☕️ Coffee Machine Example¶

This example demonstrates a complete traceability chain for a coffee machine system, from high-level requirements down to implementation and test cases.

The BrewMaster Pro 3000 is an advanced automatic coffee machine designed for commercial and high-end residential use. Featuring precision temperature control, customizable brew strength settings, and comprehensive safety mechanisms, it represents the cutting edge of coffee brewing technology. This document traces the complete development lifecycle from initial customer needs through verified implementation.

System Requirements¶

The system requirements capture the fundamental capabilities that the BrewMaster Pro 3000 must deliver to meet customer expectations and safety standards. These high-level requirements define what the system does from an external perspective, focusing on user-visible behavior and safety constraints. Each requirement has been derived from market analysis, customer feedback, and applicable safety regulations for household appliances.

Requirement: Brew Coffee REQ_BREW_COFFEE

status: open

tags: brewing, core

specified by: SWREQ_BREW_STRENGTH

The coffee machine shall be able to brew coffee with user-selected strength (weak, medium, strong).

Requirement: Heat Water REQ_HEAT_WATER

status: open

tags: heating, safety

specified by: SWREQ_TEMP_REGULATION

The coffee machine shall heat water to the appropriate temperature (85-95°C) for brewing coffee.

Requirement: User Interface REQ_USER_INTERFACE

status: open

tags: ui, usability

specified by: SWREQ_BUTTON_INPUT

The coffee machine shall provide a user interface with buttons for selecting coffee strength and starting the brewing process.

Requirement: Safety Shutdown REQ_SAFETY_SHUTDOWN

status: open

tags: safety, critical

specified by: SWREQ_OVERTEMP_SHUTDOWN, SWREQ_WATER_LEVEL

The coffee machine shall automatically shut down if the water temperature exceeds 100°C or if no water is detected.

Software Requirements¶

The software requirements section refines the high-level system requirements into detailed, implementable specifications for the embedded control system. The BrewMaster Pro 3000 runs on a custom Rust-based embedded platform with real-time capabilities, chosen for its memory safety guarantees, zero-cost abstractions, and excellent embedded systems support. These requirements specify precise timing constraints, control algorithms, and safety-critical behavior that must be implemented in software. Each software requirement is traceable back to one or more system requirements, ensuring complete coverage of customer needs.

SW_Requirement: Temperature Regulation SWREQ_TEMP_REGULATION

status: open

tags: control, heating

specifies: REQ_HEAT_WATER

implemented by: COMP_TEMP_CTRL

test_cases: TEST_TEMP_CONTROL, TEST_E2E_BREWING

The temperature control software shall monitor the water temperature sensor and regulate the heating element to maintain temperature between 85-95°C using PID control.

SW_Requirement: Over-Temperature Shutdown SWREQ_OVERTEMP_SHUTDOWN

status: open

tags: safety, critical

specifies: REQ_SAFETY_SHUTDOWN

implemented by: COMP_SAFETY_MON

test_cases: TEST_SAFETY_SHUTDOWN

The software shall continuously monitor water temperature and trigger an emergency shutdown within 100ms if temperature exceeds 100°C to prevent boiling and potential hazards.

SW_Requirement: Brew Strength Selection SWREQ_BREW_STRENGTH

status: open

tags: control, brewing

specifies: REQ_BREW_COFFEE

implemented by: COMP_BREW_CTRL, IMPL_BREW_STRENGTH

test_cases: TEST_BREW_STRENGTH, TEST_E2E_BREWING

The software shall implement brew strength selection by controlling the water flow rate and brewing time:

Weak: 180ml water, 3 minutes
Medium: 180ml water, 4 minutes
Strong: 180ml water, 5 minutes

SW_Requirement: Button Input Handler SWREQ_BUTTON_INPUT

status: open

tags: ui, input

specifies: REQ_USER_INTERFACE

implemented by: COMP_UI_MODULE

test_cases: TEST_BUTTON_DEBOUNCE, TEST_E2E_BREWING

The software shall process button inputs with debouncing and trigger appropriate actions (strength selection, start brewing, stop/cancel).

SW_Requirement: Water Level Monitoring SWREQ_WATER_LEVEL

status: open

tags: safety, monitoring

specifies: REQ_SAFETY_SHUTDOWN

implemented by: COMP_SAFETY_MON

test_cases: TEST_SAFETY_SHUTDOWN

The software shall continuously monitor the water level sensor and prevent brewing operations when water level is below minimum threshold.

