Comment by jfim
10 hours ago
My guess is that it's to ensure that the UI logic crashing or hanging doesn't bring down the safety critical process.
10 hours ago
My guess is that it's to ensure that the UI logic crashing or hanging doesn't bring down the safety critical process.
The rendering of the safety-critical application was written completely in C using OpelGLSC (https://www.khronos.org/openglsc/) to render the GUI, and had to pass a formal validation suite (MISRA was the big one IIRC). Simply put, the safety critical application essentially was not allowed to "fail in an unsafe manner" in the DO-178 sense. Using javascript, or some c++ gui library was very much out of the question.
Fortunately, this was not an airborne platform, so failing safely was much simpler than what a true aviation stack or medical stack would need to do.