Fault-tolerant Control Motivation Definitions A general overview on the research area. Active Fault Tolerant Control (FTC) FTC- Analysis and Development procedure Supervisor architecture Logic realization Design and development tools Implementation

Fault Tolerant Control Motivation: –Demand for higher autonomy and reliability requires considering all possible situations to guarantee correct and consistent operation Purpose: –Using a logically sound stepwise guideline to achieve Complete coverage of possible single faults. Supportive software tools. Avoiding unnecessary plant modelling. Automatic code generation. Initial Prerequisites: –Initial system concept is established. –Systems requirements are specified: (operating modes and functions, required performance, environmental, safety, or regularity requirements)

Approaches to achieve FTC

FTC development procedure - I

FTC Development procedure - II

Fault Modelling

Failure Mode and Effect Analysis -FMEA FMEA scheme for the Wheel system

FMEA – Other examples FMEA scheme for the GPS

Fault assessment - I Severity Occurrence Index (SO) –Severity Potential harm that fault effect inflicts the system; Severity is quantified by severity scale from 1 to 10. –Occurrence; the frequency of fault occurrence during expected operational time interval; is quantified by by scale from 1 (unlikely to occure) to 10 (persistent failure) –SO index: SO = Severity. Occurrence

Fault Assessment II Severity and Occurrence analysis of the Wheel system

Fault Assessment III Evaluation guidelines and identification of severe failures that need to be handled

Fault Assessment – List of faults Periority assignment to different fault types

Fault Assessment – Causality Analysis Identifying possible causes of failures by backward search through the Wheel system

FMEA analysis and Structural Analysis

Chosen approaches to detailed design (algorithms)

Supervisory Control - Definitions To supervise: To oversee and guide the work or activities of a group of people/system, etc. Supervision: –Monitoring a physical system and taking appropriate actions to maintain the operation in the case of faults –The ability to monitor whether control objectives are met. If not, obtain/calculate a revised control objective and a new control structure and parameters that make a faulty closed-loop system meet the new modified objectives. Supervision should take effect if faults occur and it is not possible to meet the original control objective within the fault-tolerant scheme.

Supervisor Architecture

Logic realization Language approach - a component based method State-event machines Figure- Control system hierarchy consists of four principle components

Constructing the logic - Language approach Fig.1 Fig.2

Constructing the logic - State-event machines

Logic design - Knowledge aquisition

AAUSAT-II example Process starts with defining –Mission objectives Mission modes –Control modes The priority of the modes are established

AAUSAT-II example

Generating the boolean strings for the magnetorquer system The prioritized representation becomes

AAUSAT-II example Building the decision logic for the supervisor Where ’*’ means a chosen logical string The mission is defined by where

AAUSAT-II example The operator involvment can be represented by introducing additional logic

Design Tools and implementaion Tools –Statecharts Hierarchy/depth Concurrency Comunication –Stateflow (Matlab) –Beologic (B&O) Consistency/correctness –Beologic Implementation –IF-THEN rules –Object Oriented structure

Exercise and next lecture Exercise Objectives: »System analysis and knowledge acquisition about faults and their effect on the system operation. »Consider reconfiguration possibilities Next lecture Structural analysis approach: –Monitorable vs. non-monitoravble part of the systems