You should design the controller of a car lock. The controller is one of several modules in the car, which are connected via a CAN-bus, that sends signals between the modules.
The controller gets input from the remote car key, which can send the commands
key_lock. (The necessary encryption and security mechanisms are implemented between the car key and the key component, but not detailed here.) The controller send the signals
lock to the lock component. It can also detect if the car door was opened or closed, via the signals
door_closed. Below is a diagram that illustrates all components and the CAN bus.
The following are the functional requirements for the controller:
- R1.1: When the button
Unlockis pressed, the door is unlocked.
- R1.2: When the button
Lockis pressed, the door is locked.
- Assume that the controller starts in a state where the door is closed and the lock is locked.
The following signals are sent between the components via the CAN-bus:
- From Remote Key Controller to Car Lock Controller:
- From Car Lock Controller to Door Controller:
- From Door Controller to Car Lock Controller:
To send a signal, use method
send_signal('...') with the signal name as argument.
To react on the reception of a signal, simply write that signals as the trigger of a transition.
Design a state machine in draw.io for the Car Lock Controller that keeps track of the state of the door and the lock, and that implements the functional requirements from above.
Now, add the following functional requirement and create another version of the state machine. (Edit as a copy of the sheet.)
- R2.1: If a door is unlocked but not opened, it is locked again after 60 seconds.
This implies that we add a timer to the state machine with a transition reacting to it once the timer expires. We do this in the state machine below. It is important that we use the exit/stop_timer(t) action to state
closed_unlocked, to prevent a sequence where the user quickly opens the door, then closes it again, then the timer (which was not stopped) to expire and the lock to close. This is prevented by explicitly stopping the timer.
Another solution adds an additional state, here called
closed_unlocked_timed. This state covers explicitly that the timer is active, and we leave this state either by the timer expiration or by opening the door.