Re: Mirrored systems
"Most Boeing and Airbus fly-by-wire airliners have some form of dissimilar redundancy onboard."
Thanks for that Aviation Handbook reference.
Chapter 28 is an interesting read, but in the 2001 version I found [1], there was plenty of theoretical stuff I already knew a a bit about, without (afaict) it providing any examples of actual production systems using dissimilar redundancy [0]. So, citation(s) still welcome, thanks.
There are further chapters of the Aviation Handbook covering the 777, the A340, and other examples, but the copy I found no longer wants to play ball, so I don't know if those chapters describe real examples of dissimilar redundancy. I'd be delighted if they did.
Aircraft that use UK-designed engine control systems, including engines such as RB211, Trent, etc definitely do NOT use dissimilar redundancy in the engine controls, and never have done so in any production system (to the best of my knowledge).
Anyway you can have all the dissimilar redundancy you like in the avionics cabinets, but if the dual-redundant (two channels in one box, identical hw and sw) thing controlling the engines decides it wants the day off, and the other engines join it (e.g. due to a data-dependent fault), you're looking at another Gimli Glider (if you're lucky). No mechanical backup for the last decade or more either.
Don't get me wrong, dissimilar redundancy is a great concept, and as engineer and as occasional passenger I'd be delighted to see more of it. I just don't yet know of a single instance in commercial avionics where it is actually used, and I assume that's down to cost. I would love to know of a real live example or two.
All input gratefully received.
[0] Meaning dissimilar redundancy of computer systems. Critical sensors, such as airspeed, are required to be multiply redundant with dissimilar types. AF447 proves even that isn't enough on its own sometimes.
[1] http://www.davi.ws/avionics/TheAvionicsHandbook_Cap_28.pdf