版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、Concepts and Methods in Fault-tolerantControlTutorial at American Control Conference, June 2001Mogens Blanke1, Marcel Staroswiecki2 and N. Eva Wu31Oersted-DTU, Department of Automation, Technical University of Denmark,2LAIL-CNRS, EUDIL, University of Lille, France3Deptartment of Electrical Engineeri
2、ng, Binghamton University, NY, USAblankeiau.dtu.dk, marcel.staroswieckiuniv-lille1.fr, Abstractproduction to stop or system malfunction at a plant level.With economic demand for high plant availability, and an increasing awareness about the risks associated with system malfunction
3、, dependability is becoming an essential concern in industrial automation. A cost- effective way to obtain increased dependability in au- tomated systems is to introduce fault-tolerant control (FTC). This is an emerging area in automatic control where several disciplines and system-theoretic issues
4、are combined to obtain a unique functionality. A key issue is that local faults are prevented from developing into failures that can stop production or cause safety hazards.Automation for safety-critical applications, where no failure could be tolerated, requires redundant hardware to facilitate fau
5、lt recovery. Fail-operational systems are made ensitive to any single point component fail- ure. Fail-safe systems make controlled shut-down to a safe state when a sensor measurement indicates a crit- ical fault. In contrast, fault-tolerant control systems, employ redundancy in the plant and its aut
6、omation system to make ”intelligent” software that monitors behavior of components and function blocks. Faults are isolated, and appropriate remedial actions taken to prevent that faults develop into critical failures. The overall FTC strategy is to keep plant availability and accept reduced perform
7、ance when critical faults occur.One way of achieving fault-tolerance is to employ fault diagnosis schemes on-line. A discrete event signal to a supervisor-agent is generated when a fault is de- tected. This, in turn activates accommodation actions 4, which can be pre-determined for each type of crit
8、- ical fault or obtained from real-time analysis and opti- mization.Systematic analysis of fault propagation 1, 6 was shown to be an essential tool for determination of sever- ity of fault effects and for assessment of remedial ac- tions early in the design phase. A semantics for services based on g
9、eneric component models was developed in 35, 15 and a graphic analysis was found to be veryFaults in automated processes will often cause unde- sired reactions and shut-down of a controlled plant, and the consequences could be damage to technical parts of the plant, to personnel or the environment.F
10、ault- tolerant control combines diagnosis with control meth- ods to handle faults in an intelligent way. The aim is to prevent that simple faults develop into serious failure and hence increase plant availability and reduce the risk of safety hazards. Fault-tolerant control merges severaldisciplines
11、 into a common framework to achieve these goals. The desired features are obtained through on-line fault diagnosis, automatic condition assessment and calculation of appropriate remedial actions to avoid certain consequences of a fault. The envelope of the possible remedial actions is very wide. Som
12、etimes, simple re-tuning can suffice. In other cases, accom- modation of the fault could be achieved by replacing a measurement from a faulty sensor by an estimate. In yet other situations, complex reconfiguration or on- line controller redesign is required. This paper gives an overview of recent to
13、ols to analyze and explore struc- ture and other fundamental properties of an automated system such that any inherent redundancy in the con- trolled process can be fully utilized to maintain avail- ability, even though faults may occur. 1.1 Introductioncontroller, can be amplified by the closed-loop
14、 control systems, and faults can develop into malfunction of the loop. The closed-loop control action may hide a fault from being observed. A situation is reached in which a fault eventually develops into a state where loop-failure is inevitable. A control-loop failure will easily cause1The authors
15、wish to acknowledge support from the follow- ing organizations: M. Blanke and M. Staroswiecki obtained sup- port by the European Science Foundation under the COSY net- work grant, N. E. Wu obtained support by the NSF (Grant ECS-9615956), the Xerox Corporation (Grant HE 1321-98), and NASA (Cooperativ
