Integrated Fault-Tolerant Scheme for a DC Speed Drive
D. U. Campos-Delgado, Member, IEEE, S. Martínez -Martínez,and K. Zhou, Fellow, IEEE
Abstract---In this paper, an active fault-tolerant control (FTC) scheme is presented with disturbance compensation. Fault-detection and compensation are merged together to propose a robust algorithm against model uncertainties. The GIMC control architecture  is used as a feedback configuration for the active fault-tolerant scheme. The synthesis procedure for the parameters of the fault-tolerant scheme is carried out by using tools of robust control theory. A detection filter is designed for fault isolation taking into account uncertainties and disturbances in the mathematical model. Finally, the fault compensation strategy incorporates an estimate of the disturbances into the system to improve the performance of the closed-loop systems after the fault is detected. In order to illustrate these ideas, the speed regulation of a dc motor is selected as a case study, and experimental results are reported.
Index Terms—DC motor, fault-tolerant control, design, robust control. H；
IN MANY industrial applications, costly equipment is managed and human operators are involved. In these conditions, it is desirable to provide some safety degree into the automated process. Thus, the human operator must receive an indication of the possible faults into the process in order to take proper action. For certain types of faults, it is possible that the nominal control system could be designed to tolerate or maintain some of the performance for those faults (passive approach)
–. However, this strategy tends to be conservative in the practice since the controllers have to be designed taking into account the worst-case scenario. One way of synthesizing these fault- tolerant controllers is by appealing to robust design techniques –. H；
Another approach for fault-tolerant control (FTC) relies on the detection of a fault-case in the control process, in order to introduce a proper compensation to the feedback system (active
approach) . In this scheme, it is first necessary to detect a fault scenario, and next, to design an algorithm to identify the fault type occurred (fault isolation). Based on the fault isolation block, an external compensation signal for the nominal control signal is introduced, or the parameters of the controller are updated , . Three main types of faults are recognized: actuator, sensor, and plant faults , , . The first two are modelled as external signals that are added to the nominal ones (additive faults). Meanwhile, the plant faults are related to mechanical wear down of the plant elements, or intrinsical changes in the dynamics of the system. These faults are usually modelled as parameter variations in the mathematical model of the plant. The problem of additive faults will be addressed in this paper.
Hence, for an active FTC configuration, the first challenge is fault detection and isolation (FDI). The paradigm in FDI is to detect and isolate a fault condition despite possible disturbances, noise, and model uncertainty in the system , , , .Thus, filters are designed such that the effect of faults is maximized at the outputs while the effect of disturbances and model uncertainty is minimized. Several approaches have been suggested: robust detection and isolation based on eigenstructure assignment , estimation based on H2 and optimization , , H；
detection and isolation by frequency domain optimization , unknown-input observers ,
parity space approaches , robust observed-based detection , etc. Most of the existing research is focused on linear systems, but extensions to FDI of nonlinear systems have also been proposed in  and . Furthermore, the applications of fuzzy logic  and wavelet transforms  to fault detection have been recently introduced.
Next, in the active approach for FTC, once the fault has been detected and isolated, the control strategy is reconfigured by a supervisory system. Recently, inspired by the Youla parameterization used in robust control theory, a reconfigurable control structure for fault compensation has been suggested in . This scheme applies the GIMC (Generalized Internal Model Control) structure introduced in  to design a control compensation signal after a fault is detected. On the other hand, reconfigurable FTC structures have also been studied where the model- matching strategy is used to design linear controllers , and adaptive schemes for nonlinear systems . The problem of adaptive compensation for actuator failures was recently ad-dressed in . Thus, due to the practical applications in industry processes and theoretical challenges, the research in FTC has increased in recent years, pursuing to provide certain safety degree into the automated processes.
The paper is structured as follows. Section II describes the problem formulation. The details about the fault detection and compensation strategies are shown in Section III. Section IV gives a description of the case study: speed regulation of a dc-motor, and experimental results are reported. Finally, Section V gives some concluding remarks.
Fig. 1. Problem formulation for control.
