Diagnosis and FTC by Prof. Blanke [pdf] - NTNU

1 

2 

Fault-tolerant Control 

Lecturer 

Mogens Blanke 

Professor II at CeSOS – 

NTNU 

Professor of Automatic 

Control at Ørsted rsted-DTU DTU 

Research interests: 

•Autonomous Control Systems 

•Fault-tolerant and Dependable Control 

•Satellite Attitude Control 

•Marine Control Systems 

•System Modelling and Identification 

•Diesel Engine Control 

Reference for todays lecture: 

M.Blanke, M. Kinnaert, J. Lunze and M. 

Staroswiecki 

Diagnosis and Fault-Tolerant Control 

Springer, June 2003 

• Chr. Rovsing/European Space 

Agency 1974-75: Systems 

Analyst 

• DTU 76-84: Ass + Assoc Prof. 

• Søren T. Lyngsø 85-90, 

Head of Marine Division 

• Aalborg University 

1990-2000 Professor of 

Automatic Control 

• DTU 2000 Professor of 

Automatic Control 

• NTNU 2005 Professor II 

Mogens Blanke – Spring 2006 


1

3 

4 

Scope of lecture – Fault-tolerant Control 

• Fault-tolerant Control in Context 

• Analysis based on System Structure 

• Fault Diagnosis – detection and isolation 

• Fault-tolerant control: 

– Sensor fault, Actuator fault 

• An application 

Fault-tolerant design 


Fault-tolerant systems (and control) 

Created by the need for safety, reliability and availability. 

Touches on fundamental properties of controlled systems and 

the control architectures. 

Draws on results from many areas in automatic control 

Diagnosis 

The essential means to determine whether faults have 

occurred 


2

5 

6 

Structure of Plant + Controller 

The standard 

control problem 

A system with control is a hybrid entity. The system can be 

changed by events, some of which are faults. We may change 

the controller and/or the system by action of a supervisor. 

A Hybrid System 

A bathtub is a hybrid system. 

Dynamic relation between 

input flow q, height h and area A( h) 

are 

1 

ht () 

= qt () 

Ah ( ) 

Holds only until 

the edge is reached: 

ht ( 

) = 0 for h= hedge 


q(t) 

h(t) 


3

7 

8 

A Hybrid System 

Dynamic relation between 

input flow q, height h and area A( h) 

are 

1 

ht ( 

) = qt ( ) for 0 ≤ h< hedge 

Ah ( ) 

ht ( 

) = 0 for h≥ h 

edge 

Relation to Robust and 

Adaptive Control 

q(t) 

h(t) 



4

9 

10 

Fault-tolerant Control 

Fault-tolerance: 

Ability to maintain control 

objectives, despite the 

occurrence of a fault. 

A degradation of control 

performance may be 

accepted. 

Obtained through fault 

accommodation or system 

reconfiguration. 

Standard control problem - example 

Objective: 

Obtain bandwidth > 0.2 rad/s, loop damping > 0.7 


1 

kkb p t 2 

ψ () s = s ψ ref () s 

kb t + h kkb 

1 p t 

1+ 

+ 2 

s s 

ψ () s = 

kkb 

ψ () s 

p t 

2 

s + ( kb t + h1) s+ kpkb t 

Compare with standard form 

ψ () s = 

s 

ω 

s 

ψ ref () s 

2 

b 

2 2 

+ 2ςωb 

+ ωb 

ref 


5

11 

12 

Fault-accommodation or reconfiguration 

Change in controller 

parameters or 

structure to avoid the 

consequences of a 

fault. 

Accommodation: 

Input-output between 

controller and plant is 

unchanged. 

Reconfiguration: 

Input-output between 

controller and plant is 

changed. 

Handling of sensor fault -accommodation 

• Fault handling: a sensor fault (gain is 0.1) accommodated by 

differentiating term in position feedback. 



6

13 

14 

Handling of fault - reconfiguration 

• Fault reconfiguration: a sensor failure in inner loop. 

