SUPERVISORY FAULT TOLERANT CONTROL BASED ON DWELL-TIME CONDITIONS

Denis Efimov, Jerome Cieslak, David Henry University of Bordeaux, IMS-lab, Automatic control group

351 cours de la libération, 33405 Talence, France {Denis.Efimov; Jerome.Cieslak; David.Henry}@ims-bordeaux.fr

Abstract: The problem of the active fault tolerant control (FTC) with reconfiguration mechanism for linear systems with external disturbances is addressed with application of the supervisory control approach. Starting from the well known in FTC literature conditions for independent design of fault detection, isolation and fault compensation sys-tems we propose new set of united conditions and the computational procedure providing mutual performance of the system. The efficiency of the approach is demonstrated on a flight system benchmark example.

1. INTRODUCTION

The continuously increasing requirements on safety and reli-ability of control algorithms lead to the design of reconfigur-able fault tolerant control systems (see (Aström et al., 2000; Blanke et al., 2003; Boskovic and Mehra, 2002; Chen and Patton, 1999) and the references therein). Such systems have abilities to manage adequately faulty situations recovering control capabilities quickly in the presence of a fault. The main objective of FTC is to maintain the specified perform-ance of a system in the presence of faults. Especial attention to the FTC design problem is paid in flight and aeronautic applications (Cieslak et al., 2008; Henry and Zolghadri, 2005). Two approaches can be distinguished in this area: the passive and the active methods. In the passive approach, a unique control algorithm is designed to achieve the given objectives in healthy as well as in faulty situations (the robust controls). Unfortunately, guaranteed robustness to certain faults contradicts to quality preservation in the nominal mode. The active approaches react to fault events by using a reconfiguration mechanism ensuring the nominal perform-ance in fault-free situations and some admissible level of performance in faulty situations (Zhang and Jiang 2002; 2003). The great benefit of the active FTC approaches is that the fault tolerance does not degraded the performance level in normal (fault-free) operating mode. The active FTC is char-acterized by on-line fault detection and isolation with poste-rior faults compensation via a control reconfiguration mecha-nism. A subclass of active FTC approaches is based on pre-computed control laws depending on the faults which have been identified by fault detection and isolation units (see (Staroswiecki and Berdjag, 2009) for instance), that we will consider in this work. In the reconfigurable FTC systems based on active approaches, the appearance of the control reconfiguration mechanism naturally leads to supervisory framework application to FTC design problem.

To explain the features of this approach consider the family of linear systems:

i i i i= + + Δ +x A x B u G d , =y C x , 1,i N= . (1)

where nR∈x , mR∈u , qR∈y and dR∈d are state, con-trol, output and disturbances respectively. It is assumed that in (1) all matrices iA , iB , iG , C and vectors iΔ , 1,i N= are known, they present the nominal fault models (the differ-ence between the nominal fault shift iΔ and a real one ( )i tΔ can be hidden in d ). The generic form of (1) allows for con-sideration the different types of faults, in actuators and in capacitors, for instance. For some {1,..., }i N∈ =I the family (1) contains the fault-free model. Adding the switching signal

:i R+ → I , that determines the current value of the index in (1) for all 0t ≥ , we obtain the linear switched system. Then the FTC design problem can be formulated as the standard problem of the switched system (1) stabilization (more pre-cisely it is necessary to design a stabilizing control mR∈u for the system (1) ensuring the disturbances d attenuation).

The problem of supervisory FTC design has been widely addressed in the literature (Blanke et al., 1997; Blanke et al., 2003; Boskovic and Mehra, 2002), and many approaches have been applied for independent optimization of the fault detection, isolation and compensation systems. The condi-tions of the switched system (1) stability equipped with the fault detection and compensation blocks are analyzed in the works (Yang et al., 2009a; 2009b). The both works consider the scheme for simultaneous fault detection, isolation and compensation for nonlinear systems applying supervisory control approach under assumption that there is no external disturbances in the system ( 0=d ). The work (Yang et al., 2009b) investigates the case when the full state vector x is available for measurements, then the procedure of faults de-tection and isolation is realized without additional filters by direct falsification of a candidate control after its substitution in the closed loop with plant. The index of the plant i is sup-posed to be constant. Under similar assumptions in the paper (Yang et al., 2009a) the case of partial measurements ≠y x is considered, then the observer based fault detection scheme is designed. Application of the supervisory FTC framework to nonlinear plants leads to rather complex stability condi-

Preprints of the 18th IFAC World CongressMilano (Italy) August 28 - September 2, 2011

Copyright by theInternational Federation of Automatic Control (IFAC)

13717

tions obtained in (Yang et al., 2009a; 2009b).

