LG Electronics Develops ISO 26262–Compliant Power Inverter Control Software with Model-Based Design

“Model-Based Design helped us apply the design and verification methods required by ISO 26262, including back-to-back verification and test coverage assessment. In particular, the automated test cases and reports in Simulink Test contributed significantly to reduced testing efforts.”

Challenge

Develop inverter control software for electrical and hybrid electric vehicles in compliance with international functional safety standards

Solution

Adopt Model-Based Design and automate production code generation, model checks, code coverage analysis, and back-to-back testing

Results

  • Stringent code performance requirement met
  • Communication improved; verification time reduced by 20%
  • ISO 26262–compliant software delivered on time
LG Electronics inverter for electrical and hybrid electric vehicles.

LG Electronics inverter for electrical and hybrid electric vehicles.

Automotive manufacturers are increasingly asking tier-one suppliers to deliver components developed in compliance with ISO 26262, the international functional safety standard for road vehicles. This standard covers functional safety aspects of the complete development process, including design, implementation, and verification. Many manufacturers also want their suppliers to comply with AUTOSAR standards for ECU software architectures.

LG Electronics develops ISO 26262– and AUTOSAR-compliant software for the inverter systems used to drive electric and hybrid vehicle motors using Model-Based Design with MATLAB® and Simulink®.

“Our initial objective in adopting Model-Based Design was to meet ISO 26262 recommendations,” says Jeongwon Sohn, principal research engineer at LG Electronics. “We soon discovered additional benefits to using MATLAB and Simulink, including improved communication of technical design details between engineers in disparate fields, which has led to a reduction in software defects.”

Challenge

In the past, LG Electronics software engineers wrote embedded control software by hand based on designs created by algorithm engineers. In addition to being slow, this process was susceptible to errors stemming from communication difficulties between the different groups. LG Electronics sought to establish a new development process in which teams used modeling and simulation to support early verification and production code generation.

Among the first projects to be completed with this new ISO 26262–compliant process was the design and implementation of an AUTOSAR software component for high-speed motor control. Performance specifications were stringent; the generated code needed to meet a strict execution time limit. To satisfy the project’s demanding requirements and deliver on schedule, the team needed to come up to speed quickly on the new development process.

Solution

LG Electronics adopted Model-Based Design with MATLAB and Simulink to develop and verify high-speed motor control software based on AUTOSAR and ISO 26262.

The LG Electronics team attended training and technical workshops conducted by MathWorks engineers, who also helped them jumpstart development with a pilot project.

The team created a plant model with Simscape Electrical™ that included an interior permanent magnet synchronous motor (IPMSM) and a switching model of the inverter’s power electronics.

Using an AUTOSAR authoring tool, the team defined interfaces and other configuration details for the controller architecture. They then exported software component description ARXML files from the authoring tool and imported them into Simulink to generate a skeleton control model.

The engineers elaborated this model, adding application logic modeled in Stateflow®. They also added a proportional-integral (PI) current controller to regulate torque, and algorithms for generating pulse-width modulated (PWM) output to modulate three-phase voltage for the vehicle’s IPMSM.

They used Simulink Check™ to find potential violations of the ISO 26262 standard and Simulink Design Verifier™ to check for divide-by-zero, overflow, and other run-time errors.

To verify the controller design, the engineers ran closed-loop simulations of the controller and plant models, using Simulink Coverage™ to measure how much of the controller model was exercised.

Next, the team generated C code from their models with Embedded Coder® and compiled the code for their target NXP™ MPC5676R microcontroller.

Using Simulink Test™, they conducted back-to-back tests of the Simulink models and generated code, as required by ISO 26262 ASIL-C, and used Simulink Coverage to assess the coverage of these tests for the generated code.

LG Electronics completed development and verification of the inverter software platform on schedule.

Results

  • Stringent code performance requirement met. “Because the code we generated with Embedded Coder was highly optimized, we were able to meet our strict execution time requirement,” says Sohn. “The generated code’s performance was comparable to that of C code written by hand.”
  • Communication improved; verification time reduced by 20%. “After adopting Model-Based Design, we saw a reduction in communication errors between teams,” says Sohn. “Because the model makes it easy to visualize the implementation, our verification time was shorter, as well.”
  • ISO 26262–compliant software delivered on time. “Semi-formal verification, control flow analysis, data flow analysis, and comparative back-to-back tests between model and code were all done using MATLAB and Simulink,” Sohn says. “Without Model-Based Design I don’t think we would have achieved our ISO 26262 compliance objectives while completing the project on time.”