Networked Fault-Tolerant Control Allocation for Multiple Actuator Failures

This paper proposes intelligent fault-tolerant control technique using network. Not only control commands generated by a controller but also diagnostic data for tolerating failures can be transmitted through network. In this paper, fault-tolerant control allocation method (FTCA) is proposed to tolerate failures in more than one actuator. FTCA is based on a well-known actuator management technique called control allocation (CA). While the conventional CA is used to redistribute actuators optimally, FTCA redistributes actuators to compensate for the performance degradation due to actuator failure. To analyze the effects of faulty actuator, this paper proposes the general model of the faulty system firstly. And then the modified CA for tolerating the effect of failure is proposed.The performance of the proposed FTCAmethod is verified by the numerical simulations with application to F-18 High Alpha Research Vehicle (HARV).


Introduction
Systems, such as aircrafts, spacecrafts, and automotive vehicles, that lead to a catastrophic accident due to failures are called "safety-critical systems." Since these systems require high-level of dependability, redundant actuators are usually adopted.Redundant actuators are considered as back-up systems that activate as main actuators after occurring failure in the primary ones.However, adopting redundant actuators takes disadvantages of fuel-, space-, cost-, and weightinefficiency during normal operation.In contrast to adopting redundant actuators, techniques based on control theory have been proposed for last 30 years: for example, pseudoinverse [1], model reference adaptive control [2], sliding mode control [3], multiple model switching and tuning [4], control allocation [5][6][7][8][9][10], and so forth.The goal of these methods is to provide the feasible control input for a faulty system by reconfiguring a controller.Hence, these methods are defined as fault-tolerant control (FTC) and also called reconfiguration.FTC techniques can be classified into three categories: pole-assignment, multiple model, and allocating actuators.
First, pole-assignment method is to move the pole position from the undesired position due to faulty system dynamics to the position that can keep the normal performance.In a broad sense, pseudoinverse, model reference adaptive control, and sliding mode control are comprised in this method.To design pole-assignment fault-tolerant controller, the stability of the closed-loop control system according to actuator operation range must be considered.Second, in multiple model method, reconfiguration can be achieved by selecting a feasible controller with respect to the faulty system model.So a group of possible faulty system models and their controllers are predesigned.Once failure occurs, multiple model fault-tolerant controller estimates the closest faulty model in the group and then selects the corresponding controller.The main disadvantage of this method is that the number of possible models is increased exponentially in order to tolerate all possible failures.Control allocation is an actuator management technique in overactuated system that has larger number of actuators than the number of states.For normal operation, redundant actuators are used to improve the performance of the system.For example, thrust  The proposed networked fault-tolerant control system [9].
vectoring nozzles are adopted as redundant actuators to achieve high angle-of-attack flight ability in modern aircrafts.These redundant actuators can also provide an opportunity to compensate the effect of failure.This paper modifies the conventional CA to achieve the fault-tolerant ability for failures on several actuators.However, reconfiguration methods shown above must require fast and accurate failure information to tolerate failure.For this reason, fault detection and diagnosis (FDD) technique is generally introduced [11].Ideally, failure can be compensated by FTC using the diagnostic data generated by FDD.However, most of FDD methods have been developed as monitoring/alarm systems in order to achieve safety by providing accurate failure information to users.Although FDD diagnoses health condition accurately, there are some differences between the diagnostic data generated by FDD and the required data for tolerating failure by FTC.These differences make it hard to apply the diagnostic data for faulttoleration [11].
Recent advances in network communication provide opportunities to transmit failure-information data among controllers, actuators, and sensors by interconnecting the control nodes through fieldbus network such as CAN and FlexRay [9,10,12,13].The control system interconnected by network is defined as networked control system (NCS).NCS provides not only the advantages of simplified wiring but also the opportunity to implement more sophisticated control laws such as FTC.Two major research issues have been studied in applying NCS to a real system: one is the stability problem that occurred in network environments such as transmission delay and packet losses among network nodes and the other is to design a sophisticated control architecture including FTC.Actually, the stability problems due to message delay or packet loss can be resolved by adopting a highly reliable and deterministic network such as FlexRay and TTP/C.Recently, more researchers have paid attention to the second issue.Thanks to the enhanced dataexchange ability, NCS can be efficiently used to tolerate failures by exchanging the diagnostic data fast and accurately.For example, Yang et al. proposed the networked faulttolerant control system (NFTCS) architecture using smart actuators [9].In Figure 1, by adopting microprocesses on conventional actuators, smart actuators can achieve the selfdiagnostic and communication abilities for sharing their health conditions.Then the supervisor can analyze the faulty system model and reconfigure the baseline controller that guarantees the stability of the faulty system using the shared health condition data.In this paper, the FTCA method using the transmitted condition data through network is proposed.
This paper is organized as follows.Section 2 analyzes the general dynamic model of the actuator faulty system.Then fault-tolerant control allocation method is proposed in Section 3. In this section, actuator saturation problem due to limited operation range of actuators is also considered.In Section 4, the performance of the proposed FTCA method is evaluated by simulation results with application to the F-18 HARV aircraft.Finally, the concluding remarks followed in Section 5.

