DozyWannabe

Hi b1lanc,

It's also been a long time since I was in Uni (B.Eng Software Engineering) and my old Engineering/Reliability Prof. had us study the Airbus methodology. As I recall, you've got the gist - but I think some of the specifics have been mixed up in translation.

It wasn't three teams, it was two, and it as far as I can recall it wasn't contracted out to different companies - I believe it was all in-house. The reason for this was because we're talking roughly 1984-88, and at the time all of the techniques they were using were pretty much on the bleeding-edge of what had gone before - though built on tried-and-tested principles, all the way down to algebraic engineering expressions that hurt my head to this day. Also, while I can't be certain that this was a motivation, one of the overriding goals of developing the FBW system was to provide an unprecedented level of commonality within their product range - keeping things in-house reduced the risk of losing that potential competitive advantage.

Also, as I understood things, dissimilar/differential implementation wasn't a matter of "find[ing] code exceptions" as much as it was aimed at reducing the risks of implementation errors in the code (as opposed to specification and/or design problems with the underlying logic) causing flight control problems - as I recall the code from both teams underwent multiple reviews and if a single similarity was found, one of the teams was tasked with finding a different implementation of the logic. In effect this was an extra "belt and braces" level of redundancy in the code layer - and interestingly, Boeing did not follow suit in this manner when developing the B777 (and later FBW types). The unparalleled safety record of the B777 could be used to argue that while dissimilar implementation was completely necessary for a pioneering effort, it might have been less so once the concept was proven.