Is it safe to use dynamic allocations in a mission-critical / life-critical system, or should it be avoided?
If you are writing this sort of software you ought to have a big book for the specification you are conforming to (FAA, NATO, FDA, whatever) of what you can and cannot do, and it will tell you.
In general, however; no, since the systems you describe are very hard to prove correct. Although in life critical software normally there has to be hardware responsible to restarting the software if an error condition is signalled (ie, a watchdog timer that the software has to reset evert 100ms to prevent a hardware reset)
With critical software you want your system to have as deterministic behaviour as possible.
Dynamic memory, memory fragmentation, possible leaks, and in some corner cases (not too rare) misbehaviour of malloc will make it that much harder to gain 100% determinism.
That said, if part of your program (say an algorithm) requires dynamic allocation and you can prove that your memory allocation and de-allocation (free) will be deterministic (see valuable notes by RickNZ) then you're closer to having a deterministic system.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With