FP9-1: Fault Tolerant FP9-1: Fault Tolerant

Control Systems Control Systems

Lecture 1
Youmin Zhang
Introduction to fault-tolerant control system
What is fault-tolerant control system (FTCS)?
Fault-tolerant vs. conventional control systems
Phone: 7912 7741 Office Location: FUV 0.22
Overall structure of fault tolerant control systems
Email: ymzhang@cs.aaue.dk
Methods of designing fault tolerant control systems
\\tun\web\cs\contribution\courses\fall2006\IRS9\FTC1\index.html
Examples

Course Outline What is Fault-Tolerant Control System (FTCS)?

Part I

Definition: A FTCS is a control system that possesses

1. Introduction to Fault-Tolerant Control the ability to accommodate system component
System (FTCS) faults/failures automatically and is capable of
maintaining overall system stability and acceptable
2. Characteristics of FTCS and Special performance in the event of such failures.
Considerations in FTCS Design
Objectives: Increase reliability, safety and automation
3. Design of Active FTCS (AFTCS) (1) level of modern technological/engineering systems.

4. Design of Active FTCS (AFTCS) (2) Approaches: Passive FTCS (PFTCS); Active FTCS
(AFTCS) - Reconfigurable FTCS (RFTCS).
5. Design of Passive FTCS (PFTCS)
Feature: The key to any FTCS Redundancy.

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 3 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 4
 Why Fault-Tolerant Control is Needed? Two Events Called for Research on FTCS
Motivation for FTCS Research & Development

USAir Flight 427 accident UA Flight 585 accident Flight 191 accident failed case Flight 1080 successful example
Crashed on 8 Sept. 1994 Crashed on 3 March 1991 Two events that motivated the research on fault-tolerant flight control
A loss of control of the airplane resulting from A loss of control of the airplane resulting from Crashed on 25 May 1979 Safely landed on 12 April 1977
the movement of the rudder surface to its the movement of the rudder surface to its Separation of the no.1 engine and pylon The elevator became jammed at 19 degrees up
blowdown limit, which leads to an blowdown limit, the same reason as in Flight assembly procedures which led to failure and the pilot had been given no indication that
uncontrolled descent and collision with terrain 427. this malfunction had occurred.
of the pylon structure.
All 132 people on board were killed, and the
airplane was destroyed by impact forces and Injuries: 25 Fatal; The airplane was destroyed. 271 people were killed/injured. Fortunately, the pilot successfully reconfigured
fire. Source: http://aviation- the remaining control elements and landed the
Source: Source:
safety.net/database/1979/790525-2.htm aircraft safely - clever use of actuation
(more accident cases can be found in this webpage)
http://www.ntsb.gov/publictn/1999/AAR9901.htm http://www.ntsb.gov/NTSB/brief.asp?ev_id=20001212X16583&key=1 redundancy in the L-1011 airplane.
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 5 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 6

Faults and Faults Classification Faults and Faults Classification

Definition and classification A diagram associated with different faults in a controlled system
system
What is a fault?
In the area of fault-tolerant control, a fault is regarded as
any kind of malfunction in a system, and which may lead
to system instability or result in unacceptable performance
degradation.
Such a fault can occur in any component of the system
such as sensors, actuators, and system components, as
will be demonstrated in the next slides.
Fault types/classification
Based on physical locations:
Sensors (for both output and input variables), actuators,
system/plant components, and/or controllers
Based on effects on the system performance:
Additive/multiplicative faults, or abrupt/incipient faults Simani et al, 2002
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 7 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 8
 Types of Faults Types of Faults
(temporal/permanent persistence) (Another view of classification)

Permanent faults:
Total failure of a component
Caused by, for example, short-circuits or melt-down
Remains until component is repaired or replaced
Transient faults:
Temporary malfunctions of a component
Caused by magnetic or ionizing radiation, or power fluctuation f a

Intermittent faults: b

Repeated occurrences of transient faults t

Caused by, for example, loose wires f c

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 9 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 10

