On 10/3/2014 8:43 AM, Sean Kelly wrote:
My point, and I think Kagamin's as well, is that the entire plane is a system
and the redundant internals are subsystems. They may not share memory, but they
are wired to the same sensors, servos, displays, etc.
No, they do not share sensors, servos, etc.
Thus the point about shutting down the entire plane as a result of a small
failure is fair.
That's a complete misunderstanding.
In NO CASE does avionics software do anything after an assert but get shut down
and physically isolated from what it controls.
I've explained this over and over. It baffles me how twisted up this simple
concept becomes when repeated back to me.
