Modern life depends increasingly on the availability at all times of services and products provided by technological systems. Many areas, such as communication systems, water supply, power grids, urban transport systems are now completely automated. For such systems, the consequences of faults in component systems can be catastrophic. Reliability of such systems can be increased by ensuring that the faults will not occur, however, this objective unrealistic and often unattainable. In this context, it is very useful to design fault tolerant control systems that are able to tolerate possible faults in such systems to improve reliability and availability. Together with the increasing complexity of engineered systems and rising demands regarding reliability and safety, it is important to develop powerful fault-tolerant control methods.
A number of surveys are discussed various aspects of fault-tolerant control. For example, Stengel (1991) discusses analytical forms of redundancy using artificial intelligence methods. In (Rauch, 1994) a broad overview over basic methodologies based on classical control techniques (pseudo-inverse methods, adaptive approaches...) is given with several application examples (aircraft, unmanned underwater vehicles). In (Patton, 1997) (Zhang and Jiang, 2003) surveys on fault-tolerant control methods give a broad summary of the field. In the transport domain, to satisfy increasing safety, many new vehicles are equipped with different driver assisted systems such as Traction Control System (TCS) and Electronic Stabilization Program (ESP) to maintain stability and acceptable performances even when some sensors have failed. These systems use a combination of ABS information, yaw rate, wheel speed, lateral acceleration and steer angle to improve the stabilization of the vehicle in dangerous driving situations and then improve the active safety (Kienck and Nielsen, 2000, Dahmani, Chadli and al, 2012).
The most common approach in coping with such a problem is to separate the overall design in two distinct phases. The first phase concerns “Fault Detection and Isolation” (FDI) problem, which consists in designing filters (dynamical systems) able to detect the presence of faults and to isolate them from other faults/disturbances (Isermann, 2001; Ding, Schneider, Ding and Rehm, 2005; Blanke, Kinnaert, Lunze and Staroswiecki, 2003; Gertler, 1998; Oudghiri, Chadli and ElHajjaji, 2007; Oudghiri, Chadli and ElHajjaji, 2008). The second phase usually consists in designing a supervisory unit. This unit reconfigures the control so as to compensate for the effect of the fault and to fulfill performance constraints. In general, the latter phase is carried out by means of a parameterized controller which is suitably updated by the supervisory unit.
Our objective is to develop model-based FTC-scheme for vehicle lateral dynamics. This study is motivated by the practical demands for such monitoring systems that i) automatically and reliably detect and isolate faults from sensors ii) deliver reliable and fault tolerant estimates of the vehicle lateral dynamics and iii) are practically realizable. In this chapter, we propose an observer-based fault tolerant control to detect, identify and accommodate sensor failures. The given method is based on the single failure assumption which states that at most one sensor can fail at any time.
To know the vehicle response, the proposed controller needs to know the yaw rate and the lateral velocity in order to generate the suitable output. If the yaw rate can be directly measurable by a yaw rate sensor (gyroscope), the lateral velocity will have to be estimated using an observer because it is not measurable easily. In this paper, a fuzzy controller is designed by considering the lateral velocity estimated using a nonlinear observer. In the analysis and design, the vehicle lateral will be represented by a switching systems (Chadli and Darouach, 2011) or by a Takagi-Sugeno (T-S) fuzzy model (Takagi and Sugeno, 1985), largely used these last years (Xioodong and Qingling, 2003; Chadli, Maquin and Ragot, 2005; Kirakidis, 2001; Tanaka and Wang, 1998; Chadli and El Hajjaji, 2006; Guerra and al, 2011; Chadli and Guerra, 2012). It is usually referred to as the bicycle model. Moreover, we consider the uncertain Takagi-Sugeno (T-S) fuzzy model to describe the vehicle dynamics in large domains and by the same way to improve the stability of vehicle lateral dynamics (Oudghiri, Chadli and A. ElHajjaji, 2007b; Chadli, ElHajjaji and Oudghiri, 2008). The proposed algorithm is formulated in terms of linear matrix inequalities (LMI) (Boyd and al, 1994) which are easily solvable using classical numerical tools (such as LMI Toolbox for Matlab software).
