slohmaier/demo-epb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

Initial commit: demo-epb v1.0 — Elektrische Parkbremse Demo

Browse Source 
Vollstaendige Demo des slohmaier Dev Process anhand einer EPB-Steuergeraet-
Software. Zeigt ASPICE 4.0 / ISO 26262-konforme Entwicklung im Monorepo.

Inhalte:
- 5 Plaene (PID, PM-, QA-, SWE-, Test-Plan) in Word, ausgefuellt mit
  EPB-spezifischen Inhalten
- 10 System-Anforderungen + 25 Software-Anforderungen (Doorstop-MD)
- 5 System-Architektur-Elemente + 10 Software-Architektur-Elemente
  mit PlantUML-Diagrammen und vollstaendigem Mapping
- 3 implementierte Komponenten (Apply Controller D, Actuator Driver B,
  Switch Debouncer QM) plus 7 Header-Stubs
- 28 Unit-Tests, alle gruen, mit Coverage- und MISRA-Build-Targets
- Audit-Artefakte: 1 Review-Protokoll, 1 Non-Conformity, 1 MISRA-Record
- Gitea-Actions-CI-Pipeline (validate.yml)
- Doorstop-Konfiguration fuer bidirektionale Traceability
- Generator-Skript fuer alle 50 Reqs/Arch-Elemente aus Strukturdaten
- README mit gefuehrter Tour fuer Prospects
This commit is contained in:
Stefan Lohmaier
2026-05-11 13:51:02 -07:00
commit 1855162e6d
92 changed files with 4116 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
arch/swe/SWA-001.md
+71
View File
@@ -0,0 +1,71 @@
---
active: true
derived: false
header: 'Safety Manager'
level: 1.1
normative: true
reviewed: null
links:
- SWE-007
- SWE-008
- SWE-009
- SWE-010
asil: D
---
# SWA-001: Safety Manager
## Verantwortung
Hoechste Sicherheitsschicht. Erkennt Motor-Aus, aktiviert Hill-Hold,
triggert Auto-Apply. Lebenswichtige Logik mit redundanter Pruefung.
## Statische Sicht
```plantuml
@startuml
package "Safety Manager" {
[Engine State Monitor]
[Hill-Hold Logic]
[Auto-Apply Logic]
}
[Safety Manager] ..> [Apply Controller] : Apply-Anforderung
[Wheel Speed Plausi] --> [Safety Manager] : v_vehicle
[Inclinometer Filter] --> [Safety Manager] : grade
@enduml
```
## Schnittstellen (Provided)
```c
Status safety_mgr_init(void);
void safety_mgr_step_50ms(const SafetyInputs* in);
```
## Dynamisches Verhalten
```plantuml
@startuml
[*] --> Idle
Idle --> HillHoldArmed : grade>5% & v=0 & brake
HillHoldArmed --> HillHoldActive : brake released
HillHoldActive --> Idle : v>2 km/h
Idle --> AutoApplyArmed : engine_off & v=0
AutoApplyArmed --> AutoApplyTriggered : t>=2s
AutoApplyTriggered --> Idle : applied
@enduml
```
## Ressourcen
- Stack: <= 256 B
- Worst-Case Timing: 200 us / Aufruf
## Mapping auf Anforderungen
| Anforderung | Wie abgedeckt |
|-------------|---------------|
| SWE-007 | engine_off + v<0.5 in step_50ms |
| SWE-008 | 2s-Filter und Trigger |
| SWE-009 | Hill-Hold-Aktivierung |
| SWE-010 | Brake-Released-Detektion |
arch/swe/SWA-002.md
+80
View File
@@ -0,0 +1,80 @@
---
active: true
derived: false
header: 'Apply Controller'
level: 1.2
normative: true
reviewed: null
links:
- SWE-001
- SWE-002
- SWE-003
- SWE-004
asil: D
---
# SWA-002: Apply Controller
## Verantwortung
Zentraler Controller fuer Apply, Hold und Release der Parkbremse.
ASIL-D-Kern der EPB-Software. Implementiert in `src/apply_controller.c`.