The main contribution of this paper consists in the approach development that is oriented on the simultaneous design of the fault detection, isolation and compensation systems for (1). Contrarily the conventional approaches (Blanke et al., 1997; Blanke et al., 2003; Boskovic and Mehra, 2002; Henry and Zolghadri, 2005) the proposed procedure is based on overall optimization of the FTC system stability properties regardless a performance lost in each particular subsystem. Such a strategy leads to quality improvement for the whole system. The more detailed problem statement and the system description are given in the section below.

2. SUPERVISORY FTC SYSTEM STRUCTURE

To deal with the posed problem we are going to apply the approach for supervisory control design proposed in (Hespanha et al., 2002; 2003; Hespanha and Morse, 1995). In accordance with (Hespanha et al., 2002; 2003; Hespanha and Morse, 1995) the supervisory control system has to include the multi estimator of the system (1) state (the block of the faults detection and isolation), the control algorithms for each

1,i N= (the block of the faults compensation) and the switching logic (the reconfiguration mechanism) that orches-trates the controls activation. Let us describe all these blocks consequently.

A. Multi estimator

This block for the system (1) consists in N Luenberger-type observers of the following form:

( )i i i i i i i= + + Δ + −z A z B u L y C z , 1,i N= , (2)

where ni R∈z is the state x estimation for the index

1,i N= in (1), iL are the observers gains.

A s s u m p t i o n 1. The matrices i i−A L C , 1,i N= are Hurwitz. □

Define the estimation error i i= −e x z , then the choice of the observer gains in accordance with assumption 1 ensures for the matched case (when indexes in the plant (1) and in the observer (2) are the same)

( )i i i i i= − +e A L C e G d , 1,i N= , (3)

and for the unmatched cases

( ) ( ) ( )( ) , , 1, , .

j j j j i j i j

i j i i j N j i= − + − + − ++ Δ − Δ + ∈ = ≠

e A L C e A A x B B uG d I

(4)

The system (3) is asymptotically stable for the case 0=d and has bounded solutions for any bounded disturbances, the properties of the errors je are hard to determine from (4) since they depend on x and u (that may be unbounded for a wrong control choice). The property, that the matched esti-mation error ie stays bounded or converges to zero, can be used for detection of the index i value in (1).

B. Fault tolerant controls

The FTC block equations can be written as follows: i i= +ξ R ξ K y , i i i= + −u S ξ M y w , 1,i N= , (5)

where sR∈ξ is the state of the system (5), the matrices iR ,

iK , iS , iM and the vector iw have appropriate dimensions,

i i i= ΔB w , 1,i N= .

A s s u m p t i o n 2. The matrices

i i i i ii

i i

+⎡ ⎤= ⎢ ⎥⎣ ⎦A B M C B SH K C R

are Hurwitz for all 1,i N= . □

The matrices iH describe dynamics of the system (1), (5) in

the matched case for all 1,i N= . The choice of the matrices

iH , 1,i N= can be also performed in a way providing de-sired quality of disturbances attenuation in the closed loop system (1), (5). For the unmatched case connection of the plant (1) with the index i and the control (5) with the index j i≠ may result in unbounded response.

C. Supervisor

The switching logic is a map : m q n NR R R ×× × →H I that generates the switching signal

1( ) ( , , , ..., )Ntσ = u y z zH (6)

and assigns the current control algorithm from (5), which has to be activated in closed loop with the plant (1). In the ideal case ( )t iσ → (the controls index match the plant one). The supervisor has to ensure right continuity of the signal ( )tσ (Hespanha et al., 2002; 2003; Hespanha and Morse, 1999) (the signal has to be piecewise continuous and between any two jumps a time delay should exist). The design of the map H differs depending on operation conditions and the blocks (2), (5) properties.

