BOACCertainly the System must be predictable to not add extra issues specially when we are facing extreme conditions. And this "predictability" is intrinsically related to "testability" and in complex (feedback Systems) machines this will be ever an concern. (Naturally a concern for the designer and something that should be told to the operator).
A "forewarning" (perhaps technically feasible on AS issues) was just mentioned because could provide a faster understanding to the PF. Actually N805NW (A330-323) was equipped with an optional to "help" in this.
DW
The system was designed down to a worst-case scenario where one pitot had failed. The thought of two or more failing was thought to be exceptionally remote.
1) Current Pitotīs are just, sometimes, inadequate with a known limitation.
2) The simultaneously "failing" is because the mentioned, limitation.
The worst case scenario is just one failing?
Redundancy is "powerful" when critical elements do not fail simultaneously. And UAS cases show clearly simultaneous "failing" (due product limitation)
Question (yet posted earlier): Why they put this redundancy? For what reason? What benefit?
Simultaneous "failure" of critical elements should be reported immediately.