• Switch to differentiating control when fault is diagnosed 

Handling of sensor fault by output 

estimation 

icom 

power 

drive 

+ 

Speed control 

im 

kt 

kqη 

+ 

Ql 

1 

Itot 

Fault: 

[0.0 1.0] 

kobs 

∫ 

- 

ˆn 

n 

1 

N ∫ 

+ 

+ 

nm 

- 

Position control 

θm X 

+ 

1 

N ∫ 

gear 

kp 

ˆ 

θ 

- 

θ 

+ 


θref 


7

15 

16 

Handling of sensor faults by reconfiguration 

Reconfiguration: Failed sensor 

measurement is replaced by an 

estimate, which is used in the 

feedback loop 

y = − + ˆ 

k (1 S( fk)) yk S( fk) y( fk) 

S is a diagonal matrix S ij=0( 

i ≠ j) 

Skk 

= 1 f ,0 otherwise 

k 

Condition for observer k to exist 

( A,[ c1,.., ck− 1, ck+ 1,.., 

cm] 

) is observable 

where c i is a column of C 

If not fully observable, the unobservable 

subsystem must at least be stable 

Model-matching state-feedback 

O H A B 

O H A B 

 

K 

+ J H A H 2 = J 

E = ? I A @ F I O I J A 

 

4 A @ A I EC A @ 

+ J H A H 

E = ? I A @ F I O I J A 

 

K 

. = K J O 

2 = J 

O 

O 

u 

u 

u 

u 

Plant 

estimator 1 

est(y) | y , y , ... 

2 3 

estimator 2 

est(y) | y 1 , y 3 , ... 

estimator 3 

est(y) | y 1 , y 2 , ... 

y m =[y 1 ,y 2 ,y 3 ] 

y est 

y est 

y est 


The nominal (no fault) system 

in closed state feedback loop: 

xt () 

= ( A- BK) xt () 

yt () = Cxt () 

after the fault occurs, 

xt () 

= Axt f ()- But f () 

yt () = Cfxt () 

with new state feeedback controller: 

xt () 

= ( Af - BK f f ) xt () 

yt () = C x( 

t) 

f 


8

17 

18 

Model-matching state-feedback (2) 

Ideal if we could obtain A- BK = A f - B fK f 

This is only rarely possible (requires redundant actuators). 

Consider the relaxed condition: 

∃K f ⊂{ Kstab} :min( A- BK) − ( A f - B fK f ) ? 

If the pseudo-inverse of B exists 

f 

T 

−1 

T 

BK f f = A f −( A - BK) ⇒ K f = ( B fBf ) B f ( A f − A + BK) 

Example on handling of faults 


• Simple means needed to handle simple control loop 

faults 

• Applied common sense thus far, applied systematic 

common sense, however. 

•More challenge to come, though 


9

19 

20 

The real thing 

By courtesy from C. Thybo 

A stop using the emergency brake subjects the 

structure to large stresses. An x-ray 

certification is required after each emergency 

stop. Graceful degradation pays off - a potential 

application for fault-tolerant control. 

Handling of faults – Induction Motor 

• Accommodation: high 

performance controller that 

needs several sensor inputs 

is replaced (at run time) with 

one that can run with 

remaining sensors but with 

reduced performance 

Stator 

current 

i s 

θ 

i sa 

i sb 

ε 

i sq 

i sd 

ρ 

Rotor 

flux 

ω mr 


Rotor 

angle 

em = z ω ω p m 

Stator axis 

• Flux vector control - high 

performance, measurement needed 


10

21 

22 

Handling of faults - 2 

• Accommodation: high 

performance controller that 

needs several sensor inputs 

is replaced (at run time) with 

one that can run with 

remaining sensors but with 

reduced performance 

ω set 

+ 

Load 

- 

K 

ωactual 

• Scalar control - low 

performance, no sensors 

Induction Motor Fault-tolerant Control 

• Implementation of fault-tolerant control - time to 

reconfigure is crucial. 

• Alternative motor control algorithms are not globally 

stable - large field angle deviations are not allowed. 