The subject of this chapter concerns the area of active FTCS for lateral vehicle dynamics that is modeled by uncertain TS fuzzy model. A FDI algorithm based on fuzzy observer is developed and a design method of control law tolerant to some sensors faults is proposed. This chapter is structured as follows. Basic concepts and notions of the FTC field with several general approaches to achieve fault tolerance are described in Sections 2 and 3. In Section 4 applications of control reconfiguration are reviewed briefly. Section 4 describes the vehicle lateral and its representation by uncertain T-S fuzzy model. Section 5 presents the observer-based fault tolerant control strategy with simulations of sensor faults and result analysis. Conclusions are given in Section 6.
Notation: symmetric definite positive matrix is defined by, the set is defined by and symbol * denotes the transpose elements in the symmetric positions.
2. Preliminaries and some definitions
This section introduces concepts and ideas from the field of fault-tolerant control (FTC). Consider the following state space representation of linear systems: where x(t) Rn is the state, y(t) Rr is the output, u(t) Rm is the inputs which are measurable, A Rn×n is the state transition matrix, B Rn×m is the input distribution matrix, C Rr×n is the output matrix, Bw Rn×n is the disturbance matrix, and w1(t) Rn and w2(t) Rr are the disturbances which are unknowns.
Faults are modelled by changes of system matrices. For example, Actuator faults are modelled by modifing input matrix Bf by scaling columns or setting to zero of columns in case of actuator failure. The Sensor faults are modelled by a modified output matrix Cf. This matrix may contain scaled rows due to altered sensor characteristics or zero rows due to failed sensors i.e. the faulty sensor should be switched off. Plant faults are modelled by a modified system matrix Af. In general, when all types of faults present simultaneously, the faulty system model becomes: Notice that in almost works, only one type of fault is assumed to have occurred at a time. A general linear controller (K) could be designed as a static or dynamic output feedback controller.
In the following paragraphs, brief definitions of terms common in the fault-tolerant control community are provided (J. Lunze and J. Richter (2006).
Faults. Faults can cause technical systems to malfunction or operate at reduced performance. Reduced service quality is the consequence. Faults may be triggered internally, such as broken power links in a computer or blocked valves in a chemical batch plant, or externally, such as changes in environmental conditions like a temperature drop stopping a chemical reaction.
Faults can be further classified by their location in a block diagram. Actuator faults affect only actuation systems, such as pumps, valves, stirrers, switches, motors, brakes. They concern the efficiency of inputs on the system. Plant faults affect internal plant components, resulting in changed plant I/O properties, for example clogged pipes or leakages. They concern the system dynamics. Sensor faults result in erroneous measurements, such as biased, scaled or simply absent, constant zero readings (Blanke et al., 2003). They concern the measured output of a system.
Failures. Failures contrast faults in the following sense. A fault reduces the system performance. The system can in general still serve its purpose, albeit with reduced functionality and/or performance. After a failure, the system provides no service any more. It cancels service availability completely. Faults and failures can occur both at the component level and at the aggregated system level. Fault-tolerant control aims at preventing component faults, component failures or subsystem faults from becoming system failures (Blanke et al., 2003).
Fault-tolerance. The term fault-tolerant system (FTS) will be used to denote a controlled system which can still serve its purpose in spite of the occurrence of faults, at least for some time and to some degree, until the impaired components can be repaired.
Fault-tolerant control (FTC) denotes a framework of methods developed to turn control loops into fault-tolerant systems. The focus is on the design of the automatic control laws. That is, the means to achieve fault-tolerance are specific control design approaches with fault-tolerance in mind. The goal is to keep the loop in operation for as long as possible to minimise the cost of down-time. Shutting down a plant may be expensive due to loss of production, or due to resulting plant damage. The latter can be the case in some chemical reactions. As an example, absence of cooling can cause irreversible solidification of the reactor content of a batch process, which means loss of the reactor.
Fault diagnosis is an area of active research of its own. In most parts of this work, the diagnosis task is taken as a prerequisite already solved, as this work focuses on controller adjustment. When considering the joint properties of diagnosis and controller adjustment or in implicit approaches, diagnosis is covered as well.
3. Classification of fault-tolerant control
There already exist several approaches to achieve fault tolerance for control loops. The classification taken here is illustrated in Figure 1.
The classification can be done according to different criteria. The distinction between passive and active approaches is explained first, followed by fault accommodation and reconfiguration.
