Software Requirements Specification (SRS) s1
Total Page:16
File Type:pdf, Size:1020Kb
Software Requirements Specification (SRS) Cooperative Adaptive Cruise Control : Team 2
Authors: Alex Crimin, Project Manager Joseph Hollopter, Customer Liaison Roy Barnes, Artifacts Manager Chengzhu Jin, Project Facilitator Jimmy Mkude, Security Engineer
Customer: Mr. Bill Milam, Ford Motor Company
Instructor: Dr. Betty Cheng
1 Introduction Cooperative Adaptive Cruise Control (CACC) is a system that Ford Motor Company will be utilizing in their commercial vehicles to provide increased convenience and safety for drivers using cruise control. Cooperative Adaptive Cruise Control allows the vehicle to communicate with other similarly equipped vehicles. They can share up-coming road conditions, current speeds, and directions of travel. This is information that can help the vehicle to adjust its speed autonomously. With this system, vehicles can move as one platoon. As a group, they can adjust and maintain their speed. This SRS will detail how the system functions and thoroughly model the system with various diagrams.
1.1 Purpose To clearly communicate with the customer all requirements that need to be satisfied for the embedded CACC system to operate as intended. This SRS will show a clear indication of how the different subsystems of the CACC system should interact with one another. This will give Ford Motor Company developers a point of reference to begin designing and building the CACC system.
1.2 Scope Cooperative Adaptive Cruise Control (CACC) assists the driver of the vehicle it is embedded in by supplying information about impending road conditions, and taking autonomous actions in response to these conditions. CACC is an embedded automotive system, which allows for the system to make real-time decisions and control the vehicle in a timely fashion. The GPS Network System of CACC is used to collect information from and transmit information to other vehicles on the road that are near. The radar sensing, radio communication, and forward-looking camera are sensors that the system uses to absorb information about the surrounding environment. An electronic throttle and vehicle brakes are the actuators used to maintain the speed of the vehicle, as well as slow or stop the vehicle in emergency situations. The vehicle controller will coordinate these subsystems, retrieving input from the sensors, processing the information, and sending appropriate signals to the actuators.
1.3 Definitions, Acronyms, and Abbreviations The following table includes descriptions of keywords and acronyms used in this document. Table 1 : Definitions Name Definition ABS Anti-Lock Brake System. This is a pre-existing subsystem in the vehicle that actuates the brakes when there is a dangerous loss of wheel traction. ACC Adaptive Cruise Control. This is a subsystem of CACC that allows the vehicle to autonomously adjust its speed when obstacles are detected using radar and camera sensors. BER Bit Error Ratio. This is a measure of performance for the GPS network system. See [1] in section 6 (References) for more information. BSM Basic Safety Message. A type of message that may be transmitted from vehicle-to-vehicle between embedded CACC network transmitters in the form of an identification key. This type of message key is used to notify following vehicles of impending safety issues. See [11] in section 6 (References) for more information. CACC Cooperative Adaptive Cruise Control. This is the embedded automotive system being described by this document. CAM Cooperative Awareness Message. A type of message that may be transmitted from vehicle-to-vehicle between embedded CACC network transmitters in the form of an identification key. This type of message key is used as general communication between vehicles. See [11] in section 6 (References) for more information. DSRC Dedicated Short Range Communications standards. See [5] in standards section 6 (References) for more information. eHSM embedded Hardware Security Module. This module verifies the authenticity of incoming network message keys. See [11] in section 6 (References) for more information. Following This is a CACC enabled vehicle directly behind the vehicle. Vehicle GPS Global Positioning System. This is used to get the current position and velocity of vehicle. See [4] in section 6 (References) for more information. IMF Independent Monitoring Function. This is function of the CACC system vehicle controller that monitors the successful completion of OS tasks. Leading This is a vehicle at the front of a platoon. Vehicle mHz megaHertz mph miles-per-hour. All relative speeds in the system will be in units of mph. OS Operating System. This Provides the environment for which the programs of the system can run. See [2] in section 6 (References) for more information. Platoon A collection of 2-8 vehicles that are all communicating using the CACC system. ppm parts-per-million Target This refers to the vehicle directly in front of the vehicle that the CACC Vehicle system detects. UI User Interface. This is where the user interacts with the CACC system. VC Vehicle Controller. This is the system controller. It is composed of the main, speed, and platoon controllers. V2X Standardized methods for secure vehicle-to-vehicle communication. Standards See [11] in section 6 (References) for more information. 1.4 Organization The following is the table of contents for this SRS document. 2 Overall Description…………………………………………..….…...Page 5 2.1 Product Perspective………………………………………Page 5 2.2 Product Functions………………………………………...Page 5 2.3 User Characteristics……………………………………...Page 5 2.4 Constraints………………………………………………...Page 6 2.5 Assumptions and Dependencies………………………..Page 7 3 Specific Requirements.……………………………………………...Page 7 Functional Requirements……………………………………...Page 7-13 Nonfunctional Requirements………………………………….Page 13 4 Modeling Requirements……………………………………………..Page 14 Use-Case Diagram……………………………………………..Page 15 Use-Case Diagram Documentation…………………………..Page 16 - 22 Domain Model (Class Diagram)…………………………...….Page 23 Class Diagram Data Dictionary…………………………...…..Page 24 - 35 Scenarios and Sequence Diagrams………………………….Page 41 - 43 State Diagram …………………………..……………………...Page 39 - 43 State Diagram Textual Description…………………………...Page 44 - 51 Prototype…………………………..…………………………..………...Page 52 - 55 References…………………………..…………………………………..Page 56 Point of Contact….……..………..…………………………..………….Page 57 2 Overall Description In this section, certain background information that is needed to understand the functionality of the CACC system is outlined. The context of the product, the goal of product functions, expectations for users, possible constraints, assumptions about the environment, and potential future features are all addressed.
2.1 Product Perspective The CACC system will be embedded in certain automotive vehicles. It is a standalone system, although it is part of the vehicle as a whole. It comprises various subsystems, such as an existing ACC system, and an array of sensors and actuators that may be used by other systems in the vehicle, such as the rain sensing wipers. It is not a system that can be retroactively added to a vehicle that was previously unequipped with CACC. The CACC system is to be used at speeds greater than or equal to 25 mph, and it is meant to be used in the presence of other vehicles, where lateral control from the driver is only required during emergency situations. As such, the CACC system is most well suited for usage on main highways and freeways.
2.2 Product Functions This is a summarization of the major functions that the CACC system will perform. ● Maintain a constant forward speed, as specified by the driver. [8] ● Detect vehicles or objects ahead, and adjust the forward speed accordingly. ● Effectively communicate with other CACC-equipped vehicles. ● Join or create new platoons. ● Leave or disband platoons.
2.3 User Characteristics Users are expected to be licensed drivers. Users are expected to be able to operate a vehicle. Users are expected to know how to communicate with and use the CACC system, so they must have knowledge of the dashboard display output, and input methods, such as steering wheel buttons. Users are not expected to have any sort of knowledge about the internal workings of the CACC system. Users do not need to possess any specialized skills for the operation of the CACC system. 2.4 Constraints The following are the safety and functional constraints that have been applied to the design of the CACC system.
● The platoon size will not exceed eight vehicles. ● A platoon must contain at least two vehicles. ● CACC will not be enabled at speeds less than 25 mph, and there is no upper bound on the speed it may be set to. ● If there is a subsystem failure, the full system will be disabled (see section 3, Specific Requirements, for more details). ● All local traffic laws must be obeyed, except for speed limits. The vehicle driver will command the speed. ● The system may not cause the vehicle to behave in a reckless or dangerous manner, which could possibly cause harm to the driver, or others on the road. ● Braking and acceleration force will not exceed the vehicle limits as defined in its performance envelope. ● Damage must be mitigated in the event of an impending collision. (see section 3, Specific Requirements, for more details). ● The system must be able to effectively communicate messages to the driver through the dashboard screen, never sending ambiguous messages. ● The driver must be able to effectively communicate with the CACC system through user input. ● The system must retain user privacy, but still effectively communicate necessary information. Transmitted message keys must always be anonymous. ● Fuel must be conserved whenever possible. Coasting is always preferable over acceleration or braking. ● GPS Data transmission will be operating on radio frequencies in the 5.8 GHz Short Range Devices frequency band. [5] ● The radio receiver degradation limit is a maximum allowed BER of 0.020 for a wanted radio signal. [5] ● The relative radio frequency error for GPS communication is +/- 5 ppm (frequency control devices specify their frequency variation in units of parts per million). [5] ● The electrical field strength limit is 0.21 V/m near the radio antenna. [5] ● The power density limit is -129 dBm/MHz near the radio antenna. [5] ● The safe vehicle-to-vehicle following distance must be a length of 1, 2, or 3 car lengths. ● The vehicle’s braking and acceleration limits will be stored in units of G, for Gravity.
