Salute!
Be careful, CT, about assuming failure models are straightforward to develop when dealing with software that does more than put nice graphics on your screen or play music. The physical world has its own rules and failure modes. So when a software doofer that can control your physical machine, the failure modes get complicated. Feedback paths can be real tricky, and we are seeing a classic example with this example.
Additionally, the regression diagram for the early AB FBW model presented does not show the various flight control laws that are inhibited or modified or flat out fail. jez saying,
Gums sends..