General Dynamic Model of Actuator Faulty System
In this section, the general dynamic model of an actuator failure system is analyzed.The condition data provided by smart actuators are used to construct the mathematical model of the faulty system.First, the generalized model of a faulty actuator is proposed.And then it is expanded to the set of several faulty actuators.Finally, the general state-space form of the actuator failure system is proposed at the end of this section.
2.1.Generalized Actuator Failure Model.Bošković and Mehra proposed that the response of faulty actuator can be represented as one of the following four types: lock-in-place (LiP), hardover, float, and loss of effectiveness (LoE) [14].Figure 2 shows the actuator responses of normal and failure cases.
In Figure 2, failure responses are categorized into two types according to the input-output relationship; that is, one is unstable case without any consideration of input commands since faulty actuator stops at one position or diverges to the saturation position like LiP, hardover, and float failures and the other is performance degradation case relative to input commands.In [9], the former one is defined as total failure.From Figure 2, the general position of the th actuator with/without failures can be represented as follows: where the subscript  indicates the th actuator and ⟦ ⋅ ⟧ is the smallest integer greater than or equal to ⋅.And  normal, denotes the expected position of the th actuator if it is normal and   denotes the total failure position if total failure occurs.The quantitative value   in the range of 0 to 1 indicates the performance degradation of the th actuator: if the surface is normal. ( The quantitative value   is provided by the th smart actuator as the condition data; that is, if 50% of LoE failure occurs on the th actuator, then   = 0.5; so   = 0.5 normal, .Similarly, if the th actuator is operated normally, then   = 1; so   =   . Let  be total number of actuators.If failures occurred on  (1 ≤  ≤ ) actuators, then the general dynamics of a group of faulty actuators can be represented as follows: where u normal, denotes the set of expected normal outputs of faulty actuators and u  denotes the total failure positions.And I  is an ( × )-identity matrix.Moreover, Let us denote the responses of the augmented actuators whose entries are sets of faulty actuators u  ∈ R  and normal actuators u  ∈ R − by u = [u   , u   ]  ; then the general responses of actuators can be represented as follows: where In (5), if all actuators are operated normally, then it satisfies the fact that Γ  = I  and ⟦Γ  ⟧ = I  , and in (6), Γ = I  and ⟦Γ⟧ = I  .So u = u normal .From ( 5), failure-information data for generalizing the faulty dynamic model can be represented as the quantitative value   .Each smart actuator diagnoses its health condition by estimating the value   .By transferring this data, faulttolerant controller can accommodate failures occurring on multiple actuators.

General Dynamics of Faulty System.
Let us consider the following dynamical system: where x ∈ R  and u ∈ R  are the state and input vectors, respectively.And B  is the input distribution matrix denoted by And d ∈ R  is the model uncertainty vector of the system.By ( 5), if failures occurred on  (1 ≤  ≤ ) actuators, then the system model can be generalized as follows: where

The Proposed Fault-Tolerant Control Allocation Method
Like modern aircrafts such as the F-18 HARV (High Alpha Research Vehicle) considered in this paper, additional actuators, also called control surfaces, are adopted to achieve high performance by producing additional forces/moments.Redundant actuators also provide opportunities to tolerate failures in actuators by providing additional moments enough to compensate unexpected disturbances generated by faulty actuators.In this section, an additional actuator management method for tolerating actuator failures is proposed by extending a conventional actuator management technique called control allocation (CA).

