Elsevier

Annual Reviews in Control

Volume 32, Issue 2, December 2008, Pages 229-252
Annual Reviews in Control

Bibliographical review on reconfigurable fault-tolerant control systems

https://doi.org/10.1016/j.arcontrol.2008.03.008Get rights and content

Abstract

In this paper, a bibliographical review on reconfigurable (active) fault-tolerant control systems (FTCS) is presented. The existing approaches to fault detection and diagnosis (FDD) and fault-tolerant control (FTC) in a general framework of active fault-tolerant control systems (AFTCS) are considered and classified according to different criteria such as design methodologies and applications. A comparison of different approaches is briefly carried out. Focuses in the field on the current research are also addressed with emphasis on the practical application of the techniques. In total, 376 references in the open literature, dating back to 1971, are compiled to provide an overall picture of historical, current, and future developments in this area.

Introduction

Modern technological systems rely on sophisticated control systems to meet increased performance and safety requirements. A conventional feedback control design for a complex system may result in an unsatisfactory performance, or even instability, in the event of malfunctions in actuators, sensors or other system components. To overcome such weaknesses, new approaches to control system design have been developed in order to tolerate component malfunctions while maintaining desirable stability and performance properties. This is particularly important for safety-critical systems, such as aircrafts, spacecrafts, nuclear power plants, and chemical plants processing hazardous materials. In such systems, the consequences of a minor fault in a system component can be catastrophic. Therefore, the demand on reliability, safety and fault tolerance is generally high. It is necessary to design control systems which are capable of tolerating potential faults in these systems in order to improve the reliability and availability while providing a desirable performance. These types of control systems are often known as fault-tolerant control systems (FTCS). More precisely, FTCS are control systems which possess the ability to accommodate component failures automatically. They are capable of maintaining overall system stability and acceptable performance in the event of such failures. In other words, a closed-loop control system which can tolerate component malfunctions, while maintaining desirable performance and stability properties is said to be a fault-tolerant control system.

Over the last three decades, the growing demand for safety, reliability, maintainability, and survivability in technical systems has drawn significant research in Fault Detection and Diagnosis (FDD). Such efforts have led to the development of many FDD techniques, for example survey papers (Basseville, 1988, Dailly, 1990; Dash & Venkatasubramanian, 2000; Dochain, Marquardt, Won, Malik, & Kinnaert, 2006; Frank, 1990, Frank, 1994, Frank, 1996; Frank & Ding, 1997; Frank and Koppen-Seliger, 1997a, Frank and Koppen-Seliger, 1997b; Frank, Ding, & Marcu, 2000; Garcia & Frank, 1997; Gertler, 1988; Gertler, 1993; Gertler, 1997; Isermann, 1984, Isermann, 1993; Isermann, 1997a, Isermann, 1997b, Isermann, 2001, Isermann, 2005; Isermann & Balle, 1997; Isermann, Schwarz, & Stolzl, 2002; Patton, 1991, Patton, 1997a; Patton & Chen, 1994; Patton, Chen, & Nielsen, 1995; Sharif & Grosvenor, 1998; Tzafestas & Watanabe, 1990; Venkatasubramanian, Rengaswamy, Yin, & Kavuri, 2003; Venkatasubramanian, Rengaswamy, & Kavuri, 2003; Venkatasubramanian, Rengaswamy, Kavuri, & Yin, 2003; Willsky, 1976; Zhong, Fang, & Ye, 2007) and books (Barron, 1996; Basseville & Benveniste, 1986; Basseville & Nikiforov, 1993; Chen & Patton, 1999; Chiang, Russell, & Braatz, 2001; Gertler, 1998; Gustafsson, 2000; Himmelblau, 1978; Isermann, 2006; Mangoubi, 1998; Natke & Cempel, 1997; Patton et al., 1989, Patton et al., 2000; Pau, 1981; Pouliezos & Stavrakakis, 1994; Romberg, Black, & Ledwidge, 1996; Russell, Chiang, & Braatz, 2000; Simani, Fantuzzi, & Patton, 2003; Vachtsevanos, Lewis, Roemer, Hess, & Wu, 2006; Witczak, 2007). In the literature, fault detection and isolation (FDI) or fault detection and identification (again, FDI) are often used. To avoid any confusion, this paper has adopted FDI to stand for fault detection and isolation, while FDD will be used when the fault identification function is also added to FDI. In FTCS designs, fault identification is important, therefore FDD is mainly used in this paper to highlight the requirement of fault identification. On a parallel path, research on reconfigurable fault-tolerant control systems has increased progressively since the initial research on restructurable control and self-repairing flight control systems began in the early 1980s (Chandler, 1984; Eterno, Weiss, Looze, & Willsky, 1985; Montoya, 1983). An early excellent review on the design issues for fault-tolerant aircraft control was given in 1985 (Eterno et al., 1985). Other early publications of a tutorial nature or demonstrating initial research on this subject include (Chizeck & Willsky, 1978; Montgomery & Caglayan, 1976; Montgomery & Price, 1976; Vander Velde, 1984). More recently, fault-tolerant control has attracted more and more attention in both industry and academic communities due to increased demands for safety, high system performance, productivity and operating efficiency in a wider engineering application, not limited to traditional safety-critical systems. Several review/survey papers on FTCS have appeared since the 1990s (Blanke, Izadi-Zamanabadi, Bogh, & Lunau, 1997; Blanke, Frei, Kraus, Patton, & Staroswiecki, 2000; Blanke, Staroswiecki, & Wu, 2001; Isermann et al., 2002; Jiang, 2005; Patton, 1993, Patton, 1997b; Polycarpou & Vemuri, 1998; Rauch, 1994, Rauch, 1995; Staroswiecki & Gehin, 2001; Steinberg, 2005; Stengel, 1991; Zemlyakov, Rutkovskii, & Silaev, 1996). However, compared to FDI, few books on this subject have been published until recently (Benítez-Pérez & García-Nocetti, 2005; Blanke et al., 2003, Blanke et al., 2006; Hajiyev and Caliskan, 2003; Isermann, 2006; Mahmoud, Jiang, & Zhang, 2003a; Steffen, 2005; Tao, Chen, Joshi, & Tang, 2004). As a milestone, a 2-day workshop on Restructurable Controls was held at NASA Langley Research Center, Hampton, Virginia, USA, September 21–22, 1982 (Montoya, 1983). The first triennial IFAC Symposium on Fault Detection, Supervision and Safety for Technical Process (SAFEPROCESS) was held in 1991 in Baden-Baden, Germany, followed by an IEE Colloquium on Fault Diagnosis and Control System Reconfiguration in 1993 in London, Englend and an International Conference on Fault Diagnosis (TOOLDIAG) in April 1993 in Toulouse, France. Another triennial series of IFAC Workshop on On-Line Fault Detection and Supervision in Chemical Process Industries was first held in 1992 in Newark, USA. More recently, invited tutorial sessions, workshops and plenary talks on these topics have frequently appeared at several major conferences such as AIAA Guidance, Navigation, and Control Conference, American Control Conference, European Control Conference, IEEE Conference on Decision and Control, IFAC World Congress and IFAC SAFEPROCESS. Two special issues on reconfigurable flight control system designs appeared in 1999 (Banda, 1999) and 2005 (Hess, 2005), respectively.

New special issues on fault-tolerant control are to be appeared in different journals.

Historically, from the point of view of practical application, a significant amount of research on fault-tolerant control systems was motivated by aircraft flight control system designs (Steinberg, 2005). The goal, therein, was to provide “self-repairing” capability in order to ensure a safe landing in the event of severe faults in the aircraft (Chandler, 1984, Eterno et al., 1985). Such effort has been stimulated partly by two commercial aircraft accidents in the late 1970s. In the case of Delta Flight 1080 (April 12, 1977) (McMahan, 1978, Montoya, 1983), the elevator became jammed at 19° up and the pilot had been given no indication on this malfunction. Fortunately, the pilot successfully reconfigured the remaining control elements and landed the aircraft safely, based on his experience and knowledge about the actuation redundancy in the L-1011 airplane. In another accident involving American Airlines DC-10 crash in Chicago (Flight 191, May 25, 1979), the pilot had only 15 s to react before the plane crashed. Subsequent investigation showed that the crash could have been avoided (Montoya, 1983). A recent study (Maciejowski & Jones, 2003) provides another evidence for the need of fault-tolerant controls. It shows that the fatal crash of EL AL Flight 1862 of a Boeing 747-200F freighter (October 4, 1992) could have been avoided. These are just three examples of flight accidents which highlight the need for fault-tolerant flight control systems. A system for aiding pilots by providing automatic fault accommodation is therefore highly desirable for both civil and military aircrafts. In safety-critical nuclear power industries, interests in diagnostics and fault-tolerant control of nuclear power plants have been intensified since the Three Mile Island incident (March 28, 1979) and the tragedy at the Chornobyl nuclear power plant on April 26, 1986.

More recently, the fault-tolerant control problem has begun to draw more and more attention in a wider range of industrial and academic communities, due to increased safety and reliability demands beyond what a conventional control system can offer. The applications include aerospace, nuclear power, automotive, manufacturing and other process industries (Bruccoleri, Amico, & Perrone, 2003; Isermann et al., 2002; Mehrabi, Ulsoy, Koren, & Heytler, 2002). Fault tolerance is no longer limited to high-end systems, and consumer products, such as automobiles, increasingly dependent on microelectronic/mechatronic systems, on-board communication networks, and software, thus requiring new techniques for achieving fault tolerance.

Even though individual research on FTCS has been carried out extensively, systematic concepts, design methods, and even terminology are still not yet standardized. Recently, efforts have been made to unify some terminology (Blanke et al., 2000, Blanke et al., 2001, Blanke et al., 2003, Blanke et al., 2006; Isermann, 2006; Isermann & Balle, 1997; Mahmoud et al., 2003a; Simani et al., 2003; Staroswiecki & Gehin, 2001). In addition, due to historical reasons and the complexity of the problem, most of the research on FDD and Reconfigurable Control (RC) was carried out as a two separate entity. More specifically, most of the FDI techniques are developed as a diagnostic or monitoring tool, rather than an integral part of FTCS. As a result, some existing FDD methods may not satisfy the need of controller reconfiguration. On the other hand, most of the research on reconfigurable controls is carried out assuming the availability of a perfect FDD. Little attention has been paid to the analysis and design with the overall system structure and interaction between FDD and RC. For example, from the viewpoint of RC design what are the needs and requirements for FDD? What information can be provided by the existing FDD techniques for overall FTCS designs? How to analyze systematically the interaction between FDD and RC? How to design the FDD and RC in an integrated manner for on-line and real-time applications? Many other challenging issues still remain open for further research and development. One of the motivations of this paper is to provide a bibliographical review on the development in FTCS and to present some challenging open problems for future research. It is our hope that this work can provide some useful information to researchers in the field in order to facilitate further development of this important area.

Generally speaking, FTCS can be classified into two types: passive (PFTCS) and active (AFTCS). In PFTCS, controllers are fixed and are designed to be robust against a class of presumed faults (Eterno et al., 1985). This approach needs neither FDD schemes nor controller reconfiguration, but it has limited fault-tolerant capabilities. Discussions on PFTCS are beyond the scope of this paper and interested readers are referred to (Hsieh, 2002; Jiang & Zhao, 2000; Liang, Liaw, & Lee, 2000; Liao, Wang, & Yang, 2002; Siljak, 1980, Veillette, 1995; Veillette, Medanic, & Perkins, 1992; Yang, Zhang, Lam, & Wang, 1998a; Yang, Wang, & Soh, 2000; Yang, Yang, & Soh, 2001a; Zhao & Jiang, 1998) and the references therein for recent development. In the literature, PFTCS is also known as reliable control systems or control systems with integrity.

In contrast to PFTCS, AFTCS react to the system component failures actively by reconfiguring control actions so that the stability and acceptable performance of the entire system can be maintained. In certain circumstances, degraded performance may have to be accepted (Blanke et al., 2001, Patton, 1997b, Stengel, 1991). AFTCS are also referred to as self-repairing (Chandler, 1984; Eterno et al., 1985), reconfigurable (Moerder, Halyo, Broussard, & Caglayan, 1989), restructurable (Looze, Weiss, Eterno, & Barrett, 1985; Montoya, 1983), or self-designing (Monaco, Ward, Barron, & Bird, 1997) control systems by some researchers. From the viewpoint of functionality in handling faults, AFTCS were also named as fault detection, identification (diagnosis) and accommodation schemes by other researchers (Belcastro & Belcastro, 2001; Napolitano, Neppach, Casdorph, & Naylor, 1995a; Polycarpou & Vemuri, 1995; Theilliol, Noura, & Ponsart, 2002; Yen & Ho, 2003). In such control systems, the controller compensates for the impacts of the faults either by selecting a pre-computed control law (Maybeck & Stevens, 1991; Moerder et al., 1989, Rauch, 1995; Zhang & Jiang, 2001a) or by synthesizing a new one on-line (Looze et al., 1985; Patton, 1997b; Zhang & Jiang, 2002a). To achieve a successful control system reconfiguration, both approaches rely heavily on real-time FDD schemes to provide the most up-to-date information about the true status of the system. Therefore, the main goal in a fault-tolerant control system is to design a controller with a suitable structure to achieve stability and satisfactory performance, not only when all control components are functioning normally, but also in cases when there are malfunctions in sensors, actuators, or other system components (e.g. the system itself, control computer hardware or software). This paper focuses only on AFTCS.

The design objectives for AFTCS include the transient and the steady-state performance for the system not only under normal operations, but also under fault conditions. It is important to point out that the emphasis on system behaviors in these two modes of operation can be significantly different. During normal operations, more emphasis should be placed on the quality of the system behavior. In the presence of a fault, however, how the system survives with an acceptable (probably degraded) performance becomes a predominant issue.

Typically, AFTCS can be divided into four sub-systems: (1) a reconfigurable controller, (2) a FDD scheme, (3) a controller reconfiguration mechanism, and (4) a command/reference governor.

Inclusion of both FDD and reconfigurable controllers within the overall system structure is the main feature distinguishing AFTCS from PFTCS. Key issues in AFTCS are how to design: (a) a controller which can be easily reconfigured, (b) a FDD scheme with high sensitivity to faults and robustness to model uncertainties, operating condition variations, and external disturbances, and (c) a reconfiguration mechanism which leads as much as possible to the recovery of the pre-fault system performance in the presence of uncertainties and time-delays in FDD within the constraints of control inputs and system states. The critical issue in any AFTCS is the limited amount of time available for the FDD and for the control system reconfiguration. Furthermore, in case of failure, efficient utilization and management of redundancy (in hardware, software and communication networks), stability, transient and a steady-state performance guarantee are some of the important issues to consider in AFTCS.

An overall structure of a typical AFTCS is shown in Fig. 1. In the FDD module, any fault in the system should be detected and isolated as quickly as possible, and fault parameters, system state/output variables, and post-fault system models need to be estimated on-line in real-time. Based on the on-line information on the post-fault system model, the reconfigurable controller should be designed automatically to maintain stability, desired dynamic performance and steady-state performance. In addition, in order to ensure the closed-loop system to track a command input trajectory in the event of faults, a reconfigurable feedforward controller often needs to be synthesized. To avoid potential actuator saturation and to take into consideration the degraded performance after fault occurrence, in addition to a reconfigurable controller, a command/reference governor may also need to be designed to adjust command input or reference trajectory automatically.

Based on the above structure, the design objectives of AFTCS can be stated as to (1) have a FDD scheme to provide as precisely as possible, the information about a fault (time, type and magnitude) and the post-fault model, and (2) design a new control scheme (reconfig-urable/restructurable) to compensate the fault-induced changes in the system so that the stability and acceptable closed-loop system performance can be maintained. Furthermore, it is important to point out that not only the parameters of the controllers need to be recalculated, but also the structure of the new controllers (in terms of the order of the controllers, the numbers and the types of the controllers) might be changed. The corresponding AFTCS are often referred to as restructurable control systems (Stengel, 1991; Patton, 1997b; Zhang & Jiang, 2002b) to emphasize the controller structure change. Note that, in the literature, there are generally two classifications on AFTCS. One classifies the AFTCS as reconfigurable versus restructurable; the other differentiates them as accommodation versus reconfiguration (Blanke et al., 2000, Blanke et al., 2003, Blanke et al., 2006). In this paper, we adopt the former. So long as there is no confusion, we will use the term “reconfigurable control” in subsequent sections.

The paper is organized as follows: In Section 2, review and classification of existing reconfigurable control techniques are provided. A brief review on existing FDD methods is given in Section 3. Current research relating AFTCS are outlined in Section 4 followed by conclusions in Section 5. More than 300 papers as well as some useful web sites in the open literature from 1971 to date are collected as the references.

Section snippets

Classification based on control algorithms

In the literature, the existing reconfigurable control design methods fall into one of the following approaches: linear quadratic; pseudo-inverse/control mixer; gain scheduling/linear parameter varying; (model reference) adaptive control/model following; eigenstructure assignment; multiple-model; feedback linearization or dynamic inversion; Hoo and other robust controls; model predictive control; variable structure and sliding mode control; generalized internal model control; and intelligent

Classification of existing FDD approaches

As mentioned previously, a lot of work has been done in the area of FDD in the last three decades. Many FDD schemes have been developed. Among many excellent survey papers from control engineering point of view (Basseville, 1988, Dailly, 1990, Dochain et al., 2006, Frank, 1990, Frank, 1994, Frank, 1996; Frank & Ding, 1997; Frank and Koppen-Seliger, 1997a, Frank and Koppen-Seliger, 1997b; Frank et al., 2000; Garcia & Frank, 1997; Gertler, 1988, Gertler, 1993, Gertler, 1997, Isermann, 1984,

Current research in AFTCS

Since the nature and severity of faults are generally unknown a priori, neither does the post-fault system dynamics, FDD schemes have to be used to construct the post-fault system model for AFTCS design. The performance of the overall system will depend on many factors, such as the speed and the accuracy of the FDD scheme, the availability of the remaining healthy (functional) actuators, the strategy to utilize hardware/analytical redundancy in the system, the type of control strategies adopted

Conclusions

As an emerging and active area of research in automatic control, fault-tolerant control has recently attracted more and more attention. A brief technical review and bibliography listing on the historical and new development in active fault-tolerant control systems (AFTCS) have been presented in this paper. The existing approaches in fault detection and diagnosis (FDD) and reconfigurable control (RC) are outlined. Some open problems and current research activities have been discussed and more

Youmin Zhang received his Ph.D. degree in 1995 from the Department of Automatic Control, Northwestern Polytechnical University, Xian, PR China. He is currently an Associate Professor in the Department of Mechanical and Industrial Engineering at Concordia University, Canada. His main research interests are in the areas of monitoring, fault diagnosis and fault-tolerant control of safety-critical systems; flight control of manned and unmanned aerial vehicles; estimation, identification, modeling

References (35)

Cited by (0)

Youmin Zhang received his Ph.D. degree in 1995 from the Department of Automatic Control, Northwestern Polytechnical University, Xian, PR China. He is currently an Associate Professor in the Department of Mechanical and Industrial Engineering at Concordia University, Canada. His main research interests are in the areas of monitoring, fault diagnosis and fault-tolerant control of safety-critical systems; flight control of manned and unmanned aerial vehicles; estimation, identification, modeling and simulation; advanced signal processing techniques for diagnosis and control.

Jin Jiang obtained his Ph.D. degree in 1989 from the Department of Electrical Engineering, University of New Brunswick, Fredericton, New Brunswick, Canada. Currently, he is a Professor in the Department of Electrical and Computer Engineering at The University of Western Ontario, London, Ontario, Canada. His research interests are in the areas of fault-tolerant control of safety-critical systems, power system dynamics and controls, and advanced signal processing.

1

Tel.: +1 519 661 2111x88320.

View full text