16、e Agreement NCC-1-336)useful. The properties of combined fault diagnosis and control were treated in 29. 36 focus on the use of fault estimation within a reliable control framework, using the definitions given by 39. The methods for re-configuration design are comparatively new within the FTC domain
17、. A few schemes have come into real application. Predetermined design for accommodation was demonstrated for a satellite in 7, and 6. Tech- niques usinglogic inference on qualitative modelswere used in 26 and 27.A related area is the control of discrete-event dynamic systems (DEDS) which have a know
18、n structure with2 Basic DefinitionsAs this is a new engineering field, it is particularly im- portant to define the terminology carefully. A short list is enclosed with the main terms. A longer list can be found in the IFAC - SAFEPROCESS terminology definition 19. In addition to terminology, differe
19、nt control methods should be clearly distinguished. Def- initions are included to specify explicitly what should be understood by the term fault-tolerant control.2.1 TerminologyConstraint: a functional relation between vari- ables and parameters of a system. Constraints may be specified in different
20、 forms, including lin- ear and nonlinear differential equations, and tab- ular relations with logic conditions between vari- ables.Coverage: the conditional probability that the failure of a subsystem that would have otherwise caused the system failure has been detected, iden- tified, and predicted
21、to be recoverable through accommodation or reconfiguration, giventhat the subsystem failure has occurred.Controlled system: a physical plant underconsid- eration with sensors and actuators used for con- trolFail-operational : a system, which is able to oper- ate with no change in objectives or perfo
22、rmance despite of any single failure.Fail-safe: a system, which fails to a state that is considered safe in the particular context.Fault-tolerance: the ability of a controlled sys- tem to maintain control objectives, despite the occurrence of a fault. A degradation of control performance may be acce
23、pted. Fault-tolerance can be obtained through fault accommodation or through system and /or controller reconfigu- ration.Fault-accommodation: change in controller pa- rameters or structure to avoid the consequences of a fault. The input-output between controller and plant is unchanged. The original
24、control ob- jective is achieved although performance may de- grade.Reconfiguration: change in input-output between the controller and plant through change of con- troller structure and parameters. The original control objective is achieved although perfor- mance may degrade.Supervision: the ability
25、to monitor whether con- trol objectives are met. If not, obtain/calculate atreated in 30 and 25. DEDS is a sub-class of FTC, where events are not pre-determined and system struc- ture can change when faults occur.Concerning implementation, a correct and consistent control system analysis should alwa
26、ys be followed by equally correct software implementation. This is par- ticularly relevant for the supervisory parts of an FTC scheme 20. Testing of the FTC elements is difficult since it is difficult to replicate the real conditions under which faults occur. Well planned software architecture and i
27、mplementation are thus crucial issues for FTC implementation. A study of the use of object-oriented programming architectures was described by 24. The FTC area is hence very wide and involves several ar- eas of system theory. One overview 29 emphasized many algorithmic essentials and the role of FDI
28、. An- other 4 presented an engineering view of the means to obtain FTC. Formal definitions were introduced in 3. Analysis of structure was covered in 15, 31, 20. Measures of recoverability were discussed in 14, 15 and 44. Quantitative techniques to assess the relia- bility of FTC implementations was
29、 the subject of 43, 42.This tutorial paper focus on the methodological issues in analysis for FTC. The severity of faults is first ad- dressed through analysis of fault propagation, which provides a list of faults that should be stopped from developing into failure due to the severity of their end e
