The Prompt
"Design a brushless DC motor controller with closed-loop speed control for an industrial fan. Requirements: 1000-10,000 RPM range, speed accuracy within 2%, CAN bus for setpoint commands, emergency stop input."
This is a classic embedded system design question that tests your ability to combine real-time control theory, power electronics awareness, ISR architecture, and safety thinking into a coherent design.
Requirements Clarification
Before sketching any architecture, clarify the requirements with the interviewer. Here is what a thorough requirements table looks like after the clarification phase:
Functional Requirements
| Requirement | Detail |
|---|---|
| Speed range | 1,000 - 10,000 RPM |
| Speed accuracy | Within 2% of setpoint at steady state |
| Speed command interface | CAN bus (CAN 2.0B, 500 kbps) |
| Emergency stop | Dedicated hardware input (active-low, normally closed) |
| Status reporting | Motor speed, current, temperature, fault status via CAN |
| Startup behavior | Controlled ramp-up, no inrush current spikes |
| Braking | Controlled deceleration on stop command, immediate coast on E-stop |
Non-Functional Requirements
| Category | Requirement | Rationale |
|---|---|---|
| Real-time | Control loop latency under 50 us | 20 kHz FOC loop for smooth commutation |
| Safety | E-stop response under 10 us (hardware path) | Industrial safety, E-stop must bypass firmware |
| Power | 48V DC bus, motor rated at 500W | Typical industrial BLDC rating |
| Reliability | Continuous operation, 50,000 hour lifetime | Industrial fan runs 24/7 |
| Temperature | -20C to +60C ambient, motor winding limit 120C | Fan mounted in industrial environment |
| EMC | Must not radiate above EN 55011 Class B limits | PWM switching is a major EMI source |
| Cost | BOM target under $25 at 10K volume | Competitive industrial pricing |
Architecture Overview
CAN Bus (500 kbps)|v+-------+ +----------+ +-+----------+ +--------+ +-------+ +-------+| Hall | | Encoder | | | | Gate | | 3-Ph | | ||Sensors+->+ / Speed +->+ MCU +->+Driver +->+MOSFET +->+ BLDC || (3x) | | Calc | | | | (Hi/Lo)| |Bridge | | Motor |+-------+ +----------+ +-----+------+ +--------+ +-------+ +-------+^ ^ ^| | |+------+ | +--------+| | |+----+---+ +---+----+ +-----+-----+|Current | |Temp | | E-Stop ||Sense | |Sensor | | (HW latch)||(2 ph) | |(NTC) | | |+--------+ +--------+ +-----------+
Key architectural decisions visible in this diagram:
- Three Hall sensors for rotor position feedback (6-step commutation or FOC)
- Two-phase current sensing (third phase calculated by Kirchhoff's law: Ic = -Ia - Ib)
- Hardware E-stop path that disables the gate driver directly, independent of firmware
- Temperature monitoring on both the motor (NTC on winding) and the power stage (NTC on MOSFET heatsink)
Component Deep Dive
Position and Speed Sensing
Three approaches exist for BLDC rotor position sensing. The choice affects cost, complexity, and performance:
| Method | How It Works | Resolution | Cost | Complexity | Best For |
|---|---|---|---|---|---|
| Hall sensors (3x) | Detect rotor magnet polarity, produce 6 commutation edges per electrical revolution | 60 degrees electrical | Low ($0.30 each) | Low — simple GPIO interrupts | 6-step commutation, industrial fans |
| Incremental encoder | Optical or magnetic, 100-4096 pulses/rev with quadrature (A/B) + index (Z) | 0.09 - 3.6 degrees mechanical | Medium ($5-$20) | Medium — timer in encoder mode | FOC, precision speed control |
| Sensorless (back-EMF) | Detect zero-crossing of undriven phase back-EMF | Depends on algorithm, typically 30 degrees electrical | Zero (no sensor) | High — signal processing, fails at low RPM | Cost-sensitive, high-speed fans |
Decision for this design: Hall sensors. They meet the 2% speed accuracy requirement, work across the full RPM range including startup, cost less than a dollar total, and are standard in industrial BLDC fans. If the interviewer asks about higher precision, mention that adding an encoder enables FOC with better torque ripple performance.
Speed calculation from Hall sensors:
Speed (RPM) = 60 / (time_between_hall_edges * number_of_pole_pairs * 6)Example: 7-pole-pair motor, hall edge every 714 usRPM = 60 / (714e-6 * 7 * 6) = 60 / 0.02999 = 2001 RPM
Use a timer capture on Hall edge interrupts to measure the period between edges. At 1000 RPM with 7 pole pairs, edges arrive every 1.43 ms — easily measurable with a 1 MHz timer.
