Pilot Vehicle Interface... A human factors issue that has become its own engineering sub specialty in recent years.
Ahhh. Good subject.
Here we have two diagrams. On the left (best I can tell from the description, circa post 212) is Mike's EFI bus supply architecture. On the right we have the same system, with the addition of two diodes located (specifically) at the EFI bus connections.
First, a partial wire-by-wire fault check.
Left diagram.
Conditions, leftmost switch closed, in flight:
1 open: no power to EFI bus. PVI: Close right switch
1 short: left fuse pops, no power to EFI bus. PVI: in order, open left switch, close right switch. (closing right switch first causes unrecoverable failure, CRITICAL)
2 open: no power to EFI bus. PVI: close right switch
2 short: left fuse pops, no power to EFI bus. PVI: UNRECOVERABLE closing right switch pops right fuse. CRITICAL
The above notes are the
minimum PVI's specific to the circuit segment condition. Since the segment conditions are unknown to the pilot, the actual PVI for all failures would be (left switch off->right switch on->wait for a response->if no response, pump switch->ECU select switch)
Now the right diagram.
Conditions: BOTH power supply switches closed, in flight:
5 open: 7-8 supplies power. PVI: None
5 short: left fuse pops, 7-8 supplies power. PVI: None
6 open: 7-8 supplies power. PVI: None
6 short: left fuse pops, 7-8 supplies power. PVI: None
No power supply circuit problem results in power interruption; all failures are benign. The PVI following engine power failure would be (pump switch->ECU select switch). If the physical fuel system will allow both pumps to operate at the same time (aux pump ON for takeoff, the conventional PVI), the entire power interruption PVI becomes (flip ECU select switch).
When an additional component is necessary to design for fault tolerance, it is simply treated as a part of the circuit segment. In this example, an open diode is simply an open in segment 6 or 8. An internally shorted diode may be treated as a wire, which would negate its isolation benifit. In reality, if that isolation became necessary the diode will act like a fuse. For example, assume diode 6 will pass electrons both ways, and wire segment 6 shorts to ground. The diode will at as a fusible link, as shorted amps
in either direction would exceed its current capacity. No change to the wire-by-wire check.
Yes, addition of a second switch and wire is easy. But so is the addition of a short length of fuel tube to bypass a clogged fuel filter or a broken fuel fitting...
See where this can go if you're not careful?
Into a philosophy argument? I'd rather teach 'em how to fish.