S.S. Yang¹ and J. Chen²

Abstract

This paper presents an enhanced robust control design structure to realise fault tolerance towards sensor faults suitable for multi-input-multi-output (MIMO) systems implementation. The proposed design permits fault detection and controller elements to be designed with considerations to stability and robustness towards uncertainties besides multiple faults environment on a common mathematical platform. This framework can also cater to systems requiring fast responses. A design example is illustrated with a fast, multivariable and unstable system, that is, the double inverted pendulum system. Results indicate the potential of this design framework to handle fast systems with multiple sensor faults.

1. Introduction

Growing demands for plant or system availability, reliability, and survivability have prompted active research in fault tolerant control systems (FTCSs) [1, 2]. FTCSs are designed to accommodate component faults automatically by ensuring overall system stability and acceptable performance. A typical FTCS design incorporating separate control and fault detection elements can achieve fault tolerance objectives, but without due considerations given to significant interactions between the elements such as those described in [3, 4]. In addition, addressing issues concerning uncertainties is crucial as practical problems associated with variations in actual plant operating range are undesirable.

Fault detectors are typically based upon the use of process models [5–7]. Data from the monitored plant is input to these algorithms and the outputs are compared with the corresponding plant outputs. If there are discrepancies, then it is an indication that at least one fault has occurred. The model-based approach to designing sensor FTCS employs mathematical manipulation of available signals, that is, analytical redundancy, via suitably designed controllers to accommodate for faults rather than using extra hardware (sensors/actuators).

1.1. Integrating Control and Fault Detection in FTCS

An integrated approach [8–11] where fault detection and controller elements are designed with consideration to the overall system stability or interaction is favourable as the reliability of operation can be determined in a mathematically sound setting offering fast control responses in addition to the availability of the established solution for incorporating robustness towards uncertainties.

In this paper, a robust controller-based MIMO FTCS which integrates the fault detection and controller elements in a single design is presented. A fault indicating residual is utilised as a function of control. The residual signals act as weighting factors, which put corresponding emphasis on nominal controller and fault accommodating controller. The FTCS structure proposed allows the plant to be controlled by a nominal controller that ensures the achievement of best performance objectives, when sensor faults and uncertainties are not present, while preserving the stability at a lower degree of system performance in the presence of major sensor faults [11, 12]. The proposed structure can handle systems with fast responses, multiple sensor faults, and modelling uncertainties.

Note that purely robust control-based FTCS such as described in [13, 14] ensures robustness towards minor faults only; faults are modelled as very small perturbations on the system. As demonstrated by [13, 14], it is not possible for a purely robust control structure to maintain high performance, when faults are not present as they are designed using worst case criterion.

2. Problem Statement

Assuming that the MIMO plants and controllers are described mathematically in state-space form as follows: (1) where is state vector, is the input vector, while is the measured output vector.

and are known matrices with appropriate dimensions related to the system dynamics. In addition, denotes the largest singular value of . denotes the Banach space of bounded analytic functions with the norm defined as for any .

Definition 1. All MIMO transfer matrix representations have appropriate dimensions and are proper real-rational matrices, stabilisable, and detectable. A state space rational proper transfer function is denoted by (2) Furthermore, let be a block matrix,(3) Therefore, the linear fractional transformation of over is defined as (4) where is assumed to have appropriate dimensions and is well defined.

