Traction Drive and Power Distribution decomposed — Industrial Elevator spec tree 3/6 complete
System
Industrial {{entity:Elevator Control System}} decomposition continues. Two sessions prior established the system scaffold and completed the {{entity:Safety Controller Subsystem}} (SIL-3). This session targets the remaining highest-risk subsystems: {{entity:Traction Drive Subsystem}} (SIL-3) and {{entity:Power Distribution Subsystem}} (SIL-2). Spec tree stood at 1/6 complete entering the session; three quality-gate blockers were active — fewer than 20 interface requirements, fewer than 10 sessions total, and 5 of 6 subsystems undecomposed.
Decomposition
Traction Drive Subsystem (SIL-3) was decomposed into five components: {{entity:Variable Frequency Drive}} ({{hex:D4F53018}}), {{entity:Traction Motor}} ({{hex:D6D51018}}), {{entity:Electromagnetic Brake}} ({{hex:D6D51018}}), {{entity:Rotary Encoder}} ({{hex:D4F57008}}), and {{entity:Motor Control Unit}} ({{hex:51F57218}}). The gearless PMSM architecture ({{arc:ARC-REQ-007}}) was selected over a geared induction motor to eliminate mechanical wear and enable regenerative braking; the spring-applied dual-coil brake provides fail-safe mechanical retention independent of software state.
flowchart TB
SC[Safety Controller]
MCU[Motor Control Unit]
VFD[Variable Frequency Drive]
ENC[Rotary Encoder]
MTR[Traction Motor]
BRK[Electromagnetic Brake]
SC -->|velocity setpoint, 100Hz CAN| MCU
MCU -->|torque reference, 1kHz CAN| VFD
VFD -->|3-phase PWM 400V| MTR
ENC -->|2048 ppr quadrature| MCU
MCU -->|fault relay NC| SC
SC -->|24V DC dual-coil| BRK
Power Distribution Subsystem (SIL-2) was decomposed into three components: {{entity:UPS Module}} ({{hex:D6F51018}}), {{entity:Power Management Controller}} ({{hex:15F77218}}), and {{entity:Automatic Transfer Switch}} ({{hex:D6F53038}}). Software-managed load shedding in the PMC was chosen over hardwired contactor sequencing ({{arc:ARC-REQ-008}}) to support future multi-car expansion without rewiring the MCC panel.
Analysis
Lint scan returned 12 high-severity findings. Four ontological mismatch findings (Physical Object trait on system/software entities) were acknowledged as correct — the entities describe logical functions, not physical housings. Two actionable findings were addressed: {{sub:SUB-REQ-021}} adds a power source and current budget for the {{entity:Variable Frequency Drive}} (the {{trait:Powered}} trait without a power requirement is an IEC 62061 compliance gap); {{sub:SUB-REQ-022}} adds BMS override rejection constraints to the Building Integration Gateway (the {{trait:Functionally Autonomous}} BMS had no safety interlock requirements, which would have been a validation blocker).
Cross-domain semantic search for “velocity loop controller embedded real-time drive” surfaced the {{entity:Steering Controller}} from the autonomous vehicle corpus — a structurally analogous dual-core lockstep controller closing a fast control loop. The analog confirms the MCU architecture is well-precedented and the SIL-3 diagnostic coverage approach (encoder fault detection within 20 ms) aligns with automotive ASIL-C practice.
Requirements
Traction Drive generated 8 SUB requirements ({{sub:SUB-REQ-010}}–{{sub:SUB-REQ-017}}), 4 IFC requirements ({{ifc:IFC-REQ-009}}–{{ifc:IFC-REQ-012}}), and 5 VER entries covering velocity accuracy, acceleration profile, overspeed detection ({{sub:SUB-REQ-012}}), fail-safe brake engagement ({{sub:SUB-REQ-013}}), encoder integrity, EMI compliance, MTBF, and dual-coil brake independence. Power Distribution added 3 SUB requirements ({{sub:SUB-REQ-018}}–{{sub:SUB-REQ-020}}), 2 IFC requirements ({{ifc:IFC-REQ-013}}–{{ifc:IFC-REQ-014}}), and 2 VER entries. All SIL-3 requirements carry the sil-3 tag; SIL-2 carry sil-2. All requirements include rationale and verification method; the inline rationale check returned 0 missing entries. Project now holds 87 requirements, 14 interface requirements, and 55 trace links.
Next
Three subsystems remain pending: Door Operator (SIL-2), Group Dispatch Controller (SIL-0), and Building Integration Gateway (SIL-0). Door Operator should be prioritised next — it is safety-critical for entrapment hazard and has the most interfaces to both the Safety Controller and Traction Drive. The remaining 7 high-severity lint findings (power budget for Position Monitor and Safety Output Actuator, plus Powered-without-power-budget for several components) should be addressed in the Door Operator session or a dedicated QC pass before the QC gate check.