Software Architecture¶

The software architecture defines the modular structure of the BrewMaster Pro 3000’s embedded control system. The architecture follows a layered approach with clear separation of concerns: safety-critical functions are isolated in dedicated modules, control algorithms are encapsulated for reusability, and user interface logic is decoupled from core brewing operations. This modular design enables independent testing, facilitates maintenance, and provides clear interfaces between components.

The architecture emphasizes fail-safe design principles. The Safety Monitor Module operates with the highest priority and can override all other subsystems. Module dependencies are carefully managed to prevent circular references and ensure deterministic behavior. The following diagram shows the architectural modules and their relationships:

Component: Temperature Controller Module COMP_TEMP_CTRL

status: open

tags: module, control

implements: SWREQ_TEMP_REGULATION

implemented by: IMPL_TEMP_STATUS_PROVIDER, IMPL_TEMP_CTRL_STATUS_PROVIDER, IMPL_SAFETY_CMD_CONSUMER, IMPL_SENSOR_DATA_CONSUMER

uses: INTF_SAFETY_CMD, INTF_SENSOR_DATA

provides: INTF_TEMP_STATUS, INTF_TEMP_CTRL_STATUS

sends: SEQSTART_07

sent by: SEQSTART_06

sends: SEQSHTDWN_03

sent by: SEQSHTDWN_02

Module responsible for PID-based temperature control. Interfaces:

Input: Temperature sensor (ADC)
Output: Heating element PWM control
Safety: Reports temperature status to Safety Monitor
Safety: Responds to emergency shutdown commands

$@startuml component "<size:12>Component</size>\n**Temperature**\n**Controller**\n**Module**\n<size:10>COMP_TEMP_CTRL</size>" as COMP_TEMP_CTRL [[../coffee-machine/index.html#COMP_TEMP_CTRL]] #3498db node "<size:12>SW_Requirement</size>\n**Temperature**\n**Regulation**\n<size:10>SWREQ_TEMP_REGULATION</size>" as SWREQ_TEMP_REGULATION [[../coffee-machine/index.html#SWREQ_TEMP_REGULATION]] #a8f578 interface "<size:12>Interface</size>\n**Safety Command**\n**Interface**\n<size:10>INTF_SAFETY_CMD</size>" as INTF_SAFETY_CMD [[../coffee-machine/index.html#INTF_SAFETY_CMD]] #16a085 interface "<size:12>Interface</size>\n**Sensor Data**\n**Interface**\n<size:10>INTF_SENSOR_DATA</size>" as INTF_SENSOR_DATA [[../coffee-machine/index.html#INTF_SENSOR_DATA]] #16a085 interface "<size:12>Interface</size>\n**Temperature**\n**Status**\n**Interface**\n<size:10>INTF_TEMP_STATUS</size>" as INTF_TEMP_STATUS [[../coffee-machine/index.html#INTF_TEMP_STATUS]] #16a085 interface "<size:12>Interface</size>\n**Temperature**\n**Controller**\n**Safety Status**\n**Interface**\n<size:10>INTF_TEMP_CTRL_STATUS</size>" as INTF_TEMP_CTRL_STATUS [[../coffee-machine/index.html#INTF_TEMP_CTRL_STATUS]] #16a085 SWREQ_TEMP_REGULATION <-- COMP_TEMP_CTRL COMP_TEMP_CTRL --( INTF_SAFETY_CMD COMP_TEMP_CTRL --( INTF_SENSOR_DATA COMP_TEMP_CTRL -- INTF_TEMP_STATUS COMP_TEMP_CTRL -- INTF_TEMP_CTRL_STATUS @enduml$

Component: Brew Controller Module COMP_BREW_CTRL

status: open

tags: module, control

implements: SWREQ_BREW_STRENGTH

implemented by: IMPL_TEMP_STATUS_CONSUMER, IMPL_BREW_CTRL_STATUS_PROVIDER, IMPL_SAFETY_CMD_CONSUMER, IMPL_USER_CMD_CONSUMER

uses: INTF_TEMP_STATUS, INTF_SAFETY_CMD, INTF_USER_CMD

provides: INTF_BREW_CTRL_STATUS

sends: SEQSTART_09

sent by: SEQSTART_08

sends: SEQSHTDWN_05

sent by: SEQSHTDWN_04

Module managing the brewing process state machine. States: IDLE, HEATING, BREWING, COMPLETE, ERROR. Controls pump and valve timing based on selected strength. Waits for temperature ready signal before initiating brew cycle. Monitors safety status continuously.

