Aalborg Universitet Design of Integrated Systems for The

View metadata, citation and similar papers at core.ac.uk brought to you by CORE

provided by VBN

Aalborg Universitet

Design of Integrated Systems for the Control and Detection of Actuator/Sensor Faults

Stoustrup, Jakob; Grimble, M.J.; Niemann, H.H.

Published in: Sensor Review

Publication date: 1997

Document Version Tidlig version også kaldet pre-print

Link to publication from Aalborg University

Citation for published version (APA): Stoustrup, J., Grimble, M. J., & Niemann, H. H. (1997). Design of Integrated Systems for the Control and Detection of Actuator/Sensor Faults. Sensor Review, 138-149.

General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.

? Users may download and print one copy of any publication from the public portal for the purpose of private study or research. ? You may not further distribute the material or use it for any profit-making activity or commercial gain ? You may freely distribute the URL identifying the publication in the public portal ? Take down policy If you believe that this document breaches copyright please contact us at [email protected] providing details, and we will remove access to the work immediately and investigate your claim.

Downloaded from vbn.aau.dk on: December 25, 2020 Introduction Research articles In the control of industrial systems, it is rare Design of integrated that a control system functions continuously systems for the control without shutdown throughout the scheduled life cycle of the plant and controller hardware. and detection of Owing to wear of mechanical and electrical actuator/sensor faults components, both actuators and sensors can fail in more or less critical ways. For safety- critical processes, it is of paramount impor- Jakob Stoustrup tance to detect when faults are likely to M.J. Grimble and happen and then to identify these faults as fast as possible once they have occurred. Henrik Niemann To meet such industrial needs, a number of schemes for fault detection and isolation (FDI) have been put forward in the literature on automatic control. Much of the research The authors has dealt with the design of filters which Jakob Stoustrup is a Professor at the Department of monitor a process and generate alarms when Control Engineering, Aalborg University, Fredrik Bajersvej 7, faults have occurred. In most cases, the filters DK-9220 Aalborg East, Denmark. Tel: (45) 9815 8522; are model-based devices which act indepen- Fax: (45) 9815 1739; E-mail: [email protected]. dently of the computer-implemented digital M.J. Grimble is Professor and Director at the Industrial controllers. In this paper, however, the advan- Control Centre, University of Strathclyde, Graham Hills tages of combining the control algorithm and Building, 50 George Street, Glasgow G1 1QE, UK. E-mail: the FDI filter in a single module will be dis- [email protected] cussed, and a relatively simple methodology Henrik Niemann is Associate Professor at the Depart- to design such combined modules will be ment of Automation, Technical University of Denmark, described. Building 326, DK-2800 Lyngby, Denmark. E-mail: It will be shown that a combined module [email protected] will be beneficial in terms of implementation and reliability, but it will also be shown that Abstract the quality of control and the quality of detec- Considers control systems operating under potentially tion will not improve by using the integrated faulty conditions. Discusses the problem of designing a design – compared with the individual designs single unit which not only handles the required control of two components – provided that a good action but also identifies faults occurring in actuators and nominal model is available. This result is sensors. In common practice, units for control and for shown to be very general. A special case using diagnosis are designed separately. Attempts to identify an algebraic Riccati equation approach was situations in which this is a reasonable approach and cases presented in Tyler and Morari (1994). in which the design of each unit should take the other into On the other hand, if the quality of the consideration. Presents a complete characterization for available model is poor, the design of the each case and gives systematic design procedures for both control system and of the diagnosis system the integrated and non-integrated design of control and diagnosis units. Shows how a combined module for has to be undertaken simultaneously in order control and diagnosis can be designed which is able to to improve overall functionality. follow references and reject disturbances robustly, control Useful surveys about early work on FDI the system so that undetected faults do not have disas- can be found in Frank (1990) and Patton et al. trous effects, reduce the number of false alarms and (1989). Many of these techniques are observ- identify which faults have occurred. er-based, such as Magni and Mouyon’s (1991). These methods have since been refined and extended. A more recent work in this line of research is that of Frank and Ding (1994). The original idea of using the infor- mation already available in the “observer” Sensor Review Volume 17 · Number 2 · 1997 · pp. 138–149 part of a controller for diagnostic purposes © MCB University Press · ISSN 0260 2288 was given in Nett et al. (1988). 138 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

