Research Article  Open Access
Fault Detection, Isolation, and Accommodation for LTI Systems Based on GIMC Structure
Abstract
In this contribution, an active faulttolerant scheme that achieves fault detection, isolation, and accommodation is developed for LTI systems. Faults and perturbations are considered as additive signals that modify the state or output equations. The accommodation scheme is based on the generalized internal model control architecture recently proposed for faulttolerant control. In order to improve the performance after a fault, the compensation is considered in two steps according with a fault detection and isolation algorithm. After a fault scenario is detected, a general fault compensator is activated. Finally, once the fault is isolated, a specific compensator is introduced. In this setup, multiple faults could be treated simultaneously since their effect is additive. Design strategies for a nominal condition and under model uncertainty are presented in the paper. In addition, performance indices are also introduced to evaluate the resulting faulttolerant scheme for detection, isolation, and accommodation. Hard thresholds are suggested for detection and isolation purposes, meanwhile, adaptive ones are considered under model uncertainty to reduce the conservativeness. A complete simulation evaluation is carried out for a DC motor setup.
1. Introduction
In the early stages of control applications, closedloop performance was the main objective for the control engineer. To achieve this goal, the implementations of these feedback configurations involved sensors, actuators, electronic instrumentation, and signal processors. However, during a normal operation, these parts could fail in some degree, and the resulting performance of the closedloop will be largely deteriorated, or even instability can be observed. In fact, for some processes besides performance, safety is also a necessary and important objective. Therefore, it is desirable to detect these malfunctions to take proper action in order to avoid a dangerous situation. Nowadays, the advance in electronics has made possible to have digital signal processors as microcontrollers, DSP's and FPGA boards that can perform, in real time, very complex algorithms. Hence this extra processing capacity could be applied to perform in parallel fault diagnosis strategies to the nominal control schemes. The problem of fault diagnosis is indeed a challenging one, and its importance in applications has attracted the attention of the research community in control theory and signal processing [1–4].
In any process, the faults can be classified in two sets: unrecoverable and recoverable. The unrecoverable ones represent all faults that cannot be compensated or accommodated while the system is running. On the other hand, the recoverable faults comprise any fault whose outcome can still be safely compensated by the control algorithm with a possible deterioration of performance, but still allowing the necessary conditions to maintain closedloop stability. Obviously, this classification depends on the problem at hand, and requires knowledge about the operation of the system. From a control point of view, the focus is on the recoverable faults, where a degree of robustness or reconfigurability in the control scheme is desirable to accommodate these faults and still preserve closedloop performance. These ideas have triggered a research line called faulttolerant control (FTC) [5–9].
FTC can be approached from two perspectives: passive and active. In the passive approach, the faults are treated as disturbances into the closedloop system. As a result, a single controller is designed to achieve stability and performance against all studied faults. The main drawback of this scheme is the conservativeness that can be incorporated, however, no extra complexity in the control implementation is carried out. For LTI systems, the passive approach can be treated as a simultaneous stabilization or robust design [9]. Meanwhile, for nonlinear systems, a variable structure control (sliding mode) methodology can be applied [10]. On the other hand, the active approach relies on a fault diagnosis stage, followed by a controller reconfiguration or accommodation [6]. Compared to the passive approach, the active one requires more computational power during implementations, but it can provide less conservative results and better closedloop performance after faults. Applications of the active approach have been suggested for LTI [7, 8, 11, 12], LPV [13, 14], and nonlinear systems [15, 16]. Three major trends are devised in active FTC according to the required information of the FDI stage as follows.
(A)Estimate the faults profiles and update the nominal control law to cancel completely their effect (fault decoupling). Therefore, this idea requires a reliable fault isolation and identification scheme.(B)Design a compensation signal for the nominal control law that depends on the fault affecting the system. Hence according to the transfer function from a specific fault to the output measurements or input control signal (fault signature transfer matrices), an accommodation control law is designed to reduce its effect into the closedloop system. Alternatively, the nominal control law can be reconfigurated according to the isolated fault, for example, using reconfigurable control gains under a statefeedback control law. As a result, these approaches rely on the information from the fault isolation stage to properly operate.(C)Switch to a robust control law that maintains closedloop stability for a studied set of faults. In consequence, this scheme depends just on the information of a fault detection block. However, the postfault performance can be pretty conservative.
This work looks to extend the ideas initially presented in [12, 17, 18]. Hence fault detection, isolation, and accommodation are discussed in a more general framework under the GIMC control structure for additive faults. The contribution of this paper lies in the following lines.
(i)A twostep active FTC scheme is proposed for LTI systems under an additive fault scenario.(ii)Design strategies are proposed for diagnosis and accommodation based on general optimization criteria.(iii)Performance indices are suggested in order to evaluate the active FTC from a worstcase perspective.(iv)A complete analysis is introduced for the synthesis algorithms under model uncertainty. Hard and adaptive thresholds are provided for detection and isolation purposes.