$@startuml component "<size:12>Component</size>\n**Brew Controller**\n**Module**\n<size:10>COMP_BREW_CTRL</size>" as COMP_BREW_CTRL [[../coffee-machine/index.html#COMP_BREW_CTRL]] #3498db node "<size:12>SW_Requirement</size>\n**Brew Strength**\n**Selection**\n<size:10>SWREQ_BREW_STRENGTH</size>" as SWREQ_BREW_STRENGTH [[../coffee-machine/index.html#SWREQ_BREW_STRENGTH]] #a8f578 interface "<size:12>Interface</size>\n**Temperature**\n**Status**\n**Interface**\n<size:10>INTF_TEMP_STATUS</size>" as INTF_TEMP_STATUS [[../coffee-machine/index.html#INTF_TEMP_STATUS]] #16a085 interface "<size:12>Interface</size>\n**Safety Command**\n**Interface**\n<size:10>INTF_SAFETY_CMD</size>" as INTF_SAFETY_CMD [[../coffee-machine/index.html#INTF_SAFETY_CMD]] #16a085 interface "<size:12>Interface</size>\n**User Command**\n**Interface**\n<size:10>INTF_USER_CMD</size>" as INTF_USER_CMD [[../coffee-machine/index.html#INTF_USER_CMD]] #16a085 interface "<size:12>Interface</size>\n**Brew Controller**\n**Safety Status**\n**Interface**\n<size:10>INTF_BREW_CTRL_STATUS</size>" as INTF_BREW_CTRL_STATUS [[../coffee-machine/index.html#INTF_BREW_CTRL_STATUS]] #16a085 SWREQ_BREW_STRENGTH <-- COMP_BREW_CTRL COMP_BREW_CTRL --( INTF_TEMP_STATUS COMP_BREW_CTRL --( INTF_SAFETY_CMD COMP_BREW_CTRL --( INTF_USER_CMD COMP_BREW_CTRL -- INTF_BREW_CTRL_STATUS @enduml$

Component: User Interface Module COMP_UI_MODULE

status: open

tags: module, ui

implements: SWREQ_BUTTON_INPUT

implemented by: IMPL_USER_CMD_PROVIDER

provides: INTF_USER_CMD

sends: SEQSTART_01, SEQSTART_03

sent by: SEQSTART_02, SEQSTART_10

sent by: SEQSHTDWN_06

Module handling all user interactions including button debouncing, LED status indicators, and display updates. Interfaces with the Brew Controller to send user commands (strength selection, start/stop).

$@startuml component "<size:12>Component</size>\n**User Interface**\n**Module**\n<size:10>COMP_UI_MODULE</size>" as COMP_UI_MODULE [[../coffee-machine/index.html#COMP_UI_MODULE]] #3498db node "<size:12>SW_Requirement</size>\n**Button Input**\n**Handler**\n<size:10>SWREQ_BUTTON_INPUT</size>" as SWREQ_BUTTON_INPUT [[../coffee-machine/index.html#SWREQ_BUTTON_INPUT]] #a8f578 interface "<size:12>Interface</size>\n**User Command**\n**Interface**\n<size:10>INTF_USER_CMD</size>" as INTF_USER_CMD [[../coffee-machine/index.html#INTF_USER_CMD]] #16a085 SWREQ_BUTTON_INPUT <-- COMP_UI_MODULE COMP_UI_MODULE -- INTF_USER_CMD @enduml$

Component: Safety Monitor Module COMP_SAFETY_MON

status: open

tags: module, safety

implements: SWREQ_WATER_LEVEL, SWREQ_OVERTEMP_SHUTDOWN

implemented by: IMPL_TEMP_CTRL_STATUS_CONSUMER, IMPL_BREW_CTRL_STATUS_CONSUMER, IMPL_SAFETY_CMD_PROVIDER, IMPL_SENSOR_DATA_CONSUMER

uses: INTF_TEMP_CTRL_STATUS, INTF_BREW_CTRL_STATUS, INTF_SENSOR_DATA

provides: INTF_SAFETY_CMD

sends: SEQSTART_04, SEQSTART_06, SEQSTART_08, SEQSTART_10

sent by: SEQSTART_03, SEQSTART_05, SEQSTART_07, SEQSTART_09

sends: SEQSHTDWN_02, SEQSHTDWN_04, SEQSHTDWN_06

sent by: SEQSHTDWN_01, SEQSHTDWN_03, SEQSHTDWN_05

Module performing continuous safety checks on temperature and water level. Implements fail-safe shutdown procedures.