D. Problem statement

The system (2) is responsible for the fault detection and isola-tion, then next the system (5) realizes the fault compensation. The assumptions 1 and 2 describe both mentioned properties of the systems (2) and (5). Under assumption 1 there exists a converging observer in (2), that may solve the detection prob-lem. The assumption 2 states that being detected there exists a controller in (5) compensating the fault. Typically in FTC theory these blocks are designed independently optimizing some performance functionals (Henry and Zolghadri, 2005; Zhang and Jiang, 2008). The observers (2) are designed to maximize their sensitivity to a particular fault and robustness against disturbances d . The controls in (5) are calculated to ensure 2H / H∞ performance. As it is well known, the opti-mality of the subsystems does not imply the same property for the whole system. In our case the optimal properties are critically dependent on the supervisor (6).

In this work we are going to present an approach to the sys-

Preprints of the 18th IFAC World CongressMilano (Italy) August 28 - September 2, 2011

13718

tem (1), (2), (5), (6) design oriented on the mutual perform-ance optimization of this switched system. For this purpose we have to choose a characteristic of the hybrid system (1), (2), (5), (6) to be optimized in parallel with the conventional ones used for the observers (2) and controls (5) design. For this purpose in this work we take the minimal admissible time between switches. It is well known fact (Liberzon, 2003) that switching among stable linear systems does not lead to instability if the delays between switches are big enough (the minimum delay between switches is called dwell-time (Liber-zon, 2003)), this is why the strategy oriented on these delays increasing is frequently applied in practice to ensure stability in switched systems. However, for FTC systems such ap-proach is not admissible, since it results in the time of fault detection and isolation increasing. Additionally, it may lead to more long period of a wrong control activation for the faulty plant. The both shortages are inadmissible for FTC systems from practical point of view. Then the minimization of the dwell-time value for the supervisory FTC system (1), (2), (5), (6) looks reasonable.

The conditions of the supervisory FTC system (1), (2), (5), (6) stability for the case 0=d are given in section 3. Their development for the case 0≠d is presented in section 4. The influence of the dwell-time value on the system performance is also evaluated in sections 3 and 4. Next, based on these results new computation procedure for the conditions verifi-cation and the FTC system (1), (2), (5), (6) synthesis is for-mulated in section 5. Application to a flight safety control system is considered in section 6.

3. THE CASE WITHOUT DISTURBANCES

In this section we assume that ( ) 0t =d for all 0t ≥ . In this case for each fixed plant index i ∈ I according to (3) there exist 0C > and 0η > such that | ( ) | | ( 0 ) | t

i it C e−η≤e e for

all 0t ≥ . Recall, that the signals ( )j tCe , 1,j N= are the only ones available for design purposes.

Define the switching logic as follows:

1 ( )arginf {| ( ) | | ( ) |,k D kk t t t jt t t+ ≥ +τ σ= >Ce Ce (7)

1, , ( )}kj N j t= ≠ σ , 0k ≥ ; 0 0t = ;

1( ) arg min | ( ) |k j N j kt t≤ ≤σ = Ce , 0k ≥ ; (8)

( ) ( )kt tσ = σ for all 1k kt t t +≤ < , 0k ≥ , (9)

where kt , 0k ≥ are instants of switches, 0Dτ > is dwell-time constant. For 0 0t = the switching signal is initialized as

1( 0 ) arg min | ( 0 ) |j N j≤ ≤σ = Ce , the same rule (8) is used

for all time instants kt . The time instant of switch 1kt + is calculated in (7) as the first time instant after k Dt + τ when the output estimation error of an observer becomes smaller than the current one used for control. The dwell-time Dτ ensures time delay between any two switches and absence of chattering. The switching logic (7)−(9) is similar to the hys-teresis one used in (Hespanha et al., 2002; 2003).