Common Faults in Aircraft Common Faults in Aircraft (contd)

(Example 1) (Example 1)

An aircraft and its control surfaces

aR
Right Aileron
Right Elevator

eR
Rudder

r
Left Elevator

eL

aL

Left Aileron

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 11 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 12
 Common Faults in Other Systems How Faults are Mathematically Modeled?
(Example 2 a water tank system)
Two types of model
System configuration Input-output models
System: three tanks Transfer functions
Actuators: two ARMA
pumps for tank #1 State-space models
and #3
Sensors: three Two types of representation of faults
pressure sensors Additive faults
for liquid level Multiplicative faults
measurement of Questions:
each tank Time behavior of faults Are we able to handle all
Abrupt faults (stepwise) these types of faults?
Incipient/gradual faults (drift-like)
Fault modes How to model these faults?
Actuator faults: jammed pumps Severity of faults
Partial fault How to detect and
Sensor faults: pressure sensor malfunctions accommodate these faults in
Total/hard-over failure
System faults: leakage of any one of the three tanks FTCS?
Stuck/frozen fault, floating fault
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 13 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 14

Modeling of System Modeling of System

(under normal conditions) (under dynamic fault conditions)

a. State-space model
a. State-space model
x& ( t ) = Ax ( t ) + Bu ( t )
x& ( t ) = Ax ( t ) + Bu ( t ) t < tf
y ( t ) = Cx ( t ) &
s1 0 L 0 y1 (t ) x (t ) = ( A + A) x (t ) + ( B + B )u(t ) t tf
0 s2 L 0 y 2 (t )
z ( t ) = My ( t ) = M and
M O M
y (t )
0 0 L sp p
y (t ) = C x (t ) t < tf
s i = [ s i1 si2 L s iq i ] T
y (t ) = (C + C ) x (t ) t tf
x n 1 , u m 1 , y p 1 , z q 1 , M q p
b. ARMA model
b. ARMA model

y (t ) = T
( t ) y ( t ) = T
( t ) o t < tf
o

y ( t ) = ( t ) ( o + ) t tf
T

(t ) - Regression vector; o - parameter vector

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 15 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 16
 Modeling of System Modeling of System
(under actuator fault conditions) (under sensor fault conditions)

Actuator faults Sensor faults

u(t) u a (t)
Actuator y(t) z(t)
Sensor
u a (t ) = La u (t ) + ( I q q La ) f a
z (t ) = Ls My (t ) + ( I m m Ls ) f s
where f a q1 is the constant bias term, and
L a = d ia g { l1 , l 2 , L L l q } where Ls m m represents the operational modes of
represents the operational modes of the actuators. the sensors, and f s m1 is the sensor bias.
1 t < tf functional
li =
0 t tf failure Compared to actuators, it is relatively easy to install multiple sensors.

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 17 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 18

Modeling of Actuator Faults Modeling of Actuator Faults

General cases including more fault scenarios (1/2) General cases including more fault scenarios (2/2)

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 19 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 20
 Modeling of Sensor Faults Modeling of Dynamic Faults
via reduction of measurement effectiveness

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,

Systems, by Y. M. Zhang (AUE) 21 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 22

How a FTCS is Built and Where the How a FTCS is Built and Where the
Mathematical Model Becomes Useful? Mathematical Model Becomes Useful?
Basic Ingredients in FTCS: Redundancy Basic Ingredients in FTCS: Redundancy (cont
(contd)
Hardware Redundancy Sensors Analytical Redundancy
Sensor redundancy Actuators y1
S11 z11 the mathematical model or analytical relationships among,
Multiple dissimilar sensors with
u1
S12 z12 for example, aircraft flight state variables
a voting scheme B1 S1q
1
M
z1q fault detection and diagnosis scheme
1
TMR (Triple Modular redundant control strategies
Aircraft