$@startuml component "<size:12>Component</size>\n**Safety Monitor**\n**Module**\n<size:10>COMP_SAFETY_MON</size>" as COMP_SAFETY_MON [[../coffee-machine/index.html#COMP_SAFETY_MON]] #3498db node "<size:12>SW_Requirement</size>\n**Water Level**\n**Monitoring**\n<size:10>SWREQ_WATER_LEVEL</size>" as SWREQ_WATER_LEVEL [[../coffee-machine/index.html#SWREQ_WATER_LEVEL]] #a8f578 node "<size:12>SW_Requirement</size>\n**Over-**\n**Temperature**\n**Shutdown**\n<size:10>SWREQ_OVERTEMP_SHUTDOWN</size>" as SWREQ_OVERTEMP_SHUTDOWN [[../coffee-machine/index.html#SWREQ_OVERTEMP_SHUTDOWN]] #a8f578 interface "<size:12>Interface</size>\n**Temperature**\n**Controller**\n**Safety Status**\n**Interface**\n<size:10>INTF_TEMP_CTRL_STATUS</size>" as INTF_TEMP_CTRL_STATUS [[../coffee-machine/index.html#INTF_TEMP_CTRL_STATUS]] #16a085 interface "<size:12>Interface</size>\n**Brew Controller**\n**Safety Status**\n**Interface**\n<size:10>INTF_BREW_CTRL_STATUS</size>" as INTF_BREW_CTRL_STATUS [[../coffee-machine/index.html#INTF_BREW_CTRL_STATUS]] #16a085 interface "<size:12>Interface</size>\n**Sensor Data**\n**Interface**\n<size:10>INTF_SENSOR_DATA</size>" as INTF_SENSOR_DATA [[../coffee-machine/index.html#INTF_SENSOR_DATA]] #16a085 interface "<size:12>Interface</size>\n**Safety Command**\n**Interface**\n<size:10>INTF_SAFETY_CMD</size>" as INTF_SAFETY_CMD [[../coffee-machine/index.html#INTF_SAFETY_CMD]] #16a085 SWREQ_WATER_LEVEL <-- COMP_SAFETY_MON SWREQ_OVERTEMP_SHUTDOWN <-- COMP_SAFETY_MON COMP_SAFETY_MON --( INTF_TEMP_CTRL_STATUS COMP_SAFETY_MON --( INTF_BREW_CTRL_STATUS COMP_SAFETY_MON --( INTF_SENSOR_DATA COMP_SAFETY_MON -- INTF_SAFETY_CMD @enduml$

Component: Hardware Abstraction Layer COMP_HAL

status: open

tags: module, hardware, driver

implemented by: IMPL_SENSOR_DATA_PROVIDER

provides: INTF_SENSOR_DATA

sends: SEQSTART_02, SEQSTART_05

sent by: SEQSTART_01, SEQSTART_04

sends: SEQSHTDWN_01

Module providing abstraction over hardware sensors and actuators. Handles low-level sensor reading via ADC, signal conditioning, and calibration. Interfaces:

Input: Temperature sensor (NTC thermistor via ADC channel 0)
Input: Water level sensor (capacitive via ADC channel 1)
Output: Heating element control (PWM channel)
Output: Pump control (GPIO)

Implements DMA-based ADC sampling at 100Hz with automatic averaging and outlier rejection for robust sensor readings.

$@startuml component "<size:12>Component</size>\n**Hardware**\n**Abstraction**\n**Layer**\n<size:10>COMP_HAL</size>" as COMP_HAL [[../coffee-machine/index.html#COMP_HAL]] #3498db interface "<size:12>Interface</size>\n**Sensor Data**\n**Interface**\n<size:10>INTF_SENSOR_DATA</size>" as INTF_SENSOR_DATA [[../coffee-machine/index.html#INTF_SENSOR_DATA]] #16a085 COMP_HAL -- INTF_SENSOR_DATA @enduml$

Component Interfaces¶

The following interfaces define the communication contracts between architectural components. Each interface specifies the data exchanged, protocols used, and timing constraints to ensure deterministic and safe inter-component communication.

Interface: Temperature Status Interface INTF_TEMP_STATUS

status: open

tags: interface, control

implemented by: IMPL_TEMP_STATUS, IMPL_TEMP_STATUS_PROVIDER, IMPL_TEMP_STATUS_CONSUMER

used by: COMP_BREW_CTRL

provided by: COMP_TEMP_CTRL

Provider: Temperature Controller Module

Consumer: Brew Controller Module

Description: Provides current temperature readings and heating status to the brew controller.