T h e o r e m 1 . Let assumptions 1, 2 hold, ( )i t const= and ( ) 0t =d for all 0t ≥ . Then there exists 0Dτ > such that for

any ( 1)( 0 ) N n sR + +∈ψ , 1[ ... ]T T T TN=ψ ξ x z z the solutions

of the system (1), (2), (5), (7)−(9) possess the estimate

/[0, ) 1| ( ) | | (0) | || || max | |i Dt

i i t i i N it e−μ τ≤ ≤≤ ν +υ +ϖ Δψ ψ δ

for all 0t ≥ , for some 0iν > , 0iμ > , 0iϖ > and 0iυ > , where

( )

( )

[ ( ) ( ) ] [ , )( ) | ( ) | | ( ) |;

0 .

k

k

i t k k D

i t

t t if t t tt t t

otherwise

σ

σ

− ∈ + τ ∧⎧⎪= ∧ <⎨⎪⎩

C e eδ Ce Ce ■

All proofs are excluded due to space limitations. The proof idea is based on the observation that the switched system dynamics (1), (2), (5) can be presented in the new coordinates

1[ ... ]T T T T Tk k N=ζ z ξ x z z (the last part 1 ...T T

Nz z does not

contain Tkz ) in the form:

, , ,k k i k k i k k i i= + + +ζ W ζ V Ce ι G d , (10) where

, 1 1[( ) ( ) ( ) ...

...( ) ] ,

T T T Tk i k k k k i k i k

T TN k N

= + + +

+

V B M L K B M L B M L

B M L

, 1 1[ 0 0 ( ) ( ) ...( ) ]T T T Tk i i i k k N N k= Δ − Δ − Δ −ι B w B w B w ,

[ 00 0...0 ]T Ti i=G G

and the matrix ,k iW is left block triangular (all blocks above the main diagonal are zero) and the blocks on the main di-agonal are kH , i i−A L C , 1 1−A L C , … , N N−A L C . Since all blocks on the main diagonal are Hurwitz, the matrix

,k iW has the same property. To calculate Dτ note that there

exist permutation transformation matrices jT and jE ,

1,j N= providing j j=ψ T ζ and j j=e E ψ where

1[ ... ]T T T TN=ψ ξ x z z (the last part 1 ...T T

Nz z contains all N

terms), then for any active control k ∈ I from (10) we have:

1

, , ,1

, , ,[ ]k k i k k k i k k k i k i

k k i k k i k k k i k i

−

−= + + + =

= + + +

ψ T W T ψ T V Ce T ι T G d

T W T V CE ψ T ι T G d

for all 1[ , )k kt t t +∈ . Owing the standard results on dwell-time switched systems stability (Liberzon, 2003; Morse, 1995; Xie et al., 2001; Efimov et al., 2008) the value of Dτ should be taken to satisfy

1 11 , ,max { ln( )}D j N j i j i

− −≤ ≤τ = − α λβ , (11)

where 0 1< λ < is a design constant, ,j iα is the minimal in

norm real part of the matrix ,j iW eigenvalues, and 1

, 0 ,sup | exp( ) |j i t j j i j t−≥β = T W T (the norm of a matrix is

Preprints of the 18th IFAC World CongressMilano (Italy) August 28 - September 2, 2011

13719

computed as its maximum singular value).

The result means that if the system is not detectable with re-spect to the output ( ) ( )kt tσCe , then only practical asymp-totic stability can be ensured in general case. The signal δ is the output fault detection error (this signal is not available for measurements), the amplitude of δ follows by the multi-estimator (2) properties and detectability of the plant (1). Of course, the theorem presents the worst case estimates.

Now let us drop the assumption that ( )i t const= for all 0t ≥ . Suppose, that ( ) ( )ri t i T= , 1[ , )r rt T T +∈ and

( )ri T ∈ I for all 0r ≥ , i.e. the true model of the plant (1) can be different on different intervals 1[ , )r rT T + and ( )i t is a piecewise constant signal, then restricting the rate of ( )i t variation we can substantiate the overall system stability. Further we will assume that there exists also 0DΤ > such that 1r r DT T+ − ≥ Τ for all 0r ≥ , when DΤ defines the ad-missible rate of faults in the system

