[addaon]

The POWER/PowerPC ISA is still widely used in safety-critical avionics, where a mature tool-chain exists for supporting DO-178 objectives.

In my opinion, an area of interest going forward into the next decade of more safety-critical software written by smaller and smaller orgs (e.g. eVTOL companies, sensor companies, etc) is continuing to push forward which objectives can be accomplished by formal means instead of primarily through testing.

An NXP or IBM processor might be great, and might be mature, and might be very well tested -- but I, as a safety-critical software developer, have little way of demonstrating that to certification authorities. The availability of open-source processor designs and, in the future, traceable and accountable conversion from those HDL designs to RTL, to masks, and then to silicon, gives a path to showing that portions of a processor are correct-by-design, and thus a path to the goal of showing that my machine-code-as-authored(-by-an-assembler) and machine-code-as-executed(-by-a-processor) semantics match.

[lkcl]

> The POWER/PowerPC ISA is still widely used in safety-critical avionics

and in the Mars Rover, which is a radiation-hardened 133mhz 32-bit Power ISA system.

[cruunchMuncher]

DO-178 objectives? You mean the same one used in 737 Max?

[addaon]

I'm not familiar with whether the 737 Max development used DO-178B or DO-178C; the latter is a successor to the former, but frames the development process significantly differently.

Any process can be used well or poorly, and DO-178C isn't really a process, it's a set of objectives that a process must accomplish. When used in good faith, I believe it can lead to software of higher quality than almost any other approach (although, to be fair, at higher software development cost than almost any other approach). That doesn't mean that chanting the document name and using hand-me-down rituals is sufficient to achieve high quality software, of course :-).