Fault-Tolerant Control Allocation Problem.
CA is an actuator management technique in overactuated systems.Figure 3 describes the general structure of CA.In this figure, for a virtual-input signal v() ∈ R  generated by the controller, the control allocator generates the corresponding real control input signal u() ∈ R  .For the dynamical system represented in (7) with  ,min ≤   ≤  ,max , suppose that the equivalent system controlled by the virtual input is represented as follows: where B V ∈ R × with  ≤  is a full column rank matrix.
Then the control allocation problem (CAP) can be stated as follows [9,10].

Control Allocation Problem (CAP).
Given a virtual input v(), find the optimal actuator commands u() such that the following equation is satisfied: From (10), the redundant actuator redistribution problem is converted to the problem of finding the optimal inputs.Similar to the CAP, redistribution of redundant actuators for tolerating actuator failures can also be represented as the optimal reconfiguration input problem.For the generalized faulty system (8) and the corresponding virtual-input system (9), the fault-tolerant control allocation problem (FTCAP) can be represented as follows.

Fault-Tolerant Control Allocation Problem (FTCAP).
Given a virtual input v(), find the optimal reconfigurable actuator commands u  () such that the following equation is satisfied: where u min and u max are vectors whose entries are the minimum and the maximum values of each entry of u  (), respectively.The methodology of finding u  () that satisfies (11) is proposed in the following subsection.

The Proposed Reconfiguration Law.
From the FTCAP, the reconfiguration law finds the suitable control inputs corresponding to the virtual inputs generated by the controller.Hence, the reconfiguration law can be designed by adding two inputs: (a) the normal control inputs that satisfy the CAP in (10) and (b) the additional inputs that can tolerate the degraded performance due to failures.The following theorem proposes the method of designing the reconfiguration inputs.
Theorem 1.If a control system has k-faulty actuators, then reconfiguration law u  () can be obtained as follows: where u ∈ R  is the desired control input generated by the conventional CAP and u add ∈ R  is the additional input that satisfies the following condition: where Proof.Using the proposed reconfiguration law in (12), the FTCAP can be analyzed as follows: Substituting ( 13) into (15), the following equation is satisfied: So the degraded performance can be compensated using the proposed fault-tolerant control allocation method.Hence, the control system can maintain the normal operation.
From Theorem 1, the proposed reconfiguration law can efficiently compensate failures on actuators and the system can maintain the performance of normal operation.It is worth noting that pseudoinverse, constraint optimization, and so forth can be used to find the additional input u add, in (13).Moreover, Buffington and Enns proposed the daisy-chain method that overcomes the actuator saturation problem for the conventional CA [17].Since actuators are physically operated in limited range, some actuators cannot reach the desired position.This phenomenon is called actuator saturation.Errors between the actual and the desired actuator positions lead to the performance degradation of the control system.In this paper, the results of the daisy-chain method are modified to compensate failures in the following remark.

Remark 2 (fault-tolerant daisy-chain method
where  1 is the number of actuators in Group 1. Theorem 3.For the generalized faulty system (17), the reconfiguration law u  () can be obtained as follows: where Proof.If the system has -faulty actuators, then the system dynamics can be generalized as (17).Using the reconfiguration law proposed in (18), the faulty actuator term of ( 17) satisfies the following: If the conditions (a) and (b) are satisfied, then the additional inputs try to reduce the errors due to saturated actuators as well as faulty actuators: If it is assumed that ( 22) is satisfied, that is, errors are compensated by redistributing the redundant actuators, then (21) can be represented as follows: So using the fault-tolerant daisy-chain method proposed in ( 18)-( 20), the degraded performance can be compensated.Hence, the control system can maintain the normal operation.

