4.1: End-to-End Example

Complete Feature: Safe Following Distance

Feature Overview

Requirement: [SYS-089] The ACC system shall maintain a safe following distance from vehicles ahead.

Scope: Implement one software requirement with full ASPICE traceability.

Timeline: 2 days (16 hours) with AI assistance.

Day 1: Requirements to Implementation

Hour 1-2: Requirements Analysis (SWE.1)

Input: System requirement [SYS-089] from customer spec

AI Assistance (ChatGPT-4):

Prompt: "Extract software requirements from system requirement [SYS-089]:

System Requirement: The ACC system shall maintain a safe following distance
from vehicles ahead, defined as a 2-second time gap.

Extract:
- Functional requirements (calculations, inputs, outputs)
- Non-functional requirements (accuracy, latency)
- Interface requirements (sensors, actuators)
- Constraints (standards, safety class)

Output format: IEEE 830 style with unique IDs

AI Output:

[SWE-089-1] Calculate Safe Following Distance
Description: The software shall calculate safe following distance as: d_safe = v × 2.0 seconds
- Input: vehicle_speed_ms (float, meters per second)
- Output: safe_distance_m (float, meters)
- Accuracy: ±0.5m
- Latency: ≤10ms
- Safety class: ASIL-B
- Rationale: Safety-critical calculation requiring precise timing

[SWE-089-2] Validate Vehicle Speed
Description: The software shall validate vehicle speed input (0-200 km/h).
- If speed <0 or >200 km/h, log error and return 0
- Safety class: ASIL-B
- Rationale: Prevents invalid inputs from propagating to safety calculations

[SWE-089-3] Implement Defensive Programming
Description: The software shall handle null pointers and invalid inputs gracefully.
- Safety class: ASIL-B
- Rationale: Defensive programming required for ASIL-B compliance

Human Review:

  • [PASS] Requirements are quantified (2.0 seconds, ±0.5m, ≤10ms)
  • [PASS] Safety class specified (ASIL-B)
  • [PASS] Testable (clear pass/fail criteria)
  • [WARN] Add: Traceability to system requirement
  • [WARN] Add: Verification method

Final Requirements (entered in DOORS):

[SWE-089-1] Calculate Safe Following Distance
Description: d_safe = v × 2.0 seconds
Implements: [SYS-089]
Verification: Unit test (TC-SWE-089-1-X)
Safety: ASIL-B

Time: 2 hours (1 hour AI extraction, 1 hour human review)

Hour 3-4: Architecture Decision (SWE.2)

Question: Where should this function live in the architecture?

AI Assistance (Claude Sonnet):

Prompt: "Review ACC ECU architecture. Where should ACC_CalculateSafeDistance() function be placed?

Current architecture:
- src/sensor_fusion/ (radar, camera data processing)
- src/acc_control/ (speed control, distance calculation)
- src/actuators/ (brake, throttle commands)
- src/diagnostics/ (error logging, DTCs)

Requirement: [SWE-089-1] Calculate safe following distance (v × 2.0s)

Suggest: Which module? Rationale?

AI Output:

Recommendation: src/acc_control/distance_calculation.c

Rationale:
- Cohesion: Distance calculation is core ACC control logic
- Coupling: Low coupling (pure function, no dependencies)
- Testability: Easy to unit test (no I/O)
- Existing pattern: Other ACC calculations already in acc_control/

Alternative considered: src/sensor_fusion/
Rejected: Sensor fusion is about data processing, not control logic

Human Review: [PASS] Agree, acc_control/ is correct location

Architecture Decision: Function in src/acc_control/distance_calculation.c

Time: 2 hours (1 hour architecture analysis, 1 hour decision documentation)

Hour 5-7: Implementation (SWE.3)

AI Assistance (GitHub Copilot):

Step 1: Function Skeleton

/* Type: "Calculate safe following distance" in VS Code */
/* Copilot suggests: */

/**
 * @brief Calculate safe following distance
 * @implements [SWE-089-1] Safe Following Distance Calculation
 * @param[in] vehicle_speed_kmh Current vehicle speed in km/h
 * @return Safe following distance in meters (0 = error)
 * @safety_class ASIL-B
 */
float ACC_CalculateSafeDistance(float vehicle_speed_kmh) {
    const float FOLLOWING_TIME_SEC = 2.0F;
    const float KMH_TO_MS = 1.0F / 3.6F;

    /* Convert km/h to m/s */
    float vehicle_speed_ms = vehicle_speed_kmh * KMH_TO_MS;