3.1. Passive and active FTC
Passive fault tolerance is achieved when the loop remains operational in spite of faults without changing the controller. If the controller is changed at fault detection time, for instance by controller parameters or even its structure, the approach is called active.
A typical example of a passive approach is robust controller design, a well-established and researched approach to achieve fault tolerance. Typically, faults that can be modelled as plant uncertainties can be well covered by robust design. A large number of publications concerning the achievement of fault tolerance using various robust design techniques exist in the literature.
In robustness approaches, a fixed controller is designed to accommodate a class of anticipated component faults or failures. Most robustness approaches are feasible only for faults representable as parameter drift (see for example Fujita and Shimermura, 1988, Campo and Morari, 1994).
The class of faults covered by robust control is in general more limited in comparison to active approaches. In addition, the necessary trade-off between nominal performance and fault tolerance introduces conservatism.
3.2. Fault accommodation - fault reconfiguration
Fault accommodation denotes the case where the variables measured and manipulated by the controller remain unchanged (Blanke et al., 2003). Only the controller internals (including its dynamic order) may change, but the same measurement and actuation signals as in the nominal case must be used. Adaptive control is an example of an accommodation technique (Ahmed-Zaid et al., 1991; Bodson and Groszkiewicz, 1997).
The approach also has its specific limitations. The most serious one concerns the severity of faults and the speed of adaptation. Only faults representable as slowly changing plant parameters can be well accommodated by adjusting controller parameters. Structural damage is not covered. In addition, adaptive control works well in case of slow plant parameter variations in linear plants with respect to signal variation speed. This assumption is very questionable for faults that occur abruptly and rapidly lead out of the region of valid plant linearisation. Adaptive controllers are generally too slow to compensate abrupt faults.
Switching among a bank of predesigned controllers may be used as an accommodation technique.
Control reconfiguration is an active approach where both the controller and its measured and manipulated variables may change. Reconfiguration allows the structure of the control loop to be changed in response to faults. This goes beyond structural changes inside the controller by including dynamic signal re-routing of inputs and outputs.
4. FTC for vehicle dynamics
4.1. Vehicle model
Vehicle lateral dynamics have been studied since the late 1950’s. Segel (Segel, 1956) developed a three-degree-of freedom vehicle model to describe the vehicle directional responses, which includes the yaw, lateral and roll motions. Most of the previous research works on vehicle lateral control have relied on the bicycle model (figure 2) that considers only lateral and yaw motions. It is based on the following assumptions:
There is no roll, pitch or bounce
The relative yaw between the vehicle and the road is small
The steering angle is small
The tire lateral force varies linearly with the slip angle
The following simplified model is obtained:
where and () are components of the vehicle velocity along longitudinal and lateral principle axis of the vehicle body, is yaw rate, denotes the side slip angle, and are the mass and the yaw moment of inertia respectively, and are respectively distances of the front and rear axle from the center of gravity, while yaw moment is the control input, which must be determined from the control law, and are rear and front lateral forces respectively. They are described by magic formula (Lin, popov and Mcwilliam, 2004) as
Coefficients Di, Ci, Bi and Ei (i = f,r) depend on the tire characteristics, road adhesion coefficient and the vehicle operational conditions, and represent tyre slip-angles at the front and rear of the vehicle respectively. Given that
where is the front steer angle.
To obtain the TS fuzzy model, we have represented the front and rear lateral forces (2) by the following rules:
If is M1 then
If is M2 then
where, represent front and rear lateral tire stiffness, which depend on road adherence.
The overall forces are obtained by:
where is the jth bell curve membership function of fuzzy set Mj. They satisfy the following constraints
The expressions of membership functions used are as follows
The membership function parameters and consequence of rules are obtained using an identification method based on the Levenberg-Marquadt algorithm (Lee, Lai and Lin, 2003) combined with the least square method, allow to determine parameters of membership functions () and stiffness coefficient values
, , ,
Using the above approximation idea of nonlinear lateral forces by TS rules and by considering that,
nonlinear model (1) can be represented by the following TS fuzzy model:
If is M1 then
If is M2 then
The output vector of system consist of measurements of lateral acceleration and the yaw rate about center of gravity
The defuzzified output of this T–S fuzzy system is a weighted sum of individual linear models
From the expressions of front and rear forces (4), (5), we note that stiffness coefficients Cfi and Cri are not constant and vary depending on the road adhesion. To take into account these variations, we assume that these coefficients vary as follows:
where di indicates the deviation magnitude of the stiffness coefficient from its nominal value.
