Rory166,
[...] As far as I know it is accepted practice to have software written by different teams for triplicate software flight control systems. Because you can never positively prove a software system is safe. Does this apply in some way to the quadruple battery charging system. Not that 4 is a suitable number for a voting system.
I don't know about the 787, but this is rarely done in practice, because it doesn't really work. It is far better to have very good requirements specifications and then system specifications derived from that, and then make one very good implementation, rather than have several, which are merely "good". The resources saved from having only one team of software engineers is best put to use getting the requirements and specifications right.
Boeing tried diversity on the 777 but had to abandon it, and independent academic research also showed that diversity did not work well in practice. See
this paper.
The most common error source is bad requirements, and since all diverse teams would be working from the same requirements, the software would contain many of the same errors. This is important, since it negates the whole point that diversely developed implementations would have different errors.
As far as I know, no airliner in wide use uses diversely developed software. All of them have had some problems, but none of them crashed because of flight control software problems, and the systems are generally extremely reliable. The only accident I know of concerns Qantas, where several severe injuries occurred when the flight control computers ordered an abrupt nose-down input resulting in a peak normal acceleraction of -0.8 G.
Bernd