2.1. Sensor Faults Defined

Sensor fault symptoms can be observed as measurements that are unavailable, incorrect, or unusually noisy. These faults may occur individually or concurrently or simultaneously, resulting in total system failure or degradation in performance. Significant information about the influence of faults on a process cannot be known without the inclusion of its model in the design. Additive faults provide a suitable framework for sensor faults and are modelled as additional input signals to a system [5], (5) where denote sensor faults. Hence (6) The variable denotes all available sensor outputs. When output sensor faults occur in the plant as shown in (5), the measured outputs become (7) Due to the existence of fault represented by , a conventional controller cannot usually satisfy required performance and the closed-loop control system may even become unstable. A sensor fault-compensating controller can be introduced to augment a nominal controller designed for best performance. However, since the structure of the system as seen in Figure 1 is virtually an internal model controller [15], conditions for physical realizability need to be observed. To ensure that the fault-compensating controller, is well defined and proper, the transfer matrix representation from to controller output must exist and is also proper. Therefore, (8) By appropriate use of input weight, , the input can be normalised and transformed into the physical input, . Consideration of such sensor fault models has been shown to be suitable for use in formulating the FTCS objectives for the rejection of sensor faults as an optimisation problem. Uncertainties affecting the sensors can also be classified as a subset of . Figure 1 shows the block diagram illustrating the interconnections assumed for the formulation problem associated with the proposed FTCS design.

Figure 1: Block diagram representation of problem formulation for the proposed FTCS design.

2.2. Fault Indicating Residuals

The presence of sensor faults and uncertainty vectors defined in Section 2.1 can be reflected by a fault indicating residual, since a filtered estimation can be obtained via coprime factorisation of the plant model, [11, 12]. Let (9) Hence, from (8) and (9), the fault indicating residual denoted by can be defined as (10)

2.3. Integrating the Controller Element

Now, since reflects the presence of faults and uncertainty, it can be utilised as an input to the fault compensating controller. The perturbations caused can then be minimised by control actions due to the nominal controller and fault compensating controller. The control signal vector can be expressed as follows: (11) where (12) and denotes nominal controller output, and denotes sensor fault compensator output. Error from feedback is denoted by whereby denotes input demand. Thus, from (10), is utilised in the following manner: (13) From (6), (7), and (8), can be expressed as (14) By substituting (12), (13), and (14) into (11), the following is derived: (15) Thus, (16) The plant output expression in (16) shows that in the absence of sensor faults and uncertainties, the output closed-loop system is only reliant on the nominal controller , allowing for high performance during healthy operation. Note that the fault detection scheme generating the above-mentioned fault indicating residual does not need to be made robust, since the fault indicating residual is mainly used as an activating signal for . It is thus not essential to identify nor to estimate the source of the faults, hence even if the presence of is due to uncertainties and not faults in the sensors, will still provide the necessary control signals to compensate for such perturbations thereby introducing robustness to the system.

2.4. Sensor Fault Compensator Realisation

The sensor fault compensator is integrated into the framework by utilising as a function of control. The design is achieved with the technique. A performance weights can be defined to establish postfault performance requirements, which emphasise on stability rather than high performance. The corresponding solution for achieving is by minimising the following optimisation criterion: (17) Therefore, the standard problem is specified in (17) for which the corresponding transfer functions from to must satisfy. If the controller in (17) is found, then the closed-loop system is said to have robust performance towards uncertainty and sensor faults; it is well known that a system satisfies robust performance if and only if it is robustly stable with respect to norm-bounded matrix perturbation [16]. The equivalent linear fractional transformation (LFT) block diagram for the problem stated above is shown in Figure 2.

Figure 2: The LFT representation of the proposed FTCS.

Thus, (18) From (10), and can be derived as (19) Now, note that (20) and thus, (21)

Also (22) Substituting (21) into (22), (23) Ignoring the reference input r(s), we have (24) Note that the following matrix operation (Zhou, Doyle & Glover, 1996, page 23) has been used in the derivation of (24): (25) With the conditions laid out, the closed-loop system shown above is guaranteed to be tolerant to sensor faults and modelling uncertainty, stable for any nonlinear, time varying, and stable and due to the minimisation of the transfer matrix between fault-generating signal to the performance evaluation signal .

3. A Numerical Simulation Example

An experimental study of the FTCS implementation on a double inverted pendulum system for tolerance towards sensor faults is shown next to illustrate the feasibility of the proposed design method. The implementation is tested for fault tolerance towards sensors in nominal and under plant uncertainty conditions.

