About

• Examples:

  • Avionics, medical devices, automotive, industrial control, space systems, nuclear, etc.

• Targeted qualities:

  • Predictability, correctness evidence, and process discipline.

  • Knowledge of deterministic behavior, verification, and safety standards.

• AdaCore - Dynamic Memory Management in Critical Embedded Software

  • From AdaCore - Papers

  • "Criteria that a memory management should meet".

  • "Rust, SPARK".

• SpeyTech - Dynamic Memory Safety Critical

  • "Static allocation eliminates these concerns by moving memory decisions to compile time. The cost is reduced flexibility and potential memory overhead."

  • "Certification standards increasingly recognize this trade-off. While few explicitly prohibit dynamic allocation, the verification burden it creates pushes safety-critical projects toward static patterns."

  • "Static allocation is not universally appropriate, but for safety-critical AI where certification is required, it offers a verification-friendly foundation."

• NASA - The Power of 10: Rules for Developing Safety-Critical Code

  • From 2006.

  • "3 - Do not use dynamic memory allocation after initialization".

Discussion

• Lifetimes lead me to arenas.

• Arenas lead me to not using dynamics; as it provokes leaks.

• Not using dynamics forces either comptime or runtime fixed size.

• Comptime fixed size removes the need for arenas, since there is no allocation.

• Runtime fixed size leads me to consider making everything comptime fixed size.

• Runtime fixed size can probably still exist for:

  • Strings.

  • Device specific information:

    • How many physical and logical threads are available.

    • Etc.