Sensor Fault Tolerant Control of a Fast Steering Mirror System Using Adaptive PI-Based Sliding Mode Observer and Hardware Redundancy

The aim of this paper is to present a sensor fault-tolerant control (FTC) scheme for a two-axis fast steering mirror (FSM) system with minimum power consumption and without changing the controller structure. In this paper, an adaptive PI-based sliding mode observer (APISMO) is adopted firstly to estimate the fault signal, which does not require any prior knowledge of the fault. The estimation is then used by the fault isolation logic to identify the fault. The redundant sensor would be powered up to replace the faulty one when faults occur. During the backup sensor booting up, for maintaining the normal performance of the closed-loop system approximately, a fault-free estimation of the position provided by the APISMO is used as feedback signal. Experimental studies on a prototype system show that the proposed APISMO can effectively reconstruct the fault signals even when the two primary position sensors are faulty simultaneously. Meanwhile, the effectiveness and performance of the proposed scheme have been verified.


Introduction
The fast steering mirror (FSM) system is popularly applied in situations that require a precision positioning, such as space telescopes, adaptive optics, and free-space optical (FSO) communications [1][2][3].In most of the applications, the FSM is adopted to steer the optical beam precisely.Extensive researches have been carried out to improve the closed-loop performance of FSM [4][5][6].Most of the control strategies depend on reliable sensor measurements.However, these sensors are usually affected by failures such as offset, drift, and disconnection, which would obviously result in overall performance deterioration.Therefore, it is desirable to develop a sensor FTC scheme for FSM.
To maintain a high level of reliability, the hardware redundancy-based technique has been widely used by the FSM system designed for space application [2,3,7].Because of mass and power constraints, it is still a challenge to design a FTC scheme that provides required reliability with minimum hardware redundancy.In addition, most sensors and actuators have moving parts and life limited components.Another challenge is determining whether the redundant sensors could be kept unpowered and activated only when necessary [8].
Many approaches have been proposed to overcome the aforementioned problems [9][10][11][12][13].Among them, the analytical redundancy method is particularly effective.By developing mathematical model of the system, analytical redundancy approach could generate estimations of the measurable or unmeasured variables.The estimations can be used to replace the redundant hardware sensors or design fault diagnosis (FD) scheme.To design an active FTC scheme, the first step is to implement a FD scheme to monitor the system and isolate the fault.Adaptive observer-based FD and sliding mode observer-based FD are two extensively studied methods [14][15][16][17][18][19].When the faulty physical sensor has been detected and isolated, its measurement would be replaced by the estimation, which is the so-called virtual sensor.A fault reconstruction scheme using sliding mode observer is also given in [18,20,21].FTC scheme in terms of correcting the measured output signals using reconstructed fault signals is considered in [17,21,22].However, neither the virtual sensor nor measurement corrected by reconstructed signal is as accurate as the fault-free physical sensor.FTC schemes with only analytical redundancy would have a degraded performance in case of sensor faults.That is one of the reasons why the advanced analytical redundancy-based FTC methods have not been really accepted by the aerospace endusers [23].
This paper develops a FTC scheme for the FSM by combining the sliding mode observer-based method and hardware redundancy.The proposed method could improve the performance of the FSM system with faulty sensors and make it more acceptable to the end-users.A FSM model is firstly developed.Based on the FSM model, an APISMO building on the work [20] is proposed to reconstruct the sensor faults faithfully.Different from the observer used in [20], the discontinuous switching function used in conventional SMO is replaced with an adaptive PI function [24,25].The proposed APISMO does not require any prior knowledge of the faults.The reconstructed information is then used by the fault isolation logic to identify the fault and power up the redundant sensors.The redundant sensors are kept unpowered in fault-free case, which reduces the power consumption.However, a period of time is required to activate the backup sensors, during which the measurement of the backup is uncertain.In this proposed scheme, a faultfree estimation of the position provided by the APISMO is used as feedback signal to maintain the desired performance during the cold backup booting-up.
From an industrial perspective, the proposed scheme here is easier to be implemented than the conventional SMO.It does not need to know the bounds of the faults and could maintain the desired fault-free performance in failure case.Compared with the FSM using triple modular redundancy (TMR), the proposed scheme could maintain a higher level of reliability with only dual redundancy.Moreover, the redundant sensors are unpowered in fault-free case.Furthermore, the controller structure does not need to be changed in failure case.
This paper is organized as follows.In Section 2, the considered FSM system and its dynamics model are described.Section 3 presents the fault estimation method based on the proposed APISMO.Section 4 introduces the proposed FTC scheme with the hardware redundancy and the fault isolation logic.Experimental results of the proposed scheme are given in Section 5, followed by some concluding remarks in Section 6.