C o r o l l a r y 1 . Let assumptions 1, 2 hold, 1r r DT T+ − ≥ Τ for all 0r ≥ and ( ) 0t =d for all 0t ≥ . Then there exist

0DΤ > and 0Dτ > such that for any ( 1)( 0 ) N n sR + +∈ψ the solutions of the system (1), (2), (5), (7)−(9) possess the estimate

/[0, ) 1| ( ) | | (0) | || || max | |Dt

t i N it e−μ Τ≤ ≤≤ ν +υ +ϖ Δψ ψ δ

for all 0t ≥ , for some 0ν > , 0μ > , 0ϖ > and 0υ > . ■

An example of the dwell-time DΤ choice is as follows:

1 11max { ln( )}D j N D j j

− −≤ ≤Τ = − τ μ λν ,

where 0 1< λ < is a design constant and 0Dτ > , 0jμ > ,

0j>ν , 1,j N= come from Theorem 1.

Thus, under conditions of corollary 1 the system (2), (5), (7)−(9) realizes a reconfigurable fault tolerant control algo-rithm for the plant (1). The accuracy of the fault tolerant con-trol realized by (2), (5), (7)−(9) depends on ability of the multi-estimator (2) to detect the correct current mode of the system (1) (i.e. on the amplitude of the error δ ).

4. THE CASE WITH DISTURBANCES

The previous section results can be easily extended to the case ( ) 0t ≠d , 0t ≥ . We will assume that dL∞∈d , i.e.

0ess sup {| ( ) |}t t≥ < + ∞d . The main obstacle in this case is that for any plant index i ∈ I according to (3) there exist

1 0C > , 2 0C > and 0η > such that

1 2| ( ) | | ( 0 ) | || ||ti it C e C−η≤ +e e d for all 0t ≥ . Thus the

estimation error even for the matched observer in (2) does not converge to zero.

T h e o r e m 2 . Let assumptions 1, 2 hold and ( )i t const= for all 0t ≥ . Then there exists 0Dτ > such that for any

( 1)( 0 ) N n sR + +∈ψ and dL∞∈d the solutions of the system (1), (2), (5), (7)−(9) possess the estimate

/

[0, )

[0, ) 1

| ( ) | | (0) | {|| |||| || } max | |

i Dti i t

t i i N i

t e−μ τ

≤ ≤

≤ ν +υ ++ + ϖ Δψ ψ δ

d

for all 0t ≥ , for some 0iν > , 0iμ > , 0iϖ > and 0iυ > , where ( )tδ is defined in Theorem 1. ■

C o r o l l a r y 2 . Let assumptions 1, 2 hold and 1r r DT T+ − ≥ Τ for all 0r ≥ . Then there exist 0DΤ > and

0Dτ > such that for any ( 1)( 0 ) N n sR + +∈ψ , dL∞∈d the solutions of (1), (2), (5), (7)−(9) possess the estimate

/

[0, )

[0, ) 1

| ( ) | | ( 0 ) | {|| |||| || } max | |

Dtt

t i N i

t e−μ Τ

≤ ≤

≤ ν +υ ++ + ϖ Δψ ψ δ

d

for all 0t ≥ , for some 0ν > , 0μ > , 0ϖ > and 0υ > . ■

Therefore, the appearance of the disturbance dL∞∈d does not change the properties of the dwell-time supervisor (7)−(9). The system (1), (2), (5) in this case demonstrates proportional deviations from the unperturbed behavior.

Sections 3 and 4 present the stability conditions and the ex-pression for dwell-time computation, in other words they are devoted to the FTC system analysis, the synthesis phase is presented in the next section.

5. FTC DESIGN

In this section we are going to propose the computation pro-cedure for the supervisory FTC system (1), (2), (5), (6) syn-thesis finding a trade-off between dwell-time value optimiza-tion and the estimator (2) or the FTC (5) sensitiv-ity/robustness.