Consequently, the FTC philosophies (B) and (C) are adopted in this work, looking to reduce the conservativeness in the postfault performance, but avoiding the necessity of fault identification. The paper is structured as follows. Section 2 describes the problem formulation. The FTC scheme is presented in Section 3. First, the general methodology is introduced, and the design criteria for diagnostic, isolation, and accommodation are detailed next. Section 4 analyzes the effect of model uncertainty in the FTC scheme. Finally, Section 5 presents an illustrative example, and Section 6 gives some concluding remarks.
2. Problem Formulation
The problem addressed in this paper is fault detection, isolation, and accommodation for LTI systems under additive faults and perturbations. In this way, consider a system affected by disturbances and possible faults , as shown in Figure 1, described by where represents the vector of states, the vector of inputs, and the vector of outputs. Thus matrix stands for the distribution matrix of the actuator or system faults, and for sensor faults. Denote as and with the columns of the fault signature matrices and , respectively, that is, Thus matrices will represent the signature of the th component in the fault vector . The nominal system is considered controllable and observable. On the other hand, the system response can be analyzed in a transfer matrix form (frequency domain) as follows: where A left coprime factorization for each transfer matrix can be derived by obtaining matrix such that [19, 20], as it is shown next: Consequently, the LTI systems in (4) can be written as where . An initial question about the fault diagnosis and isolation process relies on the necessary conditions to achieve this objective, hence the condition originally presented in [1, 4] are assumed as follows:
(1)for isolation of the fault vector , (2)for the simultaneous isolation of faults under unknown perturbations, where normrank stands for the normal rank of the corresponding transfer matrix [20].
Now, it is assumed that a nominal controller stabilizes the nominal plant , and it provides a desired closedloop performance in terms of robustness, transient, and steadystate responses. The controller is considered observable, and consequently, it can also be expressed by a left coprime factorization, that is, where , The nominal controller can be synthesized following classical techniques or optimal control: lead/lag compensator, PI, PID, , loop shaping design, and so on. Consequently, the control objective is presented as follows. Design an active faulttolerant scheme such that it detects and isolates the occurrence of a fault in the closedloop system, and provides an appropriate compensation signal to the controller in order to maintain closedloop performance (see Figure 1).
Remark 1. The problem formulation in (1) assumes no previous knowledge of the time profiles of the fault components . Thus the fault vector is modeled as an unknown exogenous input for the system . However, if explicit knowledge about the faults time profiles is available, then this information can be incorporated at the FDI stage to improve the residual design and evaluation. Nonetheless, the faultaccommodation scheme presented in the next section is consistent with this assumption, and it does not require an explicit identification of the faults affecting the system. Furthermore, the additive faults representation in (1) might be able to describe some common faults that cause changes on system parameters or loss of effectiveness in actuators, but in those cases, the faults time profiles will be related to states or control inputs (as it will be shown in Section 5).
The definition of the following system performance indexes will be very important for the synthesis and analysis of the fault detection, isolation, and accommodation algorithms [19–21]: where is a Hurwitz matrix transfer function, and () are the impulse responses corresponding to every component in the transfer matrix . The next inequalities will be useful to derive thresholds for residual evaluation: where , the signal norms are defined as and denotes the Euclidean norm.
3. FaultTolerant Control Scheme
The proposed FTC scheme relies on a fault diagnosis and isolation (FDI) algorithm, followed by a fault accommodation into the nominal controller. For LTI systems and additive faults, several FTC control structures have been suggested [12, 22–24] departing from the Youla parametrization of all stabilizing controllers [20]. In this configuration, a free parameter is selected to achieve the fault compensation, with the assurance that closedloop stability is achieved after the fault accommodation. In this fashion, the accommodation scheme adopted in this work is motivated by a new implementation of the Youla parametrization called generalized internal model control (GIMC) [7, 12]. In this configuration, the nominal controller is represented by its left coprime factorization, that is, . In addition, the GIMC configuration allows to perform the FDI process and accommodation in the same structure, where these two processes are carried out by selecting two design parameters (see Figure 2). Consequently, the residual is generated by selecting the detection/isolation filter , and the accommodation signal by the compensator , using the filtered signal with the following criteria.
(1): the fault detection/isolation filter must diminish the effect of the disturbances or uncertainty into the residual signal, and maximize the effect of the faults.(2): the robustification controller must provide robustness into the closedloop system in order to maintain acceptable performance against faults.
3.1. Fault Detection and Isolation
From Figure 2, it can be observed that contains information of perturbations and faults as follows: Hence a residual is naturally constructed by using the information of the coprime factorization of the nominal plant through [1]; In order to improve the accuracy of the FDI stage, it is proposed to carry out this task in two consecutive steps: (a) first, fault detection, and next, (b) fault isolation. This idea is also appealing for fault accommodation, and its benefits will be explained in the next section. As a result, the FDI algorithm is designed in two parts as follows.
