Active fault-tolerant control systems: integration of ...

Active fault-tolerant control systems: integrationof fault diagnosis and reconfigurable control

Youmin Zhang

Dept. of Mechanical and Industrial Engineering, Concordia UniversityMontreal, Quebec H3G 1M8, Canada

[email protected]

Abstract. In this paper, important issues on integration of Fault Detectionand Diagnosis (FDD) with Reconfigurable Control (RC) for Active Fault-Tolerant Control Systems (AFTCS) are addressed. The existing approachesand associated issues in FDD and RC are briefly reviewed and examinedfrom integrated design of FDD and RC viewpoint. The role of FDD inAFTCS, the applicability, suitability and issues in existing FDD approachesfor AFTCS are examined. The requirements, recent development, designconsiderations and a few potentially useful techniques for enhancing inte-gration of FDD and RC are discussed.

Keywords: Fault Detection and Diagnosis (FDD), Reconfigurable Control(RC), Integration of FDD and RC, Active Fault-Tolerant Control Systems.

1. Introduction

Fault-Tolerant Control Systems (FTCS) are control systems that possess the ability to ac-commodate system component failures automatically and are capable of maintaining overallsystem stability and acceptable performance in the event of failures. Generally speaking,FTCS can be categorized into two main classes: passive and active. Passive FTCS (PFTCS)are designed with the consideration of a set of presumed failure modes. The resulting con-trol system performance tends to be conservative. It also has the limitation to deal withunanticipated faults. In contrast, Active FTCS (AFTCS) react to the occurrence of systemfaults on-line in real-time in an attempt to maintain the overall system stability and perfor-mance. Two main potential advantages of AFTCS are 1) the ability to deal with previouslyunknown faults with explicit Fault Detection and Diagnosis (FDD) and Controller Recon-figuration (CR); and 2) the possibility to achieve the optimal performance.As shown in Fig. 1, typical AFTCS consist of four sub-systems: 1) a Reconfigurable Con-troller (RC), 2) a FDD scheme, 3) a reconfiguration mechanism, and 4) a command/referencegovernor. Inclusion of both FDD and RC within the overall system structure is the mainfeature distinguishing AFTCS from PFTCS. Key issues in AFTCS are how to design: 1)a controller which is reconfigurable, 2) a FDD scheme with high sensitivity to faults androbustness to model uncertainties, operating condition variations, and external disturbances,and 3) a reconfiguration mechanism which leads to the recovery of pre-fault system per-formance as much as possible in the presence of uncertainties and time-delays in FDD andunder the constraints of control input and system state/output limits under the fault condi-tions. The critical issue in any AFTCS is the limited amount of time available for the FDD

Youmin Zhang, Active Fault-Tolerant Control Systems: Integration of Fault Diagnosis and Reconfigurable Control,Plenary Lecture for the 8th Conf. on Diagnostics of Processes and Systems, Slubice, Poland, 10-12 Sept. 2007.

2 Youmin Zhang

ControllersOutputs

disturbances disturbances disturbances

System SensorsActuators

noises noises noisesInputs

ControllersOutputs

disturbances disturbances disturbances

System SensorsActuators

noises noises noisesInputs

ReconfigurationMechanisms

CommandGovernor

faults faults faultsfaults faults faults

FDD

Reconfigurable Reconfigurable controllerscontrollers

Inner-loopOuter-loop

_

Fig. 1. General structure of AFTCS

and for the control system reconfiguration. Furthermore, in case of failures, stability guar-antee, transient and steady-state performance, system robustness to noises, uncertainties anddisturbances are some of the important issues to be considered in AFTCS.It should be emphasized that the overall behavior of the system depends not only on thequality of each component, but also on the interaction of them in a real-time environment.Typically, these four subsystems operate in a sequential manner, i.e. when a fault occurs inthe system, FDD scheme will not only flag the fault but also suppose to provide sufficientinformation about the fault to the reconfigurable control design subsystem and to the hu-man operators for fault alarm. Subsequently, the designed reconfigurable control strategytogether with re-adjusted command input is then sent to controller for execution.Even though the development of AFTCS is relatively recent, investigation of different FDDtechniques has quite a long history. However, it is important to note that most of the FDDtechniques are developed as a diagnostic or monitoring tool, rather than an integral part ofAFTCS. Clearly, some existing methods may not satisfy the need of control reconfigurationin the framework of AFTCS.Under the framework of AFTCS, different model-based controller reconfiguration methodshave been developed. Unfortunately, most of methods assume that a perfect FDD schemeis available and a perfect post-fault model of the system is known. Little consideration hasbeen paid to the type and the degree of accuracy of the information that FDD can supplyin real-time. The truth is that, without proper consideration of each other, it will not besurprising if the combined system does not work as expected.To build truly functional AFTCS, it is important to examine all subsystems closely to makesure that they can work in harmony. To be more precisely, from the viewpoint of reconfig-urable control mechanism, one needs to examine what kinds of information are needed fromFDD to achieve a reasonable control strategy, and from the FDD point of view, one needsto know what types of information are deliverable. The demand and supply between thesetwo subsystems should match, otherwise, the overall system will not work properly. Anincorrect or much delayed FDD result may not only result in a loss of system performance,but also instability of overall system. An inappropriate reconfigurable control mechanismbased on incorrect FDD information will also lead to poor performance and even the lossof stability of the system. It is also very important to emphasize that the above actions arecarried out within a limited time interval. How long of such limited time interval dependson the application, the system operating condition when the fault occurs, and the severity ofthe fault. As an example, for most flight control applications, such a time interval could beas less as a few seconds. Compared with a flight condition that if a control surface failureoccurs in an airplane flying at 10,000m, a much shorter time interval is available for FDD


AFTCS: Integration of fault diagnosis and reconfigurable control 3

and CR actions if the airplane flying at 1,000m when the same fault occurs. However, for arelatively slower chemical system, available time for FDD and CR is generally longer thanthe case of airplane. In general, however, a very limited time interval is available for systemto react and compensate for a severe fault during the system operation.To the best of our knowledge, such important problems have largely been overlooked inthe past. The main objective of this paper is to examine some aspects of these importantproblems. By acknowledging the existence of such problems associated with AFTCS, it isour hope that more research effort will be directed to develop more suitable FDD schemesand reconfigurable control mechanisms to achieve an AFTCS truly improving the reliability,safety, as well as the performance of the system operation.The paper is organized as follows: In Section 2, design objectives of reconfigurable (fault-tolerant) control systems and several commonly reported reconfigurable control design meth-ods are analyzed. Particular attentions are paid to examine the type of information that thesemethods need to carry out the design. Several existing FDD schemes are discussed in Sec-tion 3 to evaluate how these schemes can serve for the reconfigurable controller design.Mis-matches between these two subsystems and several important issues to be consideredin AFTCS are highlighted in Section 4 with possible solutions. Conclusion and open prob-lems for further research are given in Section 5.