The assumption 1 fixes the stability property of the estimator. In practical application additional requirements are imposed on the matrices iL to increase sensitivity to faults and ro-bustness with respect to disturbances. Typically (Henry and Zolghadri, 2005), the matrices iL are derived as solutions of the following 2/H H∞ optimization problem:

arg min || ( , ) || / || (0, ) ||L si i iW s W= LL L L (12)

for min{Re[ ( ) ]} 0i iλ + <A L C , 1,i N= ,

where 1( , ) ( )Li i iW s s −= − +L I A LC G for i=L L is the

transfer function for the estimation error ie from the input d , 1( , ) ( )s

i iW s s −= − +L I A LC corresponds for 0s = to as-ymptotic gain between the error and additive faults in (3),

( )λ A is the vector of eigenvalues for a matrix A , the norm in (12) is understood in H∞ or 2H sense. Then the numera-

Preprints of the 18th IFAC World CongressMilano (Italy) August 28 - September 2, 2011

13720

tor in (12) ( , )Li iW s L evaluates the system robustness and

denominator (0, )si iW L estimates the sensibility to faults.

The FTC (5) design (Henry and Zolghadri, 2005) is typically performed applying LQR approach or following similar

2/H H∞ optimization:

( , , , ) arg min || ( , ) ||Hi i i i iW s= HR K S M H (13)

for min{Re[ ( ) ]} 0iλ <H , 1,i N= ,

where 1( , ) ( )Hi iW s s − ′= −H I H G , [ 0 ]T T

i i′ =G G for

i=H H is the system (1), (5) transfer function from the input

d to the state [ ]T T Tx ξ .

The constrained optimization problems (12), (13) provide the independent solutions for the multi-estimator (2) and FTC (5) design. The principal novelty of the present paper consists in proposition of mutual redesign of (2), (5), (6) to ensure global performance and stability of the resulted switched system taking into account properties of the supervisor. As a global performance criteria it was proposed to use the value of the dwell-time Dτ (that determines the fastest admissible switches period among the fault tolerant control laws (5)) and

DΤ (that defines the admissible rate of faults in the system). By admissible we mean that switching with these dwell-times do not destroy the system stability. The value DΤ serves as a complementary characteristic of the system, but the value Dτ violation may lead to the system (1), (2), (5), (6) performance degradation or/and stability loss.

The dwell-time value Dτ is given in (11), according to ,j iα ,

,j iβ definition 1 1( ,..., ; ,..., )D D N Nτ = τ L L H H , then the pro-posed optimization problem to be solved can be formulized as follows (by the matrix iH definition it depends on

, , ,i i i iR K S M , 1,i N= )

1 1

1 1 1 1 1

,..., ; ,..., 1 1 1

( , , , , ;...; , , , , )arg min ( ,..., ; ,..., ) ,

N N

N N N N N

N NJ=

= L L H H

L R K S M L R K S ML L H H (14)

min{Re[ ( )]} 0i iλ + <A L C , min{Re[ ( )]} 0iλ <H , 1,i N= , (15)

1 1 1 1 1 1

2 1

3 1

( ,..., ; ,..., ) ( ,..., ; ,..., )max {|| ( , ) || / || ( 0, ) ||}max {|| ( , ) ||},

N N D N NL s

i N i i i iH

i N i i

JW s WW s

≤ ≤

≤ ≤

= τ ++ ++

L L H H L L H HL LH

where (14) defines the optimization criteria and (15) gives the constraints, 0k > , 1, 2,3k = are the design parameters.

Another variant of this problem formulation is based on the maximum admissible value of dwell-time max

Dτ introduction.

It is assumed that if maxD Dτ > τ , then the system reaction time

(the minimal time between switches and the maximum time of a wrong controller activity) is not acceptable from the sys-tem performance specification. Thus,

1 1

1 1 1 1 1

,..., ; ,..., 2 1 1

( , , , , ;...; , , , , )arg min ( ,..., ; ,..., ) ,

N N

N N N N N

N NJ=

= L L H H

L R K S M L R K S ML L H H (16)

min{Re[ ( )]} 0i iλ + <A L C , min{Re[ ( )]} 0iλ <H , 1,i N= , (17)

max1 1( ,..., ; ,..., )D N N Dτ ≤ τL L H H , (18)

2 1 1

1 1

2 1

( ,..., ; ,..., )max {|| ( , ) || / || ( 0, ) ||}max {|| ( , ) ||},

N NL s

i N i i i iH

i N i i

JW s WW s

≤ ≤

≤ ≤

== ++

L L H HL LH

where (16) defines the optimization criteria and (17), (18) state for the constraints to be satisfied, 1 and 2 are posi-tive design parameters.

