OK, ancient here again....
In my days, when two 'halves' of a computer disagreed, it was "ping", " "boing", "click", and the (analogue) computer took itself off-line, with usually a blinking light on the CWS (central warning system) as well, and handed over to the pilot, who then had the choice of staying in manual, or engaging the standby on the 'other side'.
Only during the last minutes of an autoland, the failed computer would hand over automatically to n° 2, which would already be synchronised, and would already have been tested and found healthy.
It woiked well, mostly because the probability of two identical components on two sides failing in the same way within a few minutes could be shown to be in the order of 10-9 to 10-12, depending on the "time at risk".
From the little I know about DAFS, much the same was achieved initially with the two 'halves' using different processors, diifferent languages for the software, and different compilers.
Sure, if the software spec was wrong, there could still be problems, but that was no different in the analogue-and-logic world.
So what's happened since?
Leaving a computer in control of an aircraft while responding to "data spikes" gives me the cold shivers...... yet that seems what has been happening....
Can anybody elucidate....?
CJ