2. Reconfigurable Control and Requirements from FDD2.1. Objective of Reconfigurable ControlTo demonstrate the objective of reconfigurable control, consider a linear dynamic systemwith unknown component faults described by the following model:

xk+1 = Axk + Buk

yk+1 = Cxkk < kf Normal

xk+1 = Afxk + Bfuk

yk+1 = Cfxkk ≥ kf Faulty

(1)

During normal operation of the system, system matrices are represented by{A,B,C}.Once a fault occurs at an unknown time with unknown changes in the system, the sys-tem matrices become to{Af , Bf , Cf}. The fault-induced changes in each matrix and themagnitude of the change in{A,B, C} depend on the type of the fault (system componentfault, actuator fault, or sensor fault) and severity of the fault. Other forms of fault model-ing which can be formulated as additive disturbance terms are also widely used (Chen andPatton, 1999; Simaniet al., 2003; Isermann, 2006).Suppose one has a controller designed for normal operation of the system with followingfeedback-feedforward structure for command tracking:

uk = Kfeedbackxk + Kfeedforwardrk (2)

The design objective of reconfigurable control is then to design a new controller (recon-figurable controller), in response to the changes induced by faults in the system, such thatthe stability and overall closed-loop system performance (dynamic and steady-state) canbe maintained. The modified control signal is now determined by the reconfigured con-troller {Kfeedback

f , Kfeedforwardf } as shown in Eq. (3), which is based on the post-fault

model specified by system matrices{Af , Bf , Cf} in Eq. (1) by using certain control designmethod, just as an example, eigenstructure assignment combined with command generatortracker technique developed in (Zhang and Jiang, 2002).

uk = Kfeedbackf xk + Kfeedforward

f rk (3)


4 Youmin Zhang

How to design the reconfigurable feedback and feedforward controllers is the main taskof different reconfigurable control strategies, even though different methods achieve thisobjective in different ways and can recover the original performance in different levels.However, to make these reconfigurable control design possible, post-fault system model hasto be known, i.e., the values of matrices{Af , Bf , Cf} must be available for calculating{Kfeedback

f ,Kfeedforwardf } after the fault has been detected, isolated and identified. This

arises the need for FDD and requires the FDD part can provide as quick and precise aspossible the values of{Af , Bf , Cf} and the time of these changes occurred in the system.For the situations where other forms of system models and fault types being considered,corresponding reconfigurable control should have similar relationship as the above state-space model and associated controller. In the case of more complicated control structure,such as model reference control scheme as shown in (Bodson and Groszkiewicz, 1997;Zhang and Jiang, 2003b), one more reconfigurable controller gain matrix associated withthe reference model will be needed. The widely used PI (proportional and integral) controlstructure can also be used (Musgraveet al., 1997; Nouraet al., 2000; Zhang and Jiang,2001b). Furthermore, more advanced control structures with linear or nonlinear controllaws could also be used.

2.2. Existing Reconfigurable Control Strategies

In the literature, the existing reconfigurable control design methods fall into one of thefollowing approaches: linear quadratic regulator; pseudo-inverse or control mixer; gainscheduling or linear parameter varying; (model reference) adaptive control or model fol-lowing; eigenstructure assignment; multiple models; feedback linearization or dynamic in-version; H∞ and other robust control; model predictive control; variable structure or slidingmode control; generalized internal model control; and intelligent control using expert sys-tems, neural networks, fuzzy logic and learning methodologies, etc. Detailed classificationcan be carried out according to the criteria such as 1) mathematical design tools; 2) designapproaches; 3) reconfiguration mechanisms; and 4) type of systems to be dealt with, asclassified in (Zhang and Jiang, 2003a). Such a classification is shown in Fig. 2.Even though different methods use different design strategies, the design goal for reconfig-urable control is in fact the same. That is, the design objective of reconfigurable control is todesign a new controller such that post-fault closed-loop system has, in certain sense (for ex-ample, as close as possible in the eigenstructure (e.g. EA), minimum Frobenius norm of thedifference of two system matrices (e.g. PIM), or minimization of a quadratic performanceindex (e.g. LQR)), the same or similar closed-loop performance to that of the pre-fault sys-tem. Depending on the applications and severity of faults, in certain occasion, degraded per-formance may have to be accepted (Blankeet al., 2006; Zhang and Jiang, 2003b; Jiang andZhang, 2006). The common requirement for using these methods to design a reconfigurablecontroller is the need of a precise mathematical model which describes dynamics of the post-fault system. Due to the nature of fault, usually, this model cannot be provideda priori. Ithas to be obtained on-line and in real-time manner. This requires an on-line and closed-loopFDD scheme to provide information about the fault and the post-fault model. If the system’sfault modes can be well described by a finite set of presumed fault models or only a finiteset of presumed fault modes is the concern for reconfiguration, then multiple-model andgain scheduling based approaches can be used (Boskovic and Mehra, 2002; Maybeck andStevens, 1991; Yen and Ho, 2003; Zhang and Jiang, 2001a).It is worthwhile to point out that several robust control approaches based on e.g. H∞, QFTand LMI are also included in the list of Fig. 2. One may argue that these methods shouldbetter be classified into the category of PFTCS since only a fixed controller in these methods



is used to deal with possible fault scenarios through off-line design. They are includedhere since these techniques could also be used as potential robust reconfigurable controllerswithin the framework of AFTCS, as shown for example in (Makiet al., 2004; Rodrigueset al., 2005; Shinet al., 2004) by using LMI-based reconfigurable controller in LPV or MMframework.

Classification of existing RC design methods

8>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>:

Mathematicaldesign tools

8>>>>>>>>>>>>>>>>>>>>>>>>>>>><>>>>>>>>>>>>>>>>>>>>>>>>>>>>:

Linear Quadratic Regulator (LQR)Pseudo-Inverse Method (PIM)Intelligent Control (IC)Gain Scheduling (GS)/

Linear Parameter Varying (LPV)Model Following (MF)Adaptive Control (AC)Multiple Model (MM)Eigenstructure Assignment (EA)Feedback Linearization (FL)/

Dynamic Inversion (DI)H∞ and other robust control techniquesModel Predictive Control (MPC)Quantitative Feedback Theory (QFT)Linear Matrix Inequality (LMI)Variable Structure Control (VSC)/

Sliding Mode Control (SMC)Generalized Internal Model Control (GIMC)

Designapproaches

8>>>>>>>>>>>>>>>><>>>>>>>>>>>>>>>>:

Pre-computed control laws

8>>><>>>:

MMGS/LPVQFTLMIGIMC

On-line automatic redesign

8>>>>>>><>>>>>>>:

LQRPIMMF/ACEAFL/DIVSC/SMMPC

Reconfigurationmechanisms

8>>>>>>>>>>>>>>>>>>><>>>>>>>>>>>>>>>>>>>:

Optimization

8><>:

LQRH∞/µ synthesisLMIMPC

Switching

8<:

MMGS/LPVVS/SM

Matching

�PIM—System matrixEA—Eigenstructure

Following

�MF—State/OutputMPC—Set-point/Output

Compensation

�Additive compensationAdaptive compensation

Type ofsystemsdealt with

8>><>>:

Linear systems

�LQR; PIM; MF; EA; MM;MPC; QFT; GIMC

Nonlinear systems

�GS/LPV; MM; FL/DI;LMI; VSC/SMC; IC

Fig. 2. Classification of RC design methods in AFTCS

An important criterion for judging the suitability of a control method for AFTCS is itsability to be implemented to maintain acceptable (nominal or degraded) performance in theimpaired system state in an on-line setting. In this regard, following general requirementsneed to be satisfied: 1) Control reconfiguration has to be done under real-time constraints; 2)The reconfigurable controller has to be designed automatically; 3) The methods used haveto provide a solution even if the solution is not optimal.

2.3. Common Assumptions in Existing AFTCSMost of the research work in the field of FTCS has been carried out with the assumption thata perfect FDD scheme is available, and a perfect post-fault model of the system is known,