(1)A detection filter is first synthesized to determine a general fault scenario.(2)Next, an isolation filter is computed to identify the faults affecting the system. First, the detection filter is constructed to obtain a scalar residual, that is, is a transfer matrix such that it attenuates the contribution from the perturbations while maximizing the faults effect. Hence the following design criteria are suggested: where denotes a desired attenuation factor for the unknown perturbations contribution, and represent the performance indexes in (10). In [21, 25], the previous multiobjective optimizations have been studied where optimal and approximation solutions are provided. Alternatively, the and optimizations can be solved using wellknown algorithms through a characterization by a linear fractional transformation (LFT) [20]; where is a transfer matrix that describes the faults frequency bandwidth, represents a lower LFT [20], and the generalized plant (see Figure 3) given by One advantage of the LFT characterization is that it can be augmented to include model uncertainty in the problem formulation. Meanwhile, the isolation filter ( transfer matrix) is designed to isolate the fault vector and decouple the perturbations , that is,
(i)(ii) where is a diagonal transfer matrix. Transfer matrix is a design parameter, and it should be chosen according to the frequency response of , in order to achieve the isolation and decoupling objectives. Nevertheless, nonminimum phase zeros of could limit the resulting performance [26]. Once more, the design criterion can be proposed by combining both objectives measured by a system norm as follows: where stands for the generalized plant associated to the LFT formulation given by Hence once a fault is detected, in the isolation stage, the filter has to provide a good estimate of the fault affecting the system. Therefore, it is fundamental that could render diagonally the product , or at least diagonally dominant. In fact, this issue has to be verified after is designed for a correct fault identification.
Remark 2. Assumptions (7) and (8) about the rank properties of the perturbations and faults transfer matrices provide necessary conditions to achieve the decoupling objective. Therefore, it is expected that the optimal filters obtained through (16) and (18) will guarantee good fault detection and isolation properties of the residuals.
Now, perfect disturbance decoupling is hard to achieve in a general scenario. As a result, the residuals will not be zero in a faultfree condition. Two possible techniques can be followed in order to detect a fault: hard or adaptive thresholds [3, 27, 28]. Since the perturbations are considered unknown and no uncertainty is assumed at this stage, hard thresholds are adopted. Departing from the signal norms in (12), a windowed residual evaluation criteria can be chosen as follows: where is the window length or evaluation horizon. Hence to avoid a false alarm in the evaluation due to perturbations [27], a threshold value is selected such that in the case of the windowed 2 norm, and considering bounded energy perturbations, that is, , then an initial detection threshold can be calculated by applying (11) as On the other hand, if the perturbations are now assumed bounded for all time, that is, , then a new detection threshold can be employed as follows: The hard thresholds in (23) and (24) are conservative starting values since they are derived from the norms inequalities in (11). Nevertheless, they have to be adjusted online for proper fault detection. Now, with respect to the isolation stage, a hard threshold has to be obtained for each output of the filter that represents the estimated fault. However, if the product is not diagonal, then each output is affected at some degree by all faults and perturbations. Assuming that the th output is evaluated, then the following thresholds are proposed: or where , denotes the term in the transfer matrix, , and . Consequently, some information about the energy or time upperbound on each fault is necessary to compute (25) and (26). Once more, it is important to point out that (25) and (26) are just starting values for the threshold selection during the residual evaluation, since they rely on inequalities that involve some inherit conservativeness.
3.2. Fault Accommodation
In order to derive the fault accommodation scheme, the effect of the compensation signal in the GIMC structure of Figure 2 is analyzed. Define the following nominal closedloop transfer matrices:
(i)input sensitivity: ,(ii)output sensitivity: ,(iii)complementary output sensitivity: .
The next lemma originally presented in [17] characterizes the dynamic behavior of the compensated control input and output of the closedloop system.
Lemma. In the GIMC configuration of Figure 2 considering additive faults, the resulting closedloop characteristics for the control signal and output are given by The resulting closedloop system is stable, provided that , since the nominal controller internally stabilizes the nominal plant (proof in Appendix B).
By a simple inspection of (27), two results can be concluded by considering the complete decoupling of perturbations and faults from the control input and output of the system.
Corollary 1 (see [17]). If the nominal plant , then , and the complete disturbance and fault decoupling can be achieved at the control signal by letting . As a result, it is obtained that
Therefore, if the nominal plant is stable by properly choosing the compensator , the control signal is not affected by faults and perturbations. The compensation suggested in Corollary 1 is particularly useful under a sensor fault scenario [24] since it is not desirable to adjust the control signal dynamics against erroneous information given by a sensor. Note that from (29), perturbations and faults are decoupled from the closedloop feedback dynamics since they appear in an openloop fashion at the output. However, the perturbations are affecting the outputs with a feedforward structure, which is an undesirable effect of this compensation. Consequently, as it was suggested in [18], if some estimation of the perturbations could be deduced by steadystate relations of the system or by an observer using stateaugmentation, the compensation could incorporate this new information to improve the closedloop performance. In general, if the FDI stage could provide a reliable identification of the fault vector , then this estimation can be also applied under the compensation suggested in Corollary 1 to decouple the faults from the closedloop system. The compensation including perturbations and faults estimations will be given by and the resulting output dynamics are given now by Therefore, the accuracy in the perturbations and faults estimations ( and ) will dictate the resulting performance deterioration. However, in a practical scenario, it is difficult to have these estimations available or to have a stable plant. Hence it is important that the compensator could simultaneously attenuate perturbations and faults into the closedloop system. On the other hand, if has also a stable inverse, a complete output decoupling for perturbations and faults can be achieved.