Early work on FDI experienced problems z  w c =Gs() d owing to modelling uncertainties. In some     yc uc cases, false alarms were common due to Gs() Gs()w imperfect modelling. This called for issues of =11 12 d    robustness to be incorporated into the FDI Gs21() Gs22() uc design algorithm. Specific robustness solu- CsIA(–)–1 B+ D tions to FDI problems were discussed in =1 111 CsIA(–)–1 B+ D Bokor and Keviczky (1994); Mangoubi et al., 2 121 (1995); Murad et al., (1996); Patton and CsIA(–)–1 B+ D w 1 212 d. Chen (1991); Qiu and Gertler (1993); and –1  (1) CsIA(–)BD+ uc Wang and Wu (1993). All these methods used 2 222 frequency domain techniques in contrast to For the standard problem shown in Figure 1, a controller K(s), making the transfer function Ajbar and Kantor’s (1993), which used l∞ techniques. from wd to zc small, can be found by standard An interesting application of FDI tech- control optimization tools. Popular control niques was presented in works by Blanke et al. design methods that support standard problem optimization comprise: LQG (or ) methods (1995), Jørgensen et al. (1995), Grainger et al. H2 (Zhou et al., 1996), methods (Zhou et (1995) and Garcia et al. (1995), which sug- H∞ al.,1996), L methods (Dahleh and Pearson, gested using a diesel-engine actuator as an 1 1987) and µ methods (Zhou et al., 1996). FDI benchmark problem. Usually, the model G(s) will contain the plant model itself, but it can also contain Problem formulation models of disturbances, measurement noise, time variations, non-linearities and unmod- Figure 1 illustrates a control problem in the elled dynamics. Hence, making the transfer standard system configuration (see, for exam- function from wd to zc small ensures a number ple, Zhou et al. (1996) for an introduction to of performance and robustness properties. the standard configuration paradigm). Here, The everyday operation of such a feedback wd can be thought of as a collection of unde- system depends on reliable actuators and sired signals (disturbances) entering the sensors. However, in most industrial environ- system G(s) or as set-points. The signals yc are ments actuators and sensors can fail. One way the measurements used by the controller K(s), to model this is depicted in Figure 2. generating the control signals uc in order to Here, the measurements used by the con- make the outputs to-be-controlled z suffi- c troller are y = yc + fs rather than yc and the ciently small. controls acting on the plant are uc + fa rather ≡ ≡ The system in Figure 1 can be described in than uc. For example yc + fs 0 or uc + fa 0 either the state space formulation: can represent completely defective sensors or x˙AB Bx actuators, respectively.  12 = For safety-critical processes in particular, zcCD11112 Dwd   faults must be identified and action taken yCD Du c 22122c immediately. Two main paths of action can be or, alternatively, in transfer matrix function taken: either the control design algorithm can form: be modified to tolerate minor errors; or, using

Figure 1 Control system in standard control conﬁguration Figure 2 Control system with actuator and sensor faults

139 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149 an estimator, the faulty signal can be identi- ξξ˙ =+˜˜ + ˜ ABwBu12 ﬁed and action taken by the operator or a =+˜˜ξ + ˜ zC11112 DwDu (3) supervisory system. In most applications, the yC=+˜˜ξ DwDu + ˜ latter would be preferable. 22122 A method is now described which allows for or in transfer function matrix form: either, or both, approaches to be incorporated z wGs˜ () Gs˜ ()w =Gs˜() = 11 12 .  ˜ ˜  into a single design step that also comprises y uGsGs21() 22()u the controller design. This is achieved using a (The explicit formulae are given below.) single module which generates both the con- Using standard control optimization meth- trol action and the fault estimates. ~ ods, a generalized controller u = K (s)y for the To identify individual faults successfully, it diagram shown in Figure 5 can now be com- is essential to have reliable fault models. One puted, which will be able to generate both way to describe fault models is to introduce control signals and fault estimates. frequency weightings on the fault signals: In the following, the solution to the stan-

fa = Wa(s)wa and fs = Ws(s)ws dard problem depicted in Figure 5 will be given, and the interpretation of that solution where wa and ws are signals that are anticipated to have flat power spectra (white noise). These will be discussed. H∞ optimization is well are imaginary signals with the sole purpose of suited to this problem, because this method provides valuable clues to the proper selection generating the frequency-coloured signals fa and fs. The module to be designed should, in Figure 4 Standard model; for integrated control and FDI addition to the control signal uc, also generate a signal containing estimates of potential faults: fˆ u=a. f ˆ fs This situation is depicted in Figure 3. The final step is to define a fault estimation error zf as:  =fa zf–.uf fs Using these signals, a new augmented standard problem can be established as shown in Figure 4. Figure 5 Standard problem for control optimization Defining: xw duz ξ===c =c =+ xa,,,,wwauzyycs f(2) ufzf xsws the following “new” standard problem is obtained in state space form:

Figure 3 Control system with faults and diagnostics

140 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149 of weighting matrices, which is crucial for the Qs() Qs()= q problems considered. However, the main   Qs2() observation, which is a type of separation the following expression is obtained: principle, will hold for any criteria of the Ts()= form: zw ++ Gs11() GsQsGs 12 () 1 () 21 () GsIQsGsWs 12 ()( 1 () 22 ())a ()  ||z || < 1. ||z || < 1  Wsa () c f –()()QsGs221–()()()QsGsWs 222 a 0  subject to bounded sets of disturbances and  GsQsWs12() 1 ()s ()   fault signals. 0 .  –()()QsWs2 s  Wss () 