Data Elements:

current_temp: int16 (°C × 10 for 0.1°C resolution)
target_temp: int16 (°C × 10)
is_ready: bool (true when within target range)
heating_active: bool

Protocol: Shared memory with atomic updates, 100ms refresh rate

Interface: Safety Command Interface INTF_SAFETY_CMD

status: open

tags: interface, safety

implemented by: IMPL_SAFETY_CMD_ENUM, IMPL_SAFETY_CMD_PROVIDER, IMPL_SAFETY_CMD_CONSUMER

used by: COMP_TEMP_CTRL, COMP_BREW_CTRL

provided by: COMP_SAFETY_MON

Provider: Safety Monitor Module

Consumers: Temperature Controller, Brew Controller

Description: Emergency shutdown commands from safety monitor to all controlled subsystems.

Commands:

EMERGENCY_STOP: Immediate shutdown (<100ms response required)
RESUME_NORMAL: Clear emergency state after fault resolved

Protocol: Interrupt-driven with hardware watchdog backup, highest priority

Interface: Temperature Controller Safety Status Interface INTF_TEMP_CTRL_STATUS

status: open

tags: interface, safety

implemented by: IMPL_TEMP_CTRL_STATUS, IMPL_TEMP_CTRL_STATUS_PROVIDER, IMPL_TEMP_CTRL_STATUS_CONSUMER

used by: COMP_SAFETY_MON

provided by: COMP_TEMP_CTRL

Provider: Temperature Controller Module

Consumer: Safety Monitor Module

Description: Heartbeat and fault status reported by the Temperature Controller to the Safety Monitor for fault detection.

Data Elements:

module_id: uint8
heartbeat_counter: uint32 (incremented each cycle)
fault_flags: uint16 (bitfield of detected faults)
temperature_value: int16 (current measured temperature)

Protocol: Polled by safety monitor at 10Hz

Interface: Brew Controller Safety Status Interface INTF_BREW_CTRL_STATUS

status: open

tags: interface, safety

implemented by: IMPL_BREW_CTRL_STATUS, IMPL_BREW_CTRL_STATUS_PROVIDER, IMPL_BREW_CTRL_STATUS_CONSUMER

used by: COMP_SAFETY_MON

provided by: COMP_BREW_CTRL

Provider: Brew Controller Module

Consumer: Safety Monitor Module

Description: Heartbeat and fault status reported by the Brew Controller to the Safety Monitor for fault detection.

Data Elements:

module_id: uint8
heartbeat_counter: uint32 (incremented each cycle)
fault_flags: uint16 (bitfield of detected faults)
water_level: uint8 (0-100%)

Protocol: Polled by safety monitor at 10Hz

Interface: User Command Interface INTF_USER_CMD

status: open

tags: interface, ui

implemented by: IMPL_USER_CMD_ENUM, IMPL_USER_CMD_PROVIDER, IMPL_USER_CMD_CONSUMER

used by: COMP_BREW_CTRL

provided by: COMP_UI_MODULE

Provider: User Interface Module

Consumer: Brew Controller Module

Description: User commands and settings passed from UI to the brewing state machine.

Commands:

START_BREW(strength: enum {WEAK, MEDIUM, STRONG})
STOP_BREW
SELECT_STRENGTH(strength: enum)

Protocol: Message queue with event-driven processing, debounced at UI layer

Interface: Sensor Data Interface INTF_SENSOR_DATA
status: open tags: interface, hardware layout: adas implemented by: IMPL_SENSOR_DATA, IMPL_SENSOR_DATA_PROVIDER, IMPL_SENSOR_DATA_CONSUMER used by: COMP_TEMP_CTRL, COMP_SAFETY_MON provided by: COMP_HAL
Provider: Hardware sensors (temperature, water level) Consumers: Temperature Controller, Safety Monitor Description: Raw sensor readings from hardware via ADC. Data Elements: temp_sensor_raw: uint16 (ADC value 0-4095) water_level_raw: uint16 (ADC value 0-4095) sensor_timestamp: uint32 (milliseconds) Protocol: ADC DMA with double buffering, 100Hz sampling rate
Status: open

Interface: Sensor Data Interface INTF_SENSOR_DATA

status: open

tags: interface, hardware

implemented by: IMPL_SENSOR_DATA, IMPL_SENSOR_DATA_PROVIDER, IMPL_SENSOR_DATA_CONSUMER

used by: COMP_TEMP_CTRL, COMP_SAFETY_MON

provided by: COMP_HAL

Provider: Hardware sensors (temperature, water level)

Consumers: Temperature Controller, Safety Monitor

Description: Raw sensor readings from hardware via ADC.