3.1. The Double Inverted Pendulum System

The double inverted pendulum system is an example of a chaotic system. The system is a fast, multivariable, nonlinear, and unstable process. The pendulum system is a standard classical control test rig for the verification of different control methods, and is among the most difficult systems to control in the field of control engineering. Similar to the single inverted pendulum problem, the control task for the double inverted pendulum is to stabilise the two pendulums. The position of the carriage on the track is controlled quickly and accurately, so that the pendulums are always erected in their inverted position during such movements.

The double inverted pendulum system is made up of two aluminium arms connected to each other with the lower arm attached to a cart placed on a guiding rail, as illustrated in Figure 3. Data used in this case study has been obtained from [9]. The aluminium arms are constrained to rotate within a single plane and the axis of rotation is perpendicular to the direction of the force acting on the cart motion . The cart can move along a linear low-friction track and is moved by a belt driven by a servo motor system. Sensors providing measurements of cart position , the pendulums angles and , controller output, and motor current are assumed available for the purpose of control. The control law has to regulate the lower-arm angle and upper-arm angle, and , respectively, from an initial condition, and the control of the position of the cart from an initial position.

Figure 3: Schematic diagram of the pendulum system.

3.2. Nominal High-Performance Controller

An loop shaping controller, as high-performance nominal controller for the MIMO system, is designed using the MATLAB command ncfsyn.m. The specification function is augmented to K in the manner shown in Figure 4. Sensors for detecting (cart positional error), and , are fault prone sensors. Motor voltage and current are denoted by and , respectively. The controller output variable is the corresponding motor voltage demand . The controller performance was tested on the SIMULINK model of the double inverted pendulum. Initial conditions are with and . The cart movement command signal is initiated at  m and at  m after 50 seconds, is shown in Figure 5, while system responses are shown in Figure 6. It is observed that the output responses are within limits of specifications, and the cart position set points have been achieved in a stable and smooth manner.

Figure 4: The loop-shaping controller with specification function.

Figure 5: Command signal requiring the cart to move from 0.5 m to  m.

Figure 6: System responses with implementation (position of cart is shown instead of cart position error ).

3.3. FTCS Design and Implementation

The nominal model of the double inverted pendulum model is described by its left coprime factors to ensure well posedness. The double inverted pendulum model without modelling uncertainty is considered for the representation of the nominal plant in the fault indicating residual generator setup. Fault indicating residuals are denoted by , and for faults in the corresponding sensors.

The interconnection of the system is setup and the design of the controller sensor fault compensating controller, is automated with the command hinfsyn.m provided in MATLAB’s -analysis and synthesis toolbox [17], which iteratively solves the optimisation criterion set out in (17). When value of below 1 is obtained, the solution of a satisfactory is used. This condition is only met with relaxations to the effects of additive faults, as it is obvious that total failure cannot be handled. Note that the performance weights (shown in the appendix) to establish postfault performance requirements reuse the elements in the original specification function , which are related to the fault prone sensors, that is, sensors providing measurements of cart position , the pendulums angles and . The block diagram showing the augmentation of to nominal controller is illustrated in Figure 7.

Figure 7: Block diagram of sensor fault compensator augmented to nominal controller in the FTCS structure.

3.4. Tests and Results

The following responses have been recorded from testing the FTCS by simulating the occurrence of faults in the relevant sensors. Sensor effectiveness indicating faults are simulated as deterioration of performance; 0%: no fault, 100%: total failure. Results are shown for conditions with and without modelling uncertainty. Responses of the inverted double pendulum system performances with the proposed FTCS, , and controllers are recorded for comparison purposes.

Nominal Response, without Modelling Uncertainties and Sensor Faults

Nominal performances of all controllers for healthy system are recorded in Figure 8. Apparently the proposed FTCS produces faster cart positioning response compared to all other control system responses, initiating slightly higher overshoots in and .