The nominal case Now, the crucial observation in this expres- Using the partition (1), the following expression is that each of the two rows of the block- sions for the standard problem that is equa- partitioned matrix depends on only one of the ∈ tion (3) (depicted in Figures 4 and 5) can be Qis, i {1, 2}. This has the following two derived: consequences:   (1) Making the closed-loop transfer function  zc  ˜ ˜  z = =˜ w =Gs11() Gs 12() w associated with the control objectives  zf Gs()   y   u GsGs˜ () ˜ ()u y 21 22 small and making the closed-loop transfer     wd Gs() GsWs () ()00 Gs ()   function associated with the FDI objec-  11 12a 12  w Ws()  0  a tives small can be achieved independently. = 0a 0 –I .       ws(2) Optimizing independently eliminates  0 Ws(s)    uc GsGsWs() () () Ws () Gs () 0  some of the conservatism often intro- 21 22as 22 u f duced in optimization methods that ~ Introducing the control law u = K (s)y, the optimize the norm of a transfer matrix following closed-loop formula can be built by stacking transfer matrices corre- obtained: sponding to different criteria. w  z  d  This possibility of a separation principle shall c=   Tszw ()wa  be exploited in the design procedure below. A zf   ws  separation principle similar in spirit to this is described in Stoustrup and Niemann (1997). where –1 Since the upper row partition of T (s) Ts()=+ GsGsKsIGsKsGs˜ () ˜ ()˜()() – ˜ ()˜() ˜ () zw zw 11 12 22 21 depends only on Q (s) and the lower row parti-   1 Gs11() GsWs 12 ()a () 0 tion depends on Q (s), the transfer function T = 2 zw Wsa () 0  0  can be optimized by individually optimizing the  0 Wss () different block terms. Hence, after separating  –1 +Gs12() 0 ˜ ˜ the optimizations for z and z , we are faced with K(()sI() –() G22 () s0 Ks() c f 0 –I the problem of optimizing the following two ()GsGsWsWs21() 22 ()as () (). transfer matrices independently:

++ The transfer matrix G(s) will often be stable (Gs11() GsQsGs 12 () 1 () 21 (), GsIQsGs 12()( 1 () 22 ())(4) owing to inner loops which are included in the WsGas(),12 () sQsWs 1 () ()) standard control model. The following analy- and sis can be carried out for unstable standard   models too, but for simplicity G(s) will be Wsa() –QsGs221 ( ) ( ), –()()(),QsGsWs 222 a assumed stable below. In this case, the YJBK  0 parameterization (Youla et al., 1971) of all   0 . stabilizing controllers can be obtained simply –()()QsWs2 s  (5) Wss()  by making the substitution: –1 The standard control problems correspond- = ˜ ˜ ˜ Qs() Ks()() I – G22() sKs() , ing to equations (4) and (5) are in a form –1 known as the model-matching problem, Ks˜()=+ Qs ()() I G˜ () sQs () . 22 which is a simpler, special case of the so-called Partitioning the control sensitivity function general four-block controlled problem (see, Q(s) as for example, Zhou et al., 1996). 141 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

The standard problem formulation corre- Relationships to the four-parameter sponding to equation (4) is: controller   The four-parameter controller was intro- wd       duced by Nett et al. (1988) in connection with zc Gs11() GsWs 12 ()a ()0 Gs 12 ()  wa   =   (6)  y  GsGsWsWs() () () () 0   w fault detection. The four-parameter controller Q121 22 as  s  uQ1  can be considered as an extension of the two- parameter controller introduced above. where u is the output of the Q (s) partition Q1 1 Let the plant still be given by equation (2). and y is the input to the Q (s) subsystem. Q1 1 The four-degree-of-freedom controller also For equation (5), the associated standard has access to a reference signal t as well as the problem is: measurement signal y, and the controller       wd returns both a control signal u and a diagnos-   Wsa() 0   zf  0   –I w   =    a tic signal a:  0 Wss()    (7)  y    ws Q2GsGsWsWs() () () () 0    21 22 as  u uKKy Q2 =11 12 . aKK21 22t where uQ2 is the output of the Q2(s) partition and yQ2 is the input to the Q2(s) subsystem. The design set-up for the four-parameter con- Given Q1 and Q2, the solution to the standard troller can also be formulated using the stan- problem of equation (3) is: dard system description given in Figure 4. The