Let us stress, that (14), (15) and (16)−(18) belong to the class of nonlinear optimization problems. Despite the considered system (1) and the observers (2) with the controls (5) are lin-ear, the closed by the supervisor (6) system is switched and, hence, nonlinear. Consequently, any optimization problem oriented on mutual (2), (5), (6) design and global perform-ance optimization becomes a nonlinear one.

6. APPLICATIONS

A fourth order F-8 aircraft model (Zhang and Jiang, 2008) is used to demonstrate the advantages of the proposed approach with the state space vector [ ]Tp r= β φx ( p , r , β , φ rep-resent the roll rate, the yaw rate, the sideslip and the bank angle respectively) and the control 1 2[ ]T= δ δu ( 1δ and 2δ are the two aileron deflections on the wing). FTC system design for the case of stuck actuators is addressed.

The system matrices for the fault free case in (1) have form:

1

3.598 0.1968 35.18 00.0377 0.3576 5.884 0

0.0688 0.9957 0.2163 0.07330.9947 0.1027 0 0

− −⎡ ⎤⎢ ⎥− −= ⎢ ⎥− −⎢ ⎥⎣ ⎦

A ,

1

14.65 8.790.2179 0.13070.0054 0.0032

0 0

⎡ ⎤⎢ ⎥

= ⎢ ⎥− −⎢ ⎥⎣ ⎦

B , 0 1 0 00 0 0 1⎡ ⎤= ⎢ ⎥⎣ ⎦

C , 1 0Δ = .

The faults correspond to scenarios with stuck actuators, thus

2

14.65 00.2179 00.0054 0

0 0

⎡ ⎤⎢ ⎥

= ⎢ ⎥−⎢ ⎥⎣ ⎦

B , 2 2

8.790.13070.0032

0

⎡ ⎤⎢ ⎥

Δ = α⎢ ⎥−⎢ ⎥⎣ ⎦

;

3

0 8.790 0.13070 0.00320 0

⎡ ⎤⎢ ⎥

= ⎢ ⎥−⎢ ⎥⎣ ⎦

B , 3 3

14.650.21790.0054

0

⎡ ⎤⎢ ⎥

Δ = α⎢ ⎥−⎢ ⎥⎣ ⎦

,

where 2 / 6α = π , 3 / 6α = π are the angles of stuck actuators (it is assumed that the actuators can be stuck in the maximum deviation position), the matrices 2 3 1= =A A A . It is required

Preprints of the 18th IFAC World CongressMilano (Italy) August 28 - September 2, 2011

13721

to design FTC system (2), (5), (6).

Three control laws and observers have to be designed for the multi-estimator (2) and for the bank of controls (5). The case of independent design is performed in accordance with (12), (13) separately. The resulted system has 2.01Dτ = [sec] and

32.3DΤ = [sec], that is clearly not acceptable for a flight system (the crash can happen for 2 sec with stuck actuators). Application of the presented design procedure gives the set of controls and observers with 0.4Dτ = [sec] and 1.14DΤ = [sec]. The results of the system simulation are shown in Fig. 1. In Fig. 1,a the bank angle φ trajectory with the its refer-ence rφ are plotted, the signals ( )i t and ( )tσ are presented in Fig. 1,b, the outputs of the estimators | |i iε = Ce , 1,2,3i = are shown in Fig. 1,c.

0 10 20 30 40 50 60-0.2

0

0.2

0.4

0.6

0.8

1

1.2

0 10 20 30 40 50 600

0.5

1

1.5

2

2.5

3

3.5

4

0 10 20 30 40 50 600

0.005

0.01

0.015

0.02

0.025

0.03

0.035

0.04

a. b.

c.

ϕ

ϕr

i

σ

ε 1

ε3

ε 2

Fig. 1. Simulation results.

