...
To monitor the current state of the car, a series of Finite State Machines is used to monitor each input device. The different states of each FSM have a corresponding check function, which can be used to approve or decline an event according to it's current state. Essentially, if an event is raised and the states of every FSM are aligned in such a way that all their check functions return true, then the event can be considered safe to run at the current timeAn event arbiter module is then used to run the check functions of all active FSMs, and the event is only processed if they all determine the event to be safe to run.
Once a given event is processed, the FSMs change state to reflect the event. A CAN message is then sent to the relevant subsystem based on the data held in the event.
Sequence Diagram