Data Elements:

temp_sensor_raw: uint16 (ADC value 0-4095)
water_level_raw: uint16 (ADC value 0-4095)
sensor_timestamp: uint32 (milliseconds)

Protocol: ADC DMA with double buffering, 100Hz sampling rate

Static View¶

@startuml

' Config

top to bottom direction

' Nodes definition

component "<size:12>Component</size>\n**Temperature**\n**Controller**\n**Module**\n<size:10>COMP_TEMP_CTRL</size>" as COMP_TEMP_CTRL [[../coffee-machine/index.html#COMP_TEMP_CTRL]] #3498db
component "<size:12>Component</size>\n**Brew Controller**\n**Module**\n<size:10>COMP_BREW_CTRL</size>" as COMP_BREW_CTRL [[../coffee-machine/index.html#COMP_BREW_CTRL]] #3498db
component "<size:12>Component</size>\n**User Interface**\n**Module**\n<size:10>COMP_UI_MODULE</size>" as COMP_UI_MODULE [[../coffee-machine/index.html#COMP_UI_MODULE]] #3498db
component "<size:12>Component</size>\n**Safety Monitor**\n**Module**\n<size:10>COMP_SAFETY_MON</size>" as COMP_SAFETY_MON [[../coffee-machine/index.html#COMP_SAFETY_MON]] #3498db
component "<size:12>Component</size>\n**Hardware**\n**Abstraction**\n**Layer**\n<size:10>COMP_HAL</size>" as COMP_HAL [[../coffee-machine/index.html#COMP_HAL]] #3498db
interface "<size:12>Interface</size>\n**Temperature**\n**Status**\n**Interface**\n<size:10>INTF_TEMP_STATUS</size>" as INTF_TEMP_STATUS [[../coffee-machine/index.html#INTF_TEMP_STATUS]] #16a085
interface "<size:12>Interface</size>\n**Safety Command**\n**Interface**\n<size:10>INTF_SAFETY_CMD</size>" as INTF_SAFETY_CMD [[../coffee-machine/index.html#INTF_SAFETY_CMD]] #16a085
interface "<size:12>Interface</size>\n**Temperature**\n**Controller**\n**Safety Status**\n**Interface**\n<size:10>INTF_TEMP_CTRL_STATUS</size>" as INTF_TEMP_CTRL_STATUS [[../coffee-machine/index.html#INTF_TEMP_CTRL_STATUS]] #16a085
interface "<size:12>Interface</size>\n**Brew Controller**\n**Safety Status**\n**Interface**\n<size:10>INTF_BREW_CTRL_STATUS</size>" as INTF_BREW_CTRL_STATUS [[../coffee-machine/index.html#INTF_BREW_CTRL_STATUS]] #16a085
interface "<size:12>Interface</size>\n**User Command**\n**Interface**\n<size:10>INTF_USER_CMD</size>" as INTF_USER_CMD [[../coffee-machine/index.html#INTF_USER_CMD]] #16a085
interface "<size:12>Interface</size>\n**Sensor Data**\n**Interface**\n<size:10>INTF_SENSOR_DATA</size>" as INTF_SENSOR_DATA [[../coffee-machine/index.html#INTF_SENSOR_DATA]] #16a085

' Connection definition

COMP_TEMP_CTRL -[dashed]-( INTF_SAFETY_CMD: uses\n
COMP_TEMP_CTRL -[dashed]-( INTF_SENSOR_DATA: uses\n
COMP_BREW_CTRL -[dashed]-( INTF_TEMP_STATUS: uses\n
COMP_BREW_CTRL -[dashed]-( INTF_SAFETY_CMD: uses\n
COMP_BREW_CTRL -[dashed]-( INTF_USER_CMD: uses\n
COMP_SAFETY_MON -[dashed]-( INTF_TEMP_CTRL_STATUS: uses\n
COMP_SAFETY_MON -[dashed]-( INTF_BREW_CTRL_STATUS: uses\n
COMP_SAFETY_MON -[dashed]-( INTF_SENSOR_DATA: uses\n
INTF_TEMP_STATUS -[bold]- COMP_TEMP_CTRL: provided by\n
INTF_SAFETY_CMD -[bold]- COMP_SAFETY_MON: provided by\n
INTF_TEMP_CTRL_STATUS -[bold]- COMP_TEMP_CTRL: provided by\n
INTF_BREW_CTRL_STATUS -[bold]- COMP_BREW_CTRL: provided by\n
INTF_USER_CMD -[bold]- COMP_UI_MODULE: provided by\n
INTF_SENSOR_DATA -[bold]- COMP_HAL: provided by\n