Control Loop Architecture
The control system uses cascaded loops — an inner current loop for fast torque response and an outer speed loop for setpoint tracking:
Speed +-------+ Current +-------+ Duty +-------+Setpoint ->+ Speed +-> Setpoint ->+Current+-> Cycle ->+ PWM +-> Motor| | PID | | | PID | | | Gen || +---+---+ | +---+---+ | +-------+| ^ | ^ || | | | || +----+----+ | +----+----+ |+--->+ Speed | +---->+ Current | || Feedback| | Feedback| |+---------+ +---------+ |Hall/Encoder ADC Shunt ||20 kHz ISR handles all of this -+
Two control algorithm options:
| Algorithm | Description | Pros | Cons |
|---|---|---|---|
| 6-step (trapezoidal) | Energize two of three phases based on Hall position, PWM on one phase | Simple, low CPU load, works with Hall sensors only | Torque ripple at commutation transitions, audible noise |
| FOC (field-oriented control) | Transform 3-phase currents to rotating d-q frame, control independently | Smooth torque, better efficiency, lower acoustic noise | Higher CPU load (Park/Clarke transforms), needs current sensing |
Decision: Start with 6-step commutation — it is simpler to implement, well-proven for industrial fans, and meets the 2% speed accuracy requirement. Mention FOC as an upgrade path if the interviewer pushes for better performance.
PID tuning approach:
- Speed PID: proportional + integral (PI controller), loop rate 1 kHz (every 20th FOC cycle)
- Current PID: proportional + integral, loop rate 20 kHz (every PWM cycle)
- Anti-windup on integrator to prevent overshoot during setpoint changes
- Derivative term usually not needed for speed control (Hall quantization noise makes derivative noisy)
PWM Generation
| Parameter | Value | Rationale |
|---|---|---|
| PWM frequency | 20 kHz | Above audible range (eliminates motor whine), fast enough for current ripple control |
| Alignment | Center-aligned | Reduces harmonic content vs edge-aligned, natural ADC sampling point at center |
| Dead-time | 500 ns | Prevents shoot-through (simultaneous high-side and low-side conduction) |
| Resolution | 12-bit (4096 steps at 168 MHz) | Sufficient for smooth duty cycle control |
Why center-aligned PWM matters:
Edge-aligned:____ ____ ____| | | | | |_| |______________| |______________| |___Center-aligned:____ ____| | | |_____| |______________| |_____________^|Best ADC sampling point(current is most stable here)
Center-aligned PWM creates a symmetrical switching pattern. The midpoint of the ON period is the ideal time to sample phase currents because switching transients have settled.
Safety System
Safety is not optional in motor control. The interviewer expects you to discuss these failure modes:
| Hazard | Detection | Response | Response Time |
|---|---|---|---|
| Overcurrent | Analog comparator on shunt resistor voltage | Gate driver shutdown (hardware path) | Under 1 us (hardware, no firmware delay) |
| Stall / locked rotor | No Hall edges for more than 100 ms while PWM is active | Disable PWM, report fault on CAN | 100 ms |
| Overtemperature (motor) | NTC on motor winding, ADC reading every 100 ms | Reduce speed (derating) or shutdown above 120C | 100 ms |
| Overtemperature (FETs) | NTC on heatsink, ADC reading every 100 ms | Reduce duty cycle or shutdown above 100C | 100 ms |
| DC bus overvoltage | Resistor divider to ADC, threshold at 60V | Disable PWM, engage braking resistor if present | 50 us (ISR) |
| DC bus undervoltage | Resistor divider to ADC, threshold at 36V | Disable PWM, report fault | 50 us (ISR) |
| E-stop | Dedicated GPIO, hardware-latched gate driver disable | Immediate gate driver shutdown, coast to stop | Under 10 us (hardware) |
Critical safety design principle: The E-stop and overcurrent protection must have a hardware path that disables the gate driver without firmware involvement. If the MCU firmware hangs, the hardware safety path still functions.
E-Stop Pin (Active Low)|v+-----+------+| Gate | Firmware cannot override| Driver +---> this hardware shutdown path| ENABLE pin |+---------+---+^|Overcurrent Comparator Output
Communication
| Interface | Purpose | Rate | Priority |
|---|---|---|---|
| CAN bus | Speed setpoint commands from host controller | 500 kbps, messages every 10-100 ms | Medium — processed in main loop or low-priority task |
| CAN bus | Status reporting (speed, current, temperature, faults) | Transmit every 100 ms | Low — best-effort telemetry |
| UART | Debug console during development | 115200 baud | Lowest — disabled in production firmware |
CAN message format example:
| CAN ID | Direction | Data | DLC |
|---|---|---|---|
0x200 | Host to controller | Byte 0-1: target RPM (uint16), Byte 2: command (start/stop/e-stop-reset) | 3 |
0x201 | Controller to host | Byte 0-1: actual RPM, Byte 2-3: phase current (mA), Byte 4: temp (C), Byte 5: fault code | 6 |
MCU Selection
| Candidate | Core | Flash / RAM | Key Peripherals | FPU | Price (10K) |
|---|---|---|---|---|---|
| STM32F302 | Cortex-M4 | 256 KB / 40 KB | 3x advanced timers, 4x ADC, CAN, comparators | Yes | ~$3.50 |
| STM32G474 | Cortex-M4 | 512 KB / 128 KB | HRTIM, 5x ADC, 3x CAN-FD, comparators, DAC | Yes | ~$4.50 |
| TI TMS320F28069 | C2000 | 256 KB / 100 KB | 16x PWM, 16x ADC, CAN, CLA (co-processor) | Yes | ~$5.00 |
Decision: STM32G474. It has integrated analog comparators for hardware overcurrent protection, advanced timers with center-aligned PWM and dead-time insertion, multiple ADCs for simultaneous current sampling, and CAN-FD. The Cortex-M4 FPU handles PID math in single-precision float without performance penalty. The price fits the $25 BOM target.