2.5 Assumptions and Dependencies Assumptions made about the hardware and software components, the environments, and the user interaction of the CACC system. ● The vehicle should be fully functional, with a working throttle and braking system. ● When in perfect factory condition, the CACC system will function as intended. ● Sensors will be able to effectively gather information that is relevant to the CACC system. ● Actuators will effectively be able to execute their required functions. ● The hardware should possess enough memory to properly allow the software function. Memory will not be dynamically allocated. [8] ● The CACC system will be embedded in the vehicle, and therefore may continue to function as ACC in the case of GPS network subsystem failure. ● Operations will be able to be completed in real-time.
3 Specific Requirements Below are the enumerated specific requirements for the CACC system. The requirements are first organized by functional requirements, and then by nonfunctional requirements. Functional requirements are organized by how to collect environmental information, activate and control the system, autonomously adjust the vehicle speed, handle the vehicle-to-vehicle GPS communication, maintain a safe following distance, handle performance envelopes, form a platoon, divert the driver, and handle adverse road conditions.
I. Functional Requirements The functional requirements of the CACC system pertaining to vehicle manipulation and GPS network communication. This section defines the functional requirements of the controllers, actuators, and sensors of the system.
FR0. Collect Environmental Information FR0 describes how information about the vehicle’s physical environment or surroundings is collected and how this information is handled.
FR0.1 Camera Sensor Visually identify the target vehicle, determine current distance from the target vehicle, and estimate the relative speed to the target vehicle. There is one camera sensor on the front of the vehicle. FR0.2 Radar Sensors There are three radars in the system, one in the front of the vehicle, and one on each side of the vehicle. The radars detect physical obstacles that may be in the path of the moving vehicle. The side radars are only used when the system is urging the driver to divert to an adjacent lane and must ensure that the maneuver is safe for the driver. FR0.3 Dashboard Screen Sensor/Actuator There is one dashboard screen in the vehicle, which is used to communicate with the driver. Messages will be prompted on the screen for the driver to review. The screen will actuate the VC’s message communication, as well as sense for driver input. FR0.4 Monitor Sensor Information The VC shall receive the information collected from the camera and radar sensors to be interpreted. FR0.5 Independent Monitoring Function The VC’s independent monitoring function will always be monitoring OS tasks, especially in association with the camera, radar, and dashboard screen input handling, and brake, throttle, and dashboard screen actuation. If any task fails to start, fails to end, or consistently extends its intended timestamp, then the system will need to deactivate and reactivate. If this reset does not fix the issue, then the system will be disabled and the driver will be notified.
FR1. Activation and Control of the System FR1 describes how the driver is able to activate, enable, and control the system.
FR1.1 Activate System The CACC system will be activated when the driver turns on the vehicle. The system will be able to collect data from radars and the camera, and maintain this information in the VC. The system will not be able to command the vehicle until the driver enables CACC. FR1.2 CACC Lower Speed Limit The CACC system will not be eligible to be enabled until it is moving faster than its lower speed limit. The lower speed limit is 25 mph. FR1.3 Enable System The CACC system will be enabled when the vehicle is turned on, it is moving faster than 25 mph, and the driver selects Enable on the vehicle’s steering wheel. When the system is enabled, the speed of the vehicle at that time will be saved as the commanded cruising speed in the VC. FR1.4 Cancel System The driver may always override the enabled CACC system by either selecting the cancel button on the steering wheel, or by putting pressure on the brake pedal. If either of these two actions are taken, the CACC system will be disabled. If the system is canceled with the brake, the previous cruise speed will be kept in the VC. FR1.5 Resume System If CACC has been disabled with the brake, the driver may resume the previous cruising speed by selecting the “Resume” button on the steering wheel. FR1.6 Increase Cruise Speed If CACC is enabled, the driver may increase the commanded cruising speed by holding down the Acceleration button on the steering wheel until the vehicle has reached their desired speed. FR1.7 Decrease Cruise Speed If CACC is enabled, the driver may decrease the commanded cruising speed by holding down the Deceleration button on the steering wheel until the vehicle has reached their desired speed over 25 mph. Commanded cruise deceleration will stop at 25 mph.
FR2. Adjust Vehicle Speed FR2 describes how the system adjusts the vehicle’s speed to maintain the commanded cruising speed or maintain a safe vehicle-to-vehicle following distance behind a target vehicle.
FR2.1 Electronic Throttle Deceleration Regulate vehicle speed by removing power from the existing vehicle throttle system, in order to slow down the vehicle smoothly. The VC must send a signal to the throttle system. FR2.2 Electronic Throttle Acceleration Regulate vehicle speed by adding power to the throttle system to bring the vehicle to the speed commanded by the driver, if there are no vehicles or other fixed objects in the way. The VC must send a signal to the throttle system. FR2.3 Brake by Wire Regulate vehicle speed by applying force to the existing braking system in order to avoid a crash with another vehicle or fixed target in front of the vehicle. Braking will be used when deceleration of the vehicle is not efficient enough to slow the vehicle to a safe speed in time. The VC must send a signal to the braking system. FR2.4 Emergency Brake If the VC determines that a crash is imminent and the vehicle will not be able to properly slow down in time to avoid it, the VC will max out the vehicle’s braking force in order to mitigate the crash as best it possibly can. FR2.5 Software Fault Tolerance Architecture The VC logic that determines the arbitration between opposing vehicle commands. Uses current vehicle state, environmental inputs, and the system context to prioritize these commands and determine which action is the most appropriate.
FR3. Handle GPS Communication FR3 describes how the system receives, sends, and processes the GPS/radio communication information.
FR3.1 Maintain Vehicle Information The VC shall maintain accurate vehicle location, speed, directional information, and information about the state of other vehicle systems (tire pressure, rain-sensing wiper activation, ABS wheel speed differentials etc.) at all times. FR3.2 Receive GPS Information Using DSRC standards, the network receiver shall receive information about the current location, speed, and directional information of CACC vehicles ahead. This information will be maintained in the VC. FR3.3 Broadcast GPS Information Using DSRC standards, the network transmitter will send information from the VC about the current vehicle location, speed, and directional information to other CACC vehicles that are near. FR3.4 Form the Vehicle Platoon Using the GPS information from surrounding vehicles, establish a functional platoon. There will be a lead vehicle, and safe spacing between each successive vehicle in the platoon. FR3.5 Communicate with Infrastructure The GPS system will need to communication with VC, so that radio communication information can be safely stored. FR3.6 DSRC Radio Communication Standards All vehicle-to-vehicle GPS/radio communication will be using Dedicated Short-Term Communications standards as developed by the European Committee for Standardization. Data transmission will be operating on radio frequencies in the 5.8 GHz Short Range Devices frequency band [7]. FR3.7 Monitor Relative Radio Frequency Error The VC will monitor the relative frequency error to detect issues with network receivers and transmitters. As defined by DSRC standards, the relative frequency error is measured as, “the difference between the frequency at which the transmitter outputs its largest carrier signal level in its unmodulated mode of operation and the corresponding nominal carrier frequency.” If the error exceeds +/- 5 ppm, the radio communication will be considered compromised, the GPS subsystem will be disabled, and the system will function as ACC [7]. FR3.8 Blocking Unwanted Radio Signals The network receiver has the capability to receive wanted signal input without exceeding degradation limits under DSRC standards. The degradation limit is defined by the maximum allowed BER of 0.020 for a wanted radio signal. If this limit is exceeded then unwanted signals may pose a buffer overflow threat, the GPS subsystem will be disabled due to radio failure, and the system will function as ACC [7]. FR3.9 Signal Interference Detection Continuous interference signals will be harmful to signal receiving if the electrical field strength exceeds 0.11 V/m. Continuous linear polarized interfering signals will be considered harmful to signal transmission if the electrical field strength exceeds 0.21 V/m near the radio antenna, and the power density does not exceed -129 dBm/MHz. If any of these levels are exceeded the GPS subsystem will be disabled due to radio failure, and the system will function as ACC [7]. FR3.10 Vehicle-to-Vehicle Message Verification In order to increase security in vehicle message verification, without compromising on system performance, an eHSM will be used to ensure that message keys longer than the standard 256 bits can be interpreted in real-time. CAM and BSM messages will be sent and received with complete anonymity using the “cryptographic agility” of standardized V2X methods [8].
FR4. Maintain a Safe Vehicle-to-Vehicle Distance FR4 describes how the VC determines and adjusts to the safe vehicle-to-vehicle following distance. FR4.1 Determine Speed Differential The VC shall combine GPS information from the vehicle ahead (if the target is a CACC equipped vehicle), as well as information collected from the radar and camera sensors to determine the speed differential between the target and the vehicle. FR4.2 Command Throttle and Brakes The VC will command the vehicle’s throttle and brakes to appropriately slow down the vehicle to match the previously determined speed differential. FR4.3 Efficiency Management Architecture The VC will need to determine if slowing the vehicle by throttle deceleration will be sufficient enough, or if brake pressure will need to be applied. It will also need to determine if coasting is efficient enough to speed up the vehicle while going down a hill, or if acceleration will be required. This is important because deceleration and coasting are much more energy efficient than braking and acceleration. FR4.4 Setting Safe Following Distance The driver may set the preferred safe vehicle-to-vehicle following distance by accessing the system configuration settings through the dashboard screen. The driver may set this distance to increments of 1, 2, or 3 car lengths.