    /* Calculate distance: d = v × t */
    float safe_distance_m = vehicle_speed_ms * FOLLOWING_TIME_SEC;

    return safe_distance_m;
}

Step 2: Add Input Validation (Human adds):

float ACC_CalculateSafeDistance(float vehicle_speed_kmh) {
    const float FOLLOWING_TIME_SEC = 2.0F;
    const float KMH_TO_MS = 1.0F / 3.6F;
    const float MIN_SPEED_KMH = 0.0F;
    const float MAX_SPEED_KMH = 200.0F;  /* [SWE-089-2] */

    /* Input validation [SWE-089-2] */
    if (vehicle_speed_kmh < MIN_SPEED_KMH || vehicle_speed_kmh > MAX_SPEED_KMH) {
        Log_Error(ERROR_INVALID_SPEED, (int)vehicle_speed_kmh);
        return 0.0F;  /* Defensive: Return 0 on error */
    }

    /* Convert km/h to m/s */
    float vehicle_speed_ms = vehicle_speed_kmh * KMH_TO_MS;

    /* Calculate distance: d = v × t */
    float safe_distance_m = vehicle_speed_ms * FOLLOWING_TIME_SEC;

    return safe_distance_m;
}

Step 3: MISRA Check:

$ cppcheck --addon=misra.py distance_calculation.c
# No violations [PASS]

Time: 3 hours (1 hour AI generation, 1 hour human validation/error handling, 1 hour MISRA check + fixes)

Hour 8: Unit Testing (SWE.4)

AI Assistance (GitHub Copilot):

/* Type: "Generate Google Test cases for ACC_CalculateSafeDistance" */
/* Copilot suggests: */

/**
 * @test TC-SWE-089-1-1: Nominal case (50 km/h)
 * @verifies [SWE-089-1]
 */
TEST(DistanceCalculation, CalculateSafeDistance_50kmh_Returns27m) {
    float speed_kmh = 50.0F;  /* 50 km/h = 13.89 m/s */
    float expected_m = 27.78F;  /* 13.89 × 2.0 = 27.78m */

    float actual_m = ACC_CalculateSafeDistance(speed_kmh);

    /* Tolerance of 0.1F accounts for floating-point rounding in calculation chain */
    EXPECT_NEAR(actual_m, expected_m, 0.1F);
}

/**
 * @test TC-SWE-089-1-2: Boundary (0 km/h)
 * @verifies [SWE-089-1]
 */
TEST(DistanceCalculation, CalculateSafeDistance_0kmh_Returns0m) {
    float actual_m = ACC_CalculateSafeDistance(0.0F);
    EXPECT_FLOAT_EQ(actual_m, 0.0F);
}

/**
 * @test TC-SWE-089-1-3: Boundary (max speed 200 km/h)
 */
TEST(DistanceCalculation, CalculateSafeDistance_200kmh_Returns111m) {
    float expected_m = 111.11F;  /* 200/3.6 × 2.0 = 111.11m */
    float actual_m = ACC_CalculateSafeDistance(200.0F);
    EXPECT_NEAR(actual_m, expected_m, 0.1F);
}

/**
 * @test TC-SWE-089-1-4: Error case (negative speed)
 * @verifies [SWE-089-2] Input Validation
 */
TEST(DistanceCalculation, CalculateSafeDistance_NegativeSpeed_Returns0) {
    float actual_m = ACC_CalculateSafeDistance(-10.0F);
    EXPECT_FLOAT_EQ(actual_m, 0.0F);  /* Defensive: Returns 0 */
}

/**
 * @test TC-SWE-089-1-5: Error case (speed > max)
 */
TEST(DistanceCalculation, CalculateSafeDistance_SpeedAboveMax_Returns0) {
    float actual_m = ACC_CalculateSafeDistance(250.0F);  /* >200 km/h */
    EXPECT_FLOAT_EQ(actual_m, 0.0F);
}

Human Adds 2 More Edge Cases:

TEST(DistanceCalculation, CalculateSafeDistance_JustBelowMax_ReturnsValid) {
    float actual_m = ACC_CalculateSafeDistance(199.9F);
    EXPECT_GT(actual_m, 0.0F);  /* Should be valid */
}

Run Tests:

$ ./distance_calculation_tests
[==========] Running 6 tests
[  PASSED  ] 6 tests (100%)

$ gcov distance_calculation.c
Lines executed: 100.00% of 15

Time: 1 hour (30 min AI generation, 30 min human edge cases + coverage check)

Day 2: Review to Release

Hour 9-10: Code Review (SUP.2)

AI Assistance (Claude Sonnet):

Prompt: "Review this code for ASPICE SWE.3 ASIL-B compliance:

[PASTE CODE]