  generalized system Gncffp(s) is then given by: ˜Ks1() Ks()=    Ks() GGW11 12a 00 G 12 0 2        Wa 0  0    00–I Gs()=  0 W . (10) where K1(s) and K2(s) – the feedback control ncffp  s  part and the FDI part, respectively – can be GGWW21 22as00 G 22    computed as:  00 0I 00 =+ –1 Ks1() QsI 1 ()( G 22 () sQs 1 ()) (8) As above, assume that the system Gncffp(s) is open-loop stable. Then we can again use the and following parameterization of all stabilizing =+ –1 Ks2() QsIG 2 ()( 22 () sQs 1 ()) controllers: =+ + –1 (9) QsI2()() G 22 () sQsI 1 ()( G 22 () sQs 1 ())   G22 0 –1 = Qs()= Ks ()(– I  Ks ()) QsI2221()(– G () sKs ()).  00 G 0 Ks()=+ Qs ()( I 22 Qs ()).–1 Remark 1 00 It is important to note that the expression that Again, let Q(s) be partitioned as: is equation (8) for K1 does not depend on Q2 but only on Q which is found by an optimiza- QQ 1 Qs()= 11 12 . tion which also does not depend on Q . This   (11) 2 QQ21 22 means that, in this formulation of the problem, Using Q(s), the closed-loop transfer function the control action does not directly depend on T is then given by: the fault estimator dynamics. Still, the regulat- ncffp ing controller can be detuned compared with a ++ GGQGGIQG11 12 11 21 12() 12 22 set-up in which faults are not allowed for, since   Tsncffp() Wa WQGa –21 21  the control design algorithm regards the faults  0  as disturbances and noise (as can be seen from  GQW12 12s GQ 12 12 (12) equation (6)). Where this is not desirable,  0 . some attention must be paid to the weighting ––QW21s Q 22  Ws (13) selection scheme to avoid detuning. Alterna- tively, the optimization problem of equation Again, note that there is a separation. Q11 (4) can be completely reformulated by virtue and Q12 appear only in the ﬁrst row of Tncffp of the separation principle described above. and Q21 and Q22 appear only in the second Equation (9) for K2 depends on Q1. This is row. Based on the Q controller, we can calcu- physically obvious, since the fault detection late the K controller by using equation and isolation ﬁlter has to use the observer part (11).The controller K then takes the follow- of the controller to identify the faults. ing form: 142 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

++––1 1 ∏= QIGQ11()() 22 11 IQG11 22 Q12 1 Ks()=  ~   ––GG GWWG~~ – WW~ QIGQ()–()++––1 Q QIGQ1 GQI 0 21 21 22 a a 22 s s 21 22 11 22 21 22 11 22 12   ~ –1  –  ~ ~ QIGQ()(–)+ IKGQ 0 G12 ––GG11 GWWG12 a a~ =11 22 11 11 22 12 .  21 21 QIGK21(– 22 11 ) Q 22 – QKGQ 21 11 22 12 –1 ~ ~~ ––GG21 11 GWWG21 a a12 As in the previous section, there is a separa-  IGG––~ GWWG~~ tion between control and fault-detection 11 11 12 a a12 objectives. Note that in the implementation,   ×I 0 the pure control part K depends on Q   11 11 0 –G12 only, K depends both on Q and Q , K = 12 11 12 21 ZJZ11 1 depends on Q11 and Q21 and K22 depends on all elements of Q. where Z1(s) is a square matrix which is invert- This four-parameter controller set-up has ible as an element of RH∞, and J1 is a con- been analysed by Nett et al. (1988) in the stant matrix of the form nominal case. The set-up applied in Nett et al. I0 J= (1988) is slightly different from that used in 10–I this paper. The design set-up for the four- with a suitable number of 1s and –1s. J is parameter controller has not been formulated 1 called the signature matrix of ∏ . The in the standard set-up as in Figure 4. One 1 consequence is that the separation in the model-matching problem equation (6) has a controller design does not appear in the para- solution if and only if the following con- meterization used in Nett et al. (1988). A troller is stabilizing: –1 design scheme has been carried out by Nett et   c=––1I 1I QIZ11()0 ()IZ01. al. (1988) based on the so-called single con- 0 0 troller principle roles. (16) Moreover, in that case, all solutions are given by: An H∞ solution to the nominal problem = –1 QYX111 ()17 To obtain explicit design formulae, the criteri-(14) where on of optimization needs to be more speciﬁc.  For a number of purposes, optimization is X1=–1A1 H∞ Z1 a good choice, since it constitutes a ﬂexible Y1B1 loop-shaping tool. and A and B are (free) stable rational matri- By appropriately selecting the weightings, we 1 1 ces, det A1 having all its roots in the open left can assume without loss of generality that we are half complex plane, satisfying: faced with normalized H constraints, in which ~~ ∞ 1 ≥1 case equations (4) and (15) take the form: AA1 BB1. ++ (Gs11() GsQsGs 12 () 1 () 21 (), GsIQsGsWs 12()( 1 () 22 ())a (), Lemma 2 < GsQsWs12() 1 ()s ())1 ∞ Similarly, for equation (7), consider the fol- and lowing J-spectral factorization:

   ~ ~~ Wsa() ––GG21 21 GWWG22 a a 22 – WWs s~ –()(),QsGs221 –()()(),QsGsWs 222a  0     (15) Π = –WWG~~   2  a a 22 0 <   –()()QsWs2s 1 .  Wss()   –WW~ ∞   s s  The only remaining step in devising an algo-  –1 rithm for the computation of the combined ––GWW~~ WW  22 a a s s control and FDI device is to solve the two  =   ZJZ22 2 inequalities of equations (14) and (15), which IWW–a a~0     IWW–~ have the two standard formulations of equa-  0 s s tions (6) and (7). Using polynomial H∞ theory (see Kwakernaak, 1993), the following where Z2(s) is a square matrix which is results are obtained. invertible as an element of RH∞ and J2 is ∏ the signature matrix of 2. The model- Lemma 1 matching problem equation (7) has a solu- Consider the following J-spectral tion if and only if the following controller is factorization: stabilizing: 143 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

 –1 The algorithm was based on a type of c= ––1I 1I QIZ22()0 ()IZ02.(18 ) separation principle which facilitates trans- 0 0 parency in the design process with respect to Moreover, all solutions are given by: the fundamental trade-offs related to diagnos- = –1 QYX222 ()19 ing and controlling a system. Not only have the processes of designing a where: filter and a controller been separated, but also  X2=–1A2 the design criteria. This shows that the con- Z2 Y2B2 troller does not need to be detuned to imple- ment a sound fault detection mechanism. and A2 and B2 are (free) stable rational matri- Moreover, this statement holds for optimiza- ces, det A2 having all its roots in the open left half complex plane, satisfying: tion with respect to any choice of (norm-based) design criteria, formulated as one criterion for AA~~≥ BB. 22 22 the controller and another for the filter. Employing the separation principle described above, and combining lemmas 1 and 2, the main result can be stated. Design of filters for uncertain systems In the previous sections, the interdependence of Theorem 3 the controller and the filter design in the nomi- Consider the set-up depicted in Figure 3 nal case have been examined. It was discovered ~ where K (s) is a combined controller and FDI that a separation exists between controller module. The following two statements are design and filter design. In this section, the way equivalent: in which the presence of uncertainty affects the ~ (1) There exists a transfer matrix K (s) making results will be considered. the transfer function from disturbances to First, consider the standard control config- controlled outputs smaller than 1, and uration in Figure 1 where the system G is a making the transfer function from actua- function of an uncertain block ∆, i.e. G = G(s, tor and sensor faults to the fault estima- ∆). The ∆ block represents the uncertain or tion error smaller than 1. unmodelled part of the system. The uncertain c (2) The controller Q1 given by equation (16) part of the system is normally described as stabilizes the standard problem given by additive model uncertainty given by: =+∆ equation (6) and, likewise, the controller Gs() G0 () s () s c Q2 given by equation (18) stabilizes the or as multiplicative model uncertainty given by: standard problem given by equation (7). =+∆ Gs() G0 ()( s I ()) s Moreover, when these conditions are   K where G (s) is the nominal system (see Sko- satisfied, a possible choice of Ks˜ () = 1 0 K2 gestad and Postlethwaite (1996) for more on is given by (8) and (9) where Qs1() model uncertainties). and Qs2 ( ) are given by (17) and (19), respectively. By including a model uncertainty in the In conclusion, this section has shown how set-up of Figure 1, the standard control con- an algorithm can be used for designing a figuration for robust control as shown in single module which comprises both feedback Figure 6 is obtained. control action and fault diagnosis and isola- The system G0(s) in Figure 6 can be tion. The design method is very flexible. described in either the state space formulation Manipulating weights, the following four or in transfer function form. The state space objectives can be explicitly designed for: description is given by: (1) following references and rejecting distur- x˙ AB B Bx  123 bances robustly; e CD D D d =1111213 . (2) controlling the system so that undetected   zc CD2212223 D D wd faults do not have disastrous effects;   ycCD3313233 D Duc (3) reducing the number of false alarms; (4) identifying which faults have occurred. Let us consider the set-up from Figure 4 and include a model uncertainty. Before the stan- These objectives are discussed in more detail dard set-up for integrated control and FDI for below. systems with model uncertainties are given, a 144 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

Figure 6 Control system in standard control conﬁguration for systems with Figure 7 Generalized set-up for robust control and fault detection with a 2 model uncertainty parameter controller

∆ ∆ compact notation is introduced for the fault Consider Figure 8, where the p and f blocks signals in order to simplify the equations in represent performance specifications for the the rest of this paper. Let the fault signal closed-loop transfer function and performance vector f be given as: for the fault detection signal. Introduction of f such fictitious perturbation blocks is a stan- f=a. µ fs dard device in synthesis to obtain robust Further, the weighted fault signal f is given by: performance (see, for example, Zhou et al.  (1996)). It is assumed that weighting matrices ==Wsa() 0Wa fWswff()   . on the performance specifications in Figure 8 0Wss()Ws are included in the generalized system Grcf(s). By introducing this notation, the set-up from Applying the same technique as in the Figure 4 with model uncertainty is illustrated nominal case by using a parameterization of in Figure 7. the controllers, the following closed-loop It is assumed that ∆ is scaled in such a way transfer function Trcf is obtained: that ||∆||≤1∀ω. Further, ∆ can be structured or unstructured. The transfer function from Figure 8 Generalized set-up for robust control and fault detection with wd to zc defines the performance of the closed- performance specifications represented by fictitious perturbation blocks loop control system, and the transfer function

from wf to zf deﬁnes the performance for the fault detection ﬁlter.