FR5. Performance Envelope Sharing FR5 describes the GPS-shared vehicle performance envelope, and how this envelope is handled.
FR5.1 Maintain Performance Envelope The VC shall keep a detailed description of the vehicle’s braking and acceleration capabilities to be shared with other platoon vehicles. Both will be in units of G for Gravity. This performance envelope will be included in the VC’s operating environment information. FR5.2 Determine Braking and Acceleration Maneuvers The VC should consider the performance envelopes for all platoon vehicles to coordinate the braking and acceleration maneuvers that the platoon can perform. These maneuvers will determine the timing and strength of deceleration, acceleration, and braking force for each vehicle during the maneuvers.
FR6. Forming A Platoon FR6 describes how a platoon is formed and handled.
FR6.1 Forming Potential Platoon If the vehicle comes within close proximity to another CACC enabled vehicle in front of it, and the vehicle is not already in a platoon of max capacity, at eight vehicles, then the VC will ask the driver if they would like to join in a platoon with this vehicle.
FR7. Diverting the Driver FR7 describes how and when a driver should be diverted while driving with CACC enabled. FR7.1 Ensuring Diversion Safety If the VC determines that a crash is pending but not imminent based on the information provided from the front radar and camera, the VC will use the side radars to determine if it is safe for the driver to move to an adjacent lane or the side of the road. Side radars will only be activated and used under this emergency situation. FR7.2 Warning the Driver of Diversion If the VC determines that the vehicle can safely be diverted to an empty adjacent lane, the driver will be notified of this on the dashboard screen. A message will appear, along with a right arrow or a left arrow to communicate the direction the driver should move. FR7.3 Communicating with Lane Keeping/Lane Centering If the VC is alerting the driver to change lanes or pull over on the side of the road, the Lane Keeping/Lane Centering must be disabled so that vehicle is not pushed back in the lane when they attempt to quickly move over.
FR8. Adverse Road Conditions FR8 describes how the system monitors road conditions, and actions that may be taken in the case of adverse road conditions.
FR8.1 Monitor ABS The Main Controller of the system will monitor wheel speed differentials that are being measured by the vehicle’s pre-existing ABS system. A dangerous wheel speed differential may be a sign of poor road conditions FR8.2 Monitor Rain-Sensing Wipers The Main Controller will monitor the vehicle’s pre-existing Rain-Sensing Wipers that will determine if there is precipitation coming down, which may be a sign of poor road conditions. FR8.3 Monitor Tire Pressure The Main Controller will monitor the tire pressures being measured by the vehicle’s pre-existing Tire Pressure Sensors. A drastic drop in tire pressure may signal the vehicle has a flat tire. FR8.4 Regain Wheel Traction If ABS determines there is a dangerous wheel speed differential due to poor road conditions, the Speed Controller will slow down the vehicle until the wheel speed differential nears zero. FR8.5 When to Retest Wheel Speed Differential If the Rain-Sensing Wipers were activated when the Speed Controller slowed the system due to loss of wheel traction, the Speed Controller will begin testing the traction when the wipers deactivate (if the wipers were not activated, then the wheel traction will be tested every thirty seconds). FR8.6 How to Retest Wheel Speed Differential The wheel speed differential needs to be tested by increasing the speed by one mph at a time, and monitoring the ABS system’s wheel speed differential measurements. If the differential increases again, then the vehicle should slow back down, if it does not then the system can continue to increase the speed and test the differential until the vehicle returns to the commanded cruising speed.
II. Nonfunctional Requirements
NR1. Consistency The system should always be striving to maintain a steady and constant forward driving speed.
NR1.1 Maintain Vehicle Speed Maintain a constant forward vehicle speed at all times. The driver will provide the vehicle speed. NR1.2 Consistent Acceleration, Deceleration, and Braking When the VC must command the throttle and brakes, it should be done so at a consistent rate.
NR3. Safety Requirements The system should always be operating as safely as possible.
NR3.1 Differentiate Vehicle Targets and Fixed Objects Always be able to determine if a target is a moving vehicle. It is crucial for safety that vehicles never target fixed objects. If the speed differential information retrieved from the camera is equivalent to the vehicle speed, then the target is not moving, and the vehicle may need to come to an emergency stop. NR3.2 Prioritize Feature Actions When two different features of the CACC system are attempting to contradict each other with their vehicle control, the VC must be able to use the software fault tolerance architecture to prioritize which action is more appropriate, and command it to the brake and throttle actuators. This logic must be accurate every time to maintain driver safety. NR3.3 Do Not Exceed Performance Envelope Never brake or accelerate the vehicle more than the performance envelope has allowed. This could result in unexpected and potentially dangerous behavior from the vehicle. NR3.4 Avoid Crashes The system must be able to accurately predict an imminent crash with the vehicle controller, and be able to take appropriate actions to avoid it. If it is not possible to lower the vehicle’s speed fast enough to avoid the collision then the driver will need to be advised to divert the vehicle to the left or the right based on road conditions. If this is not possible, then max out the braking force to decelerate the vehicle as much as possible. NR3.5 Diverting the Driver Safely The system will never attempt to divert a driver into an adjacent lane if there is anything in the way that may endanger the driver or anyone else around the vehicle.
4 Modeling Requirements This section provides the modeling diagrams for the system. The use-case, class, sequence, and state diagrams cohesively represent the behavior of the system and the required elements of the system. Use-Case Diagram Cooperative Adaptive Cruise Control Below is the use-case diagram for the CACC system. This diagram represents the observable functionality of the system. The use-case documentation is included in the following pages. Use-Case Diagram Documentation Cooperative Adaptive Cruise Control The following is the use-case diagram documentation for the CACC system. This documentation describes the use-cases of the system, their interaction with entities outside the system, and their cross-references with the specific requirements section of this document (see section 3).
Use Case: Activate the Vehicle Actors: Driver Description In order to activate the system, the driver must turn on the vehicle. This will turn : on all sensors, the camera, the dashboard screen, and the system controller, though no actions will be taken for the system to control the vehicle yet (not until the CACC system is enabled). Type: Primary, Essential Cross-refs: FR1.1, FR0.1, FR0.2, FR0.3, FR0.4
Use Case: Change Cruise Speed Actors: Driver Description: If the driver has already enabled the cruise control, the driver may change the commanded cruising speed. The driver may increase the speed, or decrease the speed down to as low as 25 mph. Type Secondary Includes: Increase Cruise Speed, Decrease Cruise Speed Cross-refs: FR1.6, FR1.7, FR1.2 Use-Cases: Must perform Activate System and Enable Cruise use-cases first.
Use Case: Increase Cruise Speed Actors: Driver Description: If the driver has already enabled the cruise control, the driver may increase the commanded cruising speed by holding down the Accelerate button on the steering wheel until the desired speed is reached. Type Secondary Cross-refs FR1.6 Use Cases Must perform Activate System and Enable Cruise use-cases.
Use Case: Decrease Cruise Speed Actors: Driver Description: If the driver has already enabled the cruise control, the driver may decrease the commanded cruising speed by holding down the Decelerate cruise button on the steering wheel until the desired speed is reached. The speed will only decrease to a minimum of 25 mph. Type: Secondary
Cross-refs: FR1.7, FR1.2 Use Cases: Must perform Activate System and Enable Cruise use-cases first.
Use Case: Set Safe Distance Actors: Driver Description: The driver may access the CACC configuration settings through the dashboard screen, and set the safe vehicle-to-vehicle following distance to increments of 1, 2, or 3 car lengths. This will be the safe following distance the system will use when the CACC system is enabled. Type: Secondary Cross-refs: FR4.4 Use Cases: Must perform Activate System first to access the dashboard screen.
Use Case: Resume Cruise Actors: Driver Description: If the driver has activated the system, enabled cruise control, and disabled the cruise control by using the vehicle’s brake, the driver may resume their previous cruising speed by selecting the Resume button on the steering wheel. Type: Secondary Cross-refs: FR1.5 Use Cases: Must perform Activate System, Enable Cruise, and Disable Cruise with Brake first.
Use Case: Enable Cruise Actors: Driver Description: When the driver selects the Enable button on the vehicle’s steering wheel, the vehicle controller will determine if the current vehicle speed is above 25 mph. If this is true, then the CACC system will be fully activated, and the vehicle’s current speed will be the commanded cruising speed to be maintained. Type: Primary Cross-refs: FR1.2, FR1.3 Use Cases: Must perform Activate System use-case first.
Use Case: Disable Cruise Actors: Driver Description: The driver always has the option to manually override by disabling the CACC system with the cancel button on the steering wheel, or by pressing down on the vehicle’s brake pedal. Type Primary Includes: Disable Cruise With Brake, Disable Cruise With Button Cross-refs: FR1.4 Use Cases: Must perform Activate System and Enable Cruise first.
Use Case: Disable Cruise With Button Actors: Driver Description: If the driver has activated the system and enabled cruise control, they may disable CACC by pressing down on the Cancel button on the steering wheel. Type: Primary Cross-refs: FR1.4 Use Cases: Must perform Activate System and Enable Cruise first.
