Avionics and the compiler trust issue

by Marcel Beemster

In avionics and aerospace software development, trust alone is not enough.
Compilers are sophisticated tools, but because even the smallest defect in generated code could compromise safety, engineers are understandably reluctant to take compiler output at face value. That is why many organisations go the extra mile, checking generated assembly code in detail, to ensure it behaves exactly as intended.

The downside, of course, is that this approach comes at a cost.
Assembly code analysis is time-consuming, resource-intensive, and can quickly become a bottleneck in the certification process. In safety-critical domains where both rigor and efficiency matter, this creates real pressure on development teams.
From our perspective, we believe there is a better way. Some safety standards allow you to forgo separate assembly code analysis if you can demonstrate full source code compliance and are using a formally qualified compiler. In practice, this means the compiler is trusted to generate reliable assembly code from the fully tested source, which in turn reduces verification effort without compromising compliance or safety.

For avionics and aerospace software developers, this shift can make a big difference. It lightens the verification burden, shortens development cycles and still provides the evidence required for certification.
Most importantly, it ensures that safety remains front and centre, while harnessing the efficiencies modern toolchains and processes can bring. This question of trust goes to the heart of a much bigger challenge: how can we embrace modern C++ practices in avionics while still proving compliance to the highest safety standards? Whether it’s deciding how much verification is really needed at the assembly code level, or ensuring that features like templates, polymorphism and exception handling behave predictably, the underlying issue is always the same: balancing innovation with certification discipline.

This topic, along with broader challenges around C++ in safety-critical environments, will be the focus of our upcoming webinar with AFuzion, titled “Are YOUR C++ Objects Oriented for Safety Compliance?”, on 8 October 2025. We’ll explore how organisations can balance trust, efficiency and certification when developing software for regulated industries.

Marcel Beemster, CTO