S21 z 21
Redundancy) u2 B2 y2 inputs outputs
S22 z
Aircraft
22

Actuator redundancy M S2q

2
M
z 2q 2

It is usually difficult (comparing to u m M

sensor redundancy) to add extra actuator Bm Sp1
z p1 Redundant information on
aircraft output variables
redundancy due to limitations of power, Sp2
z p2 Analytical
size, cost
yp M Model
Spq
p z pq p

Redundancy in an aircraft Hybrid Redundancy: Hardware + Analytical

A Y.
redundant architecture
(AUE) for fault toleranceall three figures are 24 adopted
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 23 Lecture
An 1 flight control system (FCS) architecture
electronic AnTolerant
Lecture Notes on Fault primary FCS configuration
Control Systems,
Systems, by M. Zhang
from C.R. Spitzer, Digital Avionics Systems, 2nd, McGraw-Hill, 1993
Example: Redundancy in Boeing 777 Example: Redundancy in Boeing 777
ACE: Actuator Control Electronics

Primary Flight Control Surfaces ADIRU: Air Data Inertial Reference Unit
ADM: Air Data Module (Static and Total Pressure)
AFDC: Autopilot Flight Director Computer
AIMS: Airplane Information Management System
ARINC: Aeronautical Radio Inc. (Industry Standard)
CMC: Central Maintenance Computer Function in
AIMS
DCGF: Data Conversion Gateway Function of AIMS
EDIU: Engine Data Interface Unit
EICAS: Engine Indication and Crew Alerting System
ELMS: Electrical Load Management System
FBW: Fly-By-Wire
FCDC: Flight Controls Direct Current (power system)
FSEU: Flap Slat Electronic Unit
LRRA: Low Range Radio Altimeter
LRU: Line Replaceable Unit
MAT: Maintenance Access Terminal
MEL: Minimum Equipment List
MFD: Multi-Function Display
MOV: Motor-Operated Valve
PCU: Power Control Unit (hydraulic actuator)
PFC: Primary Flight Computer
PMG: Permanent Magnet Generator
PSA: Power Supply Assembly
RAT: Ram Air Turbine
SAARU: Standby Attitude and Air Data Unit
(Yeh, 1996) TAC: Thrust Asymmetry Compensation
WEU: Warning Electronics Unit
G.F. Bartley, 2001
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 25 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 26

Where Does the FTCS Stand? Engineering Application Areas of FTCS

Multidisciplinary Feature
Engineering Application Areas of FTCS
Fault Detection and Diagnosis (FDD) Aircraft/Aerospace systems
Ground and surface/underwater vehicles
Active FTCS Nuclear reactors and power plants
(a currently active Chemical/Petrochemical processes
research area) Autonomous robots and vehicles
Medical devices etc.
Computing, Typical Faults Considered in FTCS
Optimal, Adaptive,
Communication, Actuator faults
Robust Control Simulation, Sensor faults
(Reliable Control or Implementation Structural/Dynamic faults
Passive FTCS) (hardware/software), Safety Criteria
and Display Reliability, maintainability, and safety
Techniques Requirement on Fault Diagnosis and Fault-Tolerant Control
Reconfigurable/Restructurable Control Fault diagnosis
Fault-tolerant control
Questions:
What are difference between active fault tolerant control and adaptive control,
robust control and reliable control? 27 28
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE)
 General Structure of Control Systems
General Classification of FTCS - Conventional control

Passive FTCS (PFTCS) disturbances disturbances

disturbances noises noises
Definition: Systems that are designed to tolerate a certain class noises
of component faults without the need for on-line fault information Inputs Outputs
Properties: Controllers Actuators System Sensors
Tolerance to anticipated faults
Fixed controller structure/parameters
Feedback
Active FTCS (AFTCS) Reconfigurable FTCS (RFTCS)
Definition: Systems that can reconfigure the control law on-line
and in real-time to accommodate component faults
Elements in control systems: Properties of control systems:
Properties: System/Plant/Process Stability
Explicit Fault Detection and Diagnosis (FDD) schemes Sensors
Real-time decision-making and controller reconfiguration Performance
Actuators
Accommodation of anticipated/unanticipated faults Robustness
Acceptable degraded performance in the presence of faults Controllers
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 29 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 30