Corollary 2 (see [17]). If the nominal plant satisfies , then and with , the resulting output is decoupled perfectly from the perturbations and faults, that is,
Note that the compensation proposed in Corollary 2 is particularly useful for an actuator or system fault, since the output is perfectly decoupled from faults and perturbations. However, it should be avoided in a sensor fault scenario. In fact, the decoupling conditions of Corollaries 1 and 2 could be very restrictive. For this reason, by analyzing (27), if it is desired to minimize the faults effect at the control signal, while reducing the perturbations contribution at the output, the compensator should be designed by following the optimization strategy where represents the or norms in (10), are two weighting factors to balance the tradeoff between perturbations and faults reduction, and the normalized coprime factors relations in (6) are applied. However, the optimization problem in (33) cannot be solved using standard robust control algorithms [19, 20]. Therefore, it is proposed to extend the cost function to have a feasible problem as follows: where represents the generalized plant (see Figure 4) given by Meanwhile, if it is desired to attenuate both faults and perturbations at the output , then the next optimization scheme is suggested: where is given by
(a)
(b)
Remark 3. The optimization criteria for in (35) and (37) can be interpreted as approximation or normalization problems with certain postweighting and preweighting given by the frequency content of the perturbations or faults . In fact, (35) introduces a combined optimization: (i) a normalization process of by with a frequency postweighting given by the nominal output sensitivity and , and (ii) an approximation problem to with a frequency postweighting given by the nominal input sensitivity and .
Remark 4. Note that the compensators designed by the criteria in (35) and (37) can be conservative since it is required to attenuate the effect of all types of faults analyzed in (1), and it is also assumed that all of them have the same structure.
To improve the postfault performance, it is then proposed to design specific compensators for for every studied fault, depending if their effect is on the state (actuator or system faults) or the output (sensor faults) equations in (1), using the previous optimization algorithms as follows:
(i) actuator or system faults:
(ii) sensor faults: where and . In this way, the fault accommodation scheme of Figure 5 is proposed, and the overall active FTC algorithm consists of three stages according to the information of the FDI block as follows:
(1)in the faultfree case, just the nominal control loop is active;(2)after a fault scenario is detected into the system, a general compensator designed by (35) is activated;(3)finally, after the fault is classified and isolated, an specific compensator designed by (39) or (40) is selected. In a general fault condition, it is then decided to decouple (if possible) or attenuate the effect of faults at the control signal , until the fault is wellcharacterized during the isolation stage. As a result, after the fault is isolated, the specific compensation is injected into the closedloop configuration to improve the postfault performance.
Remark 5. Since the fault accommodation is based on the Youla parametrization, and since the faults are additive, the closedloop stability after each reconfiguration is guaranteed, provided that , and any nonlinear behavior is avoided into the closedloop system, like saturations, rate limiters, and so on. However, if the fault profile depends on the states or outputs then closedloop stability could not be assured after all.
Remark 6. In the proposed configuration, multiple and intermittent faults could be handled. Once they are identified by the FDI scheme, the corresponding compensator should be activated to perform its accommodation. However, if FDI algorithm detects that the fault is no longer present, the compensation is removed.
3.3. Performance Evaluation
One important question, after the design stage is completed, is the resulting performance of the fault detection, isolation and accommodation algorithms. To address this problem, different quantification indices will be proposed using the system performance indexes in (10) of the resulting transfer functions. The selection of the applied performance index in (10) will depend on the a priori faults information, for example, the faults frequency content, or the desired interpretation of the quantification index, for example, the worst case condition in the evaluation. The next indices are motivated from the optimization algorithms used for synthesis in the previous sections.
(1) Fault evaluation. The capability of the detection filter of reducing the perturbations frequency content compared to increasing the faults sensitivity is evaluated by Hence a large value of will indicate good evaluation characteristics.
(2) Fault isolation. This index is constructed by analyzing the property of of diagonalizing while attenuating the disturbances frequency content: where denotes the diagonal part of the transfer matrix, and the off diagonal structure. In fact, is usually denoted as signaltonoise and interference ratio (SNIR) in the signal processing community. Thus if is large, then fault isolation can be achieved.
(3) Fault accommodation. The fault accommodation is quantified in terms of the property of reducing the effect of faults and perturbations simultaneously into the closedloop system. The accommodation performance criteria is defined for the th fault as where the weighting is selected according to the fault effect: where are the positive weighting factors to judge the importance of perturbations or faults attenuation. Now, a small value of will indicate good fault accommodation. Note that this value is related to a worstcase performance degradation level expected in the FTC scheme [29].
The overall synthesis algorithms for fault detection, isolation, and accommodation including performance evaluation are described in Appendix A. The synthesis procedure includes samples of MATLAB commands that could be used for numerical calculations.
4. Fault Tolerant Approach Under Model Uncertainty
During the implementation of any control strategy, there is always some model uncertainty in the mathematical description used for design. If the characterization of this uncertainty could be obtained during the problem formulation, this information could be used at the design stage to improve the closedloop performance, and understand also the practical limitations. In this work, additive model uncertainty is considered [19, 20] as shown in Figure 6, that is, the actual nominal plant is given by where represent pre and postuncertainty weighting functions, and a normalized uncertain transfer matrix . As presented in [18], other uncertainty representations (parametric, multiplicative, etc.) could be also fitted under an additive uncertainty structure, but at the price of introducing some conservativeness in the design.
