init

2026-01-19 16:19:41 +01:00
commit edd3e96591
301 changed files with 36763 additions and 0 deletions
--- a/Design/SRS/Annex_C_Budgets.md
+++ b/Design/SRS/Annex_C_Budgets.md
@@ -0,0 +1,230 @@
+# Annex C: Timing and Resource Budgets
+
+**Document:** SRS Annex C  
+**Version:** 1.0  
+**Date:** 2025-01-19
+
+## Purpose
+
+This annex defines timing budgets, resource allocation limits, and performance constraints for the Sensor Hub software.
+
+## 1. Timing Budgets
+
+### 1.1 Sensor Acquisition Timing
+
+| Operation | Maximum Duration | Justification |
+|-----------|------------------|---------------|
+| Single sensor sample (I2C) | 10ms | I2C transaction time |
+| Single sensor sample (SPI) | 5ms | SPI transaction time |
+| Single sensor sample (UART) | 20ms | UART transaction time |
+| Single sensor sample (Analog/ADC) | 1ms | ADC conversion time |
+| Filtering (10 samples) | 5ms | Local filtering computation |
+| Timestamp generation | 1ms | System time access |
+| Complete acquisition cycle (per sensor) | 100ms | Total per sensor (worst case) |
+| Complete acquisition cycle (all sensors) | 500ms | 5 sensors × 100ms (with overlap) |
+
+### 1.2 State Transition Timing
+
+| Transition | Maximum Duration | Justification |
+|------------|------------------|---------------|
+| `[*]` → `INIT` | 100ms | Power-on initialization |
+| `INIT` → `RUNNING` | 5s | Hardware init, secure boot, MC load |
+| `INIT` → `BOOT_FAILURE` | 2s | Secure boot verification |
+| `RUNNING` → `WARNING` | 50ms | Fault detection and state change |
+| `RUNNING` → `FAULT` | 50ms | Critical fault detection |
+| `RUNNING` → `OTA_PREP` | 100ms | OTA request processing |
+| `OTA_PREP` → `TEARDOWN` | 2s | Readiness validation |
+| `TEARDOWN` → `OTA_UPDATE` | 500ms | Data flush and resource release |
+| `TEARDOWN` → `INIT` | 500ms | Data flush and reset |
+| `OTA_UPDATE` → `RUNNING` | 10 minutes | Firmware transfer and flashing |
+| `RUNNING` → `SERVICE` | 100ms | Debug session establishment |
+| `SERVICE` → `RUNNING` | 50ms | Debug session closure |
+| `RUNNING` → `SD_DEGRADED` | 200ms | SD failure detection |
+
+### 1.3 Communication Timing
+
+| Operation | Maximum Duration | Justification |
+|------------|------------------|---------------|
+| Main Hub request processing | 100ms | Data retrieval and response |
+| Main Hub message transmission | 50ms | Network transmission (local) |
+| Main Hub message reception | 50ms | Network reception (local) |
+| Communication link failure detection | 30s | Heartbeat timeout |
+| OTA firmware chunk reception | 1s | Network transfer per chunk |
+| Peer Sensor Hub ping | 100ms | Connectivity check |
+
+### 1.4 Persistence Timing
+
+| Operation | Maximum Duration | Justification |
+|------------|------------------|---------------|
+| Sensor data write (SD card) | 50ms | File write operation |
+| Diagnostic event write (SD card) | 20ms | Log append operation |
+| Machine constants write (NVM) | 10ms | NVS write operation |
+| Data flush (all pending) | 200ms | Complete flush operation |
+| SD card failure detection | 500ms | File system check |
+
+### 1.5 OTA Timing
+
+| Operation | Maximum Duration | Justification |
+|------------|------------------|---------------|
+| OTA readiness validation | 2s | System state and resource check |
+| Firmware chunk reception | 1s | Network transfer per chunk |
+| Firmware integrity validation | 5s | Cryptographic verification |
+| Firmware flashing | 2 minutes | Flash write operation |
+| Complete OTA operation | 10 minutes | End-to-end OTA process |
+
+### 1.6 Diagnostic Timing
+
+| Operation | Maximum Duration | Justification |
+|------------|------------------|---------------|
+| Diagnostic event generation | 1ms | Event creation and classification |
+| Diagnostic event persistence | 20ms | Log write operation |
+| Diagnostic query processing | 50ms | Log read and filtering |
+| Fault escalation | 50ms | Severity check and state transition |
+
+## 2. Resource Budgets
+
+### 2.1 Memory (RAM) Budget
+
+| Component | Allocation | Peak Usage | Monitoring Required |
+|-----------|------------|------------|---------------------|
+| System (RTOS, ESP-IDF) | 80KB | 100KB | Yes |
+| Sensor Manager | 20KB | 25KB | Yes |
+| Event System | 10KB | 15KB | Yes |
+| Data Pool | 15KB | 20KB | Yes |
+| Communication Stack | 30KB | 40KB | Yes |
+| Diagnostics | 10KB | 15KB | Yes |
+| Persistence | 15KB | 20KB | Yes |
+| OTA Manager | 20KB | 30KB | Yes |
+| Security | 10KB | 15KB | Yes |
+| System Management | 10KB | 15KB | Yes |
+| HMI | 5KB | 8KB | Yes |
+| **Total Allocated** | **225KB** | **283KB** | |
+| **Available (ESP32-S3)** | **512KB** | **512KB** | |
+| **Utilization** | **44%** | **55%** | |
+| **Safety Margin** | **56%** | **45%** | |
+
+**Note:** Peak usage includes worst-case stack usage and temporary buffers. Actual runtime usage SHALL be monitored and maintained below 60% (307KB).