6 Youmin Zhang

under which the objective of reconfigurable control is only to design stabilizing controllerbased on the available post-fault system model and the assumed fault detection time for re-covering the original system performance. In other words, the reconfigurable control lawsare designed without any interaction with the FDD scheme in a closed-loop fashion. This isseldom the case in practice. Besides, there is no guarantee that the separately designed RCand FDD schemes can work in harmony in a real-time environment. Furthermore, the effectof the system component failures often reflects as the reduction in the stability margin ofthe system or even the loss of stability if no corrective control actions have been taken. Tomaintain the integrity of the entire system, it is desirable that the fault in the system shouldbe detected and identified promptly, and the corrective control actions should be taken im-mediately. On the other hand, the key problem for AFTCS is on-line reconfiguration ofthe controller. For this to be possible, prompt and correct information about the occurrenceof fault is necessary to activate the reconfiguration mechanism; further, information aboutwhich part of the system is failed is needed; and third, the detailed information about themagnitude of fault or change in the system parameters is required. These requirements cor-respond naturally to the three tasks in FDD: 1) fault detection, 2) fault isolation, and 3) faultidentification.To overcome the above mentioned difficulties and to design practical AFTCS, it is highlydesirable to develop new techniques that can integrate the FDD scheme and RC design ina coherent fashion without any pre-assumption on the knowledge of the post-fault systemmodel (this posts important requirements on the FDD scheme). In the design process, thestochastic nature of the system, uncertainties, impreciseness and time delay of FDD shouldall be taken into consideration. Ideally, at each step of controller reconfiguration, the FDDscheme should provide as quick as possible and as detailed as possible information on thepost-fault system, and on the other hand the controller should be able to work with theimprecise post-fault model under the limited amount of time and information. Only veryrecently, more and more research efforts on the integrated design of the FDD and RC canbe found in the literature, for example (Aravenaet al., 2005; Balleet al., 1998; Boskovicet al., 2005; Campos-Delgadoet al., 2005; Chen and Jiang, 2005; Cieslaket al., 2006;Jiang and Chowdhury, 2005; Jianget al., 2006; Jiang, 1994; Jiang and Zhang, 2006; Jiangand Zhao, 1998; Katebi and Grimble, 1999; Kimet al., 2001; Liuet al., 2004; Napolitanoet al., 2001; Omerdic and Roberts, 2004; Yen and Ho, 2003; Zhanget al., 2001; Zhangand Jiang, 2001a; Zhang and Jiang, 2001b), to name a few. Survey/review papers (Blankeet al., 2000; Blankeet al., 1997; Blankeet al., 2001; Patton, 1997; Staroswiecki and Gehin,2001; Zhang and Jiang, 2003a) and books (Blankeet al., 2006; Hajiyev and Caliskan, 2003;Isermann, 2006; Mahmoudet al., 2003a) focused more on both fault diagnosis and fault-tolerant control are published recently. However, systematic design guidelines for issuessuch as how to design the FDD scheme effectively for reconfigurable control; what are therequirements on the FDD scheme for designing reconfigurable controller still need to befurther investigated.

2.4. Requirements from FDD for Reconfigurable Control

As discussed above, it is clear that one of the major problems associated with the existingAFTCS is that most of these methods assume that a perfect FDD scheme is already availableand the perfect post-fault model of the system is known. Usually it is not realistic to knowa perfect post-fault model unless either the post-fault system model is to be identified byexploiting certain system parameter identification based FDD schemes (on-line automaticredesign approach) or in the cases of multiple-model approaches, the FDD scheme and re-configurable controller have been designed only for a finite set of presumed fault modes



(pre-computed control law). In the latter case, the more difficult task on on-line identifica-tion of the post-fault model is not necessary. However, only presumed fault modes can behandled.A critical issue in any AFTCS is the limited amount of time available for FDD and for con-trol system reconfiguration. The speed, the accuracy, and the robustness of these schemesare some of the extremely important issues. If designed properly, an AFTCS will be ableto deal with unforeseen faults. Since AFTCS involve significant amount of on-line fault de-tection, real-time decision-making and reconfigurable control synthesis and execution, thetrade-off among the diagnostic speed and accuracy, the stability and the control performanceof the overall system should be carefully considered and well balanced.One of the solutions to design a good AFTCS is to integrate the FDD and RC schemes inthe design process since the fact that there is no guarantee that the separately designed FDDand RC schemes can work in harmony in a real-time environment. To achieve this objectiveand to provide a useful guideline for such an integrated design, it should be clear that whatkind of information have to be provided from the FDD scheme selected/developed to enablea reconfigurable control design and implementation. Among existing FDD methods, whichmethod is more suitable to be used for control reconfiguration.In order to design a controller, precise knowledge about the plant dynamic model should beknowna priori. The same information is required for reconfiguring the control system. Onconsidering these requirements, the FDD approaches which can only provide fault detectionand isolation (FDI) information, but without fault identification capability may not be wellsuitable to the on-line controller reconfiguration schemes because the detailed knowledge ofthe system dynamic model and more details about the fault-induced changes in the systemdynamics are necessary for effective control reconfiguration. It is more clear that an on-lineFDD scheme has to be used to provide the updated fault information to the reconfigurablecontrol module, and this reconfigurable control module should be able to incorporate suchinformation and update the control parameters correspondingly so that the closed-loop sys-tem performance can be retained without serious degradation. The whole operation of theAFTCS is real-time in nature. Therefore, real-time nature is another important feature forAFTCS. Real-time requirement also affects the choice of FDD schemes together with con-trol reconfiguration strategies. In other words, the choice of the way for integrated designof FDD and RC.Based on the above discussion, it becomes obvious that for on-line and real-time reconfig-uration purpose, not only fault has to be detected and isolated, but also the system states/parameters under fault situation are needed. These require the ability of the FDD algorithmto provide correct state/parameter estimation not only in the normal condition, but also andmore importantly in the faulty situations. This arises challenging issues in designing FDDschemes. With respect to these requirements, parameter estimation or simultaneous stateand parameter estimation schemes become necessary for providing necessary informationto control reconfiguration. Another important effect to be considered is how fast the FDDscheme can detect, isolate, and identify a fault, and provide precise enough post-fault modelfor control reconfiguration.In summary, the requirements on FDD and RC design are presented as follows:

Requirements on FDD

• Provide information on fault 1) detection, 2) isolation and 3) identification as fast andprecise as possible, which include information on fault detection time, fault type, faultlocation and fault magnitude;

• Provide post-fault system model and state and/or parameter information as precise as


8 Youmin Zhang

possible

– Accurate system statescan be achieved by certain state estimation schemes suchas observer-based (in the deterministic problem set-up) or Kalman filter-based(in the stochastic problem set-up)

– Accurate system parameterscan be achieved by certain parameter estimationschemes in either state-space or input-output model formulation

– Both states and parametersare needed for control reconfiguration in the caseswhere only parts of state variables can be measured by sensors. Then certainmethods that can provide simultaneous post-fault system state and parameterestimation become necessary

• Special requirements: Due to the nature of the system under consideration and theseverity of faults, quick response to react to the fault is necessary. This arises addi-tional requirements on allowable time-delay in FDD, trade-off between FDD speedand accuracy, sensitivity to faults and robustness to modeling errors and disturbancesetc.

Requirements on reconfigurable controller design

• Synthesize and implement controller as soon as possible based on two types of controlstrategies

– On-line automatic redesign—suitable for unanticipated faults (reconfigurablecontroller should be able to work with the limited amount and imprecise infor-mation and recover the performance of the pre-fault system as much as possible)

– Off-linecontroller gain design with on-line generation of reconfigurable controlsignal—limiting to presumed faults

• Design should be performed with minimum artificial supervision and should not re-quire extensive trial-and-error adjustments

• Reconfigurable controller should be synthesized as early as possible to compensate forthe harmful fault effects to the system quickly; The designed reconfigurable controllershould also be robust to the time delays in FDD and CR; as well as uncertainties inFDD and post-fault model.

3. Integration of FDD with Reconfigurable Control

Tremendous amount of work has been done in the area of FDD in the last three decades withmany different engineering applications. Many techniques have been developed. The exist-ing methods can generally be classified into two categories: a) model-free; and b) model-based FDD schemes. Essentially, a model-based FDD scheme utilizes mathematical model(known as analytical redundancy) to carry out FDD in real-time. Four most commonly usedtechniques are based on 1) state estimation; 2) parameter estimation; 3) parity equation;and 4) combination of the above three methods. Several excellent survey papers and booksare available on the subject (these references are not able to be listed here due to the spacelimit, interesting readers are referred to (Zhang and Jiang, 2003a) for the list). Relevantbooks published after 2003 are listed here (Korbiczet al., 2004; Isermann, 2006; Vachtse-vanoset al., 2006; Witczak, 2007). The relationship and integration among different FDI



approaches have also been investigated recently. However, there are few results on the sys-tematic research about what FDD methods are more suitable to the context of AFTCS. It isimportant to discuss issues such as the role of FDD in AFTCS, interaction and integrationof FDD and RC to provide hopefully some general guidelines for the researchers in the fieldwho would like to design and implement AFTCS.

