Originally Posted by
FrequentSLF
A gadget that has to be tested every time before use IMHO has a design flaw.
Not at all. In fact, it may well indicate that the gadget is perfectly well designed.
Checks of aircraft equipment functions are required (whether conducted per flight, by crews, or per 1,000s of hours by maintenance) are a consequence of a need to assure a given system reliability/availability. Given the competing system design demands for function when required and no nuisance failures, a regular check may be the only suitable approach.
Consider, for example a stall pusher system. It is necessary that it perform its intended function when necessary (i.e. 'push' at stall) but also necessary that it not push inadvertently. Failure to do the former, or doing the latter, are both critical cases. In order to ensure that the probability of an inadvertent push is sufficiently improbable, it's common to design a pusher system as dependent upon two independent inputs, and to require that both be commanding a 'push' before the push is initiated. But now, although the inadvertent push is addressed, we run the risk of a single channel failure disabling the 'push when required' case. The solution is to check, on a regular basis, that such a dormant failure is not present. The frequency of such checks is dependent upon the required failure mode probability to be achieved.
The alternative to having checks to address dormancy is to have systems with high levels of fault monitoring/detection, but that's an inherent increase in complexity, which isn't necessarily advantageous, and also again raises the system false warning rate.