• The likelihood of successful reconfiguration is crucial - 

the concept of coverage - reliability issues 

• Coverage = Prob.(System recovers|Fault occurs) 


11

23 

24 

Fault-tolerant steering by wire 

Steering 

input 

system 

Power 

supply 

Computer 

Sensor 

system 

Drive 

system 

Induction 

motor 

• Requirements to electrical 

steering system: 

• Must be able to steer until 

vehical is stopped despite 

any single fault 

Wheel 

Fault-tolerant steering by wire 

Steering 

input 

system 

Power 

supply 

Computer 

Sensor 

system 

Drive 

system 

Induction 

motor 

Wheel 


• Function blocks and 

electrical details: 

• AC motor is driven by 

inverter (3-phase switching) 


12

25 

26 

Properties of possible architectures 

A behaviour is the relation between variables 

(input and output) of a function block: 

c 1: g1( u, y) 

= 0 

3 

example 1: y( t) − 2 u( t) u( t) 

= 0 

⎧dx() 

t 

⎪ =− 2 xt ( ) + 4 ut ( ); x(0) = xo 

example 2: ⎨ dt 

⎩ 

⎪ yt () = xt () −0.01() 

ut 

The 

service offered 

by a function block is to 

provide a behaviour 

between input and output. 

S : g( u , y ) = 0 

1 1 1 1 

Properties of possible architectures 

The behaviour of a system with an 

architecture A is SA 

With the two examples: 

( upper ) 

S = S ∩S ∩S 

A 

1 2 3 

All components must provide the service 

to give the required service from u to y 

( ) 

1 3 

( lower ) ( ft ) 

( d ) 

SA= S1 ∩ S2 ∪S2 ∩S3 

We obtain fault-tolerant behaviour if 

( d ) 

S3 

is fail-operational (can work despite any 

( ft ) 

single fault) and S1 

is fault-tolerant: we obtain 

* 

g(u,y) 1 1 ≈ g(u1,y 1) 

but perhabs degraded 

(lower performance) 



13

27 

28 

A fault-tolerant architecture (patented) 

• Redundant hardware is 

necessary but here is a 

cheap version: split 

power stage in two, 

wind AC motor with 

dual winding. 

The FDI - FTC chain 

• What FDI provides 

• Fault detection 

• Fault isolation 

• Evaluation to get confirmed 

hypothesis 

• Fault estimation 


• What FTC shall do 

• Assess estimated structure 

• Is diagnosis unambiguous, 

– determine faultaccommodation 

action 

• If not, 

– react according to highest 

severity 

– accommodate both/all 

possible scenarios 

• Reconfigure in time 


14

29 

30 

Diagnosis and Fault-tolerant Control 

Chapter 1, pp 1-23 

• Faults and fault-tolerance: 

• A fault is a deviation of the system structure or system 

parameters from the nominal situation (actuator blocks, loss of 

sensor, disconnection of system component) 

• A failure is an event that prevents a system to perform a 

required function. 

• Parameters are alowed to vary within their specified range 

System behaviour 

• System behaviour is a subset of all possible combinations of 

input and output signals. 

Let a static system be 

yt () = kut s () 

The behaviour is the set of all I/O pairs is given by 

B 

= { ( uy , )| y= ku s } 

If the system is dynamic, B⊂ U× Y 



15

31 

32 

System behaviour: normal 

• System behaviour is in 

the green area. 

• Point A represents an 

observation that may 

occur for the given 

system. 

• Point C represents a pair 

that is not consistent 

with system dynamics. 

System behaviour: norman or with a fault 


• A specific fault change 

the behaviour from the 

green to the yellow 

area. 

• If a common input is 

applied to the system, 

the normal and faulty 

cases would respond 

differently: 

e.g. points A and C. 

The normal and the faulty system can be distinguished unless the 

observation is in the intersection (point B) between the behaviours. 


16

33 

34 

Safety versus fault-tolerance 

Safety versus fault-tolerance 

Green region: 

required 

performance 

Yellow region: 

degraded 

performance 

Orange region: 

unacceptable 

performance 


Green region: 

required 

performance 

Yellow region: 

degraded 

performance 

Orange region: 

unacceptable 

performance 

Red region: 

danger 


17

35 

36 

Models of dynamical systems 

• Notation for nonlinear system with faults 

The general, nonlinear case reads: 

dx() t 

= gx ( ( t), u( t), d( t), f( t)), 

x(0) = x0 

dt 

y() t = h( x(), t u(), t d(),()) t f t 

where x is state vector, u is input vector, 

d is disturbance vector and f(t) 

a fault vector. 