For the simulation the observers poles have been chosen to minimize detection delays and the actual detection times are proportional to Dτ (see Fig. 1,b). However, due to strict in-stability of the plant subjected by stuck faults, even such small detection time results in significant deviations of the regulated variable from its reference (Fig. 1,a).

7. CONCLUSION

The problem of the active fault tolerant control for linear sys-tems with external disturbances is solved with application of the supervisory control approach. Starting from the well known independent design of fault detection, isolation and compensation systems we propose the new design procedure providing overall performance of the system. The efficiency of the approach is demonstrated on F-8 flight system bench-mark example.

REFERENCES

Aström K., Albertos P., Blanke M., Isidori A., Schaufelber-ger W., Sanz R. (2000). Control of Complex Systems.

Springer Verlag. Blanke M., Kinnaert M., Lunze M. et Staroswiecki M.

(2003). Diagnosis and fault tolerant control. Springer, New York.

Blanke M., Izadi-Zamanabadi R., Bogh S.A., Lunau C.P. (1997). Fault-tolerant control systems – a holistic view. Control Eng. Practice, 5(5), pp. 693−702.

Boskovic J.D., Mehra R.K. (2002). Failure Detection, Identi-fication and Reconfiguration in Flight Control. Fault Di-agnosis and Fault Tolerance for Mechatronic Systems, Springer, New York.

Chen J., Patton R.J.(1999). Robust Model-Based Fault Diag-nosis for Dynamic Systems. Kluwer Academic Publish-ers, Norwell, MA.

Cieslak J., Henry D., Zolghadri A. and Goupil P. (2008). De-velopment of an Active Fault Tolerant Flight Control Strategy. AIAA Journal of Guidance, Control and Dy-namics, 31(1), pp 135−147.

Efimov D.V., Panteley E., Loria A. (2008). On Input-to-Output Stability of Switched Nonlinear Systems. Proc. 17th IFAC WC, Seoul, Korea.

Henry D., Zolghadri A. (2005). Design and analysis of robust residual generators for systems under feedback control, Automatica, 41(2), pp 251−264.

Hespanha J.P., Morse A.S. (1999). Certainty equivalence implies detectability. Systems Control Lett., 36, pp. 1−13.

Hespanha J.P., Liberzon D., Morse A.S. (2002). Supervision of Integral-Input-to-State Stabilizing Controllers, Auto-matica, pp. 1327–1335.

Hespanha J.P., Liberzon D., Morse A.S. (2003). Hysteresis-Based Supervisory Control of Uncertain Linear Sys-tems, Automatica, pp. 263–272.

Liberzon D. (2003). Switching in Systems and Control. Birk-häuser, Boston.

Morse A.S. (1995). Control using logic-based switching. In: Trends in control (A. Isidory (Ed.)), Springer-Verlag, pp. 69–113.

Staroswiecki M., Berdjag D. (2009). Passive/active fault tol-erant control for LTI systems with actuator outages. Proc. European Control Conference, Budapest.

Xie W., Wen C., Li Z. (2001). Input-to-state stabilization of switched nonlinear systems. IEEE Trans. Automat. Con-trol, 46, pp. 1111–1116.

Yang H., Jiang B., Cocquempot V. (2009a). A fault tolerant control framework for periodic switched non-linear sys-tems. Int. J. Control, 82(1), pp. 117−129.

Yang H., Jiang B., Staroswiecki M. (2009b). Supervisory fault tolerant control for a class of uncertain nonlinear systems. Automatica, 45, pp. 2319−2324.

Zhang Y., Jiang J. (2002). Graceful performance degradation in active fault tolerant systems. Proc. IFAC congress 2002, Barcelona.

Zhang Y., Jiang J. (2003). Fault tolerant control system de-sign with explicit consideration of performance degrada-tion. IEEE Trans. Aerosp. Electron. Syst., 39(3), pp. 838−848.

Zhang Y.M., Jiang J. (2008). Bibliographical Review on Re-configurable Fault-Tolerant Control Systems. IFAC An-nual Review in Control.

Preprints of the 18th IFAC World CongressMilano (Italy) August 28 - September 2, 2011

13722