3.1. Role of FDD in AFTCS

FDD plays an important role in the AFTCS (Patton, 1997). For systems with analytical re-dundancy, the analytical relationships are used to produce additional signals about system’soperation as well as residual signals for FDD purpose. When the system is fault-free, theresiduals should be close to zero. After a fault occurs, the module that is used for residualgeneration and decision-making is responsible for finding out the location of the fault, es-timating the magnitude of the fault if possible. In fact, this is the FDD module shown inFig. 1. The system can then be reconfigured or restructured so that remaining componentscan be effectively exploited to take a role in system operation under the fault situations. Insome cases, an alternative pre-computed controller (Boskovic and Mehra, 2002; Maybeckand Stevens, 1991; Zhang and Jiang, 2001a) will be activated or an additive control signal(Boskovicet al., 2007; Nouraet al., 2000; Theilliolet al., 2002), to be added to the nom-inal control signal to compensate for the effect of the fault, will be calculated according toreal-time diagnostic information provided by the FDD scheme.As it is well-known, the FDD scheme has three tasks: 1)fault detectionindicates that some-thing is going wrong in the monitored system, i.e., the occurrence of a fault and the timeof the fault occurrence; 2)fault isolationdetermines the location and the type of the fault(which component is faulty); and 3)fault identificationdetermines the magnitude (size) ofthe fault. Fault isolation and identification are usually referred to asfault diagnosisin theliterature (Isermann, 1997). Based on the above classification, FDD is often used to rep-resent the functions including both fault detection and diagnosis (FDD), or simply calledfault diagnosis (Isermann, 2006). In the literature, FDI is also widely used to represent thefunction/task of Fault Detection and Isolation (FDI) or Fault Detection and Identification(again, FDI). To avoid any confusion, this paper has adopted FDI to stand for fault detectionand isolation, while FDD will be used when the fault identification function is also added toFDI.In engineering systems, faults can occur physically in sensors, actuators and other systemcomponents. Faults can appear in the form of slowly developing (incipient or gradual)changes or abrupt changes. Further, depending on the physical properties of the fault, afault can be added on the system in an additive or multiplicative way. Therefore, an effectiveFDD scheme should be able to fulfil the following basic tasks:

• Detect, isolate and identifyfaults in sensors, actuators and components;

• Detect, isolate and identifyincipient faults as well as abrupt faults;

• Detect, isolate and identifyadditive and multiplicative faults.

As mentioned previously, most of the existing FDD schemes are designed for monitoringand/or diagnostic purpose, and therefore the resulting approaches may have only one or twoof the above-mentioned three functions, or may be suitable only to ‘open-loop’ operations.In these approaches, the control command to the actuators together with the measured outputsignals are used for the FDD (or FDI) purpose. There is no effect from the diagnostic resultto the control signal within the closed-loop. However, in AFTCS, the FDD scheme has to


10 Youmin Zhang

operate together with control mechanisms in closed-loop fashion. Performance of FDD hassignificant effect to the overall performance of the AFTCS. An interesting question is howwell a FDD algorithm designed for open-loop applications can cope with the closed-loopoperation. The problem, in fact, lies in the interaction between the FDD and CR. In general,a FDD scheme which can be implemented in the closed-loop with reconfigurable control ismuch more challenging than that for open-loop monitoring and diagnosis only. Existenceof controller in the closed-loop makes the task of FDD more difficulty.Depending on the control structure selected for AFTCS design (on-line or off-line RC de-sign), function on either FDD or FDI is required. Generally speaking, to be as an effectiveFDD scheme for on-line automatically redesigned reconfigurable controller, it requires theFDD scheme to provide not only real-time FDI, but also, and more importantly, real-timeidentification of post-fault model. Both FDD and RC design modules should be designedin such a way that they should work in harmony and try to reduce the adverse effects fromeach other. In general, FDD schemes play an important role in providing necessary supportand information for AFTCS implementation.

3.2. Classification and Examination of Existing Model-based FDD Approaches

As mentioned earlier, the existing FDD approaches can be classified into four categories as1) state estimation; 2) parameter estimation; 3) parity equation; and 4) combined method.Due to historical reasons, design of FDD schemes did not consider the special require-ments coming from the control system reconfiguration. This may make some existing FDDapproaches unsuitable to the AFTCS. To investigate the applicability and suitability of ex-isting FDD approaches for the reconfigurable control design, classification and examina-tion of existing model-based FDD are discussed in this section. Based on the methods forresidual generation, classification of model-based methods is shown as follows (Zhang andJiang, 2003a):

Classification of model-based FDD methods

8>>>>>>>>>>>>>>>>>>>>>>><>>>>>>>>>>>>>>>>>>>>>>>:

StateEstimation

8>>>>><>>>>>:

Observers

8<:

Single observerBank of observersUnknown Input Observer (UIO)

Kalmanfilters

8<:

Single Kalman filterMultiple-model filtersFault detection filters

ParameterEstimation

8<:

Least-squares (LS) or recursive LS (RLS)Regression analysisBounding parameter estimation

Simultaneous/JointState & ParameterEstimation

8><>:

Adaptive observersExtended Kalman filters (EKF)Two-stage Kalman filters (TSKF)Two-level (two-step) estimation

Parity Space

�State-space-based methodsInput-output-based methods

Fig. 3. Classification of Existing Model-based FDD Methods

To make the FDD algorithm suitable to automatic redesign of reconfigurable control, meth-ods which can only provide function of FDI may not be sufficient. Therefore, some observer-based, Kalman filter-based and parity-space-based schemes which can provide only in-formation on detection and isolation may be unsuitable for certain AFTCS. However, ifmultiple-model based FDD and RC strategy is used, or fault size can be provided by smartactuators/sensors, FDI may be sufficient since on-line identification of post-fault model isnot necessary in this type of AFTCS strategy.The most widely investigated FDD approaches for reconfigurable control, in particular forflight control, are parameter identification-based approaches, as can be seen in (Chandler



et al., 1995; Eberhardt and Ward, 1999; Monacoet al., 1997; Napolitanoet al., 2001; Shoreand Bodson, 2005; Wardet al., 1998). Since not all state variables can be measured bysensors due to cost or physical difficulties, and measured variables are disturbed also bysensor noises, state estimation, together with parameter estimation, will also be needed forstate-feedback reconfigurable controller design. In this regard, combination of state and pa-rameter estimation, or simultaneous state and parameter estimation based FDD techniquesbecome an alternative choice. Designs for linear systems have been developed recently in(Liu et al., 2004; Shinet al., 2004; Wuet al., 2000; Zhang and Jiang, 2001b; Zhang andJiang, 2002) by using a two-stage Kalman filter based FDD schemes together with differentreconfigurable control designs. FDD with applications to nonlinear systems can be found in(Zhang and Wu, 1999; Zhou and Frank, 1998). Similar to the parameter estimation basedmethods, there is also persistent excitation issue, it is even more challenging since bothstate and parameter need to be estimated on-line and without iterative use of measured data.Therefore, such EKF-based methods are effective for the cases when the number of un-known parameters to be estimated is relatively small. In addition to the above development,research on using neural networks for post-fault identification is also investigated recently(Napolitanoet al., 2000; Ho and Yen, 2002; de Weerdtet al., 2005).The problem of parameter identification for reconfigurable control is similar to the generalcase of parameter identification, but brings additional difficulties. The first is the lack ofcontrol over the actuator signals. This relates to the requirement for persistent excitation.A significant difficulty arises when the actuator signals are determined by a control lawand cannot be freely selected. It has been shown that considerable improvement in iden-tification performance can be obtained through optimization of the signals applied to thecontrol input signals. Conversely, in a reconfigurable control application, the signals exhibithighly undesirable characteristics, including: 1) high levels of correlation between controlsignals and system states; 2) long periods of quiescence, e.g., in steady-state operation.Because the control signals are determined by a control law that relies on the identifica-tion results, adverse interactions can also be introduced between the identification and thecontrol components of the system (Eberhardt and Ward, 1999). The second difficulty isreal-time operation. The computational requirements of a parameter identification schemefor reconfigurable control must be compatible with available resources. The last difficultyis automated operation. The on-line estimation procedure must be performed with minimalsupervision and must not require extensive trial-and-error adjustment. These problems poseconsiderable challenges for parameter estimation based FDD to be used to reconfigurablecontrol in a real-time operation with feedback control.In terms of difficulties in identifying system post-fault model under closed-loop and withsevere faults and due to the limited time for control reconfiguration, imprecise model forsynthesizing reconfigurable controller may only be available. In these cases, certain ro-bust control techniques need to be exploited for reconfigurable controller design by takinginto account the uncertainties in the model used. For such purposes, certain FDD schemeswhich can provide not only parameter estimation, but also the error of the estimation, suchas bounding parameter estimation (Jiang and Zhao, 1998), become important for robustreconfigurable controller design. From reconfigurable control viewpoint, certain robust re-configurable control design methods which can cope with the post-fault modeling errors andFDD uncertainties are also important (Kanev and Verhaegen, 2003; Shin, 2005; Yang andStoustrup, 2000).