Use Case: Disable Cruise With Brake Actors: Driver, Vehicle Braking System Description: If the driver has activated the system and enabled cruise control, they may disable CACC by pressing down on the vehicle’s brake pedal. Type: Primary Cross-refs: FR1.4 Use Cases: Must perform Activate System and Enable Cruise first.
Use Case: Adjust Speed Description: When the system controller determines that a speed adjustment is needed to maintain the commanded cruising speed, the controller will command either the throttle to accelerate or decelerate the vehicle smoothly, or the brakes to decelerate the vehicle quicker. Type: Primary and Essential Includes: Decrease Speed, Accelerate Throttle Cross-refs: FR2.1, FR2.2, FR2.3, FR2.4, FR2.5, FR4.1, FR4.2, FR4.3 Use Cases: Must perform Activate System and Enable Cruise first.
Use Case: Decrease Speed Description: When a decrease in the vehicle’s speed is required to maintain the driver’s commanded speed or to avoid colliding with an obstacle in front of the vehicle, the controller must determine if deceleration of the throttle is sufficient in slowing the vehicle fast enough, or if the braking system must be used to slow the vehicle faster. Type: Primary, Essential Includes: Decelerate Throttle, Apply Brakes Cross-refs: FR2.1, FR2.3 Use Cases: Must perform Activate System, Enable Cruise, and Adjust Speed first.
Use Case: Apply Brakes Actors: Vehicle Braking System Description: If braking deceleration is required to decrease the vehicle’s speed, the vehicle controller will send a signal to the Vehicle Braking System to apply the brakes smoothly. Type: Primary, Essential Cross-refs: FR2.3, NR1.1, NR1.2 Use Cases: Must perform Activate System, Enable Cruise, and Decrease Speed first. Emergency Brake extends this use-case.
Use Case: Emergency Brake Actors: Vehicle Braking System Description: If a collision is imminent, the vehicle controller will send a signal to the Vehicle Braking System to max out the braking force in order to mitigate the crash as best as possible. Type: Primary Extends: Apply Brakes Cross-refs: FR2.4 Use Cases: Must perform Activate System, Enable Cruise, and Decrease Speed first.
Use Case: Accelerate Throttle Actors: Vehicle Throttle System Description: When an increase in the vehicle’s speed is required to maintain the driver’s commanded speed, the controller must send a signal to the vehicle’s throttle actuating system. Type: Primary, Essential Cross-refs: FR2.2 Use Cases: Must perform Activate System, Enable Cruise, and Adjust Speed first.
Use Case: Decelerate Throttle Actors: Vehicle Throttle System Description: If throttle deceleration is required to decrease the vehicle’s speed, the vehicle controller will send a signal to the Vehicle Throttle System. Type: Primary, Essential Cross-refs: FR2.1 Use Cases: Must perform Activate System, Enable Cruise, and Decrease Speed first.
Use Case: Display Message Actors: Driver Description: If the driver must be communicated with, a clear and appropriate message will be displayed on the dashboard screen for them to review. Type: Secondary Cross-refs: FR0.3 Use-Cases: Activate System must occur first.
Use Case: Disable System Description: If the IMF determines that there is an issue with a system task, while tasks are being monitored, and the controller determines that the system is too unstable to maintain functionality safely, then the full CACC system will be disabled until the issue can be resolved and the driver will be warned of this issue with a message displayed on the dashboard screen. Type: Primary Includes: Display Message Cross-refs: FR3.8, FR3.9, FR3.7, FR0.5 Use-Cases: Activate System must be performed first.
Use Case: Invite to Platoon Actors: Driver Description: If the VC determines that there is a target vehicle in front of the vehicle, while CACC is enabled, then the controller will invite the driver to either join the target vehicle’s platoon, or form a new platoon with this vehicle if it is alone. The controller will negotiate a speed between the two vehicles and send a message to the driver on the dashboard screen. Type: Primary, Essential Includes: Display Message, Accept Platoon, Reject Platoon Cross-refs: FR3.4, FR6.1 Use Cases: Must perform Activate System and Enable Cruise first.
Use Case: Accept Platoon Actors: Driver Description: If the VC invites the driver to join a platoon, and the driver selects Accept on the dashboard screen, then the vehicle will join the platoon. Type: Primary Cross-refs: FR5.2 Use Cases: Must perform Activate System, Enable Cruise, and Invite to Platoon first.
Use Case: Reject Platoon Actors: Driver Description: If the VC invites the driver to join a platoon, and the driver selects Reject on the dashboard screen, then the driver will not join a platoon but will continue driving with CACC. Type: Secondary Cross-refs: FR0.1, FR0.2 Use Cases: Must perform Activate System, Enable Cruise, and Invite to Platoon first.
Use Case: Exit Platoon Actors: Vehicle Turn Signal, Lane Keeping/Centering System Description: If the driver is currently in a platoon, and decides to leave the platoon they must select the cancel platoon button on the dashboard screen, and/or turn on their turn signal to leave the formation. If the turn signal is engaged, then the lane keeping/lane centering system will allow the driver to exit the lane of the platoon without pushing them back. Type: Secondary Cross-refs: FR 1.3 Use Cases: Must perform Activate System, Enable Cruise, and Accept Platoon first.
Use Case: Divert Driver Actors: Lane Keeping/Centering System Description While the system is monitoring the vehicle’s surroundings, if it determines that a : crash is imminent, the system will attempt to mitigate the situation by diverting the driver to adjacent lanes or the side of the road. The system will communicate this suggestion to the driver on the dashboard screen. If the system is attempting to divert the driver, it will need to communicate with the existing lane keeping/lane centering system as well to ensure that the vehicle is not pushed backed into the lane while the driver is getting over. Type: Primary Includes: Display Message Cross-refs: FR4.5, FR6.1, FR7.2, FR7.3 Use- Activate System must be performed first. Cases:
Use Case: Adverse Conditions Actors: Vehicle Rain Sensing Wiper System, Vehicle Anti-Lock Brake System, Vehicle Tire Pressure Sensors Description: If any of the monitored systems show signs of adverse road conditions, the vehicle will slow down, alert the driver, and alert the driver of the following CACC vehicle. Type: Secondary Includes: Display Message, Warn Following Vehicle Cross-refs: FR1.1,FR1.2 Use Cases: Activate System and Enable Cruise must occur first.
Use Case: Warn Following Vehicle Actors: Following Vehicle Description: If the vehicle is facing adverse road conditions, or experiences a malfunction, if there is a following CACC vehicle, the following driver will be alerted of these issues. The VC will use radio communication to send this message Type: Secondary Cross-refs: FR1.2 Use Cases: Must perform Activate System and Adverse Conditions first.
Use Case: Receive GPS Information Actors: Following Vehicle, Target Vehicle Description: The radio receiver will receive GPS information from other CACC vehicles that are near. This information will be maintained in the VC. Type: Primary, essential Cross-refs: FR3.2, FR3.6, FR3.5, FR3.7, FR3.8, FR3.9, FR3.10 Use Cases: Must perform Activate System and Enable Cruise first.
Use Case: Send GPS Information Actors: Following Vehicle, Target Vehicle Description: The radio transmitter will send GPS information to other CACC vehicles that are near. Type: Primary, essential Cross-refs: FR3.1, FR3.3, FR3.6, FR3.5, FR5.1 Use Cases: Must perform Activate System and Enable Cruise first. Class Diagram - Domain Model Cooperative Adaptive Cruise Control Below is the class diagram for the CACC system. This diagram represents the physical objects of the system and the different relationships between them. The main components of embedded automotive systems are actuators, controllers, and sensors. The textual description follows the diagram in the form of a data dictionary.
Class Diagram Data Dictionary
Cooperative Adaptive Cruise Control The following is the class diagram data dictionary for the CACC system. This is textual description for the class diagram on the previous page. Element Name Description Accelerate This is a button on the steering wheel that may be held by the driver, and acts Button as a sensor to detect how much the driver would like to increase the commanded cruising speed. Operations
accelPressed() Indicates when the driver begins pressing on the accelerate button on the steering wheel. accelReleased() Indicates when the driver has released the accelerate button on the steering wheel. Relationships Aggregates Steering Buttons, and is a subclass of Button.
Element Description Name Actuator These are the components of the system that can affect the environment. They all take signals/commands from the Controllers and carry out their tasks as specified by the controller. These have the most visible effects of the system as they affect the environment directly. Operations disable( ) Deactivate the actuator from CACC system control. Relationships Superclass of Throttle, Dashboard Screen, Brakes, and Network Transmitter.
Element Description Name Actuators These are the components of the system that can affect the environment. They all take signals/commands from the Controllers and carry out their tasks as specified by the controller. These have the most visible effects of the system as they affect the environment directly. Relationships Composes CACC System. Aggregated by the Brakes, Throttle, Dashboard Screen, and Network Transmitter.