## Statische Sicht
```plantuml
@startuml
[Apply Controller] --> [Actuator Driver L] : apply/release
[Apply Controller] --> [Actuator Driver R] : apply/release
[Switch Debouncer] --> [Apply Controller] : sw_apply, sw_release
[Safety Manager] --> [Apply Controller] : auto_apply, hill_hold_request
[Apply Controller] --> [Display Manager] : status
[Apply Controller] <-- [Watchdog] : alive_check
@enduml
```
## Schnittstellen (Provided)
```c
Status apply_ctrl_init(void);
void apply_ctrl_step_50ms(const ApplyInputs* in);
EpbStatus apply_ctrl_get_status(void);
```
## Dynamisches Verhalten
```plantuml
@startuml
[*] --> Released
Released --> Applying : apply_request & v_low
Applying --> Applied : current_target_reached
Applied --> Releasing : release_request & preconditions_ok
Applied --> Applied : 50ms hold check (re-clamp if needed)
Releasing --> Released : release_complete
Applying --> Error : timeout > 1500ms
Releasing --> Error : timeout > 1200ms
Error --> Released : reset & no fault
@enduml
```
## Ressourcen
- Stack: <= 384 B
- Worst-Case Timing: 350 us / Aufruf
## Designentscheidungen
| Entscheidung | Begruendung |
|--------------|-------------|
| Statische Allokation, kein Heap | Determinismus, MISRA C 21.3 |
| State Machine | Einfacher zu verifizieren, deterministisch |
| 50ms Step-Funktion | Synchron zur Inclinometer-Abtastung |
## Mapping auf Anforderungen
| Anforderung | Wie abgedeckt |
|-------------|---------------|
| SWE-001 | Hold-Zustand mit periodischer Klemmkraft-Pruefung |
| SWE-002 | Watchdog-Pet im step_50ms |
| SWE-003 | sw_apply Input wird sofort ausgewertet |
| SWE-004 | Current-Target-Detektion via Actuator-Driver-Feedback |
arch/swe/SWA-003.md
+59
View File
@@ -0,0 +1,59 @@
---
active: true
derived: false
header: 'Actuator Driver'
level: 1.3
normative: true
reviewed: null
links:
- SWE-006
- SWE-013
- SWE-014
- SWE-015
asil: B
---
# SWA-003: Actuator Driver
## Verantwortung
Low-Level-Ansteuerung der beiden Aktor-Motoren. PWM-Generierung,
Strom-Messung, Overcurrent-Cutoff, Klemmkraft-Schaetzung.
Implementiert in `src/actuator_driver.c`.
## Statische Sicht
```plantuml
@startuml
[Apply Controller] --> [Actuator Driver]
[Actuator Driver] --> [Hardware PWM] : pwm_set
[Actuator Driver] <-- [Hardware ADC] : current_sample
[Actuator Driver] --> [Diagnostic Manager] : DTC
@enduml
```
## Schnittstellen (Provided)
```c
Status actuator_init(void);
void actuator_apply(ActuatorId id, uint8_t pwm_percent);
void actuator_release(ActuatorId id, uint8_t pwm_percent);
void actuator_stop(ActuatorId id);
ActuatorStatus actuator_get_status(ActuatorId id);
void actuator_isr_1khz(void); // Strom-Sampling
```
## Ressourcen
- Stack: <= 256 B
- Worst-Case Timing: 50 us / ISR
- Static RAM: 64 B pro Aktor
## Mapping auf Anforderungen
| Anforderung | Wie abgedeckt |
|-------------|---------------|
| SWE-006 | actuator_release fuer beide Aktoren parallel |
| SWE-013 | actuator_isr_1khz |
| SWE-014 | Overcurrent-Detektor in ISR |
| SWE-015 | Peak-Current-Tracking + lineare Klemmkraft-Schaetzung |
arch/swe/SWA-004.md
+28
View File
@@ -0,0 +1,28 @@
---
active: true
derived: false
header: 'Wheel Speed Plausibilisierung'
level: 1.4
normative: true
reviewed: null
links:
- SWE-022
- SWE-023
asil: B
---
# SWA-004: Wheel Speed Plausibilisierung
## Verantwortung
Aufbereitung und Plausibilisierung der 4 Wheel-Speed-Signale. Erkennt
Stillstand und plausibilisiert untereinander.