II. PROBLEM FORMULATION
A. System Description
The problem addressed in this paper is formulated as follows. Consider an LTI system P (s)
rlRRaffected by disturbances d ?and possible faults f ? (additive), see Fig. 1, described by?
nmpRRRwhere x?represents the vector of state, u?the vector of input, and y?the vector of
nl，Routput. Thus, the matrix F1? stands for the distribution matrix of the actuator faults, and F2
pl，R? for the sensor faults. Assume that a nominal controller K(s) stabilizes the nominal plant
and it provides a desired closed-loop performance. Consequently, the control objective of the active FTC scheme is presented as: design an integrated detection/compensation scheme such that
it detects the occurrence of a fault in the closed-loop system, and provides an appropriate compensation signal q to the control system in order to maintain some closed-loop performance; see Fig. 1.Two assumptions are made in the following problem formulation:
? fault is non-repetitive;
? disturbances are known or partially known.
Remark 1: The first assumption establishes that the faults studied have a permanent effect in the system. As a result, once the fault is detected, the compensation signal q is switched-on in the
feedback configuration and remains active. Thus the process will have to be stopped to replace the faulty device and reset the FTC scheme. On the other hand, the information of the disturbances into the system is important to be able to provide the correct compensation signal q in the FTC
scheme. In case that the disturbance information could not be retrieved, the performance after the fault will be deteriorated. If there was a disturbance change at the same time of the fault, the algorithm will not be able to distinguish it immediately and the control signal will not have the correct information of the actual disturbance in the compensation. In this way, the resulting compensation after the fault will be affected. Moreover, if two or more independent faults act on the system simultaneously, the fault detection will be triggered but according with the time constant of each fault, the transient behavior will be affected after the compensation. The open-loop system the transfer matrix form:
Hence, Puy(s) represents the nominal plant (mapping from u to y). Furthermore assume that
there exists knowledge about the model uncertainties in the description of the nominal plant .Two possible scenarios can be seen: structured or unstructured uncertainty according with robust control theory.
? If the uncertainty can be derived from certain parameters of the model, where a range of
variation can be deduced, then a structured uncertainty is adopted. As a consequence, the
real plant can be represented by an upper linear fractional transformation (LFT):
Δ= diag[δ1δ2. . . δk] with δi? (-1, 1) i = 1, . . . , k, and
the index k represents the number of uncertain parameters. In this case, the generalized
plant P is derived by pulling out the variation parameters δi from the nominal plant. Note
that for the nominal plant Puy(s) = P22(s).
? In the case that the uncertainty could be considered unstructured, the real plant Puy is
where W1, W2 Rare weighting functions for the uncertainty , Δ R with ??HH；；
, and in this specific case, the generalized plant P is given by ，？1；
B. Residual Design
In FDI theory, based on the input-output description of the system, a signal that contains
information of faults has to be designed ; residual , , . Using the representation (1), the
；1nominal plant can be expressed by a left coprime factorization, i.e., , PsMsNs()()()？uy
where .Then a residual signal r can be constructed by: NMRH,~；
where H ?Ris known as detection filter. By substituting (2) and using the model uncertainty H；
description, it is obtained that
；1where or for unstructured and structured ，？，；，PIPP()，？，WssWs()()()uyuy21211112
uncertainty, respectively .Moreover, using the problem formulation in (1), then
with .As a consequence, the residual signal r is affected by the control signal NNRH,~df；
through the model uncertainty , the disturbances and the faults. Therefore, the aim of the filter H(s)
must be to isolate the effect of faults f in the residual r, i.e.,
? and HsNs()()0,；HsMs()()0，；duy
? and as large as possible in some sense. HsNs()()0：f
For perfect fault isolation, it is then needed . In order to detect a fault-scenario, HsNsI()()；f
the following residual evaluation criteria are commonly followed:
where T is the window length or horizon of evaluation. In some special cases, the filter H(s) can
cancel completely the effect of uncertainty and disturbances in the residual. Therefore, in the practice to prevent a false alarm in the evaluation, a threshold value Jth is selected such that
The threshold Jth , in general, can be also a function of time. However, this approach is not pursued in this paper. Once the residual signal is constructed, a fault can then be detected according to the criterion:
where the threshold for detection can be calculated by using the size of the uncertainty, the disturbance information and the maximum value of the control signal. Thus, by applying the triangle inequality to (9)
a threshold Jth can be chosen, where the relation between the L1 norm of systems and the norm l；
of signals  can be exploited , i.e.,
Alternatively, the relation between the norm of systems and the l2 norm of signals could be H；
used instead , . However, the threshold using the L1 norm tends to be more appropriate, since
the signals in the feedback loop are in general bounded in time. Moreover, the l2 norm has to be
approximated using a
Fig. 2. (GIMC) control structure
finite window length, which adds conservativeness to this type of bound. As a result, define the set of strongly detectable faults
Consequently, the optimal filter H(s) must maximize the size of Υ , i.e.,
in order to obtain the best tradeoff between fault sensitivity and robustness.