System Description.
A FSM is generally defined as a mirror mounted to a flexure support system and driven by actuators [6].The prototype of a two-axis FSM is shown in Figure 1.It consists of six important components: a mirror assembly, a flexure suspension, a mirror base, voice coil Mirror Proximity probe tip

Voice coil motor
Base Figure 1: Prototype of the fast steering mirror.motors (VCMs), proximity sensors, and drive electronics.Two voice-coils operating in push-pull manner are fixed on the back of the mirror, rotating the mirror about the axis that bisects them.Therefore, two actuator pairs are used to produce two orthogonal rotations (  ,   ).A flexure suspension system is used to support the mirror carrier which holds the mirror.This system allows free rotation about orthogonal and -axes while constraining piston, side-to-side, and rotation about the normal axis [26].

Dynamics Model.
To establish the dynamics model of a two-axis FSM, it is assumed that the motions rotating about the two orthogonal and -axes are decoupling with each other.The -axis motion and -axis motion follow the same working principle.The motions can be equivalently represented by a sketch of spring-mass-dashpot system shown in Figure 2 [27].The dynamics model of the two-axis FSM can be given as where  =  or ; here   is moment of inertia of the mirror rotating about or -axis.Parameters   , ,   ,   , and   represent mass of the voice-coil, the distance between actuator and the axis, deflection angle, damping coefficient, and spring constant, respectively;   is the force constant and   denotes the driving current.The actuator driver receives voltage commands from the controller and converts them to driving current.Its dynamical characteristics satisfy Kirchhoff 's voltage law where   is the voltage and parameters   ,   ,   , and   represent the coil inductance, coil resistance, back electromotive force constant, and the displacement of the coil.
The deflection angle is generally very small; thus the displacement of the coil   can be approximated as a function of the deflection angle   ; that is,   =   .Substituting (2) into (1) yields Rewrite (3) in a state-space form as ] . (5)

APISMO Design and Fault Reconstruction
In order to reconstruct the sensor fault signal, an APISMO based on the dynamics model ( 4) is proposed in this section.For better understanding, the preliminaries and design of the conventional SMO are introduced firstly.

3.1.
Preliminaries.This section introduces the preliminaries for using a SMO to reconstruct sensor faults.Consider the following linear system affected by sensor faults: where  ∈  × ,  ∈  × ,  ∈  × , and  ∈  × .The matrices  and  are full row and column rank, respectively.
The function   () is unknown but bounded sensor fault signal.

Conventional Sliding Mode Observer for Fault Reconstruction.
Considering the new dynamical system in (10), the conventional SMO is constructed as [20] In (11), the discontinuous term V is where   =   X −   is the output estimation error and  0 is a symmetric positive definite (s.p.d.) matrix.The matrices   ,   ,  2 , and  0 will be described later.The scalar  must be upper bound on the faults.It has been proven in [20] that a SMO of the form (11) and ( 12) which is not affected by the fault   () exists if and only if (A1) rank (    ) = , (A2) invariant zeros of (  ,   ,   ) are stable.
Then if the assumptions (A1) and (A2) are satisfied [20], there exists a change of coordinates   =     , in which the new triple (  ,   ,   ) has the following structure: where Considering the structure (13), the observer gains in (11) can be obtained as where   is a stable matrix which is chosen to make (  −     ) stable.The matrix  0 is the unique solution to the Lyapunov equation of   [20].
On condition that the assumptions (A1) and (A2) are satisfied, it could be shown that an ideal sliding motion takes place on the surface (15) in finite time: During the ideal sliding motion,   = 0 and ė  = 0, the discontinuous signal V will take on average a value to compensate for the fault signal while maintaining a sliding motion [20,22].The average quantity can be computed online as where  is a small positive scalar.Consequently, a fault reconstruction signal is For details, see [20,22].
In fact, design of the conventional SMO needs to know the upper bounds of the faults in advance.However, in practice, these bounds are difficult to obtain.Many literatures take an approximate upper estimation of the faults signal as scalar .However, some additional dynamics would be introduced by this method.Moreover, if the fault is larger than the scalar , the conventional method cannot reconstruct the fault properly.