Check:
- MISRA C:2012 compliance
- Error handling (defensive programming)
- Traceability (@implements tags)
- Readability (naming, comments)
- Testability (can be unit tested?)
"

AI Output:

## Code Review Report

[PASS] MISRA C:2012 Compliant (no violations)
[PASS] Error Handling: Validates inputs, logs errors, returns safe value (0.0F)
[PASS] Traceability: @implements [SWE-089-1], @verifies tags in tests
[PASS] Readability: Clear variable names, named constants
[PASS] Testability: Pure function, 100% test coverage

Minor suggestions:
1. Line 12: Consider adding EXPECT_EQ for error log (verify logging works)
2. Consider adding performance test (verify ≤10ms latency requirement)

Human Review: [PASS] Approve with minor suggestions implemented

Time: 2 hours (1 hour AI review, 1 hour human final review + fixes)

Hour 11-12: Integration (SWE.5)

Integrate with ACC Control Loop:

void ACC_ControlLoop(void) {
    /* Get current vehicle speed */
    float vehicle_speed_kmh = Sensor_GetVehicleSpeed();

    /* Get obstacle distance from sensor fusion */
    float obstacle_distance_m = SensorFusion_GetObstacleDistance();

    /* Calculate safe following distance [SWE-089-1] */
    float safe_distance_m = ACC_CalculateSafeDistance(vehicle_speed_kmh);

    /* If too close, decelerate */
    if (obstacle_distance_m < safe_distance_m) {
        float target_speed_kmh = vehicle_speed_kmh - 5.0F;  /* Decelerate 5 km/h */
        Actuator_SetTargetSpeed(target_speed_kmh);
    }
}

Integration Tests: HIL test bench (30 scenarios)

Time: 2 hours (integration + HIL testing)

Hour 13-14: Traceability (SUP.8)

Auto-Generate Traceability Matrix:

$ python3 scripts/generate_traceability.py src/ tests/

Output (traceability_matrix.md):

| System Req | Software Req | Implementation | Test Cases | Status |
|------------|--------------|----------------|------------|--------|
| SYS-089 | SWE-089-1 | distance_calculation.c:45 | TC-SWE-089-1-{1..6} | [PASS] Verified |
| SYS-089 | SWE-089-2 | distance_calculation.c:52 | TC-SWE-089-1-{4,5} | [PASS] Verified |

Time: 2 hours (run script, review matrix, fix gaps)

Hour 15-16: Release (MAN.3)

CI/CD Pipeline (GitLab CI):

# Automatically runs on commit
stages:
  - build
  - test
  - coverage
  - traceability
  - release

# All stages pass [PASS]

Git Commit:

$ git add src/acc_control/distance_calculation.c tests/test_distance_calculation.cpp
$ git commit -m "feat(acc): implement safe following distance calculation [SWE-089-1]

Implements:
- [SWE-089-1] Calculate safe following distance (v × 2.0s)
- [SWE-089-2] Input validation (0-200 km/h)

Tests:
- 6 unit tests (100% coverage)
- 30 HIL scenarios (all pass)

Traceability: Forward and backward traceability verified

AI-assisted development with human review and validation
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"

$ git push origin feature/swe-089-safe-distance

Pull Request Created: PR #156 (auto-approved by CI/CD)

Time: 2 hours (CI/CD, git workflow, PR creation)

Summary: Day 1-2 Timeline

Task Time AI Tool Human Role Output
Requirements Analysis 2h ChatGPT-4 Review, clarify Requirements in DOORS
Architecture 2h Claude Approve decision Function placement
Implementation 3h Copilot Add validation, MISRA distance_calculation.c
Unit Testing 1h Copilot Add edge cases 100% coverage
Code Review 2h Claude Final approval Review report
Integration 2h Manual HIL testing Integration complete
Traceability 2h Script Review matrix Traceability verified
Release 2h CI/CD Git workflow Feature released
Total 16h AI saves ~35% time Human oversight mandatory ASPICE-compliant

Without AI: Estimated 25 hours (approximately 60% more time)

Key Takeaways

  1. AI Accelerates, Doesn't Replace: 16h with AI vs 25h manual (9h saved, 35% faster)
  2. Human Oversight Mandatory: Every AI output reviewed (correctness, safety, compliance)
  3. End-to-End Traceability: SYS-089 → SWE-089-1 → code → tests (fully traceable)
  4. Quality Not Compromised: 100% test coverage, 0 MISRA violations, ASIL-B compliant
  5. Process Compliant: Follows ASPICE SWE.1-6, SUP.2, SUP.8 (assessor-ready)

Next: Common Pitfalls (36.02) — Mistakes to avoid when integrating AI with ASPICE

Previous
Putting It All Together
Next
Common Pitfalls