3.3. Applicability of Existing FDD Approaches for RC

Based on the above discussion, one important question is that which FDD method(s) shouldbe used for AFTCS design to a given problem or system? Such a choice is not unique


12 Youmin Zhang

and is also a complex problem. Effects which affect the choice of selection is depending onmany aspects such as 1) the availability of system information; 2) the type of faults probablyoccurred in the system; 3) the requirement for detection, isolation or identification; 4) thereconfigurable control structures and strategies etc.

• The system model can be in different formats, e.g., state-space, input-output / para-metric, frequency domain, qualitative, etc. Hence, different methods require differentmodel formats, and the first criterion in choosing model-based methods is the avail-ability of the model type for the application considered;

• There are different types of faults such as actuators, sensors or system componentsfaults; different forms of faults such as abrupt or incipient, partial or total loss of con-trol (actuator) or measurement (sensor) effectiveness, stuck (lock-in-place), runaway,or structural faults etc. Different faults may need different FDD schemes togetherwith appropriate control reconfiguration strategies. These aspects will affect also thechoice of FDD and associated reconfigurable controller;

• The effect of multiplicative faults is clearly dependent on the state and input signals.The additive fault is simpler as the effect of a fault is independent on the state andinput signals. FDD method is somewhat different in the two cases. Additive faultscan be detected using state estimation techniques; while the multiplicative faults willbe better detected using parameter estimation based FDD techniques;

• It is hard to say whether a particular method is better than others because one may begood in one aspect but bad in other aspects. Hence, another criterion in the choice ofFDD method is dependent on the problem to be solved;

• For the cases withouta priori modelling information, alternative methods to provideFDD information for AFTCS may include artificial intelligence based methods (Chenand Patton, 1999; Isermann, 2006; Korbiczet al., 2004; Simaniet al., 2003; Witczak,2007) such as neural networks, fuzzy logic and evolutionary algorithms as possiblechoices.

4. Important Issues and Solutions in Integrating FDD with RC

4.1. Critical Timing in AFTCS

Due to the dynamic nature of the system, there is usually a very limited amount of timeavailable to carry out the post-fault model construction such as applications to safety-criticalaircraft flight control, nuclear power plants and so on. The trade-off among various designobjectives has to be carried out on-line in real-time. Thus, the AFTCS is generally morecomplex to design and to implement. The most crucial duration in any AFTCS is rightafter the occurrence of the fault. Once the control system reacts to the fault correctly, thereconfigured system is expected to maintain the nominal or a degraded level of performance.The critical timing in AFTCS is the time of detection and reconfiguration.The performance of the system in the post-fault interval will depend on how well the post-fault control scheme compensates for the effect of the fault. For AFTCS, because the natureand the severity of faults are generally unknowna priori, the post-fault system dynamics arealso not known, fault parameter identification techniques have to be used to construct thepost-fault system model for the purpose of reconfigurable controller design. The quality ofthe control will depend on many factors, such as the speed and accuracy of the FDD results,the availability of the remaining redundancy by the healthy actuators, sensors and/or systemcomponents, and the type of control reconfiguration strategies adopted in the design.



4.2. FDD Speed and Accuracy vs RC Performance

As we mentioned earlier, there is a trade-off between the speed and the accuracy of FDDin terms of overall control performance of reconfigured system. It is interesting to note thatrequirement on FDD speed and accuracy are generally contradictive to each other and thereexists a performance limit when both FDD speed and accuracy are required. One has totake into consideration of the type of the reconfigurable control algorithm to decide the beststrategies for FDD and reconfiguration thresholds selection, which basically affect the timefor detection and reconfiguration, and finally affect the overall control performance.

Relationship between FDD accuracy and control performance: Since precise parame-ter estimation needs measurement information and time to converge, then FDD algorithmusually takes time to make a reliable decision. Therefore, once a fault has occurred, shouldone wait until the best diagnostic results become available before reconfiguring the con-troller to compensate for the effect of failures? Or should one start the controller reconfig-uration with a limited fault information and imprecise post-fault model? It is obvious thatthere is a trade-off in the diagnostic accuracy with the reconfigurable control performance.To find out the relationship between diagnostic accuracy and overall control performance,simulations have been carried out based on an integrated design scheme of FDD and RC in(Zhang and Jiang, 2002), in which a fault occurred at 5 sec is simulated. The time responsescorresponding to different reconfiguration times based on the on-line identified post-faultmodel from the FDD module have been given in Fig. 4. It is obvious that if the systemhas been reconfigured either earlier or later than a specific waiting time, deteriorated controlperformance will occur. This indicates us that there should be an optimal waiting time forreconfiguration to achieve the “best” reconfigurable control performance.

Time (s)0 5 10 15 20

Plan

t out

put r

espo

nse

(y1)

-20

-10

0

10

20

30

Reconfigured at 5.2 secNominal plant output response

Reconfigured at 5.8 sec (optimal)Reconfigured at 6.8 sec

Time (s)0 5 10 15 20

Plan

t out

put r

espo

nse

(y2)

0

5

10

15

20

25

Reconfigured at 5.2 secNominal plant output response

Reconfigured at 5.8 sec (optimal)Reconfigured at 6.8 sec

Fig. 4. Reconfiguration under different FDD accuracy

Optimal waiting time for reconfiguration: It is very interesting to note that for a given per-formance requirement, there exists an optimal waiting time to start the controller reconfigu-ration, as shown in Fig. 5. The result shows the control performance for the reconfigurationprocess started at different times. The minimum (optimal) point is at a time oftm = 5.8 sec,which corresponds to an optimal waiting time of 0.7 sec after the fault occurrence. It is ob-vious that if the controller has been reconfigured beforetm by using an imprecise post-faultmodel based on the estimated system parameters, the overall control performance is not sat-isfactory even though an instant reconfiguration because the controller has been redesignedbased on an imprecise post-fault model. On the other hand, if the reconfiguration is activatedtoo late to wait for the accurate estimation for post-fault model, due to the fact that the sys-tem is operating in closed-loop manner based on an incorrect controller, the fault-inducedtransients will dominate the system stability and control performance. The performance isalso unsatisfactory, and even worse, the system may undergo the risk of instability. However,


14 Youmin Zhang

Initial time for reconfiguration (sec.)5 6 7 8 9 10

Per

form

ance

inde

x

0.0

0.5

1.0

1.5

2.0

2.5

3.0

Optimal time for reconfiguration

Fig. 5. Control performance vs reconfiguration time

due to the critical timing issue and the fact that such an optimal reconfiguration time maynot be available in on-line, earlier reconfiguration may be preferable in practice. However,such an early reconfiguration strategy should combine with certain multiple (progressive)reconfiguration or robust reconfigurable controller design strategy. In general, there shouldbe an optimal waiting time for reconfiguration to achieve the best-balanced overall controlperformance.

