NASA writes mission-critical flight software in C. And the rules are absolutely INSANE.

@wvs · 2mo(edited)

TL;DR: NASA/JPL mission-critical code follows strict safety rules: no recursion, bounded loops, no post-init dynamic memory, small functions with assertions, all returns checked, zero warnings, daily static analysis, and tightly controlled pointer use.

https://x.com/adxtyahq/status/2021974597256843341

aditya (@adxtyahq)

NASA writes mission-critical flight software in C. And the rules are absolutely INSANE. > No recursion. Ever. > Every loop must have a provable upper bound. > No dynamic memory allocation after initialization. > Max ~60 lines per function. > Minimum 2 assertions per function. > Every return value must be checked. > Zero compiler warnings allowed. > Daily static analysis. Zero warnings there too. > No function pointers. > Restricted pointer dereferencing. This is how they write code at NASA / JPL for mission-critical systems.

Sign up to reply

1 Reply

wvs· 2mo(edited)

Stole some tricks here and added them to the Ralph loop setup. Some only apply to C.

innernette