III. FAULT-TOLERANT SCHEME
In this section, the active FTC strategy is described in detail.
A. Generalized Internal Model Control
The FTC architecture proposed in this work is derived from robust control theory , where a new implementation of the Youla parameterization called Generalized Internal Model Control
(GIMC) is used , ; see Fig. 2. In this configuration, the nominal controller K(s) is
；1represented by its left coprime factorization, i.e., such that . KsVsUs()()()？UVRH,~；
It is observed that fe represents the filtered error between the estimated output and the true output of the system. Thus if fe = 0 (=?q = 0) that will represent that there is no model uncertainties, external disturbances or faults into the sys-tem, then the feedback system will be solely controlled by the nominal controller K(s). Consequently, from the GIMC configuration in Fig. 2, the control signal u has a component due to the control tracking error, and will have another from the filtered error fe through the compensator Q in the fault-scenario
Note that if disturbances d are affecting the nominal system then the filtered error fe will be
drastically altered. However, it is assumed that the disturbance d is known or partially known.
Therefore, this information can be feed forward into the estimation process to cancel its effect from the filtered error fe. As a consequence, a new implementation of the GIMC architecture is suggested in Fig. 3. The residual signal proposed in the previous section, see (8), can be constructed by taking the
Fig. 3. Overall active FTC strategy.
signal fe and process it through the detection filter H(s), i.e., r(s) = --H(s)fe(s). Now, once the fault
is detected, the compensation signal q is fed back into the controller structure, where q is also
constructed from the filtered error fe but through the robustification controller Q(s). Therefore, the
signal q has to compensate the control signal by the missing/erroneous information due to the fault.
Consequently, an integrated FTC scheme can be achieved, as shown in Fig. 3.
Note that the GIMC structure allows to design the nominal controller and the fault detection/compensation independently .Thus, the nominal controller K(s) can have any given
structure that satisfies the performance specification, such as PID or observer-based, and the detection will operate in parallel with the system until a fault is detected, at this time, the compensation enters in the feedback loop. The FTC scheme presents then two free parameters to be designed.
1) H(s): The fault detection filter that must diminish the effect of the disturbances or uncertainty into the residual signal, and maximize the effect of the faults , .
2) Q(s): The robustification controller that must provide robustness into the closed-loop system in order to maintain acceptable performance against faults .
The design strategies for these two parameters are presented next. Due to the structure of the GIMC architecture, both parameters H(s) and Q(s) must be stable and proper transfer matrices.
B. Fault Diagnosis
To design a robust detection filter H(s), the information of the model uncertainties and
disturbances have to be incorporated. Since the information of the uncertainty is assumed to be estimated in the worst case, it has to be considered in the design stage of the detection filter H(s)
to improve the fault sensitivity . Assume that it is desired to isolate the vector of faults, i.e., r
? f , and define the estimation error for the faults ef= r ? f. Then, the performance objective
of the filter can be stated as to minimize the effect of uncertainty and disturbances in the fault estimation (see Fig. 4), i.e.,
Fig. 4. Fault detection synthesis diagram.
ˆthe true plant is given by according with the uncertainty representations of (4) PFP？，(,)uyu
Tand (6), is the vector of inputs, and GH the generalized plant in the LFT format. vfdu？
The design problem in (20) can be tackled with tools from robust control theory (μ-synthesis) .
