This doesn’t happen “on a distro” because all of the different software functions are at different safety criticalities. The autopilot is (usually) level B, the air data system that delivers altitude and airspeed is level A, the navigation computer is level C (because pilots can still navigate without the aid of the computer). And so on.
At level C, the standard is statement coverage with unit tests. At level B, it’s decision coverage, covering every branch. And at level A, it’s modified condition / decision coverage, which is a lot more complex and expensive to write.
If you mix code for stuff at different levels, you have to develop the whole package to the highest level. Unless you can prove that the lower level code can’t interfere with the higher level code.
The easiest way to prove that is to put the different levels into different computers, so they’re only talking to each other on some digital bus interface. That’s called “hardware partitioning”. There’s also “software partitioning”, but it requires an operating system or supervisor layer to provide the guarantees, and that operating system has to be developed to the highest safety level that it handles.
Final result: you still see a lot of discrete computer boxes on airplanes. Various vendors have developed safety-critical OSes for main avionics computers, but they’re closed-source, and usually not based on Linux at all.
This doesn’t happen “on a distro” because all of the different software functions are at different safety criticalities. The autopilot is (usually) level B, the air data system that delivers altitude and airspeed is level A, the navigation computer is level C (because pilots can still navigate without the aid of the computer). And so on.
At level C, the standard is statement coverage with unit tests. At level B, it’s decision coverage, covering every branch. And at level A, it’s modified condition / decision coverage, which is a lot more complex and expensive to write.
If you mix code for stuff at different levels, you have to develop the whole package to the highest level. Unless you can prove that the lower level code can’t interfere with the higher level code.
The easiest way to prove that is to put the different levels into different computers, so they’re only talking to each other on some digital bus interface. That’s called “hardware partitioning”. There’s also “software partitioning”, but it requires an operating system or supervisor layer to provide the guarantees, and that operating system has to be developed to the highest safety level that it handles.
Final result: you still see a lot of discrete computer boxes on airplanes. Various vendors have developed safety-critical OSes for main avionics computers, but they’re closed-source, and usually not based on Linux at all.