---
active: true
derived: false
header: 'Apply Controller'
level: 1.2
normative: true
reviewed: null
links:
  - SWE-001
  - SWE-002
  - SWE-003
  - SWE-004
  - SWE-005
asil: D
---

# SWA-002: Apply Controller

## Responsibility

Central controller for apply, hold and release of the parking brake.
ASIL-D core of the EPB software. Implemented in
`src/apply_controller.c`.

## Static view

```plantuml
@startuml
[Apply Controller] --> [Actuator Driver L] : apply/release
[Apply Controller] --> [Actuator Driver R] : apply/release
[Switch Debouncer] --> [Apply Controller] : sw_apply, sw_release
[Safety Manager] --> [Apply Controller] : auto_apply, hill_hold_request
[Apply Controller] --> [Display Manager] : status
[Apply Controller] <-- [Watchdog] : alive_check
@enduml
```

## Provided interfaces

```c
Status apply_ctrl_init(void);
void   apply_ctrl_step_50ms(const ApplyInputs* in);
EpbStatus apply_ctrl_get_status(void);
```

## Dynamic behaviour

```plantuml
@startuml
[*] --> Released
Released --> Applying : apply_request & v_low
Applying --> Applied : current_target_reached
Applied --> Releasing : release_request & preconditions_ok
Applied --> Applied : 50ms hold check (re-clamp if needed)
Releasing --> Released : release_complete
Applying --> Error : timeout > 1500ms
Releasing --> Error : timeout > 1200ms
Error --> Released : reset & no fault
@enduml
```

## Resources

- Stack: <= 384 B
- Worst-case timing: 350 us per call

## Design decisions

| Decision | Rationale |
|----------|-----------|
| Static allocation, no heap | Determinism, MISRA C 21.3 |
| State machine | Easier to verify, deterministic |
| 50 ms step function | Synchronous with inclinometer sample rate |

## Mapping to requirements

| Requirement | How covered |
|-------------|-------------|
| SWE-001 | Hold state with periodic clamping-force check |
| SWE-002 | Watchdog pet in step_50ms |
| SWE-003 | sw_apply input is evaluated immediately |
| SWE-004 | current-target detection via actuator-driver feedback |