Enhancing Robustness of Control Systems General Structure of FTCS

- Robust Control versus Reliable Control - PFTCS - Reconfigurable (or active fault-tolerant) control system
disturbances disturbances
disturbances disturbances disturbances noises
disturbances noises noises
noises noises faults faults faults
noises faults faults faults
Inputs Outputs
Inputs Outputs
Reliable
Robust Command
Actuators System Sensors Controllers Actuators System Sensors
Controllers Governor
Controllers

Feedback
FDD
Elements in control systems: Properties of control systems:
System/Plant/Process Reconfiguration
Stability Mechanisms
Sensors
Performance Three/four important parts in AFTCS:
Actuators FDD schemes
Robustness against uncertainties Reconfigurable controllers
Controllers Reconfiguration mechanisms
versus faults Command/reference governor
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 31 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 32
 Modules in AFTCS Modules in AFTCS
Fault Detection and Diagnosis (FDD) Scheme Fault Detection and Diagnosis (FDD) Scheme

Definition: Fault Detection and Diagnosis (FDD) is Existing FDD techniques:

a process (or technique) to detect faults and to
determine their locations and significance in a Fault Detection
Fault Diagnosis
FDD methods
system being monitored. Fault Isolation
Fault Identification

Functions of FDD Data/signal-based methods Model-based methods

Measurement Fault
Residual r Decision Decision
Generation Making
Parameter Estimation State Estimation Parity Space
Analytical
Model
Least Squares Extended KF Kalman Filters Observers

Single Kalman Filter Multiple Kalman Filters Two-stage Kalman Filters

Main topic covered in FP8-1 in last semester. (Fault Detection) (Fault Isolation) (Fault Diagnosis)

How much can you still remember?

Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 33 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 34

Modules in AFTCS Modules in AFTCS

Control Reconfiguration Control Reconfiguration

Purpose: To make the control system insensitive/ Existing design techniques and classification
tolerant to the effects of failed components by
modifying controller structure and/or parameters,
Control Reconfiguration
based on the information from FDD module.
Function of reconfigurable control Off-line On-line

Control signals
Input signals Controller Controller pre-
pre-design On-
On-line controller redesign

On-
On-line FDD and On-
On-line FDD and
From FDD Reconfiguration controller reconfiguration controller reconfiguration
Mechanism

Switching Switching Matching Following

Design objective
F {( A f , B f , C f ), K f } F {( An , Bn , Cn ), K n }
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 35 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 36
 Design Procedure in AFTCS Design Considerations in AFTCS
An Illustrative Presentation

Topics in Failure Modes and Effects Hazard, Risk, &

Off-
FP7-4, Analysis, Fault Tree Reliability
FP8-1, Analysis etc. line
Analysis
F8-2 &
FP8-2 Fault Modeling
Three intervals Pre-fault Duration of the fault Post-fault
Topics in Fault & Post- Bumpless transfer
Fault Detection and Fault Model Stability Steady-state Transient stability Steady-state stability Steady-state error
FP8-1 Diagnosis (FDD) Information On- Performance Steady-state Transient and steady-state performance
Saturation avoidance
line Control effort Minimal Control redistribution without saturation Control (re)allocation
Topics of Fault-Tolerant/
this Reconfigurable Control Controller These considerations
Redundancy; real-time;
have led to development Two Main Modules:
course! Reconfiguration FDD and Control Reconfiguration
closed-loop; uncertainties;
Design of different reconfigurable delays; nonlinearities
control techniques
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 37 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 38