First of all, note that under model uncertainty, the signal in the GIMC configuration is no longer decoupled from the control signal (see Figure 6). The results are summarized as follows [17].
Lemma. Considering additive model uncertainty in the GIMC configuration of Figure 2, the resulting closedloop characteristics are given by where (Proof is in Appendix C)
4.1. Robust Fault Isolation
Note that by including additive uncertainty, an extra requirement is evident, the detection/isolation filter should cancel or diminish the uncertainty contribution at the residual output for a robust detection and isolation, that is, . As described in Section 2, there are necessary conditions related to the rank of the involved transfer matrices to guarantee proper fault isolation. Consequently, this condition can be extended for robust fault isolation, considering the worstcase uncertainty as Since the description of the uncertainty is posed in terms of the norm, the optimization problems for the detection and isolation filters are also proposed in terms of this norm. As a result, the following robust performance criteria are adopted for both synthesis procedures:
(i) fault detection:
(ii) fault isolation: where stands for an upper LFT [20], and the respective generalized plants and are given by The optimization problems in (52) and (53) can be solved by using synthesis design or LMI's [19, 20]. On the other hand, at the residual evaluation, it is observed that the uncertainty is affected by the control signal at (47). Thus the residual is directly dependent on the control signal , and its profile will appear in the resulting dynamic behavior, but since this signal is known, an adaptive threshold [3, 28] can be used in order to reduce the conservativeness in the fault detection process introduced by the uncertain term as where is the bound on the windowed energy of the perturbations, and the inequalities in (11) are applied. This characterization is appropriate since the uncertainty is quantified in terms of the norm. Similarly, an adaptive threshold can be formulated for fault isolation as where As mentioned in the previous section, the thresholds in (55) and (56) are derived from norms inequalities, so their values could be conservative and they have to be tuned online to optimize the fault detection capabilities.
Remark 7. It is clear that hard thresholds could lead to a conservative fault diagnosis stage, or fault misdetection due to a change in the operating conditions or model uncertainty. However, adaptive thresholds require a prior knowledge of the possible uncertainty or maximum variability of the residuals in nominal conditions for a correct implementation.
4.2. Robust Fault Accommodation
In general, no guarantee of closedloop stability is granted although as in the uncertainty free case. From the results in Lemma 2, it can be seen that for a special case (stable nominal plant), the uncertainty can be decoupled from the control signal as in Corollary 1, and closedloop stability can be deduced if the nominal controller internally stabilizes the nominal plant.
Corollary 3. If the nominal plant satisfies , then complete disturbance, fault, and uncertainty decoupling can be achieved at the control signal by letting , and consequently Moreover, the closedloop is stable if internally stabilizes .
Similarly to the result in Corollary 1, with the compensation suggested in Corollary 3, the perturbations and faults affect the output in an openloop fashion. Therefore, if an estimation of the perturbations and faults are available, then the feedforward structure in (30) could be followed to attenuate their effect at the output. On the other hand, for a general design case by looking at (48) and (49), a robust criteria (performance and stability) should be targeted to reduce the faults effects at the control signal and the perturbations contribution at the output by where is defined in (50), and the generalized plant (see Figure 7) including uncertainty information is given by Meanwhile, if robust attenuation is now looked at the output , the following robust performance problem is formulated: where the corresponding generalized plant is given by As in the nominal case, in order to improve the closedloop performance after the fault has been isolated, a specific compensator can be designed using the optimization criteria in (58) and (60), depending if the fault is affecting the state or output equations on the statespace representation (1). For these cases, in the generalized plants (, ) presented in (59) and (61), is replaced by the information of the analyzed fault .
(a)
(b)
The robust stability condition is very important since it is needed that the fault accommodation scheme will preserve closedloop stability after the compensation despite model uncertainty. However, the size of the uncertainty and its frequency content will dictate the degree of conservativeness introduced. Assume that the th fault is analyzed, then define the transfer matrix by closing the lower feedback path with its specific compensator in the LFT configuration, that is, where represents the generalized plant in (59) (sensor faults) or (61) (actuator or system fault) by replacing with . Then robust stability with respect to the th compensator is tested by the condition [20] as follows:
4.3. Robust Performance Evaluation
Finally, some indices are suggested to evaluate the robust performance of the resulting FTC structure.
(1) Fault evaluation. The size of the worstcase uncertainty is applied to obtain an estimate of the evaluation performance as Consequently, if is large, then good evaluation characteristics are devised.
(2) Fault isolation. The structure of the index (43) is maintained, but the worstcase uncertainty information is appended as
(3) Fault accommodation. The fault accommodation performance is evaluated in terms of the faults and perturbations attenuation subject to model uncertainty. For this purpose, a robust performance analysis is carried out by using the structured singular value [19, 20]. Then the fault accommodation performance with respect to the th fault is defined by where is an augmented uncertainty block to address the performance specifications. Thus internal stability is guaranteed for , and the worstcase performance is bounded . As a result, if the index is lower than one, then robust stability is granted.