## Schnittstellen (Provided)
```c
Status wheel_speed_init(void);
void wheel_speed_step_10ms(const WheelInputs* in);
bool wheel_speed_is_standstill(void);
float wheel_speed_get_vehicle(void);
```
arch/swe/SWA-005.md
+25
View File
@@ -0,0 +1,25 @@
---
active: true
derived: false
header: 'Inclinometer Filter'
level: 1.5
normative: true
reviewed: null
links:
- SWE-024
asil: B
---
# SWA-005: Inclinometer Filter
## Verantwortung
Tiefpass-Filterung des Inclinometer-Roh-Signals fuer die Hill-Hold-Bewertung.
## Schnittstellen (Provided)
```c
Status inclino_init(void);
void inclino_step_10ms(int16_t raw_mdeg);
float inclino_get_grade_percent(void);
```
arch/swe/SWA-006.md
+32
View File
@@ -0,0 +1,32 @@
---
active: true
derived: false
header: 'Switch Debouncer'
level: 1.6
normative: true
reviewed: null
links:
- SWE-025
asil: QM
---
# SWA-006: Switch Debouncer
## Verantwortung
Software-Entprellung des EPB-Schalters. Liefert stabiles Apply / Release
Signal an den Apply-Controller. Implementiert in `src/switch_debouncer.c`.
## Schnittstellen (Provided)
```c
Status switch_init(void);
void switch_step_10ms(SwitchRaw raw);
SwitchState switch_get_state(void);
```
## Mapping auf Anforderungen
| Anforderung | Wie abgedeckt |
|-------------|---------------|
| SWE-025 | 50ms Debounce-Logik |
arch/swe/SWA-007.md
+27
View File
@@ -0,0 +1,27 @@
---
active: true
derived: false
header: 'Display Manager'
level: 1.7
normative: true
reviewed: null
links:
- SWE-020
- SWE-021
asil: QM
---
# SWA-007: Display Manager
## Verantwortung
Steuert LED am EPB-Schalter und CAN-Status-Frame an das Kombi-Display.
Empfaengt Status vom Apply-Controller.
## Schnittstellen (Provided)
```c
Status display_init(void);
void display_set_status(EpbStatus s);
void display_step_20ms(void); // 50 Hz CAN-Frame
```
arch/swe/SWA-008.md
+26
View File
@@ -0,0 +1,26 @@
---
active: true
derived: false
header: 'Diagnostic Manager'
level: 1.8
normative: true
reviewed: null
links:
- SWE-018
- SWE-019
asil: QM
---
# SWA-008: Diagnostic Manager
## Verantwortung
UDS-Diagnose nach ISO 14229: ReadDTC, ReadDataByIdentifier, RoutineControl.
## Schnittstellen (Provided)
```c
Status diag_init(void);
void diag_handle_request(const uint8_t* data, uint16_t len);
void diag_set_dtc(uint16_t dtc_id);
```
arch/swe/SWA-009.md
+19
View File
@@ -0,0 +1,19 @@
---
active: true
derived: false
header: 'Service Mode'
level: 1.9
normative: true
reviewed: null
links:
- SWE-016
- SWE-017
asil: QM
---
# SWA-009: Service Mode
## Verantwortung
Service-Modus fuer Werkstatt. Wird ueber UDS RoutineControl 0x31, Routine-ID
0x0301 aktiviert. Steuert Aktoren in Wartungsposition.
arch/swe/SWA-010.md
+26
View File
@@ -0,0 +1,26 @@
---
active: true
derived: false
header: 'Logger'
level: 1.10
normative: true
reviewed: null
links:
- SWE-018
- SWE-019
asil: QM
---
# SWA-010: Logger
## Verantwortung
Logging fuer Entwicklung und Service. Ringpuffer im RAM (1 KB) sowie
Persistenz im EEPROM bei kritischen Ereignissen.
## Schnittstellen (Provided)
```c
Status log_init(void);
void log_event(LogLevel lvl, uint16_t event_id, uint32_t param);
```