Classification of Existing AFTCS Benchmarks on Fault-Tolerant Control

Criteria for Classification

Classification Based on Control Algorithms

Mathematical tools used
9 Model-based
9 Intelligent
9 Combined
Design approach used
9 Pre-computed control laws
9 On-line automatic redesign
The way achieving reconfiguration
9 Switching
9 Matching
9 Following
Classification Based on Application Fields
Conventional safety-critical systems
New application areas
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 39 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 40
 Challenges/Open Problems in FTCS References and Reading Materials
Redundancy
Hardware versus Analytical (Software) Redundancy
Control Re-allocation and Re-distribution
Reference books
Modelling 9 Mufeed Mahmoud, Jin Jiang, Youmin Zhang, Active Fault Tolerant Control
On-line Identification for Closed-loop Systems with Reconfigurable Control Systems: Stochastic Analysis and Synthesis, Springer-Verlag, May 1, 2003,
Stability ISBN: 3540003185.
Stability Analysis, Stability Guaranteed Design, and Stability Robustness
Performance 9 Mogens Blanke, Michel Kinnaert, Jan Lunze, Marcel Staroswiecki, Diagnosis
Design for Graceful Performance Degradation and Fault-Tolerant Control, Springer-Verlag, August 1, 2003, ISBN:
Transient/Transition Management Techniques 3540010564.
Robustness
Dealing with FDD Uncertainties and Reconfiguration Delay, and Performance Robustness 9 Chingiz Hajiyev and Fikret Caliskan, Fault Diagnosis and Reconfiguration in
Nonlinearity Flight Control Systems, Kluwer Academic Publishers, October 2003, ISBN 1-
FTCS Design for Nonlinear Systems 4020-7605-3.
Dealing with Constraints in Control Input (Actuator Saturation), State, and Output 9 Rolf Isermann, Fault-Diagnosis Systems: An Introduction from Fault Detection
Integration to Fault Tolerance, Springer-Verlag, Nov. 28, 2005.
Integrated Design for AFTCS, and Integration of Passive and Active FTCS
Integration of Intelligent Actuator and Sensor Techniques to FTCS
Integration of Signal Processing, Control, Communication and Computing Technologies with
Hardware and Software Implementation of Overall FTCS
Lecture slides/notes
Safety and Reliability 9 Please see the course webpage or the handouts distributed
Analysis and Assessment for Safety, Reliability and Reconfigurability
Implementations and Applications
Real-time Issues Course webpage
Wider Engineering Applications, beyond classic safety-critical systems 9 \\tun\web\cs\contribution\courses\fall2006\IRS9\FTC1\index.html
New Development
Novel System Architectures, Design Approaches, and Applications
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 41 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 42

Readings Readings (contd)

Books Lecture notes
M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki, Diagnosis and Y. M. Zhang, Introduction to Fault Tolerant Control Systems, Fall 2005.
Fault-Tolerant Control, Springer, Berlin, 2003, pp. 1-26 (Chapter 1). Y. M. Zhang, Faults, Fault Analysis, and Fault Modeling, Lecture notes
M. Mahmoud, J. Jiang, and Y. M. Zhang, Active Fault Tolerant Control #2 for FP8-1, Spring 2005.
Systems: Stochastic Analysis and Synthesis, Springer, Berlin, Germany,
2003, pp. 1-21 (Chapters 1 & 2).
Papers
R. J. Patton, Fault-tolerant control: the 1997 situation, in Proc. of IFAC
Symp. on 3rd Fault Detection, Supervision and Safety for Technical
Processes (SAFEPROCESS), Hull, UK, Aug. 1997, pp. 1033-1055.
M. Blanke, C. Frei, F. Kraus, R. J. Patton, and M. Staroswiecki, What is
fault-tolerant control? in Proc. of the 4th IFAC Symp. on SAFEPROCESS,
Budapest, Hungary, June 2000, pp. 40-51.
Y. M. Zhang and J. Jiang, Bibliographical review on reconfigurable fault-
tolerant control systems, in Proc. of the 5th IFAC Symp. on
SAFEPROCESS, Washington, D.C., USA, June 2003, pp. 265-276.
Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 43 Lecture 1 Lecture Notes on Fault Tolerant Control Systems,
Systems, by Y. M. Zhang (AUE) 44
 FP9-1: Fault Tolerant
Control Systems

Any comment or suggestion is

welcome.