Figure 8: Nominal double inverted pendulum system responses of all controllers under healthy conditions. (a) — FTCS, (b) … controller, and (c) - - - controller.

Multiple Sensor Faults without Plant Uncertainty

Multiple sensor faults are assumed to occur at 2, 4, and 6 seconds after the simulation has been initiated ( at 90% deterioration, at 20% deterioration, and at 10% deterioration, resp.). The output responses are shown in Figure 9. Observe that the proposed FTCS and the controller handled the faults and managed to achieve satisfactory control responses. However, stability could not be maintained by the controller.

Figure 9: System responses of all controllers under multiple sensor fault condition, without modelling uncertainty. (a) — FTCS, (b) … controller, and (c) - - - controller.

Multiple Sensor Faults with Plant Uncertainty

Tests for control systems to handle system uncertainty and multiple sensor faults were also performed. Conditions were made similar to the tests performed for the nominal system with multiple sensor faults. The supremacy of the proposed FTCS to accommodate for faults even under the influence of system uncertainties is seen in Figure 10.

Figure 10: System responses of all controllers under multiple sensor fault condition with modelling uncertainty. (a) — FTCS, (b) … controller, and (c) - - - controller.

The controller could not handle this mode of fault and oscillates beyond control as shown. Meanwhile, both the proposed FTCS and the controller handled the fault satisfactorily.

Further Discussion

Overall, the proposed FTCS has managed to handle all pre- and postfault conditions satisfactorily, while maintaining the highest level of stability in all test scenarios. Although it seems that the controller could handle faults and modelling uncertainty as well as the proposed FTCS, it could not handle certain cases of single faults such as the cases shown in Figure 11 for the effect of sensor fault at 10% deterioration. Responses of control system is too oscillatory and unstable.

Figure 11: System responses of all controllers under sensor fault at 10% deterioration, without uncertainties. (a) — FTCS, (b) … controller, and (c) - - - controller.

4. Conclusion

The proposed FTCS has been observed to have managed all faults simulated in the nominal performance tests, while the two other control systems could not consistently maintain stability in a majority of fault scenario. Robust performance assessments showing the performance of the control systems when faced with system uncertainty in addition to sensor faults were also simulated. Again, it is observed that fault tolerance capability of the proposed FTCS has been maintained. The proposed improvement to the model-based FTCS structure provides a potential framework for the realisation of an integrated MIMO FTCS. This design framework is suitable as it inherently incorporates fault residuals as feedback and allows the application of established robust MIMO control design concept. The test results show the capability of the proposed FTCS to maintain availability and an acceptable level of performance for multiple deteriorated sensor conditions.

Appendix

Transfer matrix of : (A.1) where , , , , , .

Transfer matrix of : (A.2) where , , , , , , , , , .

Postfault performance weight matrix: (A.3) where

(i) denotes the performance weight related to ; (ii) denotes the performance weight related to ; (iii) denotes the performance weight related to .

The performance function of the signals provided is weighted to characterise the following limits:

(i) limiting cart position tracking error at 0 m at high frequency and relaxed for low frequency at a maximum error of 0.04 m; (ii) limiting the vertical to lower arm angle at 0 radians at high frequency and relaxed for low frequency at a maximum angle of 0.20 radians; (iii) limiting the vertical to upper arm angle at 0 radians at high frequency and relaxed for low frequency at a maximum angle of 0.22 radians.

System Interconnection and Synthesis of Q(s)

The appropriate system interconnection structure of P(s) which is the outer loop of the FTCS inclusive of the nominal controller, K(s), and fault indicating generation elements needs to be formed using MATLAB μ-toolbox instruction sysic.m [17]. Hence, Figure 12 is equivalent to Figure 13.