APISMO Design and Fault Reconstruction.
To overcome the problems associated with the conventional SMO, an APISMO building on the conventional SMO is proposed by replacing the saturation function in ( 16) with a continuous term determined by an adaptive PI algorithm.The proposed APISMO has the same structure with the observer in Section 3.2, except that the saturation function is replaced with an adaptive PI function.
The proposed PI function in APISMO takes the sliding surface function  0 as the input.The PI function is defined as where the sliding surface function    =   and   and   are the proportional gain and integral gain.Substitute ( 18) into (11) and take a change of coordinates X = [x 1 x2 ]  =   X .In the new coordinate system, the APISMO can be defined as In the new coordinate system, defining new states  = [ 1 ,  2 ]  =     , then the dynamical system given by (10) has a structure as Define the state vector of the estimation error as By taking the first derivative of (21) and substituting ( 19) and ( 20), we have where   () =  2 () in this situation.
For reconstructing sensor faults properly, the sliding surface  0 in ( 15) must be reachable.The reachability of the sliding surface  0 is determined by the proportional gain   and integral gain   according to the following theorem.
Theorem 1.Under the assumptions (A1) and (A2), for the error system given by ( 22) and ( 23), the sliding mode surface  0 in ( 15) is asymptotically reachable, that is,   → 0 as  → ∞, if and only if   ̸ = 0 and the roots of have negative real parts, where  is the Laplace transform operator.
Proof.Considering that most aerospace systems have selftesting at startup, it is reasonable to assume that there exist no faults at initial time.Therefore,   () has zero initial value and  1 () could have a nonzero initial value, then decomposing  1 () as where  10 (0) ≡  1 (0) is the initial value of The system defined by ( 26) can be regarded as a linear system with three inputs, that is,  10 (0),  11 (), and   ().Then this linear system could be decomposed into three subsystems.Each subsystem takes one of the inputs, that is,  10 (0),  11 (), and   (), as its input while its output being a part of   (), that is,   (),  = 1, 2, 3.For the sliding mode surface  0 in (15) to be asymptotically reachable, that is,   → 0 as  → ∞, the error system (26) must be stable.That is, all the three subsystems must be stable.Following that, each subsystem is examined.
The first subsystem has  11 () as input and  1 () as output.The transfer function can be obtained as It can be seen that the first subsystem ( 27) is asymptotically stable if and only if the roots of (24) have negative real parts and   ̸ = 0.According to the assumptions (A1) and (A2), the matrix  11 is stable, and then  11 (∞) → 0. Applying the final value theorem to  1 () yields It is easy to find that the remaining two subsystems are asymptotically stable if and only if the roots of ( 24) have negative real parts and   ̸ = 0 and Therefore, the error system given by ( 23) or ( 26) is asymptotically stable if and only if the roots of ( 24) have negative real parts and   ̸ = 0. Given the stability condition is satisfied, then That is, the sliding mode surface  0 in ( 15) is asymptotically reachable.
According to Theorem 1, for a given proportional gain   of the APISMO, there exists a nonzero integral gain  *  such that the sliding surface ( 15) is asymptotically reachable; that is, with V PI =     () +  *  ∫   (), the condition Ṡ 0  0 < −| 0 | is satisfied, where  is a positive scalar [25].
Defining the integral gain estimation error as (31) and a Lyapunov function as (32) where  is a positive constant.Taking the first derivative of  yields Substituting ( 23) and ( 31) into (33) results in Thus the adaptive law for   can be obtained as  Finally, the sensor fault can be reconstructed properly by the APISMO as f where the adaptive law for   is where  = 1/.For better understanding, a schematic representation of the proposed APISMO and fault reconstruction is shown in Figure 3.