After some manipulations, the TS fuzzy model can be written as:
where and represent parametric uncertainties represented as follows
with are matrices uncertain parameters such that, is known real matrix of appropriate dimension that characterizes the structures of uncertainties.
4.2. Output feedback design
TS Fuzzy observer structure
Consider the general case of uncertain T-S fuzzy model (Takagi and Sugeno, 1985):
where is the number of sub-models, is the state vector, is the control input vector, is the output vector, are the ith state matrix, the ith input matrix and the ith output matrix respectively. Vector is the premise variable depending on measurable variables. and are time-varying matrices representing parametric uncertainties in the plant model. These uncertainties are admissibly norm-bounded and structured, defined as
The overall fuzzy observer has the same structure as the TS fuzzy model. It is represented as follows:
where are the constant observer gains to be determined.
TS Fuzzy controller
Like the fuzzy observer, the TS fuzzy controller is represented as follows
where are the constant feedback gains to be determined. We define the error of estimation as
From systems (20), (21) and (22), we have
The augmented system can be expressed as:
The global asymptotic stability of the TS fuzzy model (25) is summarized in the following theorem:
Theorem 1: If there exist symmetric and positive definite matrices and, some matrices and such that the following LMIs are satisfied, then TS fuzzy system (25) is globally asymptotically stable via TS fuzzy controller (21) based on fuzzy observers (20):
withThe controller and the observer are defined as follows
Proof: The proof can be inspired directly from (Chadli & El Hajjaji 2006).
In the case of common input matrix (), the above result is simplified. The new stability conditions are given in the following corollary
Corollary 1: If there exist symmetric and positive definite matrices and, some matrices and such that the following LMI are satisfied, then TS fuzzy system (25) is globally asymptotically stable via TS fuzzy controller (21) based on fuzzy observers (20):
with The controller and the observer gains are as defined in (29).
Proof: The result is obtained directly from theorem 1.
Result of corollary 1 derive directly from the TS fuzzy model (15) (with common input matrix, and). This case leads to four constraints to resolve, whereas the result of theorem 1 leads to six constraints, which means less conservatism.
The derived stability conditions are LMI on synthesis variables and scalars. However the problem to resolve becomes nonlinear in (inequalities (27)-(28)/(30)-(31)). A method allowing the use of numerical tools to solve these constraints is given in the following.Toresolve the obtained BMI (bilinear matrix inequality) conditions using LMI tools (LMI toolbox of Matlab software for example), we propose to solve synthesis conditions (27) (or (30)) sequentially:
First, we solve LMIs (25) and (26) in the variables and,
Once gains have been calculated from (29a), conditions (28) become linear in and can be easily resolved using the LMI tool to determine gains from (29b).
5. FTC strategy
It is important to be able to carry out fault detection and isolation before faults have a drastic effect on the system performance. Even in case of system changes, faults should be detected and isolated. Observer based estimator schemes are used to generate residual signals corresponding to the difference between measured and estimated variables (Chen and Patton, 1999). The residual signals are processed using either deterministic (e.g. using fixed or variable thresholds) (Ding, Schneider, Ding and Rehm, 2005) or stochastic techniques (based upon decision theory) (Chen and Liu, 2000). Here, the first one is used.
The method that we propose is illustrated in figure 2, where it can be seen that the FDI functional block uses two observers, each one is driven by a single sensor output. The failure is detected first, and then the faulty sensor is identified. After that, the state variables are reconstructed from the output of the healthy sensor. The lateral control system enters the degraded mode that guaranteed stability and an acceptable level of performance.
Figure 2 shows the block diagram of the proposed closed system, is the output vector of the system, where denotes the lateral acceleration and is the yaw rate about the center of gravity. Two observer based controllers are designed, one based on the observer that uses the measurement of lateral acceleration and the other one based on the observer that uses the measurement of yaw rate.
AssumptionsLet denote the lth row of matrix (12c.). We assume that are observable, which implies that it is possible to estimate the state through either the first output () or the second one () for the vehicle model (15).
