I'd suppose it would depend on how graceful you want the abort
sequence. I've always been a fan of the safe on power-off, with all
your valves being spring return on loss of power. That way you could
just have a relay open and kill power to the vehicle which slams
everything into a safe position. Especially useful if your computer
gets into a bad state and wont sequence things properly anyway. You
could always side-along a graceful abort sequence that the computer
defaults to for normal abort cases, still leaving you the nuclear
approach if that system fails, or you have a need for a more immediate
shutdown.
On Thu, Feb 8, 2018 at 7:16 AM, Henry Spencer <hspencer@xxxxxxxxxxxxx> wrote:
On Wed, 7 Feb 2018, Robert Watzlavick wrote:
...I could also tailor the sequence based on the pre-abort conditions...
Broadly speaking, it's better if your emergency shutdown sequence isn't
dependent on prior conditions. Making it condition-dependent always amounts
to doing a case analysis of what you think the plausible cases are and how
best to respond, but you always miss the weird things that end up really
happening. Robust sequences that don't need assumptions about prior
conditions are better.
Henry