Fault-Tolerant Control Design
In this section, to improve the performance of the system with only SMO-based FTC scheme, a FTC scheme for FSM is presented by combining the proposed APISMO and the hardware redundancy.Position sensors installed with dual redundancy are used in the proposed FTC scheme.Figure 4 shows the block diagram of the proposed FTC scheme.

Redundancy Design.
At the design stage of the FSM, the sensors were installed with dual redundancy.The redundant sensors are functionally identical to the primary sensors by placing them at symmetrical locations of the primary ones.The placements of the sensors are illustrated in Figure 5.  1 and  2 denote the primary sensor probes;  3 and  4 are redundant ones.Four proximity probe tips are placed at 90 degrees from each other and 45 degrees from each VCM.The distances between each probe tip and the and -axes are equal, which is denoted by .
The proximity sensor system provides an output voltage that is directly proportional to the distance between probe tip and the moving mirror.Since deflection angle of the mirror is generally very small, the output voltage of the proximity sensor system can be used to approximate the deflection angle by the following equation: where  1 ,  2 ,  3 , and  4 are the output voltages of the four sensors and  is the proportional scalar of the sensor.

Fault Isolation Logic.
In order to keep the feedback signal used by controller free from sensor faults, fault isolation logic shown in Figure 6 is adopted.In fault-free case, the reconstructed fault signal in ( 36) is approximately zero.The measurements of the primary sensors are used as feedback signals.If the reconstructed signal exceeds a threshold, the counter Counter FD begins to work simultaneously, which is used to obtain information on how long a threshold has been crossed.If the value of the counter is greater than or equal to  counter-steps, the measurement   is identified to be faulty; a signal would be sent out to power on the redundancy.Since a period of time is required to activate the cold backup sensor, during the cold backup booting up, the measurement of the backup is uncertain.A fault-free estimation of the position provided by the APISMO is used as feedback signal to maintain the desired performance.The counter Counter SW is used to calculate the activation time and send out switch signal.After the backup is activated, the faulty sensor is replaced by the redundant one and the measurement of the redundant sensor is used as feedback signal.

Experimental Results
In this section, to validate the effectiveness of the proposed scheme, a series of experimental studies were conducted on a prototype of the FSM.

Experimental Setup.
The experimental setup of a FSM system is depicted in Figure 7.The tilt of the mirror relative to the fixed base is measured by four proximity sensors placed as in Figure 5.The proximity sensor system provides a measuring range of 2 mm and an output of 20 V/mm.In addition, an embedded computer MICROSPACE PC/104 (from Digital Logic corp.)equipped with a PC/104 expansion board Diamond-MM-16-AT (from Diamond Systems Corp.) offering 12-bit D/A converter and 16-bit A/D converter is adopted to produce excitation voltage signals and acquire

Plant Model Identification.
The mathematical model of the FSM can be identified by using a dynamical signal analyzer.The swept-sine waves applied to the actuators have the amplitude of 0.3 V and frequency range of 1-2000 Hz.The position responses of the steering mirror in two orthogonal directions are recorded using a sampling rate of 5 kHz.With a push-pull pair of actuators driven, the magnitudes of the output displacement in passive axis are 20 dB lower than that in the major axis, which indicates that the two axial motions of the steering mirror are decoupled [28].Transfer function   of the plant rotating about -axis can be identified by using the input-output data sets.
The identified third-order transfer function is In the same way, transfer function   of the plant rotating about -axis can be obtained as The identified models   in (39) and   in (40) and the frequency responses of the FSM obtained from the experimental data are shown in Figure 8.
Comparing (3) with the inverse Laplace transform of (39) and (40) yields the system matrix  and input distribution matrix  of the state-space model ( 4) ] .
(41)  The fault distribution matrix  in ( 7) is defined as  =  2 .In (38), the scale  of the proximity sensors is 20 V/mm.The distance between each probe tip and the rotation axis  is 5.02 cm.Thus, the output matrix  has the form (42)