Sensor failures are modeled as additive signals to sensor outputs
For failure of sensor 1
For failure of sensor 2
We also assume that at any time one sensor only fails at the most. This assumption has been implied by the two possible values of.
Observer-based FDI design
If each is observable, then it is possible to construct a TS fuzzy observer for the TS fuzzy model of the vehicle as described in section III.
For observer 1, the state is estimated from the output of the first sensor (). It is given as:
For observer 2, the state is estimated from the output of the second sensor (). It is given as:
where and are the lth rows of matrices and (equations 10) respectively and are the constant observer gains to be determined., and are respectively the state estimation, the lateral acceleration estimation and yaw rate estimation with observer i.
The TS fuzzy controller is represented as follows
With If sensor 2 fails If sensor 1 fails
We define the residual signals as
Note that and are related to observer 1 and and are related to observer 2 with
The FDI scheme developed in this study follows a classical strategy such as the well-established observer based FDI methods (Isermann, 2001; Huang and Tomizuka, 2005; Oudghiri, Chadli and El Hajjaji, 2007). The residual signals are used for the estimation of the model uncertainties and then, for the construction of model uncertainty indicators. The decision bloc is based on the analysis of these residual signals. Indeed faults are detected and then switching operates according to the following scheme:
Detection: if then the fault has occurred where the prescribed threshold is and denotes the Euclidian norm at each time instant.
Switching: if then switch to observer 2. If not switch to observer 1.
Since model uncertainties and sensor noise also contribute to nonzero residual signals under the normal operation, threshold must be large enough to avoid false alarms while small enough to avoid missed alarms. In this paper, we do not further discuss the selection of the thresholds.
To show the effectiveness of the proposed FTC based on bank of observer algorithm, we have carried out some simulations using the vehicle model (1) and MATLAB software. In the design, the vehicle parameters considered are given in table 1. To take account of uncertainties, stiffness coefficients Cfi and Cri are supposed to be varying depending on road adhesion.
with the following uncertainties
We point out that only the yaw rate is directly measurable by a yaw rate sensor (gyroscope), the lateral velocity is unavailable and is estimated using the proposed observer.
By solving the derived stability conditions of theorem 1, the designed controller and observer gains are:
Figure 4 shows the additive signals that represent sensor failures. The first one has been added to sensor 1 output between 2s and 8s, and the second one has been added to sensor 2 output between 10s and 16s.
All the simulations are realized on the nonlinear model given in (1) with vehicle speed 20 m/s. The simulation results are given in figures 5 and 6 with and without the FTC strategy. In figure 5 the law control is based on one observer (observer 2) without using the switching bloc. We can see between 10s and 16s that the vehicle lost its performance just after the yaw rate sensor became faulty.
Figure 6 shows vehicle state variables and their estimated signals, when the law control is based on the bank of two observers with the switch bloc. We can note that the vehicle remains stable despite the presence of faults, which shows the effectiveness of the proposed FTC strategy.
The switching from observer 1 to observer 2 is visualized clearly at t ≈ 8s (figure 7). We notice that switching observers is carried out without loss of control of the system state.
The second simulations are realized to show the importance of the proposed FTC method based on an output fuzzy controller, on the stability of the vehicle dynamics. Simulations propose to show the difference between the vehicle dynamics behaviour with TS fuzzy yaw control based on a fuzzy observer (figure 6) and its behaviour with the linear yaw control based on a linear observer (figure 8). Figure 8 clearly shows that the linear control fails to maintain the stability of the vehicle in presence of sensor faults despite a short magnitude of the additive signal () and also a very low front steering angle. Indeed, we can see that by using the proposed fuzzy yaw control based on a fuzzy observer and the algorithm proposed for detection sensors faults, the results are better than these with linear control.
Using an algorithm based on a bank of two observers, a fault tolerant control has been presented. The vehicle nonlinear model is first represented by an uncertain Takagi-Sugeno fuzzy model. Then, a robust output feedback controller is designed using LMI terms. Based on the designed robust observer-based controller, a fault tolerant control method is utilized. This method uses a technique based on the switching principle, allowing not only to detect sensor failures but also to adapt the control law in order to compensate the effect of the faults by maintaining the stability of the vehicle and the nominal performances. Simulation results show that the proposed FTC strategy based on robust output TS fuzzy controller are better than these with linear control in spite of a short magnitude of the additive signal and very low front steering angle.