30、ffects. The possibilities to detect and stop propagation of particular faults are then dealt with. A structural analysis technique is introduced, which uses graph the- ory to determine which redundancy exists in the system and thus shows the possibilities to diagnose and handle particular faults. Th
31、e reliability of fault-tolerant sys- tems is furthermore treated. Next, implementation of a fault-tolerant control scheme is proposed as a layered structure where an autonomous supervisor implements detection and reconfiguration using the necessary logic. The overall development strategy is finally
32、summarized and an example illustrates features of the methods.Robust controlrevised control objective and a new control struc- ture and parameters that make a faulty closed loop system meet the new modified objective. Su- pervision should take effect if faults occur and it is not possible to meet th
33、e original control objec- tive within the fault-tolerant scheme.Structure graph: A bi-partite graph representing the general dynamic equations (constraints) that describe the system. Constraints that are isomor- phic mappings are denoted by double arrows on arcs. Non-isomorphic mappings are indicate
34、d by unidirectional arcs in the graph.Figure 1: Robust control illustrated in the hybrid sys- tem framework. Robust control deals with the estimated uncertainty of the plant parameters 2.2 The control problemA standard control problem is defined by a control ob-jective O, a class of control laws U,
35、and a set of con- straints C. Constraints are functional relations thatdescribe the behavior of a dynamic system. Linear or nonlinear differential equations constitute very useful representations of constraints for many physical sys- tems. Other types of models are necessary in other cases. The cons
36、traints define a structure S and pa- rameters of the system. Solving the control problemmeans to find in U a control law U that satisfies C while achieving O . Some performance indicator J could beassociated with a control objective O. When several solutions exist, the best one is selected according
37、 to J. The control problem is defined as:one pair ( S, ) S to another one (hybrid con- trol). The problem is to achieve O under a sequence of constraints which is defined by . When O itself isdecomposed into a sequence of goals, the problem be-comes with shifting from one quadru- ple (O, S, , U ) O
38、S U to another.Next, consider with uncertain knowl- edge about (S, ). O has to be achieved under con- straints whose structure and parameters are partly orfully unknown, except that (S, ) belongs to S . Let a control objective O and a nominal system (S, ) begiven. Let (S, ) be the actual constraints
39、 and (S, ) the estimated ones. Nominal control obviously solves . When a fault occurs, (S, ) =6 (S , ) and nominal control is no longer suitable. This is a gen-eralization of the robust and adaptive control problems. Both the parameters and the structure of constraints may change when faults occur.D
40、efinition 1 The control problem: Solve the problem .Now suppose that we only know the set to which the ac- tual value belongs, e.g. due to time-varying parameters or uncertainty, the control problem is now to achieve O under constraints whose structure is S and whose pa- rameters belong to a set . T
41、wo solution approaches can be defined: robust control minimizes the discrep- ancy over of the achieved results, while adaptive con- trol first estimates the ”true” parameter .Definition 4 Thefault-tole?rant ?controlproblem: Solve where S, is the set of pos-sible structures and parameters of the fa?u
42、lty s?ystem. Where diagnosis is available, the setS, could beprovided by a diagnosis task.Definition 2 The robust control problem : Solve where stands for a set of possible val- ues.The architecture of a fault-tolerant control system is illustrated in Figure 2. A fault is a discrete event that acts
43、on a system and by that changes some of the prop- erties of the system. The goal of fault-tolerant control is in turn to respond to the occurrence of a fault such that the faulty system still is well behaved. Due to these discrete nature of fault occurrence and reconfigu- ration, FTC systems are hyb
44、rid in nature (14,13). In the Figure, f denotes fault events, a are con- trol events reconfiguring the system and qc the control mode, which selects a control law. The actual physi- cal mode qp of the plant my be viewed as the discrete state of an automaton which is driven by plant inter-The robust