Problem Description.
In this section, the performance of the proposed fault-tolerant control allocation technique is evaluated with application to the F-18 HARV aircraft.Like conventional aircrafts, the F-18 HARV adopts ailerons, stabilators, and rudders as primary control surfaces.Indeed, the aircraft also takes six vanes to produce additional moments by vectoring thrust [15].Hence, the aircraft can overcome stall situation and achieve high angle-of-attack flight ability.The added control surfaces (vanes) also provide an opportunity to improve the fault-tolerance ability that will be evaluated in this section.The structure of the F-18 HARV is described in Figure 4.In this simulation, two failure scenarios are considered: one with 50% of LoE failure on the left aileron at 3.5 sec and LiP failure on the left stabilator at 8 sec and the other with float failure on the left aileron at 3.5 sec and hardover failure on the left stabilator at 8 sec.In both scenarios, the aircraft performs turn reversal maneuver are achieved by rolling the aircraft to 60 deg to the left and then to 60 deg to the right.Since failures break the symmetry of the aircraft, the longitudinal and lateral/directional dynamics are coupled.The linearized model of the aircraft at Mach Mach 0.6 and altitude 30,000 ft is represented as follows [16]: where  is the angle-of-attack (rad) and  is sideslip (rad).And , , and  are roll, pitch, and yaw angular velocities (rad/sec), respectively. denotes the deflections (rad) of control surfaces in the F-18 HARV and the subscripts of  are represented in Table 1.And Table 2 shows the low-order actuator models and constraints.Moreover, in Figure 4, thrust vectoring nozzle deflections can be obtained by combination of vanes circling the edge of engines.In this simulation, the dynamic inversion controller that satisfies the Level 1 flight requirements is designed to achieve the turn reversal maneuver [18,19].Moreover, it is assumed that maximally 5% of random disturbances of deflections of control surfaces are injected as uncertainties.3.5 sec, the turn reversal maneuver performance is a little degraded.However, locking at one position (near −3.5 deg) of the left stabilator due to the LiP failure in 8.0 sec leads to significant degradation of the performance.Since failure on one surface breaks symmetric geometry of the aircraft along with longitudinal axis, it makes the system unstable in longitudinal dynamics (Figure 5(b)).However, using the proposed reconfiguration algorithm, the aircraft can maintain the normal performance.The proposed FTCA method redistributes the redundant actuators in order to compensate the effect of failures on both lateral and longitudinal axes.Figures 6-7 show the deflections of control surfaces in faulty and reconfiguration cases, respectively.In Figure 6, the left aileron is deflected with 50% of degraded performance in 3.5 sec and the left stabilator locks around 10.5 deg in 8 sec.To achieve lateral and longitudinal stability of the faulty aircraft, the deflections of the right stabilator, aileron, and pitch thrust vectoring significantly increased as shown in Figure 7.
Figures 8-10 show the results of the second failure scenario.Similar to the first scenario, the performance of the aircraft is degraded due to the injected float failure on the left aileron in 3.5 sec and hardover failure on the left stabilator in 8.0 sec.In particular, the aircraft starts to diverge in longitudinal axis around 8.0 sec.In contrast to the without reconfiguration case, the aircraft can maintain the normal performance in both lateral and longitudinal axes by applying the proposed FTCA method.The deflections of control surfaces for faulty and reconfiguration cases are shown in Figures 9-10, respectively.In Figure 9, the left aileron locks the equilibrium position (0 deg) in 3.5 sec and the deflection of the left stabilator diverges to the limit position −10.5 deg in 8 sec.Similar to Scenario I, Figure 10 shows that the deflections of the right stabilator, aileron, and pitch thrust vectoring significantly increase to achieve lateral and longitudinal stability of the faulty aircraft.
Hence, by redistributing the redundant control surfaces based on the proposed FTCA, the aircraft can maintain the normal performance without considering the stability of the reconfigured closed-loop system or predesigning all possible failure models.

Concluding Remarks
This paper proposed the networked fault-tolerant control method based on control allocation.Using the transmitted condition data diagnosed by the local devices in network environment, the proposed FTC redistributes the redundant actuators in order to tolerate failures on several actuators.To analyze the effects of actuator failure, this paper proposes the general model of the faulty system firstly.From the general failure model, the effect of failure can be represented by a quantitative value   .And then, using this value, the proposed FTCA method achieved by redistributing the redundant actuators can accommodate failures efficiently.The performance of the proposed method has been evaluated with a modern high performance aircraft.A set of simulation results shows that the proposed method can effectively accommodate the actuator failures.
However, the proposed fault-tolerant control allocation is analyzed for a linearized system.Actually, tolerating faults highly depends on the relationship between faulty states and controllable normal inputs.For future work, the proposed method will be extended for nonlinear systems.Moreover, it is planned to implement in real-time nonlinear systems.

Figure 3 :
Figure 3: The structure of control allocation.

Figure 8 :
Figure 8: The results of the turn reversal maneuver with/without reconfiguration.

Figure 9 :
Figure 9: The deflections of control surfaces without reconfiguration.

Figure 10 :
Figure 10: The deflections of control surfaces with reconfiguration.