We obtain a linar model in a point of operation 

xudf , , , by Taylor expansion around x = x- x 

dx dx dx ∂g∂ ∂ ∂ 

= + = + 

g 

+ 

g 

+ g 

gxudf ( , , , ) x u d+ f, 

dt dt dt ∂x∂u∂d∂f x(0) = x0... 

∂h ∂h ∂h ∂ 

= + = ( , , , ) + + + h 

y y y h x u d f x u d + f 

∂x ∂u ∂d ∂f 

or 

x = Ax + Bu + E + 

xd Fxf y = Cx + Du + E + 

yd Fyf In the sequel, we ommit the x notation and just write x 


18

37 

38 


Linearized system without faults 

The general, linear case reads, for A, BCD , , ... time invariant: 

dx() t 

= Ax() t + Bu() t + Exd(), t x(0) = x0 

dt 

y() t = Cx() t + Du() t + E d() 

t 

Linearized system with additive faults 

y 

dx() t 

= Ax() t + Bu() t + Fxf() t + Exd(), t x(0) = x 

dt 

y() t = Cx() t + Du() t + F f() t + E d() 

t 

y y 

Ship - running example 

δ 

rudder 

angle 

b 

+ 

+ 

∫ 

ω3 

δ 

steering 

characteristic 

wave 

disturbance 

ω3 

f ω 

ωw 

ω3m 

rate 

measurement 

∫ 

f ψ 

0 

ψ 

ψm 

heading 

measurement 

Ship steering. Input is rudder angle. Output is ship’s 

heading. Measured variables are turn rate and 

heading angle. 

+ 

+ 

+ 

+ 

+ 

+ 



19

39 

40 

Model of normal behavior of ship 

3 ( ) 

c1: ω3 = b h1ω3+ h3ω3 + bδ 

c2: 

ψ= ω3+ ω3w 

c3 

: ψm= ψ 

c4: 

ω3m ω3+ ω3w 

c5 

: 

d1 

: 

δm= ψ 

= 

δ 

dψ 

dt 

δ 

d2 

ω3 

= 

dω3 

dt 

rudder 

angle 

b 

+ 

+ 

∫ 

ω3 

δ 

steering 


wave 

disturbance 

Linearized model with sensor faults 

δ 

rudder 

angle 

ω3 = b( δ + h1ω3) 

ψ= ω3+ ω3w 

ψm= ψ + fψ 

linearized at ω3=0 

ω3m = ω3+ ω3w 

+ fω 

δ = δ 

m 

b 

+ 

+ 

∫ 

ω3 

δ 

steering 


ω3 

ω3 

wave 

disturbance 

+ 

+ 

f ω 

ωw 

+ 

ωw 

+ 

+ 

+ 

ω3m 

rate 

measurement 

∫ 

f ψ 

ψ 

ψm 

heading 

measurement 


∫ 

+ 

fω + 

ω3m 

fψ rate 

measurement 

+ 


+ 

ψ 

+ 

ψm 

heading 

measurement 

+ 

20

41 

42 

Example on requirements to diagnosis 

• Requirements for motion control 

• f rate (t) t det < 1deg 

• f angle (t) t det < 5 deg*s 

• Obtained in theory and practice 

• Accommodation of sensor faults on the fly is possible 

Analysis based on structure 



21

43 

44 

Aim and scope 

This is fun 

Design 

Sequence 

Overview 


• We need a tool to cope with complexity of systems 

• Desire: Determine principal properties from the 

structure of a system - without detailed control theory 

calculations 

• Principal questions we have: 

• Can we diagnose a fault ? 

• Can a system recover from a fault? 

• Can we monitor the system? 

• Method: graph based analysis of system structure 


22

45 

46 

Digraph for linear system 

Example 5. 2 

d 

c1: x1 = x1 

dt 

c2 : x1 = ax2 

d 

c3 : x2 = x2 

dt 

c : x = bx + cx + du 

4 2 1 2 

Bipartite graph 

Graph represented as 

incidence matrix: 

u x1 x2 x1 x2 

c1 

0 1 0 1 0 

c2 

0 0 1 1 0 

c3 

0 0 1 0 1 

c 1 1 1 0 1 

4 

Graph represented as the 

incidence matrix: 

u x1 x2 x1 x2 

c1 

0 1 0 1 0 

c2 

0 0 1 1 0 

c3 

0 0 1 0 1 

c 1 1 1 0 1 

4 

Or drawn as a bipartite graph: 

N N N 


N K 

? ? ? ! ? " 

"A simple graph is one with no parallel edges and loops. 