The generalized system Grcf(s) in Figure 7 is given by:  e  d     z w  c = Gs() d  z rcf w  f  f   y  u where:

GG GWG0  ed ewdf ew f eu  GG GWG 0 = zdccdcfc zw zw f zu Gsrcf ()  .  00WIf 0–  (20) GG GWG 0  yd ywdf yw f yu 

In comparison to the system used in “The nominal case” section earlier in the paper, the introduction of the uncertainty block ∆ changes the possible design concepts consid- erably, as will be demonstrated. 145 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

G++ G QG G G QG Figure 9 Generalized set-up for robust control with ed eu11 yd ewdd eu yw =++performance speciﬁcations Trcf Gzd G zu QG11 yd G zw G zu QG yw cc cdc d ––QG QG 22yd yw d GW+ GQGW ewff f eu1 yw f  GWGQGW+..()21 zwcf f zu c1 yw f f WQGW– fywf2f 

At ﬁrst glance, it seems there is again a separation between the two parameters in Q(s).

Q1(s) appear only in the first two rows and Q2 appear only in the last row of Trcf. However, ∆ ∆ ∆ because the feedback loop with , p, and f is considered directly in the design process, there is no separation in this case due to the model uncertainties. This can be seen quite easily by considering a separate design of a robust feedback controller Q1 and a robust fault detection filter Q2 (see below). First, let us consider the design of a robust stabilizing controller followed by a design of a nominal filter. The feedback controller design problem with respect to robust stability is design of a feedback controller is represented represented by the following closed-loop by equation (22), i.e. designed with respect to transfer function: robust stability. The design problem for a filter =+ Tsrsc() G ed GQG eu1 yd . (22 ) with respect to model uncertainty is represent- The design problem is a standard control ed by the following transfer function: optimization problem when ∆ is unstructured. G++ G QG G G QG T +ed eu11 yd ewdd eu yw Otherwise, it is a structured optimization rpf ––QG22yd QG yw problem like a µ design problem. The d + GWew f GQGW eu1 yw f following design of a nominal filter is repre- ff.()25 WQGW– sented by the following closed-loop transfer fyw2ff  function: The filter design problem is also a µ design Ts()=() – QGWQGW – .(23 ) problem owing to the structure in the (partly npf22 ywdf f yw f fictitious) perturbations (see Figure 10). Here, there is again separation between the two designs because Q1 appear only in equation (22) and Q only in equation (23). Figure 10 Generalized set-up for the design of a robust 2 fault detection filter The next design case consists of a design for a feedback controller with respect to robust performance followed by the design of a nominal filter. The design problem for the feedback controller is represented by the following closed-loop transfer function: G++ G QG G G QG  =ed eu11 yd ewdd eu yw Trpc  .(24) G++ G QG G G QG  zdcc zu11 yd zw cd zu c yw d This design problem is a µ design problem owing to the structure in the perturbations (see Figure 9). As expected, only the feedback parameter Q1 appears here. The design of the nominal filter is still given by equation (23); there is also a separation between the two designs. In the last two design cases, the filter is designed with respect to robust performance. In the first case, the 146 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