Element Description Name Brakes The vehicle’s primary brakes, and they are crucial in stopping and slowing down the vehicle. The Controller sends signals to this actuator in the event that the vehicle needs to slow down or stop quickly due to obstacle(s) ahead, in order to avoid a collision. Operations
brakeOn( int ) Brake the vehicle with the amount of force indicated by the input. enable( ) Activate the control of the vehicle’s brakes. brakeOff( ) Turn off the braking that was previously actuated. brakePressed( ) Indicates when the driver has pressed the brake pedal. eBrake( ) Activates max braking for an emergency situation. Relationships Aggregates the Actuators.
Element Description Name Button These are the sensors in the system that are physical buttons that may be pressed or held down by the driver of the vehicle to signal an intended action. Operations
enable( ) Activates the button. disable( ) Deactivates the button. Relationships Superclass for Vehicle Switch, Accelerate Button, Enable Button, Cancel Button, Decelerate Button, and Resume Button.
Element Description Name CACC System The Cooperative Adaptive Cruise Control system which is composed of sensors in the form of buttons, radars, a camera, a dashboard screen and a network receiver, main, platoon, cruise, and speed controllers, and actuators in the form of brakes, the throttle, a dashboard screen, and a network transmitter. The CACC system enhances cruise control by featuring autonomous vehicle speed control, and adding the ability to form moving vehicle platoons. Relationship Composed of Actuators, Controllers, and Sensors. Associated with a Driver. s
Element Description Name Camera This is the camera sensor placed at the front of the vehicle to detect the distance and speed differential between the vehicle and obstacles surrounding the vehicle. It constantly sends signals to the Controller, notifying the system of the state of the environment at that point in time. Attributes differential : integer This is the speed differential with respect to the obstacle in front of the vehicle. Operations cameraOn( ) Activate the camera.
cameraOff( ) Deactivate the camera. checkCamera( ) Check the surroundings for obstacles with slower speeds. reportCamera(integer) Record the speed differential between the object and the vehicle, by setting differential. Relationships Aggregates the Sensors.
Element Description Name Cancel Button This is a button on the steering wheel that may be pressed by the driver, and acts as a sensor to detect when the CACC System should be disabled. Operations cancelPressed( ) Indicates when the driver has selected the cancel button on the steering wheel. Relationships Aggregates Steering Buttons, and is a subclass of Button.
Element Description Name Controller This is the brain of the system. It takes in information about the environment from sensors, processes that information, decides on the right course of action, and sends the signals to the actuators. Attributes speed : int The current speed of the vehicle. cruiseSpeed : int The commanded cruising speed. Operations
enable( ) Activate the controller. disable( ) Deactivate the controller. Relationships Superclass of Main Controller, Speed Controller, Cruise Controller, and Platoon Controller.
Element Description Name Controllers This is the brain of the system. It takes in information about the environment from all the sensors, processes that information with either the Main Controller, Platoon Controller, Cruise Controller,, or Speed Controller, decides on the right course of action to take, and sends the signals to the vehicle actuators. Relationships Composed of a Main Controller, Speed Controller, Cruise Controller, and Platoon Controller
Element Name Description Cruise This is the controller that takes input from sensors to control the appropriate Controller commanded cruising speed. Attributes differential : int The speed differential between the vehicle and detected obstacle. emergency : int The differential threshold limit for emergency braking. brake : int The differential threshold limit for regular braking. Operations
accelPressed( ) Indicates when the driver begins holding the accelerate button on the steering wheel. accelReleased( ) Indicates when the driver has released the accelerate button on the steering wheel decelPressed( ) Indicates when the driver begins holding the decelerate button on the steering wheel. decelReleased( ) Indicates when the driver has released the decelerate button on the steering wheel respondCamera(int) Sets differential to the value given from the camera sensor. returnCruise( ) Returns the cruise control to the speed that was previously set by the driver before the system was disabled. Relationships Aggregates Controllers, and is a subclass of Controller.
Element Name Description Dashboard This is the dashboard screen actuator that is embedded in the vehicle. This Screen screen allows the system to communicate with the driver by displaying messages. Operations
invitePlatoon( ) Displays an invitation to join platoon message on the dashboard screen for the driver to view. noPressed( ) Indicates the driver has selected the no screen button. yesPressed( ) Indicates the driver has selected the yes screen button. cancelPressed( ) Indicates the driver has selected the cancel screen button. eBrake( ) Display a message to the driver on the dashboard screen indicating that there is an emergency situation. brakeOff( ) Remove the emergency message on the dashboard screen because the vehicle is no longer emergency braking. Relationships Aggregates the Actuators.
Element Name Description Decelerate This is a button on the steering wheel that may be held by the driver, and acts Button as a sensor to detect how much the driver would like to decrease the commanded cruising speed. Operations
decelPressed() Indicates when the driver begins pressing on the decelerate button on the steering wheel. decelReleased() Indicates when the driver has released the decelerate button on the steering wheel. Relationships Aggregates Steering Buttons, and is a subclass of Button.
Element Name Description Driver The operator of the vehicle that is equipping the system. Relationships Association with CACC System.
Element Name Description Electronic Hardware This is an embedded Hardware Security Module (eHSM) that takes the Security Module message keys that are sent by other vehicles and are received by the Network Receiver and determines their validity. Attributes
secure : bool Indicates whether the input message keys are secure. Operations checkHSM( double[ ] ) Determine if the received message key from another vehicle is valid and secure. reportHSM(bool) Sets secure to true if the tested message keys are secure, and false if they are not. Relationships Aggregates the Network Receiver. Element Description Name Enable Button This is a button on the steering wheel that may be pressed by the driver, and acts as a sensor to detect when CACC should be enabled. Operations enablePressed( ) Indicates when the enable button has been pressed on the steering wheel. Relationships Aggregates Steering Buttons, and is a subclass of Button.
Element Description Name Main This is the controller that will maintain the operating environment information. Controller This controller will constantly be monitoring for system and subsystem failure based on input from the radars, camera, network receiver, braking and acceleration performance. This controller will also monitor other vehicle systems, such as the ABS, for signs of adverse road conditions. The controller will determine vehicle actuation limits based on this information. Attributes
obstacle : bool Indicates if there is an obstacle in front of the vehicle. Operations checkSpeed( ) : int Return the current speed of the vehicle, which is maintained under the operating environment information. activate( ) Activates the CACC system. Does not enable the system. deactivate( ) Deactivates the CACC system. cancelPressed( ) Indicates if the cancel button was selected on the steering wheel. resumePressed( ) Indicates that the resume button was selected on the steering wheel. returnRadar(bool) Sets obstacle to true if their is an obstacle present, and false if there is not Relationships Aggregates Controllers, and is a subclass of Controller.
Element Description Name Network This is the network component of the system that receives information, in the Receiver form of message keys, from other CACC vehicles to enable communication between vehicles. The security module verifies the keys, and then the network receiver sensor forwards the secure information to the Controller to be processed. Attributes
keys : double [ ] An array of message keys received from other CACC enabled vehicles that are near. Operations receiverOn( ) Activates the network receiver. receiverOff( ) Deactivates the network receiver.
reportKeys(double[ ]) This sets keys with the received message keys. Empty if no message keys are received. disable( ) Deactivates the network receiver if the system is disabled. receive( ) Attempts to receive message keys sent from other CACC enabled vehicles that are near. Relationships Aggregates Sensors. Aggregated by the electronic Hardware Security Module.
Element Name Description Network This is the system’s network component that enables the vehicle to be able to Transmitter communicate with another vehicle in the platoon. It enables the vehicle to send GPS information to their respective trailing and leading vehicles. This actuator is sent signals and information from the Controller. Operations
transmit(double) Transmit the vehicle’s message key to nearby CACC enabled vehicles. transmitterOn( ) Activates the network transmitter. transmitterOff( ) Deactivates the network transmitter. Relationships Aggregates the Actuators.
Element Description Name Platoon This is the controller that takes input from the radar, camera, and network Controller receiver, and actuates the network transmitter, and dashboard screen. The platoon controller will determine if there are nearby CACC enabled vehicles, it will form potential platoons with these vehicles and determine braking and acceleration maneuvers. Attributes keys : double[ ] Array of vehicle keys for every vehicle in the current platoon. obstacle : bool Indicates if there is an obstacle in front of the vehicle. info : double The message key containing the vehicle information to be transmitted. secure : bool Indicates if incoming message keys are secure. response : string The response given by the driver with the screen buttons. Remains null if there is no response. Operations formPlatoon( ) Forms appropriate braking and acceleration maneuvers for the vehicle if it is in a platoon. respondHSM(bool) Sets secure to true if received message keys are secure, and false if they are not. returnRadar(bool) Sets obstacle to true if there is an obstacle in front of the vehicle, and false if there is not. respondKeys(double[ ]) Sets keys to the secure message keys that are received. returnCruise( ) Returns the cruise control to the speed that was previously set by the driver before the system was disabled. examinePlatoon(double[ ]) Determines if the vehicle is eligible to join the platoon in front. answer(string) Sets response to the answer the driver has indicated using the screen buttons. Relationships Aggregates Controllers, and is a subclass of Controller.