5. Illustrative Example
In order to illustrate the ideas presented in the paper, the design of an active FTC scheme for a separately excited DC motor is considered. The dynamics of a secondorder actuator are appended to the motor description. To have a more realistic simulation, the actuator gain is limited by a saturation function. Hence the control signal is limited to the interval . Thus a system with one input and three outputs (armature voltage and current , and angular velocity ) is studied [30]. The load torque is modeled as an unknown constant or slowly timevarying external disturbance into the system. The control objective is defined as the regulation of the angular velocity to a prescribed reference. Note that since there are three measurements and one unknown perturbation, then only the effect of two different faults could be analyzed simultaneously [4]. The studied faults are actuator (gain of the dc drive) and sensor (angular velocity measurement). The parameters of the dc motor are shown in Table 1. The mathematical model of the studied system is presented next: In fact, the model described in (67), with the parameters in Table 1, is stable and satisfies the isolation conditions presented in (7) and (8). The nominal controller is designed following a PI structure with respect to the velocity reference error , plus a constant feedback from and , that is, where , , , and . This control law satisfies the performance specifications by achieving internal stability and asymptotic tracking. Now, the detection and isolation filters (, ) were designed following the optimization indices (16) and (18) with , and selecting All the numerical calculations were carried out in MATLAB by using two toolboxes: (i) control system, and (ii) LMI control (see Appendix A). The transfer matrix was chosen as a diagonal lowpass filter since the frequency content of allows perfect decoupling in the low frequency. The residual evaluation was computed by the windowed 2 norm in (20). Consequently, assuming a time window and , then a hard threshold for fault evaluation is calculated by since . Meanwhile, for isolation purposes, two new thresholds are also computed as follows: where , and . Next, the fault accommodation compensators , and were synthesized by (35), (39), and (40) with and . The performance indices in (42), (43), and (44) were computed taking the norm (), and they are listed in Table 2. The weight is chosen null since the perturbation is assumed constant or slowly time varying, so the integral part of the nominal controller can compensate effectively its effect. Hence the results in Table 2 reflect that the active FTC will provide good performance in the detection, isolation, and accommodation stages. Furthermore, no degradation should be expected in a steady state since . However, some transient changes have to be anticipated due to control switching (see Figure 5). The velocity reference is defined as a square wave that oscillates between and at a frequency of . The load torque is initialized to . The following scenario is tested under numerical simulation:


(i)at , there is a perturbation step change from to ;(ii)from to , fault is active as a complete sensor outage, that is, ;(iii)from to , fault is triggered as a reduction in the actuator gain, that is, ;(iv)finally, from to , fault is once more active.
The results are presented in Figures 8 and 9. For comparison, the nominal controller (without compensation) and the active FTC are plotted simultaneously in Figure 8. From the simulation results, the nominal controller saturates the control signal when is triggered, and the actuator delivers its maximum output voltage to the motor. As a result, the angular velocity is dangerously raised to . This behavior could induce severe mechanical stresses in the motor, and practically, an instability scenario is faced, but limited by the actuator saturation. Meanwhile, the active FTC scheme can accommodate effectively this fault, with some transient oscillation due to the control switching. However, for fault , the nominal controller and the FTC scheme can compensate its appearance by the integral action in the nominal controller, but although the nominal control law can inherently accommodate this fault, there is no record of this faulty condition in the closedloop system. Now, the results of the fault detection and isolation stages are illustrated in Figure 9. Faults and are correctly isolated, and the disturbance step change is not mistaken by a fault in the FDI stage. In fact, and are almost instantaneously isolated. Note that the active FTC scheme is able to maintain good performance after both faults, and also when the faults are removed from the system, the nominal performance is recovered.
(a)
(b)
(a)
(b)
Now, in order to evaluate the fault diagnosis and isolation under model uncertainty, the performance of the previously designed filters and under uncertainty in the measurements and is analyzed. So, consider the following output uncertainty weight as follows: The interpretation of is the following: (a) there is a maximum error of at the low frequency of the armature current measurement, and there is a error in the measurement of the angular velocity sensor over the whole frequency bandwidth. The robust performance indices in (64) and (65) were calculated (), and the results are presented in Table 2. The results show that there is a severe deterioration in the diagnosis and isolation capabilities under that uncertainty profile, but there are still some degree of separability to achieve the diagnosis and isolation stage.
6. Conclusions
In this paper, a control methodology for fault detection, isolation, and accommodation to address LTI systems has been detailed. The FTC scheme is based on the GIMC configuration [12] which extends the use of the Youla parametrization to FTC. Design strategies were presented for the FDI process and accommodation. Multiple and intermittent faults can be treated in this FTC scheme. Closedloop stability is always guaranteed after each configuration but only if the additive faults profiles do not depend on the states or outputs. Moreover, the analysis of the design schemes under model uncertainty was carried out. For detection and isolation purposes, a hard threshold is suggested for the nominal case, and an adaptive one is considered when model uncertainty affects the output measurements. Performance indices are also suggested to evaluate the detection, isolation, and accommodation schemes. The FTC structure was tested in numerical simulation over a DC motor setup, and the advantages over a nominal control law were clearly presented.