From equation (25) it can be seen that the Table I The six possible design classes two designs are no longer separated. Both Nominal performance Robust performance controllers appear in the design problem in of filter of filter equation (25). Another way of seeing that the two designs are coupled is to consider the Nominal (1) Separate designs (1) Coupled design – closed-loop transfer function given by: performance Remark 2 =∆ of controller (2) H∞ optimizations – see (2) H∞ (controller) and µ Tszfwf()F u ( T rpf , ) Remark 3 (filter) optimizations =∆ WQGWQGfywfyd––22 f (3) Equations (14) and (15) (3) Equation (14) (H∞ +∆–1 (–(IGed GQG eu1 yd )) optimization) and ().GW+ GQGW equation (25) (find ewff f eu1 yw f Q2 by µ optimization) It is clear from the above equation that in Robust (1) Separate designs (1) Coupled design general the design of Q1 depends on Q2. stability of (2) H∞ optimizations – see (2) µ optimization Generically, it will never be possible to sepa- controller (3) Equations (22) and (23) (3) Equation (25) rate the design of the two controllers owing to Robust (1) Separate designs (1) Coupled design ∆ the feedback with the uncertainty block . performance (2) µ (controller) and H∞ (2) µ optimization The latter design case entails the design of of controller (filter) optimizations – a feedback controller with respect to robust see Remark 3 performance represented by equation (24) (3) Equation (24) (µ (3) Equation (21) followed by the filter design from equation optimizations and (25). Once again there is no separation equation (23) (H∞ between the two designs. optimization) Notes: For each class, item (1) describes whether the design of the controller and filter separates; item (2) specifies the method of opti- Summary of optimal design techniques mization required; and item (3) specifies the relevant equations to be Depending on whether robustness is consid- used for the optimization process ered important in the design of the control loop and of the filter, six classes of design (2) T = transfer function from actuator zcwa methodology can be identified. These classes faults to inferred outputs; are characterized in Table I. (3) T = transfer function from sensor zcws faults to inferred outputs; Remark 2 (4) T = transfer function from external zfwd The entry for the filter’s robust performance disturbances to fault estimation error; subject to the controller’s nominal design (5) T = transfer function from actuator zfwa presumes that the control loop will actually be faults to fault estimation error; stable, since the filter cannot stabilize an (6) T = transfer function from sensor zfws unstable control loop. Moreover, in this case, faults to fault estimation error. no optimization method exists that directly handles the coupling and gives the controller The essential instrument for creating a well- and filter in one design step. The suggested functioning module for control action, fault method is a reasonable sub-optimal approach. detection and isolation is an optimization algorithm which makes these transfer func- Remark 3 tions small and trades off the individual func- The H∞ optimization for filter designs listed tions by careful weighting selections. ∆ Making each of the six transfer functions in Table I is based on an assumption that f is ∆ small has its own (important) interpretation: unstructured. More realistically, f will have a (1) making ||T ||∞ small implies good block diagonal structure, corresponding to zcwd individual faults. It is straightforward to disturbance rejection and robustness, i.e. incorporate this into the design procedure. the original control objectives are Solving the H∞ problem depicted in Figure achieved; (2) making ||T ||∞ and ||T ||∞ small 5 implies making six transfer functions small zcwa zcws owing to the definitions (2) of w and z. These implies that undetected faults do not six transfer functions are: cause disasters; (1) T = transfer function from external (3) making ||T ||∞ small implies that zcwd zfwd disturbances to inferred outputs; disturbances are not readily interpreted as 147 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

faults, i.e. the risk of false alarms is Remark 4 reduced; It should be noted that fixed weightings for (4) making ||T ||∞ and ||T ||∞ small external disturbances have been considered in zfwa zfws this paper (in fact, they have been assumed to implies that uf becomes a sound estimate of potential actuator and sensor faults. be absorbed in the original standard formulation). This is a reasonable point of view for From the results in this paper, not only is it systems in which the frequency spectrum of clear that objective (1) has to be traded off external disturbances is quite well known. against objective (2), and that objective (3) However, it should be mentioned that some has to be traded-off against objective (4), but researchers also like to consider disturbance also the design process does not involve a weightings as design parameters, such that the trade-off between the two pairs of objectives, bandwidth of the system is optimized indi- once the standard model in equation (1) has rectly. In this case, the decoupling results for been specified. the nominal case are misleading, since there In order not to complicate the explanation, has to be a trade-off between these weightings the control weights related to control perfor- and those of the faults. mance and control robustness have not been explicitly included, but they are, of course, Conclusions present in terms of the original standard problem formulation depicted in Figure 1. It The integration of feedback controller and is evident that the choice of the original sys- fault-detection filter design has been consid- tem’s internal weightings is very significant in ered for systems with and without model determining the overall performance of the uncertainties. It has been found that the combined control and FDI module. design of the feedback controller and the fault In order for the optimization in Theorem 3 detection filter can be separated in the nomi- to give a useful result, it is of great importance to nal case. In the uncertain case, however, an choose the weightings associated with the origi- optimal solution cannot be obtained by separate robust controller and robust filter designs. nal standard problem, with the actuator faults In spite of the separation in the nominal and with the sensor faults, so that all these case, the integrated design of both the feedback weightings are separated in a frequency range. controller and the fault detection filter is still a Choosing large weights for the disturbance sound option, because it is possible to use the models means that the design algorithm same observer for both the feedback controller allows for disturbance rejection and control and the filter. This has been carried out by robustness. Alternatively, choosing large Kilsgaard et al. (1996), where a fourth-order weights for the actuator- and sensor-fault SIMO system has been considered and an H∞ models means that the quality of the fault design based on LMI has been undertaken. estimates is emphasized in the design algo- The result was an integrated feedback con- rithm, which ensures that very few faults are troller and a fault detection filter of order one. undetected. In the uncertain case, it is essential to trade- As mentioned in Remark 1, the faults are off control performance, the effects of unde- considered to be disturbances in the control tected faults, the risk of false alarms and quali- sub-problem (6) and, dually, the disturbances ty of fault detection carefully. In most cases, are implicitly represented in the detection sub- this probably requires µ synthesis methods. problem (7) in terms of the standard problem parameters. There is no principal limitation in References the design method suggested in this paper which forbids two different standard problems Ajbar, H. and Kantor, J.C. (1993), “An l∞ approach to robust with different internal weightings to be applied control and fault detection”, Proceedings of the to the control design sub-problem (6) and the American Control Conference, San Francisco, CA, pp. 3197-201. FDI design sub-problem (7); nevertheless, this Blanke, M., Bøgh, S.A., Jørgensen, R.B. and Patton, R.J. would complicate the design process and the (1995), “Fault detection for a diesel engine actuator weightings would have to be well motivated by – a benchmark for FDI”, Control Engineering the specific application. Practice, Vol. 3, pp. 1731-40. 148 Systems for the control and detection of actuator/sensor faults Sensor Review Jakob Stoustrup, M.J. Grimble and Henrik Niemann Volume 17 · Number 2 · 1997 · 138–149