A bipartite graph is a simple graph in which the set of 

vertices can be partitioned into two sets such that every 

edge is between a vertex in C and a vertex in Z: G= ( C, Z, E) 

." 


23

47 

48 

Structure Graph 

Structural analysis 

A graph-based technique where 

principal relations between variables 

express the system’s properties. 

Measured and controlled quantities 

in the system are related to variables 

through functional relations, which 

need not be explicitly stated. The 

user specifies a list of these relations 

that together describe the 

functionality of the system 

considered. A list of such variables 

and functional relations constitute the 

system’s structure graph. 

Control input 

Unknown 

Constraints 

Measured 


Paradigm: A Fault is violation of a Constraint 

Faults 

Normal operation means all 

functional relations are intact for 

the system. Should faults occur, 

one or more functional relations 

cease to be valid. In the structure 

graph, one or more nodes of the 

graph will disappear when a fault 

occurs. 


24

49 

50 

Example 5.3: tank system 

F = H= A JA H H 

D 

K J 

+ JH 

= C HEJD 

O J 

A L A I A I H 

D 

6 = 

G E J 

Single tank system example 5.3 

Tank c 1: h(t) = q i( 

t) − qo( t) 

Input valve c 2 : q() i t = αu() 

t 

Output pipe c 3 : q o( 

t) = k h( t) 

Level sensor c 4 : yt ( ) = ht ( ) 

Control algorithm c 5 : ut ( ) = 

⎧1 

if y( t) < h0 

⎨ 

⎩0 

otherwise 

dh() t 

differential constraint: c6: h( t) 

= 

dt 

F = H= A JA H H 

D 

K J 

+ JH 

= C HEJD 

O J 

A L A I A I H 

G J 

D 


6 = 

G E J 

G J 


25

51 

52 

Single tank system example 5.3 

c 1 : ht () 

= qi() t −qo() 

t 

c 2 : qi( t) = αu( 

t) 

c 3 : qo() t = k h() t 

c 4 : yt () = ht () 

c 5 : 

⎧1 

if y( t) < h0 

ut ( ) = ⎨ 

⎩0 

otherwise 

c6: dh() t 

h( t) 

= 

dt 

c 

c 

c 

c 

c 

c 

1 

2 

3 

4 

5 

6 

u y h h qi q 

0 0 0 1 1 1 

1 0 0 0 1 0 

0 0 1 0 0 1 

0 1 1 0 0 0 

0 0 1 1 0 0 

Ex. 5.3: structure graph of tank system 

c 

c 

c 

c 

c 

c 

1 

2 

3 

4 

5 

6 

u y h h qi q 

0 0 0 1 1 1 

1 0 0 0 1 0 

0 0 1 0 0 1 

0 1 1 0 0 0 

0 0 1 1 0 0 

0 


Every column in the incidence matrix corresponds to a circle vertex. 

Every row corresponds to a bar vertex in the bipartite graph. 

0 


26

53 

54 

Example 5.3: controlled tank 

? 

? 

K 

G E 

D 

? $ 

G 

D 

O 

Structure graph with controller added: c5 

Example 5.3: reduction of graph 

? ! 

? " 

 

D 

H 

? # 


Seperate variables Z into known (K) 

and unknown (X) variables 

Z = K ∪ X. 

Separate C into C = Ck ∪Cx. 

Delete rows with constraints between known variables 

Delete columns with known variables ⇒ 

Decompose graph (C, Z,E) into 

(C ,Q(C )) and (C ,Z) 

k k x 


27

55 

56 

Matching 

Definition 5.1: ( Matching) 

∀e1, e2∈M : e1 ≠e2 ⇒ pC( e1) ≠ pC( e2) ∧ pZ( e1) ≠ pZ( e2) 

Any two edges in M have no common node - neither in Z nor in C. 

