Originally Posted by
Mac the Knife
"You could even apply a (fourth redundancy!) reasonableness test on the alpha vane's sensor values by writing more software that applies plain old logical common sense: --> Can that high alpha value, seen all of a sudden, and when the airspeed is good, and when g's aren't being pulled, be a valid value of alpha?"
Well, I'm not a pilot but I have written a lot of laboratory/experimental software. Before a chunk of data is allowed into the record, it is compared with the expected value and trend over the last 5 minutes - if it is >(say)5x the expected value it gets discarded as anomalous and an interpolated value substituted. Inputs must be sanity checked before being accepted.
Having said that, writing more and more code can easily introduce race conditions and more corner-case results, so it is far from easy.
Mac
That is basically the idea. Except maybe the "trend" you refer to would be governed by basic kinematic relationships & differential equations used in the short term in the context of an aircraft.
In a real-time dynamic environment of an aircraft, we can apply estimation algorithms to do a better job at detecting which AOA vane is bad. Sanity checks, reasonableness tests, whatever you want to call it, that Artificial Intelligence is only used to find a bad sensor. That way, it would take multiple failures of more than one subsystem instead of just taking one lone AOA vane value to cause an accident.
Certainly to use any algorithm would require healthy air data & inertial boxes, and the sanity check algorithm would need to be disabled if those redundant systems were determined sick. Those all go into the FTA/FMEA mentioned.
In the past, I've seen sanity check algorithms experience resistance from old management. They think "we've never had to do that before" and "we don't know how the FAA would certify the sanity check" and "Don't cost the company extra expense or you're fired." types of arguments. They are very conservative. 'Split Cockpit' design philosophy here extended to nose-down trim authority, which I think crossed a safety line.