The synthesis procedure using μ-synthesis is carried out in an iterative algorithm that performs a two-parameter minimization in sequential fashion to reach the optimal solution: D -- K iteration
C. Fault Compensation
In the design of the fault compensation signal q, the transfer matrix Q(s) is chosen to maintain
stability against any fault. Thus, the problem of robust stabilization is addressed. However, some
performance specification could also be incorporated in the design of Q(s). If there exist Ki(s)
controllers that have a desired performance against certain type of faults fi , different from the
；1nominal controller, then the architecture GIMC allows to design specific KVU？
compensators for each one Qi(s), according to the relation:
；1PsMsNs()()()？for the nominal plant . This approach will be pursued in future work. uy
Only one limitation on the transfer matrix Q(s) has to be considered, according with the Youla parameterization, it has to be stable, i.e., Q ? R. The synthesis process is again carried out H；
through the philosophy of robust control. In general, the sensor and actuator faults can be
modelled in a multiplicative form
where represent the sensor and actuator perturbations due to the faults . ，，~,RHsa；
Consequently, if these terms are appended to the nominal plant Puy(s), then the faulted
Ps()input-output mapping can be represented as uy
Thus, the sensor or actuator faults can be modelled as output or input model uncertainties
respectively. As mentioned before, we shall consider a basic robustness requirement in this paper,
i.e., the closed-loop stability. Hence our objective is to design Q(s) to maximize the failure
tolerance in the closed-loop system, i.e.,
where Tzw is the closed-loop transfer function from signals w to z. Two design scenarios can be
presented according to the stability of the nominal plant Puy(s) .
；11)the optimal compensator is given by ,for any PRH~?QsUsMs()()()？；uy；
plant and type of uncertainty description . Recall that and are related to the Us()Ms()
coprime factorizations of the nominal controller K(s) and plant Puy(s).
2) a weighted approximation has to be solved. For this purpose, the PRH??Huy；；
synthesis problem can be put into an LFT framework. Hence, Q(s) is chosen according to
and internal stability is guaranteed if /γ. If an output uncertainty (sensor fault) is ，？1；
considered (i.e., PIP？;，), the generalized plant GQ will be given by uy！，Suy
；1where . Note that in this caseγ ? 1 since this will represent that SsIPsKs()[()()]？;uy
the maximum tolerable uncertainty is always . Otherwise, the uncertainty could take ，？1s；
the value (sensors outage) and the closed-loop will become unstable. ，？；Is
In an alternative way, the optimal Q(s) can be derived by following the problem formulation presented in (1) and (3), and considering the setup of Fig. 5. This applies only to the case
；1PRH~Theorem 1: Suppose and is a stabilizing controller of the KsVsUs()()()？uy；
nominal plant Puy(s) that satisfies the closed-loop performance requirements, then
is the optimal solution that decouples the fault f signal from the control signal u. Moreover, if Q(s)
is chosen in this way, and the compensation scheme of Fig. 5 is implemented after the fault is
detected, then the control signal u will have contributions from
Fig. 5. General fault compensation setup.
the disturbance d and reference ref:
Proof: From Fig. 5, it can be seen that
and by substituting (3) and (10) in the previous equation, it is obtained after simplification
Therefore, to decouple the fault signal f from the control signal u is needed
；1Note that since , then .Finally, by substitution of Q(s) into the control MRH~QRH~；；
signal u in (30), it is obtained (28).
Remark 2: From the proof of the previous theorem, it is important to mention that if the disturbance information d is not feed forward into the fault-tolerant scheme, then the control sig- nal u will not adjust its value according the disturbance. Hence, the tracking performance of the resulting closed-loop system will be largely affected, but the closed-loop stability is always guaranteed since the nominal controller internally stabilizes the nominal plant , and the disturbances are additive in the loop.
Remark 3: It is common that some types of faults are more easy to detect than others, for example abrupt and incipient .In the case of the abrupt faults, the detection time is almost instantaneous, since a large peak is observed in the residual. On the other hand, for an incipient fault, it is more difficult to detect its presence in the residual. Thus, it is possible to have a delay in the detection of the fault triggering or could not be detected at all. Furthermore, in the presence of control constraints as saturation, it is possible that the system could not be stabilized if there is a significant delay in the detection process, since the system could enter in the nonlinear part of the