Appendices
A. Fault Tolerant Synthesis Algorithms
The synthesis algorithm for fault diagnosis, isolation, and accommodation in the nominal case is presented in this section. The algorithm follows the ideas exposed in Section 3. The synthesis procedure is based on MATLAB, and it could be implemented using the next toolboxes: (i) control system, (ii) LMI control, (iii) analysis and synthesis, and (iv) robust control. After each step in the algorithm, the MATLAB commands used for numerical synthesis are introduced inside parentheses as follows.
(1)Define the statespace description of the plant and nominal controller in (1) and (9) (ss, ltisys, pack and mksys).(2)Construct the left coprime factorizations of plant (5) and controller (9) (lqr, place and acker), in order to avoid numerical problems, use a balance realization for all the coprime factors (balreal, sbalanc, sysbal and obalreal).(3)Check conditions (7) and (8) to verify the solvability of the synthesis schemes.(4)Define the filters , and obtain by solving the optimization problems (16) and (18) (hinflmi, hinfric, hinfsyn, h2syn, hinfopt, and h2lqg).(5)Evaluate the fault diagnosis performance through (42), and isolation property by extracting the diagonal and nondiagonal parts of the product using the statespace realization and computing (43) (norm, norminf, norm2, h2norm, hinfnorm, normh2, normhinf, ssdata, ltiss, unpck, and branch).(6)Obtain the general accommodation compensator using (35), and the specific compensators by (39) or (40) (hinflmi, hinfric, hinfsyn, h2syn, hinfopt, and h2lqg).(7)Evaluate the fault accommodation performance through (44) (norm, norminf, norm2, h2norm, hinfnorm, normh2, and normhinf).
Alternatively, the synthesis procedure can be computed using open source numerical programs as Scilab [31] and Octave [32]. In fact, freely in the web, there are toolboxes for these two programs that implement the same synthesis algorithms as in MATLAB.
B. Proof of Lemma 1
From the block diagram in Figure 2, it is observed that the internal signal is given by (13), and as a result, the internal control signal is constructed as Thus the control signal contains information from the faults, perturbations, references, and outputs: Finally, by a direct substitution of (3) into (B.2), the results in (27) are deduced.
C. Proof of Lemma 2
From the block diagram of Figure 6 under additive uncertainty, (47) is obtained directly to describe by recalling (13). Next, the control signal is derived as and by a substitution of (3) and (46) into the previous equation, the effects of the reference, perturbations, and faults can be isolated from the control signal : Hence by defining the term in (50), the result in (48) is obtained. Finally, substituting (48) and (46) into the output equation (3), the contributions of the references, perturbations, and faults into the output are described by (49).
Acknowledgments
This research is supported in part by grants from FAI (Grant no. C06FAI1134.71) and CONACYT (Grant no. C07ACIPC08.4.4, no.52314). D. R. EspinozaTrejo acknowledges the support provided by CONACYT through a doctoral scholarship (no. 166718).
References
 J. Chen and R. J. Patton, Robust ModelBased Fault Diagnosis for Dynamic Systems, Kluwer Academic, Dordrecht, The Netherlands, 1999.
 R. Isermann and P. Ballé, “Trends in the application of modelbased fault detection and diagnosis of technical processes,” Control Engineering Practice, vol. 5, no. 5, pp. 709–719, 1997. View at: Publisher Site  Google Scholar
 R. Isermann, FaultDiagnosis Systems: An Introduction from Fault Detection to Fault Tolerance, Springer, New York, NY, USA, 2006.
 A. Saberi, A. A. Stoorvogel, P. Sannuti, and H. Niemann, “Fundamental problems in fault detection and identification,” International Journal of Robust and Nonlinear Control, vol. 10, no. 14, pp. 1209–1236, 2000. View at: Publisher Site  Google Scholar
 M. Blanke, R. IzadiZamanabadi, S. A. Bøgh, and C. P. Lunau, “Faulttolerant control systems—a holistic view,” Control Engineering Practice, vol. 5, no. 5, pp. 693–702, 1997. View at: Publisher Site  Google Scholar
 M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki, Diagnosis and FaultTolerant Control, Springer, New York, NY, USA, 2003.