@enduml

Dynamic View¶

The sequence diagrams below show how the architectural components interact at runtime. Participants map directly to the components defined in the Static View.

The diagrams are generated by needsequence, which traverses the startup_calls / shutdown_calls links defined on each component need. Each seq_msg (SEQSTART_01) need in the chain represents one message; odd hops are participants, even hops are messages.

Startup Sequence¶

On power-on the system initialises hardware, validates initial sensor readings, then brings all control modules online in dependency order before signalling readiness to the user.

The sequence message needs (SEQSTART_01–SEQSTART_10) are defined below. COMP_UI_MODULE is the starting participant.

@startuml

' Nodes definition

participant "User Interface Module" as COMP_UI_MODULE
participant "Hardware Abstraction Layer" as COMP_HAL
participant "Safety Monitor Module" as COMP_SAFETY_MON
participant "Temperature Controller Module" as COMP_TEMP_CTRL
participant "Brew Controller Module" as COMP_BREW_CTRL

' Connection definition

COMP_UI_MODULE -> COMP_HAL: init()
COMP_HAL -> COMP_UI_MODULE: init_ok
COMP_HAL -> COMP_SAFETY_MON: temp=22°C, water_level=85%
COMP_SAFETY_MON -> COMP_HAL: read_sensors()
COMP_SAFETY_MON -> COMP_TEMP_CTRL: start() — Temp Controller
COMP_TEMP_CTRL -> COMP_SAFETY_MON: started (INTF_TEMP_CTRL_STATUS heartbeat)
COMP_SAFETY_MON -> COMP_BREW_CTRL: start() — Brew Controller
COMP_BREW_CTRL -> COMP_SAFETY_MON: started (INTF_BREW_CTRL_STATUS heartbeat)
COMP_SAFETY_MON -> COMP_UI_MODULE: system_ready
COMP_UI_MODULE -> COMP_SAFETY_MON: start() — Safety Monitor

@enduml — Startup Sequence¶

Safety Shutdown Sequence¶

If the Safety Monitor detects an over-temperature condition it issues an EMERGENCY_STOP command on INTF_SAFETY_CMD to all controlled subsystems. All modules must respond within 100 ms.

The sequence message needs (SEQSHTDWN_01–SEQSHTDWN_06) are defined below. COMP_HAL is the starting participant (it is the source of the over-temperature sensor reading).

@startuml

' Nodes definition

participant "Hardware Abstraction Layer" as COMP_HAL
participant "Safety Monitor Module" as COMP_SAFETY_MON
participant "Temperature Controller Module" as COMP_TEMP_CTRL
participant "Brew Controller Module" as COMP_BREW_CTRL

' Connection definition

COMP_HAL -> COMP_SAFETY_MON: temp=102°C (INTF_SENSOR_DATA — over-temp)
COMP_SAFETY_MON -> COMP_TEMP_CTRL: EMERGENCY_STOP → Temp Controller
COMP_TEMP_CTRL -> COMP_SAFETY_MON: fault_flags=OVERTEMP (INTF_TEMP_CTRL_STATUS)
COMP_SAFETY_MON -> COMP_BREW_CTRL: EMERGENCY_STOP → Brew Controller
COMP_BREW_CTRL -> COMP_SAFETY_MON: fault_flags=ABORT (INTF_BREW_CTRL_STATUS)
COMP_SAFETY_MON -> COMP_UI_MODULE: fault_event(OVERTEMP)

@enduml — Safety Shutdown Sequence¶

Implementation¶

The implementation phase translates the architectural designs into working code. All BrewMaster Pro 3000 software is implemented in Rust, leveraging its memory safety guarantees, zero-cost abstractions, and excellent embedded systems support.

The choice of Rust provides critical advantages for safety-critical applications: compile-time memory safety prevents entire classes of bugs, the type system enforces correct API usage, and the no_std capability enables bare-metal operation if needed. The implementation follows strict coding standards including comprehensive documentation, clippy linting at the pedantic level, and zero unsafe code in safety-critical modules.