4.3. A Few Possible Solutions for Enhancing Integration of FDD and RC

As discussed previously, there are close coupling and interaction between FDD and RCschemes. To achieve satisfactory FTC performance, efforts should be made to seek im-provements in both FDD and RC modules. From FDD part, techniques which can increasethe speed and accuracy of FDD, hence to obtain more accurate post-fault model quickly,should be sought. On the other hand, RC design schemes should be able to cope with thepost-fault modeling errors and FDD uncertainties. With respect to this, certain robust con-trol techniques may need to be exploited for reconfigurable controller design in taking intoaccount the uncertainties in the model used. Detailed discussions on the important issuesand a few possible solutions based on the author’s experience are presented in the followingsections.

Increase the speed and accuracy of FDD using forgetting factor techniques: Due tothe abrupt changes in the system characteristics induced by faults, for any parameter esti-mation based FDD schemes, it takes time for the estimated parameters to converge to thetrue values. One of effective techniques for increasing the speed of FDD, in particular, theconvergence rate of fault parameter estimation is to use certain accelerating mechanisms,e.g., forgetting factor techniques (Wuet al., 2000; Zhang and Jiang, 2002). To demon-strate the effect of forgetting factor, Fig. 6 shows the history of estimated fault parametererror with and without a forgetting factor. As can be seen, much faster and more accurateparameter estimation can be obtained by using a forgetting factor technique. The corre-sponding effects to the reconfigured system output responses are shown in Fig. 7. Sincemore accurate post-fault model is available for earlier reconfiguration, the overall transientsduring the reconfiguration have been significantly reduced and more accurate steady-stateresponses can also be obtained. These results demonstrates the effectiveness of forgettingfactor techniques in achieving better FDD and overall AFTCS performance.

Enhance FTC performance via multiple (progressive) reconfiguration: To minimizefault-induced transients and to recover the system performance quickly, the reconfiguration



Time (s)4.0 4.5 5.0 5.5 6.0 6.5 7.0 7.5 8.0

Err

or in

par

amet

er e

stim

atio

n0.0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8With forgetting factorWithout forgetting factor

Fig. 6. FDD speed vs accuracy of FDD with and without forgetting factor

Time (s)0 5 10 15 20

Plan

t out

put r

espo

nse

(y1)

-20

-10

0

10

20

30

Reconfigured with forgetting factorNominal plant output response

Reconfigured without forgetting factor

Time (s)0 5 10 15 20

Plan

t out

put r

espo

nse

(y2)

0

5

10

15

20

25

30

Reconfigured with forgetting factorNominal plant output response

Reconfigured without forgetting factor

Fig. 7. Responses with and without forgetting factor

should be carried out as soon as possible after the fault occurrence. However, an effectivereconfiguration depends on the accurate estimation of the faulty system parameters, whichgenerally takes time to converge, even thought the use of forgetting factor speeds up sig-nificantly the convergence of fault parameter estimation. One possible solution is to usemultiple-step (progressive) reconfiguration (Zhang and Jiang, 1999; Zhanget al., 2001; Si-monet al., 2001; Staroswieckiet al., 2006) for “buying” time to obtain overall better controlperformance. To be more precise, the reconfiguration process can start as soon as possibleonce the fault has been detected and identified but with an imprecise faulty parameter es-timate (e.g. at 5.2 sec in Fig. 6). As more measurement information becomes available,more accurate estimate (reduced parameter estimation error) is obtained which can be usedto improve the quality of the control system progressively (e.g. at 5.8 and 6.8 sec in Fig. 6).Effectiveness of such a reconfiguration strategy is shown in Fig. 8. As can be seen, the peakvalues during the reconfiguration interval are reduced by using such a multiple-step recon-figuration strategy. Faster and smoother dynamic performance and more accurate steady-state performance have been achieved. Since the reconfigurable control can be synthesizedand implemented earlier, the first peak due to the nature of fault is reduced and subsequentpeaks due to reconfiguration can also be reduced. Therefore an overall better control per-formance in both transient and steady-state are obtained as shown in the dot-line in Fig. 8.However, this is a heuristic method for improving AFTCS performance. Stability and per-formance of the reconfigured system depend mainly on the convergence of estimated faultparameters. More theoretically sound strategies associated with reconfigurable controllerdesign will be discussed in the next section.

Incorporate FDD uncertainties in RC design: Accurate and timely fault estimation areimportant antecedents for satisfactory control reconfiguration. However, in practice, it is


16 Youmin Zhang

Time (s)0 5 10 15 20

Plan

t out

put r

espo

nses

(y 1)

-6

-4

-2

0

2

4

6

8

10

12Nominal plant output response

With reconfiguration by EAsWith reconfiguration by EAm

Time (s)0 5 10 15 20

Plan

t out

put r

espo

nses

(y 2)

-2

0

2

4

6

8

10

12

14

16

18Nominal plant output response

With reconfiguration by EAsWith reconfiguration by EAm

Fig. 8. Responses with multiple and single reconfiguration

inevitable to have some estimation or identification errors, which are referred to asFDDuncertainties. There are also time-delays and false alarms associated with FDD decisionsand control reconfiguration. As discussed earlier, rapid and reliable detection and diagnosisof faults are necessary to minimize the undesirable effects of FDD uncertainties, and thedetection and reconfiguration delays since these will all contribute to poor performance inAFTCS. In addition to the potential enhancing techniques in the FDD schemes, the otheraspect to enhance the performance of AFTCS is to take into account of these uncertaintiesin the reconfigurable controller design process and to reduce the effects of uncertainties asmuch as possible (Mahmoudet al., 2003a; Mahmoudet al., 2003b; Mariton, 1989; Yangand Stoustrup, 2000).Existing strategies to deal with such robust reconfigurable control design problems include,for example, bounding parameter estimation and the associated robust regional eigenvalueplacement reconfigurable control design (Jiang and Zhao, 1998) and the methods based onrobust control (Campos-Delgadoet al., 2005; Wu, 1997; Wu and Chen, 1996; Yang andStoustrup, 2000; Zhou and Ren, 2001) and LMI techniques (Chenet al., 1999; Kanev andVerhaegen, 2003; Makiet al., 2004; Shin, 2005). New and practical approaches to deal withsuch FDD uncertainties and time-delays and desirable trade-offs between performance ofFDD and control reconfiguration deserve further investigation.

5. Discussions and Conclusions

In this paper, important issues on the integration of fault detection and diagnosis (FDD)and reconfigurable control (RC) schemes for active fault-tolerant control systems (AFTCS)have been addressed. The existing approaches in FDD and RC are briefly reviewed andexamined. The role of FDD in AFTCS, the applicability, suitability and issues in existingFDD approaches for AFTCS are examined and outlined. The design considerations andenhancing techniques for integrated design of FDD and RC are also discussed.Following a different design philosophy, an integrated control and diagnosis method wasdeveloped in (Jacobson and Nett, 1991) using a four-parameter controller. Further develop-ment along this direction can be found in (Tyler and Morari, 1994; Muradet al., 1996; Stous-trup et al., 1997; Niemann and Stoustrup, 1997; Marcos and Balas, 2005). Due to spacelimit, this type of integrated design was not able to be discussed further in the paper.Merging different subsystems in AFTCS seems to be a straightforward task in principle,unfortunately, this is never the case in reality. The main difficulty lies in the fact that eachindividual subsystem, although operating perfectly, is difficult to provide decisions/actionsinstantaneously to other subsystems. In AFTCS, FDD and RC are closely coupled. To en-sure overall system performance, we should not design one without consideration of theother. However, how to integrate/combine effectively the FDD and RC parts for practical



applications still remains an important topic for further research. How to mitigate the ad-verse interactions between each subsystem is an important issue worth further investigation.How to balance the performance robustness during the system normal operation versus thefault sensitivity at the time of a system component failure is also an important issue to beconsidered. Most importantly, successful applications to practical engineering systems arethe final goal and touchstone for all the AFTCS strategies developed or to be developed.

