Alstom Generates Production Code for Safety-Critical Power Converter Control Systems
- Development time cut by 50%
- Defect-free, safety-critical code generated and certified
- Common language established
The power converters used on trams, metros, and trains are sophisticated, safety-critical systems that require hard, real-time responses. As a world-leading supplier of rail transport products, services, and systems, Alstom Transport relies on MathWorks tools to design, simulate, and implement these and other equally complex systems that support the world’s energy and transport infrastructure.
Using MathWorks tools, Alstom engineers modeled and automatically generated defect-free production code for their embedded real-time power conversion systems and energy management control systems.
"MathWorks tools enable us to control every line of code, and the generated code is readable, fast, and compact," Han Geerligs, senior engineer at Alstom, explains. "Also, MathWorks tools are industry-standard, with extensive packages and broad support for embedded targets."
Alstom engineers needed to design energy management controls and power converter controls that meet stringent performance requirements with sub-millisecond latencies.
"A latency of 10 to 20 microseconds is too much because our cycle times are about 200 microseconds," explains Geerligs. "We also have complex multiprocessor models that can have a DSP running an interrupt process and a Power-PC CPU using a multirate process."
Adding to the challenge, Alstom engineers used disparate tools for algorithm development, modeling, and simulation. Moreover, the tools did not provide any automatic code generation capabilities, so they had to write code by hand.
"Our tools were not integrated, so we spent a lot of time writing conversion tools. Since we had no way to automatically generate code, we would design, make specifications, and then hand code," Geerligs recalls. "It took a long time to go from specification to implementation. There was no rapid prototyping, documentation took longer, we lacked an overview of the entire effort, and it was very difficult to implement changes quickly."
After evaluating several commercial software packages, Alstom chose MathWorks tools for Model-Based Design. Alstom engineers used the tools to design, simulate, and automatically generate code on a number of projects, including a tramway control system and an energy management system for Czech Railways’ Pendolino tilting train.
In the design phase, engineers use Simulink®, Simscape Electrical™, and Stateflow® to develop their control systems.
"Simulink makes it easy to transfer functions from one part of the design or to change the timing from timed to interrupt-driven, while maintaining efficiency," says Geerligs. "That kind of major design change would be very difficult without Simulink."
The engineers used Simscape Electrical to model the electrical components of the system, including the power electronic components as well as resistors, capacitors, and inductors.
Using Stateflow, the team modeled the supervisory control and control system states, including start-up, slow-down, and error handling. The communication protocol between the power conversion control and the system’s central fault handling unit was also implemented in Stateflow.
"Superstates in Stateflow were particularly helpful for fault handling. When we had a fault in a substate, we drew a line out of the superstate, and Stateflow ensured that it was always handled correctly," says Geerligs.
The Alstom team used MATLAB® to preprocess measurement data from fiberoptic interfaces and scopes for their simulations. They also used MATLAB to report and verify the simulation results. Geerligs used Control System Toolbox™ with MATLAB to create and analyze Bode diagrams and develop classical control algorithms.
After simulating the system in Simulink and Stateflow, the team used Simulink Coder™ and Embedded Coder® to automatically generate production-ready code. They integrated the code with a number of real-time operating systems, including Microware 0S-9 and Wind River’s OSEKWorks.
Alstom engineers reused their models from project to project. "MathWorks tools helped us define design patterns and share that knowledge in libraries," explains Geerligs. "Fault handling and electrical modeling, for example, were shared between the tramway project and the energy management project."
Development time cut by 50%. "One project that we coded by hand took 2000 hours. Using Simulink and Stateflow, we repeated that project in 1000 hours," explains Geerligs. "Also, the time from design completion to our first prototype has been reduced from three months to less than an hour. Now, projects that would require 18 months are now completed in a year with MathWorks tools."
Defect-free, safety-critical code generated and certified. "We have never discovered any defects in the automatically generated code from MathWorks tools," says Geerligs. "When Alstom delivered a Pendolino train to Czech Railways, the railway application was the first with automatically generated code to receive TÜV certification."
Common language established. "Having a common language to communicate is very important to us. Although everyone views a model from their own perspective, we know we are talking about the same thing," Geerligs explains. "We use Simulink to exchange models and share knowledge and ideas with teams in England, France, Italy, and Spain."