---
review-id: REV-001
project: demo-epb
date: 2026-05-11
type: Technical Review (ASIL-D code)
artefact: src/apply_controller.c (SWA-002)
status: Approved (with comments)
---

# Review Minutes REV-001

| Field         | Value                                |
|---------------|--------------------------------------|
| Review ID    | REV-001                              |
| Project      | demo-epb                             |
| Date         | 2026-05-11                           |
| Reviewer 1   | Stefan Lohmaier (self-review)        |
| Reviewer 2   | (Tech Lead, in real project)         |
| Artefact     | `src/apply_controller.c` v1.0        |
| ASIL         | D                                    |
| Status       | Approved with comments               |

---

## 1. Scope of review

- Code inspection of `apply_controller.c` + `.h`
- Check for completeness of the state machine (coverage against SWA-002)
- Check for MISRA compliance (Cppcheck report)
- Check of mapping tags (`@arch`, `@reqs`)
- Check of unit tests against the linked requirements SWE-001..SWE-004

## 2. Findings

| Nr | Severity  | Description                                                       | Action              |
|----|-----------|--------------------------------------------------------------------|---------------------|
| 1  | Minor     | The comment "/* @reqs SWE-005 */" consumes a requirement formally assigned to SWA-002 — mapping table confirms multi-assignment though. | Accepted with note in SWA-002 §8. |
| 2  | Major     | No explicit test for the behaviour "release during the RELEASING state is ignored". | Test added in follow-up PR.    |
| 3  | Critical  | `s_ctx.step_count` overflows after 2^32 * 50 ms = ~7 years. Overflow is harmless in the safe state (watchdog compares deltas) but should be documented. | Comment added in header. |

Critical finding 3 was raised as Non-Conformity NC-001 and closed in v1.1.

## 3. Check of mapping tags

```
@arch SWA-002      OK
@reqs SWE-001 SWE-002 SWE-003 SWE-004   OK
```

All four SWE requirements are covered by test cases in `tests/unit/test_apply_controller.c`:

| SWE     | Test function                                          |
|---------|---------------------------------------------------------|
| SWE-001 | `test_applied_holds_force`                              |
| SWE-002 | `test_watchdog_alive_counter`                           |
| SWE-003 | `test_apply_request_starts_applying`                    |
| SWE-004 | `test_applying_reaches_applied_on_target_force`         |

## 4. Coverage

| Metric              | Target     | Achieved  |
|---------------------|------------|-----------|
| Statement Coverage  | ≥ 90%      | 92.3%     |
| Branch Coverage     | ≥ 90%      | 91.0%     |
| MC/DC               | ≥ 80%      | 84%       |

Coverage report: CI artefact `coverage-html` (build #N).

## 5. Release decision

**Approved with comments.** Critical finding tracked as NC-001 separately. Recommendation for real project: second independent reviewer for ASIL-D.

---

*Single-person demo: self-review per documented checklist. In a real project, self-review for ASIL-D is not admissible (SWE Plan section 5).*