45、control problem is illustrated in Figure 1.Definition 3 The adaptive control problem : Solve where is estimated as part of the adaptation.The next problem extension is whereS stand for a given set of constraint structures. De- fine some deterministic automaton , which shifts fromPlants pControl Desi
46、gnqcqpyx&p = fp (xp , qp ,u) y = hp (xp , qp ,u)xpx& c = fc(xc, q , y)cu = hc(xc, q , y)cuGpthis solution. The choice of a new set of constraints will imply that input-output relations between controller and plant are changed.nal events p, the fault events f and the control eventsa. Many different a
47、pproaches can be used to solve the FTC problem 29. However, robust approaches, which achieve the goal for any pair (S, ) are clearly unrealistic in the general case.The difference between accommodation and reconfigu- ration whether input-output (I/O) between controller and plant is changed. Reconfig
48、uration implies use of different I/O relations between the controller and the system. Switch of the system to a different internal structure, to change its mode of operation, is an exam- ple of such I/O switching. Accommodation does not use such means.DiagnosisSupervisor - automatonGdssaof - faultcP
49、lantsControlpBoth fault accommodation and system reconfiguration strategies may need new control laws in response to faults. They also have to manage transient behavior, which result from the change of control law or change of the constraints structure.Gqcqppyx&f (x ,q ,u)xpx&f (x ,q ,u)cc c cppp py
50、hc(xc,qc,u)y hp (xp,qp,u)uyS It is noted that the set of feasible pairs maydepend on the fault(s). If such a pair does not exist,this means that O can be achieved neither by fault accommodation nor by system reconfiguration. The only possibility is thus to change the objective O.The most general pro
51、blem is defined by the triple where O is a set of possible con-trol objectives. In view of its practical interpretation, is defined as a supervision problem in which the system goal is not pre-defined, but has to bedetermined at each time taking into account the actual system possibilities.A supervi
52、sion problem is thus an FTC problem associ- ated with a decision problem: when faults are such that fault-tolerance cannot be achieved, the system goal it- self has to be changed 33. When far-reaching deci- sions with respect to the system goal have to be taken, human operators are generally involve
53、d.Figure 2: The plant can change in a discrete waythroughchangetates, a plant fault can cause a dis-crete event. Plant architecture can be changedby switch-over functions. Parameters or struc- ture of the controller can be changed by logic in a supervisor automaton. The automaton gets its input from
54、 fault diagnosis.We define two subsets of fault-tolerant control, one is accommodation, the other reconfiguration.Definition 5 Fault accommodation : Solve the control problem where (S, ) is the estimate of the actual constraints, e.g. provided by fault diagnosisalgorithms.The fault(s) can thus be ac
55、commodated if has a solution. If accommodation is not possible, another problem has to be stated, by find- ing a pair (, ) among all feasible pairs S , suchthat has a solution. A pair (, ) is considered feasible if it belongs to the fault-free partsDefinition 7 Supervision: Monitor the triple (O, S,
56、) to determine whether the control objective is achieved. If this is not the case, and the fault tolerant problem does not have a solution, then find a relaxed objective O and a pair (, ) S, such that the relaxed control problem has a solution.of th?e faul?ty system. Fault diagnosis may identify a setS, to give an estimate of the constraints of the faulty system. This is not a necessary prerequisite but the availability of such estimate will improve thepossibility of finding said solution. This procedure is an active approach, the control i
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2024天津旅游度假区土地承包使用权出租协议3篇
- 2024-2030年中国多層押出與切斷機商业计划书
- 2024-2030年中国垃圾焚烧发电行业当前经济形势及投资建议研究报告
- 2024-2030年中国喷雾通风玻璃钢冷却塔项目投资风险分析报告
- 2024年战略合作:全方位市场营销协议3篇
- 2024年度工程欠款结算付款合同3篇
- 2024年度国有企业内部基础设施建设无偿借款合同3篇
- 2024年度健康食品原材料研发与生产合作合同3篇
- 微专题锂离子电池-2024高考化学一轮考点击破
- 马鞍山学院《社会组织与社会治理》2023-2024学年第一学期期末试卷
- 落地式卸料平台技术交底
- 螺旋桨的几何形体及制造工艺
- 舞台机械保养说明
- 市政工程竣工验收资料
- 钢结构围挡工程技术标(共30页)
- 指导培养青年教师计划(历史)
- 《化学实验室安全与环保手册》
- 消防安全网格化管理表格样式
- 高考复习之——诗词鉴赏-景与情关系
- 重庆市高等教育学校收费标准一览表(公办)
- 闪光焊及缺陷
评论
0/150
提交评论