Matching on the single tank 

c4→h c6→h c3 → q0 

c2→qi c → zero 

1 

c4→h c6→h c3 → q0 

c1→qi c → zero 

2 

c 

c 

c 

c 

c 

c 

1 

2 

3 

4 

5 

6 


u y h h qi q 

0 0 0 1 1 1 

1 0 0 0 1 0 

0 0 1 0 0 1 

0 1 1 0 0 0 

0 0 1 1 0 0 


0 

28

57 

58 

Non invertible constraints 

= 

N N 

? 

N 

N N 

? 

> ? 

N ? N 

N N 

Matching – the ranking algorithm 

Given: incidence matrix or structure 

graph 

1. Mark all known variables, i = 0. 

2. Find all constraints with exactly one unmarked variable. 

Associate rank i with these constraints. 

Mark these constraints 

and the associated variable. 

3. If there are unmarked constraints whose variables are 

all marked, mark them and connect them with the pseudovariable 

zero. 

4. set i = i+1 

5. if there are unmarked variables or constraints, continue 

with step 2. 

Result: Ranking of the constraints. 

? 

N 



29

59 

60 

Purpose and scope of part 2 

• Matching – a graph method to find the nonlinear 

parity relations that can later be used in diagnosis. 

• Define maximal and complete matching 

• Investigate matching on an oriented graph 

• Discuss causality 

• Dealing with algebraic constraints 

• Dealing with loops in graphs 

Complete matching 


A matching M is a subset of edges such that 

no edge have common node (neither in C nor in X). 

Let M be number of edges 

in M, then M ≤ 

min 

C X 

A matching is complete in 

X if M = X. 

It is complete in C if M = C . 

Figure: One incomplete and 

two complete matchings in X 

for the tank example. 

( , ) 


30

61 

62 

Differential and integral constraints 

(repeat) 

Differential constraint 

dh 

c6: h= 

dt 

Integral constraint 

c : h( t) = h( τ) dτ + h(0) 

6 

t 

∫ 

0 

Obvious assumptions 

(5.2) All constraints in C are compatible 

The constraints provide a solution to the 

behaviour of a physical system. 

(5.3) All constraints in C are independent 



31

63 

64 

Design of Parity Equations (5.6.3) 

Analytic redundancy relation (or parity equations) are 

subgraphs of the structure graph. 

They are formed from unmatched constraints using the 

complete matchings of the unknown variables we make 

on the reduced structure graph of a system. 

SaTool - constraint editor 

input 

Measured 

Unknown 


Create 

constraints 

Constraints 


32

65 

66 

SaTool – A tool for Structural Analysis 

Features 

• Matlab ® based (version 7.0 or later) 

• Graphical representation of structure as a graph 

• Easy point and click manipulation of system structure 

• Matching by ranking 

• Backtracing 

– Recursive algorithm 

Matlab ® is a trademark of the Math Works Inc. USA. 

Results 


• Detectability 

– Which faults can be detected with the found parity relations 

• Isolability 

– Which faults can be isolated with the found parity relations 

• Parity relations 

– Which relations exists 

• Controllability 

– Can I reach the unknown variables from the input variables 


33

67 

68 

Investigate the effect of a structural fault 

• Faults can be modeled by disabling nodes 

– Right click on a node to disable it 

– Perform a new analysis 

– Or analyze consequences of all possible violation of 

constraints 

• The result shows if the 

– system can be reconfigured in case of faults 

– Shows which further faults can be diagnosed for the faulty 

system 

– Showh witch secondary faults can be isolated for the faulty 

system 


• Salient 

feature: 

• Run 

analysis 

on system 

with fault 

• Investigate 

the new 

result 


34

69 

70 

SaTool – A tool for Structural Analysis 

Features 

• Matlab ® based (version 6.5 or later) 

• Graphical representation of structure as a graph 

• Easy point and click manipulation of system structure 

• Matching by ranking 

• Backtracing 

– Recursive algorithm 

Matlab ® is a trademark of the Math Works Inc. USA. 

SaTool 


• SaTool – a rapid prototyping tool now being tested by 

colleagues and industry. 

• A beta version is available (GNU open source), please 

contact mb@oersted.dtu.dk 

• Uploaded to participants 

• Work is in progress in the area of autonomous robotics 

• Also a good subject for your MSc thesis ! 