 D. U. CamposDelgado and K. Zhou, “Reconfigurable faulttolerant control using GIMC structure,” IEEE Transactions on Automatic Control, vol. 48, no. 5, pp. 832–838, 2003. View at: Publisher Site  Google Scholar
 H. Noura, D. Sauter, F. Hamelin, and D. Theilliol, “Faulttolerant control in dynamic systems: application to a winding machine,” IEEE Control Systems Magazine, vol. 20, no. 1, pp. 33–49, 2000. View at: Publisher Site  Google Scholar
 J. Stoustrup and V. D. Blondel, “Fault tolerant control: a simultaneous stabilization result,” IEEE Transactions on Automatic Control, vol. 49, no. 2, pp. 305–310, 2004. View at: Publisher Site  Google Scholar
 D. Kim and Y. Kim, “Robust variable structure controller design for fault tolerant flight control,” Journal of Guidance, Control, and Dynamics, vol. 23, no. 3, pp. 430–437, 2000. View at: Google Scholar
 P. Zhang, S. X. Ding, G. Z. Wang, T. Jeinsch, and D. H. Zhou, “Application of robust observerbased FDI systems to fault tolerant control,” in Proceedings of the 15th Triennial IFAC World Congress, Barcelona, Spain, 2002. View at: Google Scholar
 K. Zhou and Z. Ren, “A new controller architecture for high performance, robust, and faulttolerant control,” IEEE Transactions on Automatic Control, vol. 46, no. 10, pp. 1613–1618, 2001. View at: Publisher Site  Google Scholar
 J.Y. Shin, N. E. Wu, and C. Belcastro, “Adaptive linear parameter varying control synthesis for actuator failure,” Journal of Guidance, Control, and Dynamics, vol. 27, no. 5, pp. 787–794, 2004. View at: Google Scholar
 J.Y. Shin and C. M. Belcastro, “Performance analysis on fault tolerant control system,” IEEE Transactions on Control Systems Technology, vol. 14, no. 5, pp. 920–925, 2006. View at: Publisher Site  Google Scholar
 M. Ji, Z. Zhang, G. Biswas, and N. Sarkar, “Hybrid fault adaptive control of a wheeled mobile robot,” IEEE/ASME Transactions on Mechatronics, vol. 8, no. 2, pp. 226–233, 2003. View at: Publisher Site  Google Scholar
 X. Zhang, T. Parisini, and M. M. Polycarpou, “Adaptive faulttolerant control of nonlinear uncertain systems: an informationbased diagnostic approach,” IEEE Transactions on Automatic Control, vol. 49, no. 8, pp. 1259–1274, 2004. View at: Publisher Site  Google Scholar
 D. U. CamposDelgado, E. R. Palacios, and D. R. EspinozaTrejo, “Fault accommodation strategy for LTI systems based on GIMC structure: additive faults,” in Proceedings of the 44th IEEE Conference on Decision and Control, and the European Control Conference (CDCECC '05), vol. 2005, pp. 6292–6297, Seville, Spain, December 2005. View at: Publisher Site  Google Scholar
 D. U. CamposDelgado, S. MartínezMartínez, and K. Zhou, “Integrated faulttolerant scheme for a DC speed drive,” IEEE/ASME Transactions on Mechatronics, vol. 10, no. 4, pp. 419–427, 2005. View at: Publisher Site  Google Scholar
 G. E. Dullerud and F. Paganini, A Course in Robust Control Theory, Springer, New York, NY, USA, 2000.
 K. Zhou, J. C. Doyle, and K. Glover, Robust and Optimal Control, Prentice Hall, Upper Saddle River, NJ, USA, 1996.
 S. X. Ding, T. Jeinsch, P. M. Frank, and E. L. Ding, “A unified approach to the optimization of fault detection systems,” International Journal of Adaptive Control and Signal Processing, vol. 14, no. 7, pp. 725–745, 2000. View at: Publisher Site  Google Scholar
 B. Marx, D. Koenig, and D. Georges, “Robust faulttolerant control for descriptor systems,” IEEE Transactions on Automatic Control, vol. 49, no. 10, pp. 1869–1875, 2004. View at: Publisher Site  Google Scholar
 H. Niemann and J. Stoustrup, “Fault tolerant controllers for sampleddata systems,” in Proceedings of the American Control Conference, vol. 4, pp. 3490–3495, 2004. View at: Google Scholar
 S. S. Yang and J. Chen, “Sensor faults compensation for MIMO faulttolerant control systems,” Transactions of the Institute of Measurement and Control, vol. 28, no. 2, pp. 187–205, 2006. View at: Publisher Site  Google Scholar
 N. Liu and K. Zhou, “Optimal solutions to multiobjective robust fault detection problems,” in Proccedings of the 2007 IEEE Conference on Decision and Control, New Orleans, LA, USA, December 2007. View at: Google Scholar
 H. Niemann and J. Stoustrup, “Fault diagnosis for nonmininum phase systems using ${H}_{\infty}$ optimization,” in Proceedings of the American Control Conference, vol. 6, pp. 4432–4436, 2001. View at: Google Scholar
 A. EmamiNaeini, M. M. Akhter, and S. M. Rock, “Effect of model uncertainty on failure detection: the threshold selector,” IEEE Transactions on Automatic Control, vol. 33, no. 12, pp. 1106–1116, 1988. View at: Publisher Site  Google Scholar
 M. G. Perhinschi, M. R. Napolitano, G. Campa, B. Seanor, J. Burken, and R. Larson, “An adaptive threshold approach for the design of an actuator failure detection and identification scheme,” IEEE Transactions on Control Systems Technology, vol. 14, no. 3, pp. 519–525, 2006. View at: Publisher Site  Google Scholar
 J. Jiang and Y. Zhang, “Accepting performance degradation in faulttolerant control system design,” IEEE Transactions on Control Systems Technology, vol. 14, no. 2, pp. 284–292, 2006. View at: Publisher Site  Google Scholar
 R. Krishnan, Electric Motor Drives: Modeling, Analysis, and Control, Prentice Hall, Upper Saddle River, NJ, USA, 2001.
 http://www.scilab.org/.
 http://www.octave.org/.
Copyright
Copyright © 2008 D. U. CamposDelgado et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.