References

Aravena, J., Zhou, K., Chowdhury, F. and Li, X. R. (2005). Integrated failure accommo-dation methods,Proc. of AIAA Guidance, Navigation, and Control Conference, SanFrancisco, USA, pp. 906–924.

Balle, P., Fischera, M., Fussel, D., Nells, O. and Isermann, R. (1998). Integrated control,diagnosis and reconfiguration of a heat exchanger,IEEE Control Systems Magazinepp. 52–63.

Blanke, M., Frei, C., Kraus, F., Patton, R. J. and Staroswiecki, M. (2000). What is fault-tolerant control?,Proc. of the 4th IFAC Symp. on Fault Detection, Supervision andSafety for Technical Process, Budapest, Hungary, pp. 40–51.

Blanke, M., Izadi-Zamanabadi, R., Bogh, R. and Lunau, Z. P. (1997). Fault-tolerant controlsystems—a holistic view,Control Engineering Practice5(5): 693–702.

Blanke, M., Kinnaert, M., Lunze, J. and Staroswiecki, M. (2006).Diagnosis and Fault-Tolerant Control, 2nd ed, Springer, Berlin, Germany.

Blanke, M., Staroswiecki, M. and Wu, N. E. (2001). Concepts and methods in fault-tolerantcontrol,Proc. of the 2001 American Control Conference, Arlington, USA, pp. 2606–2620.

Bodson, M. and Groszkiewicz, J. (1997). Multivariable adaptive algorithms for reconfig-urable flight control,IEEE Trans. Control Systems Technology5(2): 217–229.

Boskovic, J. D., Bergstrom, S. E. and Mehra, R. K. (2005). Robust integrated flight controldesign under failures, damage, and state-dependent disturbances,Journal of Guidance,Control, and Dynamics28(5): 902–917.

Boskovic, J. D. and Mehra, R. K. (2002). Multiple-model adaptive flight control schemefor accommodation of actuator failures,Journal of Guidance, Control, and Dynamics25(4): 712–724.

Boskovic, J. D., Prasanth, R. and Mehra, R. K. (2007). Retrofit fault-tolerant flight controldesign under control effector damage,Journal of Guidance, Control, and Dynamics30(3): 703–712.

Campos-Delgado, D. U., Martinez Martinez, S. and Zhou, K. (2005). Integrated fault-tolerant scheme for a DC speed drive,IEEE/ASME Trans. Mechatronics10(4): 419–427.

Chandler, P., Pachter, M. and Mears, M. (1995). System identification for adaptive andreconfigurable control,Journal of Guidance, Control, and Dynamics18(3): 516–524.

Chen, J. and Patton, R. J. (1999).Robust Model-based Fault Diagnosis for Dynamic Sys-tems, Kluwer Academic Publishers, Norwell, MS.


18 Youmin Zhang

Chen, J., Patton, R. J. and Chen, Z. (1999). Active fault-tolerant flight control systems designusing the linear matrix inequality method,Trans. of the Institute of Measurement andControl21(2): 77–84.

Chen, W. and Jiang, J. (2005). Fault-tolerant control against stuck actuator faults,IEE Proc.Control Theory and Applications152(2): 138–146.

Cieslak, J., Henry, D. and Zolghadri, A. (2006). A method for the design of active faulttolerant control systems,Proceedings of the IFAC Symp. SAFEPROCESS’06, Beijing,P. R. China, pp. 865–870.

de Weerdt, E., Chu, Q. P. and Mulder, J. (2005). Neural network aerodynamic model identi-fication for aerospace reconfiguration,Proc. of AIAA Guidance, Navigation, and Con-trol Conference, San Francisco, USA, pp. 1–30.

Eberhardt, R. L. and Ward, D. (1999). Indirect adaptive flight control system interactions,Int. J. of Robust and Nonlinear Control9(14): 1013–1031.

Hajiyev, C. and Caliskan, F. (2003).Fault Diagnosis and Reconfiguration in Flight ControlSystems, Kluwer Academic Publishers, London, UK.

Ho, L.-W. and Yen, G. G. (2002). Real-time reconfigurable control system design usingon-line neural estimator,Proc. of the 2002 Int. Joint Conf. on Neural Networks, Hon-oluluo, USA, pp. 559–564.

Isermann, R. (1997). Special section of papers on supervision, fault detection and diagnosisof technical systems,Control Engineering Practice5(5): 637–719.

Isermann, R. (2006).Fault-Diagnosis Systems: An Introduction from Fault Detection toFault Tolerance, Springer, Berlin, Germany.

Jacobson, C. A. and Nett, C. N. (1991). An integrated approach to controls and diagnosisusing the four parameter controller,IEEE Control System Magazine11(6): 22–28.

Jiang, B. and Chowdhury, F. N. (2005). Fault estimation and accommodation for linearMIMO discrete-time systems,IEEE Trans. Control Systems Technology13(3): 493–499.

Jiang, B., Staroswiecki, M. and Cocquempot, V. (2006). Fault accommodation for nonlineardynamic systems,IEEE Trans. Automatic Control51(9): 1578–1583.

Jiang, J. (1994). Fault detection/diagnosis and controller reconfiguration in dynamic sys-tems,Proceedings of IFAC Symposium SAFEPROCESS’94, Espoo, Finland, pp. 81–86.

Jiang, J. and Zhang, Y. M. (2006). Accepting performance degradation in fault-tolerantcontrol system design,IEEE Trans. Control Systems Technology14(2): 284–292.

Jiang, J. and Zhao, Q. (1998). Fault tolerant contol system synthesis using imprecise faultidentification and reconfiguration control,Proceedings of the IEEE Int. Symp. on In-telligent Control, Gaithersburg, MD, pp. 169–174.

Kanev, S. and Verhaegen, M. (2003). Controller reconfiguration in the presence of uncer-tainty in FDI,Proc. of the 5th IFAC Symp. on Fault Detection, Supervision and Safetyfor Technical Processes, Washington, D.C., USA, pp. 145–150.



Katebi, M. R. and Grimble, M. J. (1999). Integrated control, guidance and diagnosisfor reconfigurable autonomous underwater vehicle control,Int. J. of Systems Science30(9): 1021–1032.

Kim, Y.-W., Rizzoni, G. and Utkin, V. I. (2001). Developing a fault tolerant power-traincontrol system by integrating design of control and diagnostics,Int. J. of Robust andNonlinear Control11(11): 1095–1114.

Korbicz, J., Koscielny, J. M., Kowalczuk, Z. and Cholewa, W. (Eds) (2004).Fault Diagno-sis: Models, Artificial Intelligence, Applications, Springer, Berlin, Germany.

Liu, G., Wang, D. and Li, Y. (2004). Active fault tolerant control with actuation reconfigu-ration,IEEE Trans. Aerospace and Electronic Systems40(3): 1110–1117.

Mahmoud, M., Jiang, J. and Zhang, Y. M. (2003a).Active Fault Tolerant Control Systems:Stochastic Analysis and Synthesis, Lecture Notes in Control and Information Sciences,Vol. 287, Springer, Berlin, Germany.

Mahmoud, M., Jiang, J. and Zhang, Y. M. (2003b). Stabilization of active fault tolerantcontrol systems with imperfect fault detection and diagnosis,Stochastic Analysis andApplications21(3): 673–701.

Maki, M., Jiang, J. and Hagino, K. (2004). A stability guaranteed active fault-tolerantcontrol system,Int. J. of Robust and Nonlinear Control14(12): 1061–1077.

Marcos, A. and Balas, G. J. (2005). A robust integrated controller/diagnosis aircraft appli-cation,Int. J. of Robust and Nonlinear Control15(12): 531–551.

Mariton, M. (1989). Detection delays, false alarm rates and the reconfiguration of controlsystems,International Journal of Control49(3): 981–992.

Maybeck, P. S. and Stevens, R. D. (1991). Reconfigurable flight control via multiple modeladaptive control methods,IEEE Trans. Aerospace and Electronic Systems27(3): 470–479.

Monaco, J., Ward, D., Barron, R. and Bird, R. (1997). Implementation and flight test assess-ment of an adaptive, reconfigurable flight control system,Proc. of 1997 AIAA Guid-ance, Navigation, and Control Conference, New Orleans, LA, pp. 1443–1454.

Murad, G. A., Postlethwaite, I. and Gu, D.-W. (1996). A robust design approach to inte-grated controls and diagnostics,Proc. of 1996 IFAC 13th World Congress, Vol. N, SanFrancisco, CA, pp. 199–204.

Musgrave, J. L., Guo, T.-H., Wong, E. and Duyar, A. (1997). Real-time accommodation ofactuator faults on a reusable rocket engine,IEEE Trans. Control Systems Technology5(1): 100–109.

Napolitano, M. R., An, Y. and Seanor, B. A. (2000). A fault tolerant flight control systemfor sensor and actuator failures using neural networks,Aircraft Design3(2): 103–128.

Napolitano, M. R., Song, Y. and Seanor, B. A. (2001). On-line parameter estimation forrestructurable flight control systems,Aircraft Design4(1): 19–50.

Niemann, H. and Stoustrup, J. (1997). Integration of control and fault detection: Nominaland robust design,Proc. of IFAC Symp. on Fault Detection, Supervision and Safety forTechnical Processes, Hull, UK, pp. 341–346.


20 Youmin Zhang

Noura, H., Sauter, D., Hamelin, F. and Theilliol, D. (2000). Fault-tolerant control in dy-namic systems: Application to a winding machine,IEEE Control System Magazine20(1): 33–49.

Omerdic, E. and Roberts, G. N. (2004). Thruster fault diagnosis and accommodation foropen-frame underwater,Control Engineering Practice12(12): 1575–1598.

Patton, R. J. (1997). Fault-tolerant control: the 1997 situation,Proc. of the 3rd IFACSymp. on Fault Detection, Supervision and Safety for Technical Processes, Hull, UK,pp. 1033–1055.

Rodrigues, M., Theilliol, D. and Sauter, D. (2005). Fault tolerant control design of non-linear systems using LMI gain synthesis,Preprints of the 16th IFAC Triennial WorldCongress, Prague, Czech Republic.

Shin, J.-Y. (2005). Gain-scheduled fault tolerance control under false identification,Proc. ofAIAA Guidance, Navigation, and Control Conference, San Francisco, USA, pp. 935–945.

Shin, J. Y., Wu, N. E. and Belcastro, C. (2004). Adaptive linear parameter varying controlsynthesis for actuator,Journal of Guidance, Control, and Dynamics27(4): 787–794.

Shore, D. and Bodson, M. (2005). Flight testing of a reconfigurable control system on anunmanned aircraft,Journal of Guidance, Control, and Dynamics28(4): 698–707.

Simani, S., Fantuzzi, C. and Patton, R. J. (2003).Model-based Fault Diagnosis in DynamicSystems using Identification Techniques, Springer, New York, NY.

Simon, G., Kovacshazy, T. and Peceli, G. (2001). Transient reduction in control loops incase of joint plant-controller reconfiguration,Proc. of the 18th IEEE Instrumentationand Measurement Technology Conference, Budapest, Hungary, pp. 1143–1147.

Staroswiecki, M. and Gehin, A.-L. (2001). From control to supervision,Annual Reviews inControl25: 1–11.

Staroswiecki, M., Yang, H. and Jiang, B. (2006). Progressive accommodation of aircraft ac-tuator faults,Proceedings of the IFAC Symp. SAFEPROCESS’06, Beijing, P. R. China,pp. 877–882.

Stoustrup, J., Grimble, M. J. and Niemann, H. (1997). Design of integrated systems for thecontrol and detection of actuator and sensor faults,Sensor Review17(2): 138–149.

Theilliol, D., Noura, H. and Ponsart, J. C. (2002). Fault diagnosis and accommodation of athree-tank system based on analytical redundancy,ISA Transactions41(3): 365–382.

Tyler, M. L. and Morari, M. (1994). Optimal and robust design of integrated control anddiagnostic modules,Proc. of the 1994 American Control Conference, Baltimore, MD,pp. 2060–2064.

Vachtsevanos, G., Lewis, F. L., Roemer, M., Hess, A. and Wu, B. (2006).Intelligent FaultDiagnosis and Prognosis for Engineering Systems, John Wiley and Sons, Hoboken,NJ.

Ward, D., Monaco, J. and Bodson, M. (1998). Development and flight test of a parameteridentification algorithm for reconfigurable control,Journal of Guidance, Control, andDynamics21(6): 948–956.



Witczak, M. (2007).Modelling and Estimation Strategies for Fault Diagnosis of Non-LinearSystems: From Analytical to Soft Computing Approaches, Lecture Notes in Controland Information Sciences, Vol. 354, Springer, Berlin, Germany.

Wu, N. E. (1997). Robust feedback design with optimized diagnostic performance,IEEETrans. Automatic Control42(9): 1264–1268.

Wu, N. E. and Chen, T. J. (1996). Feedback design in control reconfigurable systems,Int. J.of Robust and Nonlinear Control6(6): 561–570.

Wu, N. E., Zhang, Y. M. and Zhou, K. (2000). Detection, estimation, and accommoda-tion of loss of control effectiveness,Int. J. of Adaptive Control and Signal Processing14(7): 775–795.

Yang, Z. and Stoustrup, J. (2000). Robust reconfigurable control for parametric and additivefaults with FDI uncertainties,Proc. of the 39th IEEE Conf. on Decision and Control,Sydney, Australia, pp. 4132–4137.

Yen, G. G. and Ho, L.-W. (2003). Online multiple-model-based fault diagnosis and accom-modation,IEEE Trans. Industrial Electronics50(2): 296–312.

Zhang, X., Polycarpou, M. M. and Parisini, T. (2001). Integrated design of fault diagnosisand accommodation schemes for a class of nonlinear systems,Proc. of the 40th IEEEConf. on Decision and Control, Orlando, FL, pp. 1448–1453.

Zhang, Y. M. and Jiang, J. (1999). Design of integrated fault detection, diagnosis andreconfigurable control systems,Proceedings of the 38th IEEE Conf. on Decision andControl, Phoenix, AZ, pp. 3587–3592.

Zhang, Y. M. and Jiang, J. (2001a). Integrated active fault-tolerant control using IMMapproach,IEEE Trans. Aerospace and Electronic Systems37(4): 1221–1235.

Zhang, Y. M. and Jiang, J. (2001b). Integrated design of reconfigurable fault-tolerant controlsystems,Journal of Guidance, Control, and Dynamics24(1): 133–136.

Zhang, Y. M. and Jiang, J. (2002). An active fault-tolerant control system against partialactuator failures,IEE Proceedings - Control Theory and Applicartions149(1): 95–104.

Zhang, Y. M. and Jiang, J. (2003a). Bibliographical review on reconfigurable fault-tolerantcontrol systems,Proc. of the 5th IFAC Symp. on Fault Detection, Supervision andSafety for Technical Processes, Washington, D.C., USA, pp. 265–276.

Zhang, Y. M. and Jiang, J. (2003b). Fault tolerant control system design with explicit con-sideration of performance degradation,IEEE Trans. Aerospace and Electronic Systems39(3): 838–848.

Zhang, Y. M. and Wu, N. E. (1999). Fault diagnosis for a ship propulsion benchmark,Preprints of the 14th IFAC World Congress, Beijing, P. R. China, pp. Vol. O, 569–574.

Zhou, D. H. and Frank, P. M. (1998). Fault diagnosis and fault tolerant control,IEEE Trans.Aerospace and Electronic Systems34(2): 420–427.

Zhou, K. and Ren, Z. (2001). A new controller architecture for high performance, robust,and fault-tolerant control,IEEE Trans. Automatic Control46(10): 2688–2693.


Date post:	16-Oct-2021
Category:	Documents
Upload:	others
View:	4 times
Download:	0 times

Active fault-tolerant control systems: integration of ...

Documents