@Simon Sharwood - Re: So... Some thoughts.
Reckon that's so but also there are broader issues here; essentially they're issues that emerge from complexity.
To the point: the complexity of modern airliners like the Boeing 787 and Airbus A380 are such that it's just not possible in any practicable sense to cover every functional mode of operation, design limitation and failure mode let alone properly evaluate all their relevant parameters [design limitations/omissions, failure severity, event probability etc.] through rigorous state analysis and similar techniques.
Anyone familiar with state analysis will know that it's nigh on impossible to cover every aspect (design limitations, failure modes etc.) of a system as 'simple' as a domestic VCR let alone one as complex as a modern jet airliner–even a VCR's complexity is such that the computational problems are enormous. Just defining the parameters for such tests alone is problematic.
I'm not saying that these modern airliners aren't reliable, clearly they are but putting an exact measure on 'reliability' just isn't possible with today's state-of–the-art. The fact is we've still to rely on the best expertise that's available and this ultimately boils down to the combined expertise and experience of the engineers, designers and manufacturer's wherewithal etc.–not to mention bean-counters and budgets.
Let me give you an example: the well-publicized Qantas QF32 A380 [2010-11-04] engine failure. The Rolls-Royce T/900s each generates about 20 terabytes of monitoring data per hour yet this was 'insufficient' to give any forewarning of the failure. Moreover, after the failure–despite the many hundreds of thousands of sensors on the A380–the pilots still had insufficient (or perhaps inappropriate) monitoring for them to determine what failed sufficient to the extent necessary to safely navigate and land the plane.
Sufficient data was only gathered after a passenger reported damage to the wing and a pilot visually inspected the damage from the passenger's seat. With all of the A380's sophisticated monitoring, human intervention (a human sensor) was still necessary.
The issues that arise are complex and many but the essential ones are reasonably clear: we now know the exploding engine cut sensor and control lines thus cutting off essential data to the pilots. The question is why this eventuality wasn't allowed for in the original design (given that engines have previously failed/exploded and cut control lines long before this incident). Also, why didn't a state analysis pick up this issue beforehand in the early design phase?
Moreover, given the long history of control cable/hydraulics failures (by being severed) and leading to crashes [e.g.: UA FLT 232, (1989); AA FLT 96, (1972)], one has to speculate why in such a modern aircraft the few truly critical circuits weren't also backed up by wireless links (powered at sensor source). Same goes for why there were no iPhone-sized camera 'sensors' in critical places–for pilots to view the engines etc. (as we all know from our phones, this is pretty trivial these days).
Similarly, Airbus designers appear not to have taken into account the overwhelming levels of error messages generated in the cockpit by the computer-based information system. It was essentially useless, as the huge amount of data presented forced the crew to process the data manually and in a time of great stress and with very limited time. The pilots reported that at no time during their training had they ever had to experience this level of data overload–had it not been for the extremely professional crew the craft could have been lost. The problem with the status/fault monitoring is nothing less than a very significant ergonomic design failure. (It's a damning indictment, as there's seemingly no reason why this problem should not have been foreseen.)
Effectively, the design parameters, in sum, were passed to be an 'acceptable' risk but in practice they were not.
There's no doubt the QF32 incident raises serious concerns, and both the regulators and Airbus need to be put under the spotlight for a series of problems and events that compounded to considerably more than could ever just be attributed to force majeure alone. That said, what is even more key is that this incident clearly shows that our current understanding of complex systems is very limited. State analysis etc. as applied to large complex designs such as modern aircraft has a long way to go before it can be considered mature engineering. Designers need to heed this fact.
In my opinion, the chain of events that led to the QF32 incident is a brilliant encapsulated example of the same kinds of problems we all too often see in large computer systems, Windows, the internet etc. Perhaps we computer types should spend more time examining them.