Element Description Name Radar These are the three radar sensors that are placed around the vehicle in order to detect obstacles surrounding the vehicle. There is one on the front, and one on each side. They constantly send signals to the Controller, notifying the system of the state of the environment in that point in time. Attributes obstacle : bool Indicates whether or not there is an obstacle in the way of the vehicle. Operations radarOn( ) Activates the radar. radarOff( ) Deactivate the radar. reportRadar(bool) The radar will report the surroundings by setting obstacle to true if there is an obstacle, and false if there is not. checkRadar( ) The radar will sense the surroundings. Relationships Three radars aggregate the Sensors. Element Description Name Resume This is a button on the steering wheel that may be pressed by the driver, and Button acts as a sensor to detect when the driver would like to resume cruise control. Operations resumePressed( ) Indicates when the driver has selected the resume button on the steering wheel. Relationships Aggregates Steering Buttons, and is a subclass of Button.
Element Description Name Screen These are sensors that are on the dashboard screen as buttons that the driver Buttons may select to appropriate an intended system action. Attributes
response : string This is the recorded response from the driver. Operations disable( ) Disable the screen buttons. checkAnswer( ) Sense the screen for driver input. report Answer( ) Record the input from the driver by setting response. Relationships Aggregates Sensors.
Element Name Description Sensors These are the mode of input for the system. They enable the system to perceive essential parts of the environment around the vehicle and make intelligent decisions based on this information. They route the input sensor signals to the Controllers. Relationships Aggregated by a Camera, three Radars, Screen Buttons, a Network Receiver, and Steering Buttons. Element Name Description Speed This controller will take input from the radars, camera, and Steering Buttons to Controller maintain a safe vehicle speed by actuating the vehicle’s brakes and throttle. Operations
resumeCruise( ) Indicates when the resume button is selected on the steering wheel brake(int) Actuate the brakes with the input force amount. checkCruise( ) : int Return the current speed of the vehicle, to be compared to the set cruising speed. brakeOff( ) Turn the emergency brakes off. Relationships Aggregates Controllers, and is a subclass of Controller.
Element Description Name Steering These are the sensors of the system that are buttons on the steering wheel that Buttons may be pressed by the driver Relationships Aggregates Sensors, and is aggregated by Accelerate Button, Decelerate Button, Cancel Button, and Enable Button, Resume Button, and Vehicle Switch..
Element Description Name Throttle This actuator is used to adjust the speed of the vehicle electronically. It controls how fast the vehicle accelerates or decelerates within the vehicle’s capability. It receives input from the Speed Controller, after the controller has processed input from the Sensors, and accelerates or decelerates the vehicle as specified by the controller. Operations
accel( ) Activates the throttle. decel( ) Deactivates the throttle. Relationships Aggregates the Actuators.
Element Description Name Vehicle Switch This is the button that the driver may press to start the vehicle. This button acts as a sensor to detect when CACC should be activated. Operations
keyPressed( ) Indicates when the vehicle has been activated or deactivated. Relationships Aggregates Sensors, and is a subclass of Button.
Sequence Diagrams Cooperative Adaptive Cruise Control Below are the sequence diagrams for the CACC system. These diagrams represent the sequential behavior of the system. The sequence diagrams are modeled after system scenarios.
1. Scenario 1: The driver activates the vehicle, and increases their speed manually until they reach 66 mph. The driver presses the enable button on the steering wheel, enabling cruise. The vehicle’s cruising speed is set to the current vehicle speed. The driver holds the accelerate button to increase the cruising speed to 70 mph. There is a platoon ahead of the vehicle going slower. The system decelerates the throttle to match their speed, which is currently 65 mph. A message is displayed on the dashboard screen to invite the driver to join the platoon. The driver selects accept platoon on the dashboard screen. The driver decides to exit the platoon, selecting cancel platoon on the dashboard screen, and maneuvering to an adjacent lane. The system accelerates the throttle to return to the commanded speed of 70 mph, which was set before the driver joined the platoon. 2. Scenario 2: The driver is driving down a highway, and engages CACC. This sets the ACC speed of the vehicle to the current speed. As the vehicle continues, it approaches a different vehicle, which is moving at a slower speed. The slower vehicle is not equipped with a CACC system, so neither vehicle is prompted to join a platoon. Instead, the normal ACC system of the faster vehicle decelerates the vehicle to the speed of the slower vehicle in front. The trailing vehicle will match the speed of the vehicle in front, unless it exceeds the set speed of the trailing vehicle’s ACC system.
3. Scenario 3: The driver’s vehicle is in a platoon of four vehicles, being second to last in line. The vehicle in front of the driver engages its turn signal, and leaves the platoon, breaking the platoon into two smaller parts. The driver is now the lead vehicle of a smaller platoon, consisting of the driver’s vehicle, and the vehicle behind. If this platoon catches up to the original lead vehicle, then the driver is prompted to join a platoon with the vehicle in front. If both vehicles have agreed, then the original lead vehicle once again becomes the lead vehicle, and the driver’s vehicle, and the vehicle behind the driver are integrated into the platoon. 4. Scenario 4: The driver is driving down a highway with CACC engaged, without being part of a platoon. The driver is approaching a slower vehicle in front. There is another vehicle in an adjacent lane that is moving closer to the driver’s set speed, so the driver changes lanes to be behind that vehicle instead. The vehicle in front also has CACC, so the driver is prompted to join a platoon. The driver was not prompted to join a platoon with this vehicle before, because the vehicles were in different lanes. The driver declines. After passing the original slower vehicle, both the driver and the vehicle in front move back into the other lane. Both drivers are now prompted to join a platoon again, due to the lane change.
5. Scenario 5: The driver’s vehicle is in a platoon of four vehicles, being second to last in line. A vehicle suddenly and dangerously cuts in front of the driver’s vehicle. The original platoon of four vehicles is split into two separate platoons of two vehicles by the intrusion. The platoon of two vehicles in front of the incident continues on normally. However, the platoon of two vehicles behind the incident needs to take emergency action. If the driver’s vehicle detects that any adjacent lanes are clear, it will prompt the driver to change lanes. If a lane change is not possible, the vehicle will automatically hard-brake to mitigate damage from the impending collision.
State Diagram Cooperative Adaptive Cruise Control Below is the state diagram for the CACC system. This diagram represents the functional states of the system, and the appropriate events that cause transitions between these states. There is a textual description following the diagram.
Figure 1: The state diagram for the Speed Controller.
Figure 2: The state diagram for the Main Controller. Figure 3: The state diagram for the Cruise Controller.
Figure 4: The state diagram for the Platoon Controller. Figure 5: The state diagrams for the radar, camera, screen buttons, receiver, and electronic Hardware Security Module Sensors. Figure 6: The state diagram for the steering wheel buttons. Figure 7: The state diagram for CACC actuators. State Diagram Textual Description The following is the textual description for the CACC State Diagram. These are the descriptions for each functional state of the system that are shown in the state diagrams on the last page, and the events that cause transitions between these states.
1. Main Controller a. All-Off - The main controller will begin in this state. a.i. When the vehicle is turned on, the controller will transition to the “All-On” state, and activate the radar and camera. b. All-On - The main controller, radar, and camera are all activated. b.i. When checkSpeed( ) is called, the controller will transition to the “CACC Enabled” state if the vehicle’s current speed is above 25 mph, and enable the CACC system. b.ii. When the vehicle is turned off, the controller will transition back to the “All-Off” state. c. CACC Enabled - The full CACC system is enabled. c.i. The controller will check the radar constantly and remain in the “CACC Enabled” state. c.ii. If the CACC system is disabled, the controller will return to the “All-On” state. c.iii. If the radar returns a true value, indicating that there is an obstacle in front of the vehicle, the controller will transition to the “Vehicle-Obstructed” state, and check the camera. c.iv. If the cancel button on the steering wheel is selected by the driver, the controller will transition to the “CACC-Disabled” state, and disable the CACC system. d. CACC Disabled - The cruise control has been disabled by the cancel steering wheel button since the last time the system was enabled. d.i. If the vehicle is turned off, the controller will transition to the “All-Off” state. d.ii. If the resume button is pressed on the steering wheel, the system will be enabled, the previous cruise control speed will be commanded, and the controller will transition to the “CACC Enabled” state. e. Vehicle-Obstructed - The vehicle is currently obstructed by an obstacle, and will not be able to travel at the commanded speed. e.i. The controller will constantly check the radar and remain in the “Vehicle-Obstructed” state. e.ii. If the radar determines that there is no longer an obstacle in front of the vehicle, the controller will transition back to the “CACC Enabled” state. e.iii. If the system is disabled, the controller will transition back to the “All-On” state. e.iv. If the radar determines that there is still an obstacle in front of the vehicle, the system will check the camera and remain in the “Vehicle-Obstructed” state. e.v. If the cancel button on the steering wheel is pressed, the system will disable and the controller will transition to the “CACC Disabled” state. 2. Speed Controller a. Off - the speed controller will begin in the “Off” state. a.i. When the CACC system is enabled, the controller will set the cruise speed to the current vehicle speed, and transition to the “On” state. a.ii. If the cruise control is being resumed, the controller will transition to the “On” state and set the cruise speed to the previous cruising speed. b. On - the speed controller is activated. b.i. If the CACC system is disabled, the speed controller will transition to the “Off” state. b.ii. If the emergency brakes are activated, the speed controller will transition to the “Emergency-Brake” state. b.iii. The controller will constantly check the speed of the vehicle and remain in the “On” state. b.iv. If the speed of the vehicle is less than the commanded cruising speed, the controller will transition to the “Speed-Low” state, and the throttle will be activated. b.v. If it is determined that braking is required, the brakes will be actuated and the system will stay in the “On” state. c. Speed-Low - the vehicle is accelerating. c.i. The controller will constantly check the current speed of the vehicle and remain in the “Speed-Low” state. c.ii. If it is determined that the current speed of the vehicle is greater than the commanded cruising speed, the controller will transition to the “On” state, and deactivate the throttle. c.iii. If the system is disabled, the controller will transition to the “Off” state. c.iv. If the system is emergency braking, the controller will transition to the “Emergency-Brake” state. d. Emergency-Brake - the vehicle is emergency braking. d.i. If the system is disabled, the controller will transition to the “Off” state. d.ii. If the brakes are turned off, the controller will return to the “On” state. 3. Cruise Controller a. Off - The cruise controller will begin in the “Off” state. a.i. If the CACC system is enabled, the controller will transition to the “On” state. b. On - The cruise controller is activated. b.i. If the CACC system is disabled, the controller will transition to the “Off” state. b.ii. If the acceleration button is pressed, the controller will transition to the “Increase-Cruise” state. b.iii. If the deceleration button is pressed, the controller will transition to the “Decrease-Cruise” state. b.iv. If the camera is checked, and the speed differential between the vehicle and the obstacle is less than zero, the controller will transition to the “Obstacle-Cruise” state. c. Increase-Cruise - the commanded cruising speed is being increased by the driver. c.i. If the acceleration button is released by the driver, the controller will transition to the “On” state. c.ii. The controller will increment the commanded cruising speed by one every millisecond. c.iii. If the CACC system is disabled, the controller will transition to the “Off” state. d. Decrease-Cruise - the commanded cruising speed is being increased by the driver. d.i. If the deceleration button is released by the driver, the controller will transition to the “On” state. d.ii. The controller will decrement the commanded cruising speed by one every millisecond. d.iii. If the CACC system is disabled, the controller will transition to the “Off” state. e. Obstacle-Cruise - the vehicle is traveling at a speed slower than the commanded cruising speed because there is an obstacle present. e.i. If the camera determines that the speed differential is less than zero and greater than the braking threshold, then the controller will lower the cruising speed by the differential. e.ii. If the camera determines that the speed differential is less than or equal to the braking threshold and greater than the emergency threshold, then the controller will brake. e.iii. If the camera determines that the speed differential is less than or equal to the emergency threshold, then the controller will emergency brake and transition to the “Emergency-Cruise” state. e.iv. If the controller is commanded to return it’s cruise, then it will transition back to the “On” state. f. Emergency-Cruise - the vehicle is emergency braking. f.i. If the camera determines that the speed differential with the obstacle is greater than the braking threshold, and the vehicle speed is above or equal to 25 mph, then the brakes will be turned off, and the controller will transition back to the “Obstacle-Cruise” state. f.ii. If the camera determines that the speed differential with the obstacle is greater than the braking threshold, and the vehicle speed is less than 25 mph, then the CACC system will be disabled, and the controller will return to the “Off” state. f.iii. The controller will be constantly checking the camera. f.iv. If the CACC system is disabled, the controller will transition back to the “Off” state. 4. Platoon Controller a. Off - The controller will begin in the “Off” state. a.i. If the system is enabled, the controller will transition to the “On” state and turn on the receiver and transmitter. b. On - The controller is activated b.i. If the system is disabled, the controller will transition back to the “Off” state. b.ii. If the radar determines that there is an obstacle, the controller will transition to the “Checking- Obstacle” state and transmit and receive network message keys. c. Checking-Obstacle - there is an obstacle present, and the controller must determine if it is a CACC enabled vehicle. c.i. If the vehicle returns to the previous cruise speed, the controller will return to the “On” state. c.ii. If the network receiver receives message keys, the controller will transition to the “Checking-Message- Security” state, and the received keys will be sent to the eHSM. d. Checking-Message-Security - the received message keys are being validated. d.i. If the eHSM determines the message keys are secure, the controller will transition to the “Creating Platoon” state. d.ii. If the eHSM determines the message keys are not secure, the controller will transition to the “Off” state and turn off the receiver and transmitter. e. Creating Platoon - the controller is forming a potential platoon for the vehicle. e.i. If the controller determines that the platoon is full, it will transition back to the “On” state. e.ii. If the controller determines that the platoon is not full, it will transition to the “Inviting Platoon” state. f. Inviting Platoon - the controller is inviting the driver to join the formed platoon. f.i. The controller will constantly check for a response from the driver. f.ii. If the system is disabled, the controller will transition back to the “Off” state. f.iii. If the driver selects no, the controller will transition to the “Platoon Idle” state, and the transmitter and receiver will be turned off. f.iv. If the driver selects yes, the controller will transition to the “In-Platoon” state, and the platoon will be formed. g. Platoon Idle - the platoon capabilities have been rejected by the driver, and cannot be reactivated until the system is disabled and reenabled. g.i. If the system is disabled, the controller will transition to the “Off” state. h. In-Platoon - The vehicle is in a platoon formation. h.i. If the system is disabled, the controller will transition to the “Off” state. h.ii. If the driver selects cancel on the dashboard screen, the controller will transition to the “Platoon Idle” state, and the transmitter and receiver will be turned off. h.iii. The controller will be constantly transmitting and receiving information from other platoon vehicles, and checking for a cancellation from the dashboard screen. h.iv. If the controller receives message keys, it will transition to the “Verify Security” state. i. Verify Security - the controller is verifying the security of incoming message keys. i.i. If the system is disabled, the controller will transition to the “Off” state. i.ii. If the message keys are not secure, the controller will transition to the “Off” state. i.iii. If the message keys are secure, the controller will transition to the “In-Platoon” state, and the platoon formation will be updated. 5. Steering Buttons a. Vehicle-Off - the buttons will begin in this state. a.i. If the vehicle is turned on, the buttons will transition to the “Vehicle-On” state, and the CACC system will be activated. b. Vehicle-On - the vehicle is on and the system is activated. b.i. If the vehicle is turned off, the buttons will transition to the “Vehicle-Off” state and the system will be deactivated. b.ii. If the enable button is pressed, the vehicle speed will be checked. b.iii. If the system is enabled, the buttons will transition to the “CACC-enabled” state. c. CACC-Enabled - the CACC system is enabled c.i. If the system is disabled, the buttons will transition to the “Vehicle-On” state. c.ii. If the deceleration button is pressed, the buttons will transition to the “Holding-Decel” state. c.iii. If the acceleration button is pressed, the buttons will transition to the “Holding-Accel” state. c.iv. If the cancel button is pressed, the buttons will transition to the “CACC-Canceled” state. d. Holding-Decel - the deceleration button is being held. d.i. If the system is disabled, the buttons will transition to the “Vehicle-On” state. d.ii. If the deceleration button is released, the buttons will transition to the “CACC-Enabled” state. e. Holding-Accel - the acceleration button is being held. e.i. If the system is disabled, the buttons will transition to the “Vehicle-On” state. e.ii. If the acceleration button is released, the buttons will transition to the “CACC-Enabled” state. f. CACC-Canceled - the CACC system is canceled, and may be resumed. f.i. If the vehicle is turned off, the buttons will transition to the “Vehicle-Off” state and the system will be deactivated. f.ii. If the enable button is pressed, the vehicle speed will be checked. f.iii. If the system is enabled, the buttons will transition to the “CACC-enabled” state. f.iv. If the resume button is pressed, the buttons will transition to the “CACC-enabled” state. 6. Radar a. Idle - The radar will begin in the “Idle”state a.i. If the radar is turned on, it will transition to the “On” state. b. On - the radar is turned on. b.i. If the radar is turned off, it will transition to the “Off” state. b.ii. If the radar is checked, it will transition to the “Checking-Radar” state. c. Checking-Radar - the radar is being checked. c.i. The radar will report and respond about the surrounding obstacles and return to the “On” state. 7. Camera a. Idle - The camera will begin in the “Idle”state a.i. If the camera is turned on, it will transition to the “On” state. b. On - the camera is turned on. b.i. If the camera is turned off, it will transition to the “Idle” state. b.ii. If the camera is checked, it will transition to the “Checking-Camera” state. c. Checking-Camera - the camera is being checked. c.i. The camera will report and respond about the surroundings and return to the “On” state. 8. Screen Buttons a. Idle - The buttons will begin in the “Idle” state. a.i. If there is a request to check for user input, the buttons will transition to the “Check-Answer” state. b. Check-Answer - The screen buttons are checking for user input. b.i. If the system is disabled, the buttons will transition to the “Idle” state. b.ii. The buttons will report and respond with the user input, and return to the “Idle” state” 9. Receiver a. Idle - The receiver will begin in the “Idle” state. a.i. If the receiver is turned on, it will transition to the “On” state. b. On - The receiver is activated. b.i. If there is a request to receive message keys, the receiver will transition to the “Receiving” state. b.ii. If the receiver is turned off, it will transition to the “Idle” state. b.iii. If the system is disabled, the receiver will transition to the “Idle” state. c. Receiving - the receiver is receiving vehicle message keys. c.i. If the system is disabled, the buttons will transition to the “Idle” state. c.ii. The receiver will report and respond with the message keys and return to the “On” state. 10. electronic Hardware Security Module a. Idle - The eHSM will begin in the “Idle” state. a.i. If there is a request to check message key validity, the eHSM will transition to the “Validate Key Security” state. b. Validate Key Security - the message keys are being checked for security. b.i. The eHSM will report and respond with the security of the incoming message keys. 11. Network Transmitter a. Idle - The transmitter will begin in the “Idle” state. a.i. If the transmitter is turned on, it will transition to the “On” state. b. On - The transmitter is activated. b.i. If there is a request to transmit the vehicle’s message key, the transmitter will transmit the info and remain in the “On” state. b.ii. If the transmitter is turned off, it will transition to the “Idle” state. b.iii. If the system is disabled, the transmitter will transition to the “Idle” state. 12. Brakes a. Idle - The brakes will begin in the “Idle” state. a.i. If the system is enabled they will transition to the “Monitoring” state. b. Monitoring - the brakes are monitoring for manual pressure from the driver. b.i. If the driver presses the brakes, the brakes will transition to the “Idle” state. b.ii. If the system is disabled, the brakes will transition to the “Idle” state. b.iii. If there is a request for brake pressure, the brakes will be applied and remain in the “Monitoring” state. b.iv. If the emergency brakes are requested, the brakes will transition to the “Emergency-Brake” state. c. Emergency-Brake - the vehicle is emergency braking. c.i. If there is a request to turn the brakes off, the brakes will transition back to the “Monitoring” state. c.ii. If the system is disabled, the brakes will transition to the “Idle” state. 13. Throttle a. Idle - The throttle will begin in the “Idle” state. a.i. If the throttle is activated, it will transition to the “On” state. b. On - The throttle is activated. b.i. If the system is disabled, the throttle will transition to the “Idle” state. b.ii. If the throttle is deactivated, it will transition to the “Idle” state. 14. Dashboard Screen a. Idle - The dashboard screen will begin in the “Idle” state. a.i. If there is a platoon invitation, the screen will transition to the “Invite-Displayed” state. a.ii. If the emergency brakes are activated, the screen will transition to the “Emergency-Displayed” state. b. Invite-Displayed - the platoon invitation is displayed on the screen. b.i. If no is selected, the screen will transition to the “Idle” state. b.ii. If the system is disabled, the screen will transition to the “Idle” state. b.iii. If yes is selected, the screen will transition to the “Cancel-Displayed” state. b.iv. If the emergency brakes are activated, the screen will transition to the “Emergency-Displayed” state. c. Emergency Displayed - an emergency warning is displayed on the screen. c.i. If the brakes are turned off, the screen will transition to the “Idle” state. c.ii. If the system is disabled, the screen will transition to the “Idle” state. d. Cancel-Displayed - a cancel platoon message is displayed on the screen. d.i. If the emergency brakes are activated, the screen will transition to the “Emergency-Displayed” state. d.ii. If the system is disabled, the screen will transition to the “Idle” state. d.iii. If the cancel button is pressed, the screen will transition to the “Idle” state.
5 Prototype The CACC2 prototype models the basic executable functionality of the system. The user interface will allow the user to activate and deactivate the vehicle, enable and disable the CACC system, increase and decrease the speed of the vehicle, increase and decrease the commanded cruising speed, and accept from the vehicle’s dashboard. The platoon interface will model the interactions the vehicle has with other vehicles on the road. It will allow the user to enable/disable the CACC system and set the cruise speed. The arrow keys on the keyboard can control accelerating, braking and steering of the vehicle. Thus the Prototype has 2 PARTS. The FIRST PART is the Dashboard Demonstration, it can be found on this page, http://www.cse.msu.edu/~cse435/Projects/F2016/Groups/CACC2/web/prototype1.php, this part focuses on the driver's interaction with the vehicle and the CACC system from the vehicle's dashboard. The SECOND PART of this prototype is the Platoon Demonstration. It demonstrates how different vehicles with the CACC system enabled would interact in various executable scenarios. This part can be accessed through this link http://www.cse.msu.edu/~cse435/Projects/F2016/Groups/CACC2/Prototype/LatestRel ease/index.html . After clicking on the link, the scene will show up and the user will be able to control the red car using keyboard arrow keys. In the platoon demonstration, every vehicle in the scenario is CACC enabled and drivers are always willing to form a platoon. The only vehicle that can disable CACC is the main vehicle that the user controls. The user can experiment with different settings to see how the CACC system will behave in various scenarios.
5.1 How to Run The Prototype Both of the UIs described above are web based, and can be viewed and executed by anyone with access to the internet. The prototype interface and system configuration for the interior of the vehicle may be accessed at, http://www.cse.msu.edu/~cse435/Projects/F2016/Groups/CACC2/web/protot ype1.php The prototype interface and system configuration for the exterior of the vehicle may be viewed at, http://www.cse.msu.edu/~cse435/Projects/F2016/Groups/CACC2/Prototype/ LatestRelease/index.html
5.2 Sample Scenarios Part 1: The following is a sample scenario of execution Part 1 of the CACC prototype,
Figure 8: The CACC dashboard prototype upon initialization.
● On the interior UI select “Start Engine” i. The state of the Engine will turn ON ● Select “CACC On” i. The state of the CACC will remain OFF ● Select “Throttle” 26 times. i. The Speed of the system will be 26 mph ● Select “CACC On” i. The state of the CACC will turn ON
Figure 9: The CACC dashboard prototype after the system is enabled
● Select “Brakes” i. The state of the CACC will turn OFF ii. The Speed will decrease to 25 mph. ● Select “Brakes” 25 times i. The Speed will be 0mph ● Select “Engine Off” i. The Engine will turn OFF
Part 2: Below is a sample scenario of the execution of Part 2 of the CACC Prototype. ● Start the simulation and let it run for a few seconds. You should have a platoon/s forming in the simulation like in the image below. The two black striped vehicles are in a platoon with the red car.
Figure 10: The CACC platoon prototype upon initialization.
● The user can control the main vehicle (the red car) using the arrow keys on their keyboard. They can also use the user interface buttons to experiment with different execution scenarios. Below is an experiment scenario where CACC system was disabled by clicking on the “CACC” button on the user interface, and the driver of the red car did not brake. As a result the red car crashed the black vehicle’s rear.
Figure 11: The CACC dashboard prototype upon crashing. 6 References
[1] Baldman, Andy. (March 2003). Bit Error Ratio Testing: How Many Bits Are Enough? UNH InterOperability Lab. Retrieved from https://www.iol.unh.edu/sites/default/files/knowledgebase/ethernet/BER- How_Many_Bits_18Mar2003.pdf
[2] Bell, John. (2006). Operating Systems Structures. University of Illinois Chicago. Retrieved from https://www.cs.uic.edu/~jbell/CourseNotes/OperatingSystems/2_Structures.html
[3] Chan, Eric, et al. Cooperative Control of SARTRE Automated Platoon Vehicles. Vienna, 19th ITS World Conference, 26 Oct. 2012.
[4] Dana, Peter H. (1994). Global Positioning System Overview. University of Texas. Retrieved from http://www.colorado.edu/geography/gcraft/notes/gps/gps_f.html
[5] "DSRC." ETSI. N.p., n.d. Web. 10 Nov. 2016.
[6] "Dynamic Radar Cruise Control (DRCC)." Toyota Global Site. N.p., n.d. Web. 20 Oct. 2016.
[7] "EyeSight." Subaru. N.p., n.d. Web. 20 Oct. 2016.
[8] Milam, William. Cooperative Adaptive Cruise Control. N.p.: Ford Motor, 2016. Print.
[9] "Office of Operations Research and Development (R&D)." Federal Highway Administration Research and Technology. N.p., 24 Sept. 2015. Web. 20 Oct. 2016.
[10] Omae, Manabu, Ryoko Ogitsu, and Wen-Po Chiang. "Control Procedures and Exchanged Information for Cooperative Adaptive Cruise Control of Heavy-Duty Vehicles Using Broadcast Inter-Vehicle Communication." International Journal of Intelligent Transportation Systems Research 12.3 (2014): 84-97. SpringerLink. 05 Feb. 2014. Web. 20 Oct. 2016.
[11] "V2X Communication Security Technical Brief." (n.d.): n. pag. Truly Secure V2X. Autotalks. Web. 10 Nov. 2016.
7 Point of Contact For further information regarding this document and project, please contact Prof. Betty H.C. Cheng at Michigan State University (chengb at cse.msu.edu). All materials in this document have been sanitized for proprietary data. The students and the instructor gratefully acknowledge the participation of our industrial collaborators.