From: (FMCDave)
Organization: America Online, Inc. (1-800-827-6364)
Date:         30 Jun 95 03:47:17 
References:   1
Followups:    1
Next article
View raw article
  or MIME structure

Wow, this thread has gotten long.  How about another look at the same
Aircraft systems design is driven a great deal by the Functional Hazard
Analysis and the System Safety Analysis.  The FHA is used to categorize
all of the
"bad" things which can happen into one of four categories: Catastrophic,
Severe Major, Major, and Minor.   Catestrophic failures will likely affect
the continued safe flight of the aircraft.  The others have less impact.
So, each function ends up with its potential failures.  As these functions
are allocated to individual systems, those systems end up with a
criticality which is based on the worst case failure condition.  This
criticality drives the design of that system with regards to hardware
reliability and software design/testing (note: both availability and
misbehavior of the function must be considered).

The ability of the pilot to recognize, react, and mitigate aircraft
failures is also considered in the assignment of criticality of a system.
Some aircraft manufacturers tend to "take more credit" for the pilot than
others.  If a system must "recognize, react, and mitigate" a non-trivial
set of failure conditions; then it tends to become more complex (and prone
to error).  It is not always possible for design engineers to understand
all of the potential nuances and interactions of various failure
conditions and design the appropriate response.  It is much simpler to
take credit for the pilot (as backed up by written operational procedures
and training).

This is what drives a lot of the basic differences.
David Allen
Boeing Flight Management Systems
Opinions are mine and not Boeing's