35

71 

72 

Case: ship station-keeping control 

• Position control is required within a specified circle to 

enable investigation of an unknown object 

• Ship has two shafts and a 

bow thruster for control 

Constraints – forces from actuators 

( ) 

( ) 

( ) 

a1: θ1 

= gpu1 pitch and shaft speed on starboard shaft 

a2 : θ2 

= gpu2 pitch and shaft speed on port shaft 

a3 : n3 = gbu3 angular velocity on bow thruster 

b1: 

y1 = θ1 

measurement of SB pitch and rpm 

b2 

: y2 = θ2 

measurement of port pitch and rpm 

b : y = n 

measurement of BT rpm 

3 3 3 



36

73 

74 

Constraints – forces from actuators 

c 

N =− l c ( θ ) + l c ( θ ) + l c ( n ) torque from actuators 

and wind 

c : T c ( n ) g ( ) total sway force 

c : T c ( ) c ( ) g ( ) total surge force 

1 : 

z y T 1 y T 

N 

+ gw 

( vw) 

2 x b 3 

2 y = b 3 + 

Y 

w vw 

3 x = T θ1 + T θ2 + 

X 

w vw 

Constraints – dynamics and kinematics 

c4: −1⎡Tx⎤ −1 

v= M ⎢ ⎥−A 

( ψ ) vc 

⎣Ty⎦ linear acc. of body 

c5 

: p= A( ψ ) v+ vc 

geographical position 

c6: −1 

ψ = I N angular acc. of body 

d1 

: 

d 

v= v 

dt 

differential 

d2 

: 

d 

p= p 

dt 

differential 

d3 

: 

d d 

ψ = ( ψ) 

dt dt 

double differention 



37

75 

76 

Constraints - measurements 

Variables 

m1 

: vm= v velocity - inertial system 

m2 : h1 

= ψ heading - gyro 1 

m3 : h2 


m4 

: p1 = p position - GPS 1 

m5 


m6 

: cm = vc 

sea current - log&imu 

m : w = v wind - anomometer 

7 

m w 

Seperate variables into known Kand unknown X. 

Seperate known vars. further into input and measured: 

K = Ki ∪ Km 

Unknown : X = 

⎧θ1, θ2, 

n3, 

⎫ 

⎨ ⎬ 

⎩Nz, Ty, Tx, 

ψ , vpv , , c, vw⎭ 

Input : Ki = { u1, u2, u3} 

Measured : Km 

= 

⎧y1, y2, 

y3, 

⎫ 

⎨ ⎬ 

⎩h1, h2, 

vm, p1, p2, cm, wm⎭ 



38

77 

78 

The Constraint Editor in SaTool 

input 

Measured 

Unknown 

Structure Graph 

A graph constists of an 

ordered set of nodes and 

vertices 

Let variables and 

constraints be nodes 

Let vertices show which 

variables are used by 

constraints 

The structure graph is bipartioned: 

a variable is 

always connected to 

constraint(s), a constraint 

always to variable(s) 

Create 

constraints 

Constraints 



39

79 

80 

Matching of a structure graph 

Matching of a structure graph means to relate 

unknown variables to known ones through 

constraints (solve for the unknown variables) 

A matching is complete if all unknown variables are 

matched 

Constraints that are not used by a complete matching 

(unmatched constraints) areusedto test the 

correctness of the solution 

These are parity relations of the problem and are 

used for diagnosis 


Unmatched constraints are parity relations 

• Unmatched 

constraints 

constitute parity 

relations 

• Select one (shown 

by white color) 

• Trace the matching 

backwards (yellow) 

to get an analytic 

expression for the 

parity relation 


40

81 

82 

Parity relations (normal operation) 

Autogenerated 

parity 

relations 

r1 

= a1( u1, b1( y1)) 

r2 

= a2( u2, b2( y2)) 

r3 = a3( u3, b3( y3)) 

r4 

= 

c4( c2( b3( y3), m7( wm 

)), c3( b1( y1), b2( y2),... 

m7( wm)), d1( m1( vm)), m3( h2), m6( 

cm)) 

r5 = c5( m3( h2), m6( cm), d2( m5( p2)), m1( vm)) 

r6 

= 

c6( c1( b1( y1), b2( y2), b3( y3), m7( 

wm 

)) ,... 