Each implementation artifact maps directly to an architectural module, ensuring traceability from design to code. The code is organized as a Cargo workspace located in ../../brewmaster-controller/ relative to this documentation, with clear module boundaries matching the architectural decomposition.

Rust Interface Implementations¶

The following interface implementations are extracted from the Rust source code in crates/coffee-machine/src/interfaces.rs. Each implementation is automatically traced to its corresponding interface and component specifications through codelinks annotations.

Test Cases¶

Comprehensive testing ensures that the BrewMaster Pro 3000 meets all specified requirements and operates safely under all conditions. The test strategy employs multiple levels:

Unit Tests: Verify individual components in isolation (temperature control, button debouncing, state machine transitions)
Integration Tests: Validate interactions between modules (brew controller coordinating with temperature controller)
System Tests: End-to-end verification of complete brewing cycles
Safety Tests: Dedicated verification of all safety-critical functions under normal and fault conditions

All tests are automated and integrated into the continuous integration pipeline. Safety-critical tests are executed on hardware-in-the-loop test benches that simulate real sensors, actuators, and fault conditions. Test coverage targets are set based on the criticality of each component.

Test Case: Test Temperature Control TEST_TEMP_CONTROL

status: open

tags: unit, control

specs: SWREQ_TEMP_REGULATION

Objective: Verify temperature controller maintains target temperature within ±2°C.

Steps:

Initialize controller with target 90°C
Simulate temperature sensor readings from 20°C to 95°C
Record PWM output at each temperature

Expected: PWM duty cycle decreases as temperature approaches target, maintains oscillation within ±2°C of setpoint.

Test Case: Test Brew Strength Settings TEST_BREW_STRENGTH

status: open

tags: integration, brewing

specs: SWREQ_BREW_STRENGTH

Objective: Verify all three strength settings produce correct timing and water volume.

Test Cases:

Weak: Assert 180ml water dispensed in 3 min ±5s
Medium: Assert 180ml water dispensed in 4 min ±5s
Strong: Assert 180ml water dispensed in 5 min ±5s

Test Case: Test Button Debouncing TEST_BUTTON_DEBOUNCE

status: open

tags: unit, ui

specs: SWREQ_BUTTON_INPUT

Objective: Verify button handler correctly debounces rapid inputs.

Steps:

Simulate 10 button presses within 200ms
Count triggered events

Expected: Only 1-2 events triggered (first press + possible bounce after 50ms timeout).

Test Case: Test Safety Shutdown TEST_SAFETY_SHUTDOWN

status: open

tags: integration, safety

specs: SWREQ_OVERTEMP_SHUTDOWN, SWREQ_WATER_LEVEL

Objective: Verify safety monitor triggers shutdown on critical conditions.

Test Cases:

Over-temperature: Set temp > 100°C, assert shutdown within 100ms
Low water: Set water level < threshold, assert brewing prevented
Watchdog timeout: Block safety loop, assert hardware reset within 1s

Test Case: Test End-to-End Brewing TEST_E2E_BREWING

status: open

tags: system, e2e

specs: SWREQ_BREW_STRENGTH, SWREQ_TEMP_REGULATION, SWREQ_BUTTON_INPUT

Objective: Verify complete brewing cycle from user input to coffee output.

Steps:

Select medium strength
Press start button
Monitor temperature, water flow, and timing

Expected: System heats to 85-95°C, dispenses 180ml over 4 minutes, returns to idle state, no safety triggers.

Traceability Overview¶

Complete traceability is a cornerstone of the BrewMaster Pro 3000 development process. Every line of code can be traced back through architectural designs and requirements to the original customer need or safety regulation. Conversely, every requirement can be traced forward to its implementation and verification test cases. This bidirectional traceability ensures nothing is missed and enables rapid impact analysis when requirements change.

The sphinx-needs tool automates traceability management, maintaining links between artifacts and generating visual diagrams. This example demonstrates:

Requirements → SW Requirements: High-level needs decomposed into software-specific requirements
SW Requirements → Architecture: Requirements mapped to software modules
Architecture → Implementation: Architectural designs realized in code
Implementation → Tests: All implementations verified through test cases

Use the query tools to explore the relationships between these needs and verify complete traceability coverage.

Traceability Diagram¶

The following diagram shows all needs and their connections in this coffee machine example:

Used filter: types(req OR swreq OR component OR interface OR impl OR test)