Reconstruction of Sensor Faults.
In this section, the fault reconstruction performance of the proposed APISMO is verified by being compared with that of the conventional SMO.A conventional SMO is designed firstly.The influence of filter matrix   on the performance of fault estimation system has been investigated in [29].Here, the matrix was chosen as   = 1500 2 .It can be seen that system matrix  given in (41) is stable; therefore, the conditions (A1) and (A2) are satisfied.The design parameters (from ( 14) and ( 16)) were chosen as   = −50 2 and  = 0.1.Assuming that the upper bound of the faults is 0.4 mm, the scalar  was set as  = 8.The positive-definite matrix  0 (from ( 16)) was selected by solving the Lyapunov function of   .The associated gains in (14) were obtained as The associated gains for the APISMO were the same as that in (43).The parameters for the adaptive PI function were chosen as   = 1000 2 ,  -initial =  2 , and  = 0.01.
In the experiments, the two primary sensors were corrupted by the faults illustrated in Figure 9 simultaneously.The system is open-loop system.The value of the fault acting on sensor  1 is smaller than the scalar , whereas the value of the fault acting on sensor  2 is larger than the scalar.It is shown in Figure 10 that the proposed APISMO reconstructs the fault faithfully.In comparison, Figure 11 shows the fault signal reconstructed by the conventional SMO.It can be seen from Figures 10(a) and 11(a) that both methods could obtain a very proper reconstruction when the difference between the fault signal and the scalar  is not significant.However, as shown in Figure 11(b), when the fault signal is larger than the scalar , the conventional SMO cannot reconstruct the fault signal properly.
Figure 12 shows the positions measured by the two primary sensors and the estimated positions provided by APISMO when faults occur.It is observed that, in the presence of faults, the estimated outputs by APISMO are maintaining the accurate values.Consequently, the performance of the control system could be kept approximately by the estimation during the backup booting up.

Fault-Tolerant Control Implementation.
The performance of the proposed FTC scheme is verified by several experimental studies conducted hereinafter.Since the FSM was designed as a decoupled parallelkinematic structure, for the purpose of validating the proposed FTC scheme, only one traditional PI controller has been designed to handle the mirror rotating about -axis.The design parameter for fault isolation was chosen as  = 10 cycles of the counter, equaling 2 ms at 200 s sampling time.This value represents a reasonable compromise between accuracy and short isolation time.The threshold was chosen as 0.1 V, that is, 5 m.The sensor fault acting on  1 is shown in Figure 13(a).For the purpose of comparison, Figure 13(b) shows the position tracking error provided by the traditional PI controller in fault-free case.When fault in Figure 13(a) is

Conclusion
In this paper, a novel FTC scheme for the fast steering mirror system was proposed by integrating an adaptive PIbased sliding mode observer and hardware redundancy.The controller structure did not need to be changed.The proposed scheme adopted an APISMO to reconstruct the fault signal.The advantage of this method is that it does not require any prior knowledge of the faults and has no chattering.The reachability of the sliding surface has been examined.In order to keep the controller free from the sensor faults, fault isolation logic was used to identify the fault and power up the redundant sensor.During the cold backup booting up, the performance of the control system was maintained approximately by estimations of the position provided by the APISMO.Experiments have been conducted to verify the scheme.The experimental results confirmed that FSM system with the proposed FTC scheme could maintain a good tracking despite the presence of the fault.
Since the proposed FTC scheme is easy to be implemented and does not require any prior knowledge of the faults, it can be widely extended to other types of beam control systems.In the experiments, since only the position signal was measured, there was no freedom left to deal with the measurement noises and model uncertainties.Nevertheless, experimental results showed that the effect of the noises and uncertainties on the FTC was not significant.Future works will focus on dealing with measurement noises and model uncertainties.

Figure 2 :
Figure 2: Schematic diagram of FSM in single axis.

Figure 5 :Figure 6 :
Figure 5: The placement of the sensors.

Figure 7 :
Figure 7: Experimental setup of a fast steering mirror system.

Figure 11 :
Figure 11: (a) Fault acting on sensor  1 and its reconstruction by conventional SMO (CSMO).(b) Fault acting on sensor  2 and its reconstruction by conventional SMO (CSMO).

Figure 12 :
Figure 12: (a) Position measured by sensor  1 and the position estimated by APISMO when fault occurs.(b) Position measured by sensor  2 and the position estimated by APISMO when fault occurs.