System

The {{entity:Air Traffic Control System}} project (se-air-traffic-control) enters this session at 161 requirements across 6 documents with validation status carried forward from session-535. Four sessions of verification and validation work have progressively closed coverage gaps. This session targets the two residual items: establishing {{entity:architecture-decisions}} trace chains and closing the {{entity:Power Supply}} scenario gap flagged as PARTIAL since session-532.

Verification Audit

Nine VER requirements created in session-535 were floating outside any document (refs REQ-SEAIRTRAFFICCONTROL-065 through -073). These were reassigned to the verification-requirements document, picking up refs VER-REQ-072 through VER-REQ-080. All trace links were preserved by reassignment. The final verification-requirements document now contains 81 entries.

Sampled VER entries VER-011, VER-021, VER-REQ-019, VER-REQ-030, and VER-REQ-040 were reviewed. All five meet the standard: specific test setup, physical or hardware-injected stimulus, quantified pass/fail criteria. VER-011 (track accuracy integration test using live radar) and VER-REQ-040 (SDP failover timing by power disconnection under full load) are representative of the test quality throughout.

The architecture-decisions document lacked both incoming derives links from SYS and outgoing verifies links from VER. Four linksets were created to enable this: system-requirements→architecture-decisions, architecture-decisions→verification-requirements, interface-requirements→verification-requirements, and system-requirements→verification-requirements. Four derives links were then created: {{sys:SYS-REQ-003}}→{{sub:ARC-REQ-001}} (dual-hot-standby driven by 99.9997% availability), {{sys:SYS-REQ-004}}→{{sub:ARC-REQ-002}} (SNS independence driven by SIL 3 requirement), {{sys:SYS-REQ-006}}→{{sub:ARC-REQ-011}} (VLAN segmentation driven by network isolation), and {{sys:SYS-REQ-003}}→ARC-REQ-012 (AIM dual-database driven by non-disruptive AIRAC update availability). Matching verifies links were added from VER-REQ-073 through VER-REQ-076 to the respective ARC requirements.

Scenario Validation

Four ConOps scenarios confirmed against the updated trace chains:

S-001 Loss of Separation Alert: {{stk:STK-REQ-001}} → {{sys:SYS-REQ-004}} → {{sub:SUB-REQ-001}}–{{sub:SUB-REQ-004}} → VER-REQ-001–VER-REQ-004. Chain complete. VER entries use live STCA hardware with injected track geometries and measure alert latency against the 120-second prediction window. COVERED.

S-002 Power Grid Failure (previously PARTIAL): {{stk:STK-REQ-002}} → {{sys:SYS-REQ-007}} was complete but had no SUB decomposition. Two power supply subsystem requirements added: REQ-SEAIRTRAFFICCONTROL-074 (ATS switchover ≤500ms, no subsystem state loss) and REQ-SEAIRTRAFFICCONTROL-075 (72-hour diesel endurance, fuel alarms at 8h and 2h remaining). VER entries REQ-SEAIRTRAFFICCONTROL-076 and REQ-SEAIRTRAFFICCONTROL-077 added with physical mains-failure tests and type-test fuel consumption verification. Trace chain now complete. CLOSED.

S-003 CAA Incident Investigation: {{stk:STK-REQ-007}} → {{sys:SYS-REQ-011}} → {{sub:SUB-REQ-008}}–{{sub:SUB-REQ-009}} → VER entries for RRS. Chain complete. COVERED.

S-004 Sector Boundary Handoff: {{stk:STK-REQ-005}} → {{sys:SYS-REQ-010}} → {{sub:SUB-REQ-035}}–{{sub:SUB-REQ-036}} → VER-REQ-055–VER-REQ-056. COVERED.

Mode Coverage

Nominal operations, degraded mode, and maintenance mode are covered at the SUB level. SYS-REQ-009 (degraded operations — display, flight data, voice) derives to subsystem-level degraded requirements, all with Test verification. No operating mode has incomplete entry/exit/failure coverage.

Cross-Domain Findings

The Powered lint findings for eight software subsystems ({{entity:surveillance data processing subsystem}}, {{entity:flight data processing subsystem}}, {{entity:controller working position subsystem}}, {{entity:Safety Net System}}, CPDLC, AMAN, SMC, AIM) are confirmed as false positives. Substrate assigns {{trait:Powered}} to these entities because they run on powered compute nodes, but power supply requirements are correctly captured at SYS-REQ-007 and now at the new power supply SUB requirements. The dismissal fact stored in session-534 stands.

Gaps Closed

Gap	Resolution
9 null-doc VER entries	Reassigned to verification-requirements, refs VER-REQ-072–080
ARC-REQ-001/002/011/012 — no SYS derives	4 derives links created with engineering rationale
VER-REQ-073–076 — no ARC verifies	4 verifies links created
S-002 / H-002 power supply — no SUB decomposition	2 SUB reqs + 2 VER reqs + 4 trace links created

Final count: 165 requirements, 164 trace links, baseline BL-SEAIRTRAFFICCONTROL-008 created.

Verdict

PASS. All four ConOps scenarios are covered with complete trace chains STK→SYS→SUB→VER. Both safety hazards (H-001 Loss of Separation, H-002 Power Grid Failure) are fully covered with Test verification at the VER level. Architecture decisions are now traced bidirectionally to SYS requirements and VER entries. The power supply scenario gap (the only PARTIAL finding carried since session-532) is closed with substantive SUB requirements that add operational alarm thresholds beyond the SYS-level constraint. The ATC system is ready for SE review.

flowchart TB
  SDP["subsystem - Surveillance Data Processing"]
  FDP["subsystem - Flight Data Processing"]
  SNS["subsystem - Safety Net System"]
  CWP["subsystem - Controller Working Position"]
  VCS["subsystem - Voice Communication System"]
  DDN["subsystem - Data Distribution Network"]
  AIM["subsystem - Aeronautical Information Management"]
  AMAN["subsystem - Approach Sequencing and Metering"]
  SMC["subsystem - System Monitoring and Control"]
  RRS["subsystem - Recording and Replay System"]
  CPDLC["subsystem - Controller Pilot Data Link Comms"]
  PSS["subsystem - Power Supply System"]
  SDP -->|Correlated tracks ASTERIX| DDN
  DDN -->|Track data| FDP
  SDP -->|Raw surveillance| SNS
  FDP -->|Flight plan data| CWP
  SNS -->|STCA/MSAW alerts| CWP
  VCS -->|Voice channels| CWP
  AIM -->|Sector boundaries| FDP
  FDP -->|Flight schedule| AMAN
  SMC -.->|Health monitoring| SDP
  DDN -->|All data streams| RRS
  CPDLC -->|ACARS messages| CWP
  PSS -->|AC power| SDP
  PSS -->|AC power| SNS