Argument: A1.2.2.3.3.4.4.3.2.1.1.5 - The safe state actuation is simple

Argument A1.2.2.3.3.4.4.3.2.1.1.5 The safe state actuation is simple

Parent nodes:

Supports Argument: A1.2.2.3.3.4.4.3.2.1.1 Design and implementation of the Collision Avoidance SIF is adequate to prevent collision because...

Child nodes:

Has evidence Evidence: E1.2.2.3.3.4.4.3.2.1.1.5.1 Functional test report
Has evidence Evidence: E1.2.2.3.3.4.4.3.2.1.1.1.1.2.4.1 Design Justification Report (DJR)
Has evidence Evidence: E1.2.2.3.3.4.4.3.2.1.1.5.2 Non functional test reports

The propeller motor control is performed by a (standard) control algorithm which can be shown to be mathematically correct, can be specified and implemented by traditional software techniques. In addition, the same software includes a simpler algorithm to check the result of the primary algorithm against.

100% code coverage by test can be achieved:

statement coverage
decision coverage
data coupling and control coupling
MCDC

The safe state for the Collision Avoidance SIF is to remove the power to the propellers in <TBD> secs.