d3( m3( h2))) 

r7 = m2( h1, m3( h2)) 

r = m ( p , m ( p )) 

8 4 1 5 2 

Auto-generated parity relations 

Autogenerated 

parity 

relations in 

”clear” 

equation 

language 

8 2 1 


r1 = gp( u1) 

− y1 

r2 = gp( u2) 

−y2 

r3 = gp( u3) − y3 

r4 = 

X 

−1⎡c ( 1) ( 2) 

( ) ⎤ 

T y + cT y + gw wm 

−1 

M ⎢ ⎥−A 

( h2) 

c Y 

⎣ cb( y3) + gw( 

wm) 

⎦ 

d 

− v 

dt 

r5 = 

d 

A( h2) 

vm + cm − p2 

dt 

r6= ⎛− lc( 2 

1 1) + ( 2)... 

⎞ 

− y Ty lc y Ty 

dh2 

I ⎜ ⎟− 

⎜ N 

2 

+ ( 3) 

+ ( ) ⎟ 

⎝ lc x by gwwm 

⎠ dt 

r7 = h2 −h1 

r = p −p 

m m 


41

83 

84 

Properties of nominal system 

a1 

i 

a2 

i 

a3 

i 

b1 

i 

b2 

i 

b3 

i 

c1 

i 

c2 

d 

f1 

c3 

d 

In nominal mode, which faults are detectable, which are isolable ? 

When is it safe to continue operation ? 

Given: One or more faults/failures are present 

Determine: 

Is it safe to continue operation with this/these fault(s) 

present ? 

Are there any critical faults that can not be detected ? 

m 

1 

d 

m 

2 

i 

m 

3 

Could further faults be accommodated ? 

Solution: analysis of the structure graph 

i 

m 

4 

i 

m 

5 

i 

m 

6 

d 

m 

7 

i 

8 



42

85 

86 

Fault means violation of a constraint 

• A fault/failure is a violation of a 

constraint 

m1 

: vm= v velocity - inertial system 

m2 : h1 


m3 : h2 


m4 


m5 


m6 

: cm = vc 

sea current 

- log&imu 

m : w ≠ v wind - anomometer fault 

7 

m w 

Analysis of multiple faults 

• SaTool offers the possibility to disable constraints 

(assume a failure in the constraint) and analyze the 

structure graph of the remaining system 



43

87 

88 

Properties of the faulty system 

A salient feature of SaToo is the ability to analyze the faulty 

system with several simultaneous faults present. 

When f1 and f2 have happened, what if f3 is a fault in a1, a2, a3, .. 

f1 

a3 

f2 

m5 

m6 

m7 

a 

1 

i 

i 

i 

a 

2 

i 

i 

i 

a 

3 

- 

- 

- 

b 

1 

i 

0 

i 

b 

2 

i 

0 

i 

b 

3 

d 

d 

d 

Essentials from the structure graph 

c 

1 

d 

i 

d 

Auto-generated parity relations for diagnosis ! 

Controlability (structural): are unknown variables 

reachable from input variables ? 

Monitorability: are constraints reachable from 

measured variables ? 

c 

2 

d 

d 

d 

f3 

c 

3 

d 

d 

d 

m 

1 

d 

0 

d 

m 

2 

i 

i 

i 

m 

3 

i 

0 

i 

m 

4 

i 

i 

i 

m 

5 

- 

0 

0 

m 

6 

d 

- 

d 

m 

7 

0 

d 

- 

# 

6 

6 

6 


Detectability: does the constraint enter into any of the 

parity relations ? 

Isolability: is there a unique signature in the set of 

parity relations by a particular fault (violation of 

particular constraint) ? 


44

89 

90 

Maritime uses - Naval and Offshore 

Examples from the Danish SF300 class 


Hovering with different shaft configurations 


45

91 

92 

Manual Control 

Summary 


• Fault-tolerant control: detect and isolate a fault and 

handle it by reconfiguring the controller (or the plant) 

• Parity relations are as residual generators used for 

fault detection and isolation 

• Parity relations can be generated through an analysis 

of system structure (structural analysis) 

• Other methods exist to get residual generators 

• Controller redesign is done on-line or off-line 


46

Diagnosis and FTC by Prof. Blanke [pdf] - NTNU

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?