem that needs a script to solve. Make sure that in those e-mails you point out the virtues of automation. :-) $\endgroup$
    – user
    Commented Oct 14, 2017 at 12:37
  • 1
    $\begingroup$ @leftaroundabout Yes, C has plenty of room for errors like NaN handling, initialization, and memory structures, but typically code generation for those is set up consistently enough to avoid issues (like avoiding dyanmic allocation and protections against divide by zero). OOP and loose typing, on the other hand, requires lots of complex structural coverage testing because its possible what you think is a Foo is actually an insidious Bar. See CAST-17 for example. $\endgroup$
    – RealAnswersNotAI
    Commented Oct 21, 2017 at 0:21

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .