ao_safety

Active object evaluating safety events and enforcing protective actions.

Inherited Component

• Safety_Manager

Inherited Requirements

• REQ-SAF-001

• REQ-SAF-002

• REQ-SAF-003

• REQ-SAF-004

• REQ-REL-002

Relationship Diagram

SW Unit Relations

Outgoing Relations

Relation	UML Type	Visibility	Target Unit	Description
SWR-005	composition	private	sm_protection	Safety active object embeds protection state machine.
SWR-014	association	public	ao_diagnostics	Safety publishes protective-state and fault events to diagnostics.

Incoming Relations

Relation	UML Type	Visibility	Source Unit	Description
SWR-009	dependency	public	ao_runtime_supervisor	Runtime supervisor dispatches safety events.
SWR-012	association	public	ao_control	Control and safety coordinate control override behavior.
SWR-022	association	public	ao_monitoring	Monitoring publishes validated sensor snapshots to safety for protective evaluation.

Data Types

ao_safety_contextstruct

Internal runtime context for ao_safety.

Struct Members

Name	Type	Description
protection_state	uint8_t	Protection state.
latch_active	bool	Protection latch state.
override_active	bool	Output override active.
last_transition_tick	uint32_t	Last protection transition tick.

ao_safety_eventstruct

Event payload handled by ao_safety.

Struct Members

Name	Type	Description
signal_id	uint16_t	Safety event signal id.
hazard_detected	bool	Hazard detection input.
temperature_c	int16_t	Safety-evaluated temperature.
clear_request	bool	Latch clear request.

ao_safety_resultenum

Result code for ao_safety operations.

Enum Members

Name	Value	Description
OK	0	Safety evaluation applied.
PROTECTION_ENTERED	1	Entered protection state.
LATCH_BLOCKED	2	Clear denied by latch guard.

Attributes

Attribute	Type	Visibility	Description
ctx	ao_safety_context	private	Runtime context for ao_safety state timing and error tracking.

Methods

dispatch

• Return Type: ao_safety_result

• Visibility: public

• Description: Process one ao_safety event and update runtime outputs.

Parameters

Name	Type	Direction	Description
event	ao_safety_event	in	Process one ao_safety event and update runtime outputs.

init

• Return Type: ao_safety_result

• Visibility: public

• Description: Initialize ao_safety runtime state and dependencies.

Dynamic Behaviour

Activity Diagrams

ao_safety_activity

This activity diagram details ao_safety hazard evaluation across temperature voltage and signal validity conditions and documents the decision path that emits protection events and status updates consumed by diagnostics and indication services.

Timing Diagrams

ao_safety_timing

This timing diagram captures protective entry latency from hazard assertion through evaluation and output shutdown to final status publication supporting verification of one second protection response requirements.

Sequence Diagrams

SEQ-001_Runtime_Event_Orchestration

Primary runtime interoperability sequence showing scheduler tick propagation through dispatcher fan-out and deterministic active-object processing order across monitoring control safety diagnostics and communication units.

SEQ-002_Protection_And_Fault_Propagation

Control and safety coordinate fan command decisions and publish operating/fault status into diagnostics for downstream handling.

SEQ-005_Startup_To_Ready

Startup lifecycle sequence with explicit readiness gates before entering Run state.

SEQ-006_Degraded_Entry_And_Recovery

Lifecycle sequence for degraded entry triggers and guarded recovery back to Run.

SEQ-007_Controlled_Shutdown

Controlled shutdown sequence defining stop ordering and completion criteria.