Originally Posted by
Tomaski
Real life does not go by script, nor is there any prohibition against multiple or ambiguous malfunctions.
Nice thoughtful post.
Not only is there
no prohibition against multiple or ambiguous malfunctions, but in some case
their occurrence is
by-design (intentional or not). Naively as SLF I assumed that this would
be identified by some sort of dependency-tree analysis at design-time, and their occurrence
identified and prevented if possible, or at least allowed for in operating procedures.
AoA-high failure seems to be a perfect example, leading to the triggering of things like UAS,
autopilot drop-out, stall-warnings, and inappropriate MCAS activation (in the absence of flaps
and other blocking states).