Stefan Lohmaier
4351dfa4e1
Validate / build-and-test (push) Successful in 30s
- Implement Safety Manager (SWA-001, ASIL-D): Hill-Hold + Auto-Apply state machine, 13 unit tests - Update SWA-002 + SWA-001 link coverage so all SWE reqs are covered - New tool: tools/traceability.py — Markdown-frontmatter-basierter Traceability-Checker + HTML/JSON-Matrix-Generator (Doorstop-Format ohne Doorstop-Dependency) - New tool: tools/render_plantuml.py — extrahiert PlantUML-Bloecke aus arch/**.md und rendert via plantuml.com zu SVG - validate.yml: neue Steps Traceability-Check, Matrix-Publish, PlantUML- Render; uploaded als Gitea-Artefakte
82 lines
2.0 KiB
Markdown
82 lines
2.0 KiB
Markdown
---
|
|
active: true
|
|
derived: false
|
|
header: 'Apply Controller'
|
|
level: 1.2
|
|
normative: true
|
|
reviewed: null
|
|
links:
|
|
- SWE-001
|
|
- SWE-002
|
|
- SWE-003
|
|
- SWE-004
|
|
- SWE-005
|
|
asil: D
|
|
---
|
|
|
|
# SWA-002: Apply Controller
|
|
|
|
## Verantwortung
|
|
|
|
Zentraler Controller fuer Apply, Hold und Release der Parkbremse.
|
|
ASIL-D-Kern der EPB-Software. Implementiert in `src/apply_controller.c`.
|
|
|
|
## Statische Sicht
|
|
|
|
```plantuml
|
|
@startuml
|
|
[Apply Controller] --> [Actuator Driver L] : apply/release
|
|
[Apply Controller] --> [Actuator Driver R] : apply/release
|
|
[Switch Debouncer] --> [Apply Controller] : sw_apply, sw_release
|
|
[Safety Manager] --> [Apply Controller] : auto_apply, hill_hold_request
|
|
[Apply Controller] --> [Display Manager] : status
|
|
[Apply Controller] <-- [Watchdog] : alive_check
|
|
@enduml
|
|
```
|
|
|
|
## Schnittstellen (Provided)
|
|
|
|
```c
|
|
Status apply_ctrl_init(void);
|
|
void apply_ctrl_step_50ms(const ApplyInputs* in);
|
|
EpbStatus apply_ctrl_get_status(void);
|
|
```
|
|
|
|
## Dynamisches Verhalten
|
|
|
|
```plantuml
|
|
@startuml
|
|
[*] --> Released
|
|
Released --> Applying : apply_request & v_low
|
|
Applying --> Applied : current_target_reached
|
|
Applied --> Releasing : release_request & preconditions_ok
|
|
Applied --> Applied : 50ms hold check (re-clamp if needed)
|
|
Releasing --> Released : release_complete
|
|
Applying --> Error : timeout > 1500ms
|
|
Releasing --> Error : timeout > 1200ms
|
|
Error --> Released : reset & no fault
|
|
@enduml
|
|
```
|
|
|
|
## Ressourcen
|
|
|
|
- Stack: <= 384 B
|
|
- Worst-Case Timing: 350 us / Aufruf
|
|
|
|
## Designentscheidungen
|
|
|
|
| Entscheidung | Begruendung |
|
|
|--------------|-------------|
|
|
| Statische Allokation, kein Heap | Determinismus, MISRA C 21.3 |
|
|
| State Machine | Einfacher zu verifizieren, deterministisch |
|
|
| 50ms Step-Funktion | Synchron zur Inclinometer-Abtastung |
|
|
|
|
## Mapping auf Anforderungen
|
|
|
|
| Anforderung | Wie abgedeckt |
|
|
|-------------|---------------|
|
|
| SWE-001 | Hold-Zustand mit periodischer Klemmkraft-Pruefung |
|
|
| SWE-002 | Watchdog-Pet im step_50ms |
|
|
| SWE-003 | sw_apply Input wird sofort ausgewertet |
|
|
| SWE-004 | Current-Target-Detektion via Actuator-Driver-Feedback |
|