Key Design Decisions Summary
| Decision | Chosen Option | Alternative | Why This Choice |
|---|---|---|---|
| Position sensing | Hall sensors (3x) | Encoder, sensorless | Cost-effective, works at all speeds including startup, meets 2% accuracy |
| Control algorithm | 6-step trapezoidal | FOC (field-oriented) | Simpler, lower CPU load, sufficient for fan application. FOC is upgrade path. |
| PWM scheme | Center-aligned, 20 kHz | Edge-aligned, variable freq | Above audible range, optimal ADC sampling point, constant switching frequency |
| MCU | STM32G474 | STM32F302, TI C2000 | Best peripheral integration (comparators + ADC + CAN-FD), good ecosystem, FPU |
| Safety architecture | Hardware overcurrent + E-stop bypass | Software-only protection | Hardware path works even if firmware hangs — mandatory for industrial safety |
| Speed feedback | Timer capture on Hall edges | Polling, DMA | Precise timing measurement, low CPU overhead, interrupt-driven |
Timing Analysis
This is where you demonstrate that the design actually works within real-time constraints.
ISR Budget at 20 kHz (50 us period)
| Operation | Time | Notes |
|---|---|---|
| ISR entry (Cortex-M4) | 0.07 us | 12 cycles at 168 MHz |
| ADC result read (2 channels) | 0.5 us | Registers pre-loaded by hardware trigger |
| Current scaling + offset compensation | 1.0 us | Fixed-point or float multiply |
| 6-step commutation lookup | 0.5 us | Table lookup from Hall state |
| PID calculation (speed PI) | 3.0 us | Runs every 20th cycle (1 kHz effective rate) |
| PID calculation (current PI) | 2.0 us | Runs every cycle |
| PWM duty cycle update | 0.5 us | Write to timer compare registers |
| ISR exit | 0.07 us | 12 cycles |
| Total worst case | 7.6 us | 15.2% CPU utilization |
Margin: 42.4 us remaining per cycle. This leaves substantial headroom for:
- Future FOC upgrade (Clarke + Park transforms add approximately 5 us)
- Additional safety checks within the ISR
- Worst-case interrupt latency from lower-priority tasks
Task Timing (Non-ISR)
| Task | Period | Execution Time | CPU Utilization |
|---|---|---|---|
| CAN receive processing | 10 ms | 50 us | 0.5% |
| CAN status transmit | 100 ms | 30 us | 0.03% |
| Temperature ADC read + check | 100 ms | 20 us | 0.02% |
| Stall detection check | 100 ms | 5 us | 0.005% |
| Watchdog kick | 500 ms | 1 us | 0.0002% |
Total CPU utilization: approximately 16% — well within safe operating margin. The industry guideline is to keep utilization under 70% to allow for worst-case jitter and future growth.
Memory Budget
| Component | RAM | Flash |
|---|---|---|
| RTOS kernel (FreeRTOS) | 2 KB | 10 KB |
| ISR + control loop variables | 512 B | 8 KB |
| CAN TX/RX buffers | 256 B | 4 KB |
| PID state (2 controllers) | 64 B | 2 KB |
| Fault log (circular buffer, 64 entries) | 1 KB | 1 KB |
| Task stacks (4 tasks) | 2 KB | — |
| Application code | — | 32 KB |
| Lookup tables (sin/cos for FOC upgrade) | — | 4 KB |
| Total | ~6 KB | ~61 KB |
| STM32G474 capacity | 128 KB | 512 KB |
| Utilization | 5% | 12% |
What Interviewers Evaluate
Real-time thinking: Can you calculate an ISR budget and explain why 20 kHz is the right control loop frequency? Can you explain what happens if the ISR overruns its period?
Safety-first design: Did you discuss overcurrent protection before the interviewer asked? Did you put the E-stop on a hardware path instead of a GPIO polled in firmware?
Concrete numbers: "The PID runs in 3 us" is stronger than "the PID is fast enough." Interviewers want to see that you can estimate cycle counts and timing budgets.
Tradeoff awareness: Explaining why you chose 6-step over FOC (simpler, sufficient for this application, upgrade path exists) is more impressive than just picking FOC because it is more advanced.
System-level perspective: The motor controller does not exist in isolation. You should mention the CAN network, the host controller sending setpoints, electromagnetic compatibility of the switching stage, and thermal management of the power MOSFETs.
Knowing what you do not know: It is perfectly fine to say "I would consult the motor datasheet for the torque constant and back-EMF coefficient before finalizing the current limits" rather than inventing numbers.