The F-35 fighter jet uses a special version of C++ that prohibits exception handling and recursive functions.


by

Alexander Gorlin

The F-35 fighter jets operated by the U.S. Air Force and the Japan Air Self-Defense Force are equipped with software coded in C++. This C++ code is written in accordance with a coding standard called the Joint Strike Fighter Air Vehicle C++ Coding Standards (JSF AV C++) . Google researcher Laurie Wired (Laurie Kirk) , who is also an expert in aircraft programming, explains the features of JSF AV C++.

Why Fighter Jets Ban 90% of C++ Features - YouTube


In June 1996, the European Space Agency launched the Ariane 5 rocket for the first time. However, the rocket exploded several tens of seconds after liftoff, resulting in a launch failure. The failure was believed to be caused by an unhandled exception in the rocket's software.



Like rockets, fighter jets also contain software containing complex code, and the number of lines of code increases exponentially with each generation of fighter jet. The F-35 contains nearly 10 million lines of code, so it was important to create a system for highly secure coding.



Fighter aircraft developed before the F-35 used a programming language called '

Ada ,' whose development was led by the US Department of State. However, by the time the F-35 was developed, Ada had already become obsolete, and C++ was adopted instead. JSF AV C++ is a coding standard developed to prevent failures like those of the Ariane 5 rocket, while still adopting C++.



The contents of JSF AV C++ are publicly available and are also available on the personal website of Bjarne Stroustrup, the creator of C++.

JOINT STRIKE FIGHTER AIR VEHICLE C++ CODING STANDARDS FOR THE SYSTEM DEVELOPMENT AND DEMONSTRATION PROGRAM
(PDF file) https://www.stroustrup.com/JSF-AV-rules.pdf



JSF AV C++ includes features that restrict C++ functionality such as 'exception handling,' 'recursive functions,' and 'dynamic memory allocation.'



Stroustrup's official website has

a FAQ page explaining why he banned exception handling in JSF AV C++: 'In real-time and safety-critical applications, such as air traffic control software, if a calculation takes too long, someone could die. For this reason, we need to guarantee response times, but the current tools do not guarantee response times for exception handling.'



LaurieWired explains the effectiveness of JSF AV C++ using the flight simulator '

X-Plane 12 ' and a homemade MFD (multi-function information display).



If the code did not comply with JSF AV C++, the system would become inoperable when an exception occurred. If the code complies with JSF AV C++, an error code is returned and the system can proceed to the next process even if an exception occurs.



The ideas behind JSF AV C++ have been passed down to later projects, and NASA has established an ecosystem called '

F Prime ' for creating safe embedded systems.



Additionally, in the automotive industry, a standards development organization called

AUTOSAR has been established, which inherits the same ideas as JSF AV C++.



However, JSF AV C++ is an outdated rule at the time of writing, so it is important to refer to the latest

C++ Core Guidelines .



The source code for the multi-function information display developed by LaurieWired is available at the following link, where you can compare

code that complies with JSF AV C++ and code that does not .

GitHub - LaurieWired/XplaneFlightData: Xplane Demo for JSF C++ Standard
https://github.com/LaurieWired/XplaneFlightData



The video also explains the differences by showing examples of JSF AV C++ compliant and non-compliant code.



Related Posts:

in Video,   Software,   Vehicle, Posted by log1o_hf