May I remind the people that NASA used triple redundancy on the Apollo program, if no others. But they did not use three of the same computer. They used two IBM computers and one Rockwell International computer. That way if the code was bad in IBM it could still be good in the Rockwell computer, and of course the other way around holds true as well.
If the interface description is up to snuff for the computers there could and should be two different designs and a rule that both had to be in use on any given plane. And with CPUs being what they are TODAY any new design should feed all sensors to all computers through interfaces that don't fail if one of the computer input interfaces dies.
This sort of thing has been done before. NASA, if nobody else, has shown how.
I've run the failure analysis process looking for single point of failure events, I've used triple redundancy before. Specifically it is what keeps the GPS satellites on the "desired" frequency while on orbit despite Rb and Cs standard drift. And it should be noted that sometimes 'desired' is not nominal so that it's harder to plonk a missile down Jimmy Carter's toity when he was in the White House using GPS. (That was when it was initially designed and the chief reason for it. GPS accuracy enhancement is a fallout of the design.)
{o.o}