In the case of Flight 447, the designers of the flight control software had never anticipated a failure of all redundant pitot-static (airspeed monitoring equipment) systems; they simply had not exhausted all the absurd possibilities. And so their system defaulted to a simple catch-all drawer for things that possibly couldn’t happen: just stop ALL automation, sound an alarm, and let the humans figure it out.
When the alarm sounded, the rightly startled humans found themselves in the middle of a severe thunderstorm, with absolutely no indication of what was actually wrong.
The SOP for failed airspeed indicators is to trim the plane to a known pitch and power setting which keeps the aircraft in stable, level flight, and then figure out how to go from there. If the designers of the software had implemented a catch-all scheme that simply trimmed the aircraft and then alerted the crew that “we’ve got an instrumentation failure, but I’ve trimmed the aircraft within a stable flight envelope” then disaster would’ve been averted.