Following that, the sensor fault compensating controller, Q(s), which is an controller closing the inner loop of the FTCS (i.e., closing the loop for the system interconnection obtained from P(s) shown above), can be solved with the MATLAB instruction, hinfsyn.m [17]. Since (A.4) hence, in this case,(i)k denotes the calculated controller, that is, Q(s); (i)p denotes system interconnection P(s) as shown above;(iii)nmeas denotes number of fault indicating signals;(iv)ncont denotes the number of control inputs;(v)gmin, gmax, tol, and so on are as denoted in [17]. Finally, the closed-loop interconnection with Q(s) is shown as in Figure 14.

Figure 12

Figure 13

Figure 14

Acknowledgments

The authors gratefully acknowledge funding from Brunel University and the University of Malaya in order to complete this work.

References

1. M. Blanke, M. Staroswiecki, and N. E. Wu, “Concepts and methods in fault-tolerant control,” in Proceedings of the American Control Conference (ACC '01), vol. 4, pp. 2606–2620, Arlington, Va, USA.
2. R. J. Patton, “Fault-tolerant control: the 1997 situation,” in Proceedings of the IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS '97), vol. 2, pp. 1033–1055, Hull, UK, August 1997.
3. M. Gopinathan, R. K. Mehra, and J. C. Runkle, “Hot isostatic pressing furnaces: their modeling and predictive fault-tolerant control,” IEEE Control Systems Magazine, vol. 20, no. 6, pp. 67–82, 2000.
4. M. R. Napolitano, Y. An, and B. A. Seanor, “A fault tolerant flight control system for sensor and actuator failures using neural networks,” Aircraft Design, vol. 3, no. 2, pp. 103–128, 2000.
5. J. Chen and R. J. Patton, Robust Model Based Fault Diagnosis for Dynamic Systems, Kluwer Academic Publishers, Dordrecht, The Netherlands, 1999.
6. R. Isermann, “Supervision, fault-detection and fault-diagnosis methods—an introduction,” Control Engineering Practice, vol. 5, no. 5, pp. 639–652, 1997.
7. R. J. Patton and J. Chen, “Observer-based fault detection and isolation: robustness and applications,” Control Engineering Practice, vol. 5, no. 5, pp. 671–682, 1997.
8. H. Niemann and J. Stoustrup, “Integration of control and fault detection: nominal and robust design,” in Proceedings of the IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS '97), vol. 1, pp. 341–346, Hull, UK, August 1997.
9. H. Niemann and J. Stoustrup, “Passive fault tolerant control of a double inverted pendulum—a case study,” Control Engineering Practice, vol. 13, no. 8, pp. 1047–1059, 2005.
10. J. Stoustrup, M. J. Grimble, and H. Niemann, “Design of integrated systems for the control and detection of actuator/sensor faults,” Sensor Review, vol. 17, no. 2, pp. 138–149, 1997.
11. K. Zhou and Z. Ren, “A new controller architecture for high performance, robust, and fault-tolerant control,” IEEE Transactions on Automatic Control, vol. 46, no. 10, pp. 1613–1618, 2001.
12. D. U. Campos-Delgado and K. Zhou, “Fault tolerant control of a gyroscope system,” in Proceedings of the American Control Conference (ACC '01), vol. 4, pp. 2688–2693, Arlington, Va, USA.
13. M. Akesson, “Integrated control and fault detection for a mechanical servo process,” in Proceedings of the IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS '97), vol. 2, pp. 1252–1257, Hull, UK, August 1997.
14. J. Eich and B. Sattler, “Fault tolerant control system design using robust control techniques,” in Proceedings of the IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes (SAFEPROCESS '97), vol. 2, pp. 1246–1251, Hull, UK, August 1997.
15. M. Morari and E. Zafiriou, Robust Process Control, Prentice-Hall, Englewood Cliffs, NJ, USA, 1989.
16. K. Zhou, J. C. Doyle, and K. Glover, Robust and Optimal Control, Prentice-Hall, Englewood Cliffs, NJ, USA, 1996.
17. G. J. Balas, J. C. Doyle, K. Glover, A. Packard, and R. Smith, “$\mu$-Analysis and Synthesis Toolbox,” Natick, Mass, USA, 2001.