Bokor, E.A.J. and Keviczky, L. (1994), “A H∞ ﬁltering Murad, G.A., Postlethwaite, I. and Gu, D-W. (1996),“ A approach to robust detection of failures in dynami- robust design approach to integrated controls and cal systems”, Proceedings of the 33rd Conference on diagnostics”, Proceedings of the 13th World Con- Decision and Control, Lake Buena Vista, FL, gress of IFAC, Vol. N, San Francisco, CA, pp. 199-204. pp. 3037-9. Nett, C.N., Jacobson, C.A. and Miller, A.T. (1988), “An Dahleh, M.A. and Pearson, J.B. (1987), “L1-optimal integrated approach to controls and diagnostics: the feedback controllers for continuous-time systems”, 4-parameter controller”, Proceedings of the Ameri- IEEE Transactions on Automatic Control, Vol. 32 can Control Conference, pp. 824-35. No. 10, pp. 889-95. Patton, R.J. and Chen, J. (1991), “Robust fault detection Frank, P.M. (1990), “Fault diagnosis in dynamic systems using eigenstructure assignment: a tutorial consid- using analytic and knowledge-based redundancy – a eration and some new results”, Proceedings of the survey and some new results”, Automatica, Vol. 26, 30th Conference on Decision and Control, Brighton, pp. 459-74. pp. 2242-7. Frank, P.M. and Ding, X. (1994), “Frequency domain Patton, R., Frank, P. and Clark, R. (1989), Fault Diagnosis in approach to optimally robust residual generation Dynamic Systems – Theory and Application, Pren- and evaluation for model-based fault diagnosis”, tice-Hall, Englewood Cliffs, NJ. Automatica, Vol. 30, pp. 789-804. Qiu, Z. and Gertler, J. (1993), “Robust FDI systems and H∞ Garcia, E.A., Køppen-Seliger, B. and Frank, P.M. (1995), “A optimization”, Proceedings of the 32nd Conference frequency domain approach to residual generation on Decision and Control, San Antonio, TX, for the industrial actuator benchmark”, Control pp. 1710-5. Engineering Practice, Vol. 3, pp. 1747-50. Skogestad, S. and Postlethwaite, I. (1996), Multivariable Grainger, R.W., Holst, J., Isaksson, A.J. and Ninness, B.M. Feedback Control – Analysis and Design, Wiley, New (1995), “A parametric statistical approach to FDI for York, NY. the industrial actuator benchmark”, Control Engi- neering Practice, Vol. 3, pp. 1757-62. Stoustrup, J. and Niemann, H.H. (1997), “Multi objective control for multivariable systems with mixed Jørgensen, R.B., Patton, R.J. and Chen, J. (1995), “An eigenstructure assignment approach to FDI for the sensitivity speciﬁcations”, International Journal of industrial actuator benchmark test”, Control Control (forthcoming). Engineering Practice, Vol. 3, pp. 1751-6. Tyler, M.L. and Morari, M. (1994), “Optimal and robust Kilsgaard, S., Rank, M.L., Niemann, H.H. and Stoustrup, J. design of integrated control and diagnostic mod- (1996), “Simultaneous design of controller and fault ules”, Proceedings of the American Control Confer- detector”, Proceedings of the 35th IEEE Conference ence, Baltimore, MD, pp. 2060-4. on Decision and Control, Kobe, Japan. Wang, Y.Y. and Wu, N.E. (1993), “An approach to configuration of robust control systems for robust failure Kwakernaak, H. (1993), “Robust control and H∞-optimization”, Automatica, Vol. 29 No. 2, pp. 255-73. detection”, Proceedings of the 32nd Conference on Decision and Control, San Antonio, TX, Magni, J.F. and Mouyon, P. (1991), “A generalized pp. 1704-9. approach to observers for fault diagnosis”, Proceed- ings of the 30th Conference on Decision and Con- Youla, D.C., Jabr, H.A. and Bongiorno, J.J. (1971), “Modern trol, Brighton, pp. 2236-41. Wiener-Hopf design of optimal controllers, part II”, Mangoubi, R.S., Appleby, B.D., Verghese, G.C. and Van- IEEE Transactions on Automatic Control, Vol. 21, derVelde, W.E. (1995), “A robust failure detection pp. 319-38. and isolation algorithm”, Proceedings of the 34th Zhou, K., Doyle, J.C. and Glover, K. (1996), Robust and Conference on Decision and Control, New Orleans, Optimal Control, Prentice-Hall, Englewood Cliffs, LA, pp. 2377-82. NJ.

149