| avionicsr |
02-10-2015 01:12 PM |
Quote:
Originally Posted by RV7A Flyer
(Post 957896)
Although there is nothing wrong with having redundant devices/systems from different manufacturers, it is not necessarily true that it eliminates common-mode software errors. Experiments done by software safety researchers (ref. Leveson, et al.) demonstrate that n-version programming quite often results in the same "errors" in design and implementation by completely independent teams (given the same requirements). This is quite a controversial result, but it appears to be the case based on research into software systems safety.
|
As we all know, nothing in aviation is an absolute guarantee, but the likelihood of two independent systems suffering a failure that causes a reset at the exact same time is significantly lower than that of a single system resetting.
Rather than getting wrapped up in the miniscule details of software, research, and hardware, the point being made here is:
Due diligence in providing a safe, IFR platform means following the part 23 guidelines and providing an independent Attitude, Altitude, and Airspeed powered by an independent power source (independent backup battery is acceptable).
I personally, will not put myself or my family in a glass panel aircraft in IFR conditions, either certified or experimental, without a panel mount backup basic flight instruments with an independent power supply. Whether that backup power supply is an internal backup battery or pneumatic and vacuum makes no difference, as long as it's independent.
|