+
+### 2.2 Flash (Program Memory) Budget
+
+| Component | Allocation | Notes |
+|-----------|------------|-------|
+| Bootloader | 32KB | ESP-IDF bootloader |
+| Application Code | 1.5MB | Main application firmware |
+| OTA Partition 0 | 1.5MB | Primary firmware partition |
+| OTA Partition 1 | 1.5MB | Secondary firmware partition (for updates) |
+| NVS (Non-Volatile Storage) | 20KB | Configuration and MC storage |
+| SPIFFS/LittleFS | 500KB | File system (if used) |
+| **Total Used** | **5.052MB** | |
+| **Available (8MB Flash)** | **8MB** | |
+| **Utilization** | **63%** | |
+| **Safety Margin** | **37%** | |
+
+### 2.3 CPU Utilization Budget
+
+| Task | Priority | CPU Usage (Normal) | CPU Usage (Peak) | Notes |
+|------|----------|-------------------|------------------|-------|
+| Sensor Acquisition | High | 15% | 25% | Time-critical |
+| Communication | Medium | 10% | 20% | Network I/O |
+| Diagnostics | Low | 5% | 10% | Background |
+| Persistence | Medium | 5% | 15% | Storage I/O |
+| System Management | High | 5% | 10% | State management |
+| HMI | Low | 2% | 5% | Display updates |
+| Idle | - | 58% | 15% | System idle |
+| **Total** | - | **100%** | **100%** | |
+
+**Requirement:** CPU utilization SHALL NOT exceed 80% during normal operation (SWR-PERF-005).
+
+### 2.4 Storage (SD Card) Budget
+
+| Data Type | Daily Write Volume | Retention Policy | Notes |
+|-----------|-------------------|------------------|-------|
+| Sensor Data | 50MB | 7 days (rolling) | 5 sensors × 1 sample/min × 24h |
+| Diagnostic Log | 5MB | 30 days (circular) | Bounded log with overwrite |
+| Machine Constants | 1KB | Permanent | Updated only on configuration change |
+| OTA Firmware | 2MB | Temporary | Deleted after successful update |
+| **Total Daily Writes** | **57MB** | | |
+| **SD Card Capacity** | **32GB** (typical) | | |
+| **Wear Level** | **Low** | | With wear-leveling |
+
+**Requirement:** SD card writes SHALL be wear-aware to prevent premature failure (SWR-DATA-013).
+
+### 2.5 Network Bandwidth Budget
+
+| Operation | Bandwidth | Frequency | Daily Volume |
+|-----------|-----------|-----------|--------------|
+| Sensor Data Transmission | 1KB/packet | 1 packet/min | 1.44MB/day |
+| Diagnostic Reporting | 500B/packet | On-demand | Variable |
+| Status Updates | 200B/packet | 1 packet/5min | 57.6KB/day |
+| OTA Firmware Transfer | 2MB | On-demand | Variable |
+| **Total (Normal Operation)** | - | - | **~1.5MB/day** | |
+
+**Note:** OTA transfers are infrequent and excluded from daily normal operation budget.
+
+## 3. Performance Constraints
+
+### 3.1 Real-Time Constraints
+
+| Constraint | Requirement | Verification Method |
+|------------|-------------|---------------------|
+| Sensor acquisition determinism | ≤ 100ms per sensor | Timing measurement |
+| State transition determinism | ≤ 50ms (except INIT, TEARDOWN) | Timing measurement |
+| Communication response time | ≤ 100ms | End-to-end timing |
+| Data persistence latency | ≤ 200ms | Write operation timing |
+
+### 3.2 Resource Constraints
+
+| Resource | Limit | Monitoring | Action on Exceed |
+|----------|-------|------------|------------------|
+| RAM Usage | 60% (307KB) | Runtime monitoring | Enter WARNING state, reduce buffers |
+| CPU Usage | 80% | Runtime monitoring | Reduce task priorities, throttle operations |
+| SD Card Space | 10% free | File system check | Trigger data retention policy |
+| Flash Usage | 70% (5.6MB) | Build-time check | Optimize code size |
+
+### 3.3 Quality Constraints
+
+| Constraint | Requirement | Verification Method |
+|------------|-------------|---------------------|
+| Power loss recovery | < 1 second | Power interruption test |
+| SD card failure handling | Graceful degradation | SD card removal test |
+| OTA failure recovery | Rollback capability | OTA failure injection test |
+| Secure boot failure | BOOT_FAILURE state | Secure boot verification test |
+
+## 4. Worst-Case Execution Time (WCET) Analysis
+
+### 4.1 Critical Paths
+
+**Sensor Acquisition Path:**
+```
+Sensor Read (10ms) × 10 samples = 100ms
+ Filtering (5ms) = 105ms
+ Timestamp (1ms) = 106ms
+WCET = 110ms (with 4ms margin)
+```
+
+**State Transition Path:**
+```
+State validation (5ms)
+ Component notification (10ms)
+ State update (1ms)
+WCET = 20ms (with 30ms margin for 50ms requirement)
+```
+
+**Data Persistence Path:**
+```
+Data serialization (10ms)
+ File write (50ms)
+ Verification (10ms)
+WCET = 80ms (with 120ms margin for 200ms requirement)
+```
+
+## 5. Traceability
+
+- **SWR-PERF-001:** Sensor acquisition cycle timing
+- **SWR-PERF-002:** State transition timing
+- **SWR-PERF-003:** Data persistence timing
+- **SWR-PERF-004:** OTA operation duration
+- **SWR-PERF-005:** CPU utilization limit
+- **SWR-PERF-006:** RAM usage limit
+- **SWR-PERF-007:** Main Hub response time
+- **SWR-PERF-008:** Communication link failure detection