Saft Accelerates Development and UL Certification of Battery Management System Software with Model-Based Design

“Model-Based Design with Simulink enabled our team to cut development time, lower costs, and improve quality even as we reduced the number of engineers on the project by half compared to similar projects in the past. Based on these results, Saft has expanded the use of Model-Based Design to two other divisions.”

Challenge

Develop next-generation battery management system software and certify it to UL 1998

Solution

Use Model-Based Design to model the software and plant, run desktop simulations and HIL tests, and generate production code and certification artifacts

Results

  • Development time and certification time halved
  • Software quality improved
  • UL certification streamlined
The Saft Flex’ion Gen2 battery system for data centers and critical applications.

The Saft Flex’ion Gen2 battery system for data centers and critical applications.

In the event of a grid failure, hospitals, data centers, and industrial plants require an uninterruptible power supply. The Saft Flex’ion Gen2 battery system provides up to 220 kW of continuous power for mission-critical applications.

To accelerate development of the Flex’ion Gen2 BMS software, Saft adopted Model-Based Design with MATLAB® and Simulink®. This approach enabled Saft engineers to verify their design before testing on hardware and helped them meet UL 1998 and other industry standards for safety and reliability.

“Because we modeled both the BMS application software and our plant in Simulink, we could start validating our software as soon as we had defined a requirement,” says Do Hieu Trinh, battery system engineer at Saft. “That validation was essential not only for UL certification but also for ensuring the quality of our product.”

Challenge

In the past, Saft used a traditional development approach in which they manually coded the software in C, compiled it, and then ran tests directly on the embedded hardware. Errors identified during these tests were difficult to debug because it was not clear whether they were in the software or in the previously untested hardware.

Because testing did not start until hardware was available, engineers often discovered problems with requirements close to the project deadline. Problems discovered this late added costs to the project, were more difficult to fix, and increased the risk of delaying product delivery. To accelerate development of the BMS software for Flex’ion Gen2, Saft wanted to verify their design early via modeling and simulation.

Solution

Saft engineers worked with MathWorks consultants to define a development process based on Model-Based Design and IEC Certification Kit that met requirements for certification to the UL 1998 standard.

Working in Simulink, Saft engineers developed a plant model of the Flex’ion Gen2 hardware, including DC-DC converters, circuit breakers, inverters, sensors, and hundreds of lithium-ion battery cells. They created a battery cell model and replicated it for each of the 224 cells in the battery system. They then created multiple variants of the model at differing levels of fidelity.

The team modeled the application software for the BMS using Simulink and Stateflow®, with separate components for management, safety, and diagnostics functions.

Using Requirements Toolbox™, the team established bidirectional traceability between requirements in the Flex’ion Gen2 technical specification and the Simulink model elements that implemented each requirement.

To validate the application software model, the team ran desktop simulations. During these simulations, they measured model coverage and identified untested elements of the model with Simulink Coverage™.

They automated the desktop simulations using MATLAB scripts, developing a test suite that included more than 1500 test cases. They used accelerator mode in Simulink to shorten simulation times for this test suite.

Once the team had validated the application software through simulation, they shared the model with a partner, who generated MISRA®-compliant C code from the model. The partner then compiled and deployed the code to the production BMS hardware.

To prepare for hardware-in-the-loop (HIL) testing, Saft engineers generated C code from the Simulink plant model using Simulink Coder™. They then executed the same test cases that they had developed for desktop simulation on the HIL test bench before testing the BMS software on the Flex’ion Gen2 battery system.

Saft received UL 1998 certification for the Flex’ion Gen2, which is now in production.

Results

  • Development and certification time halved. “Model-Based Design helped us reduce the time needed to develop and certify our BMS software by more than 50%,” says Trinh. “This reduction was possible because we used our Simulink model as an executable specification throughout development for simulation, testing, and certification.”
  • Software quality improved. “In the past, we did all software testing directly on the board, and as a result, we could run only a limited number of test cases,” says Trinh. “With Model-Based Design, we repeatedly ran hundreds of desktop simulations and HIL test cases. This meant we were able to detect issues earlier and identify problems that would have been difficult to find with our previous approach.”
  • UL certification streamlined. “Using IEC Certification Kit with Model-Based Design was a big advantage for us—it meant that, at every point in the project, we knew what we had to do, how to do it, and when,” notes Trinh. “Even though this was our first project requiring UL 1998 certification, we passed the acceptance tests on the first attempt.”