Content uploaded by Robert Fonod
Author content
All content in this area was uploaded by Robert Fonod on Oct 18, 2017
Content may be subject to copyright.
A Class of Nonlinear Unknown Input Observer for
Fault Diagnosis: Application to Fault Tolerant
Control of an Autonomous Spacecraft
Robert Fonod∗,DavidHenry
∗, Catherine Charbonnel†and Eric Bornschlegl‡
∗Université de Bordeaux, IMS UMR CNRS 5218, Automatic Control Group, Talence, France
†Thales Alenia Space, RT/SO Research Department, Cannes la Bocca, France
‡European Space Agency, ESTEC, TEC-ECN, Noordwijk, Netherlands
∗Contact: {robert.fonod, david.henry}@ims-bordeaux.fr
Abstract—In this paper, the problem of Nonlinear Unknown
Input Observer (NUIO) based Fault Detection and Isolation
(FDI) scheme design for a class of nonlinear Lipschitz systems
is studied. The proposed FDI method is applied to detect, isolate
and accommodate thruster faults of an autonomous spacecraft
involved in the rendezvous phase of the Mars Sample Return
(MSR) mission. Considered fault scenarios represent fully closed
thruster and thruster efficiency loss. The FDI scheme consists
of a bank of NUIOs with adjustable error dynamics, a robust
fault detector that is based on judiciously chosen frame and an
isolation logic. The bank of observers is in charge of confining
the fault to a subset of possible faults and the isolation logic
makes the final decision about the faulty thruster index. Finally,
a thruster fault is accommodated by re-allocating the desired
forces and torques among the remaining healthy thrusters and
closing the associated thruster valve. Monte Carlo results from
"high-fidelity" MSR industrial simulator demonstrate that the
proposed fault tolerant strategy is able to accommodate thruster
faults that may have effect on the final rendezvous criteria.
I. INTRODUCTION
In the recent decades, due to the increased complexity, as
well as, the need for reliability, safety, and efficient opera-
tion, a great deal of attention has been paid to the subject
of Fault/Failure Detection Isolation and Recovery (FDIR) in
space systems, see for instance [1], [2]. Literature reports
that conventional FDIR approaches suffer from significant
shortcomings, like increased mass and system complexity,
often missing on-board isolation of the faults, ground inter-
vention is not always possible due to large communication
delays or visibility issues, and knowledge about the operational
capabilities of the system is not present on-board. Existing
FDIR techniques used in space systems are industrially well
mastered but may be not sufficient in some cases, e.g. when a
dynamic deviation in critical/proximity space operation could
possibly lead to mission loss. This fact motivates the European
Space Agency (ESA) to lead studies for the development of
fully autonomous on-board solutions that shall cope with all
the possible faults, that may occur and endanger mission.
Advanced Fault Detection and Isolation (FDI) approaches
should be specifically developed to safely conjugate the nec-
essary robustness/stability of the spacecraft control, trajectory
dynamics and the vehicle nominal performance. In order to
ensure the normal operation, real-time fault detection and
isolation is necessary to provide information for the spacecraft
to accommodate the fault in time. The presented work is
a result of a research collaboration between ESA, Thales
Alenia Space and IMS Laboratory with the aim of promoting
Fault-Tolerant Control (FTC) strategies to advance spacecraft
autonomy. The application concerns the rendezvous phase of
the Mars Sample Return (MSR) mission. The goal of the
mission is to return samples from Mars to the Earth for analysis
(see [3] for more details about this mission). It is obvious,
that the rendezvous phase can be in danger, if thruster fault
occurs. The Guidance, Navigation and Control (GNC) system
may not compensate, e.g. J2 disturbances and/or may lose
attitude and/or position of the sample container (target). The
problem becomes highly critical during the last 20 meters of
the rendezvous phase. During this phase, the chaser spacecraft
must be correctly positioned in the approach corridor in order
to successfully capture the target, as well, as the chaser’s
attitude need to be maintained in the sensors’ field of view.
Growing interest for potential applications of model-based
FDI algorithms in spacecraft systems is demonstrated by recent
publications, see e.g. [4]–[7]. In terms of FTC techniques, the
interested reader may refer to the excellent bibliographical
review of Zhang and Jiang [8], who explain the existing
approaches on this topic. A special class of observer based FDI
approaches is the so-called Unknown Input Observer (UIO).
Under certain conditions, UIO is able to estimate the state,
when exogenous unknown inputs are present in the system.
This property may be sometimes very useful for FDI scheme
design. Linear UIO algorithms [9], [10] are extended for
various classes of nonlinear systems in [11]–[13]. In [12],
H∞optimization based Nonlinear Unknown Input Observer
(NUIO) design is presented. The observer is called dynamic
UIO which offers an extra degree of design freedom, but
increases the system’s order. In [13], a NUIO is presented for
a class of nonlinear systems. The design procedure is based
on Linear Matrix Inequalities (LMIs).
In this paper, we consider a NUIO based FDI scheme
design problem for a class of nonlinear Lipschitz systems.
We extend the results presented in [14] by constraining the
observer error dynamics in a prescribed LMI region. The
observer synthesis is achieved by solving a LMI feasibility
problem together with a pole assignment in LMI regions. Thus,
a bank of NUIOs can be designed such that the error dynamics
of each NUIO is easily tunable. This bank is used to identify a
subset of thrusters that are most likely faulty. Blocked-closed
and loss of efficiency thruster faults are considered. Once a
fault is isolated, the remaining N−1healthy thrusters are used
to control the spacecraft. This fault accommodation strategy is
achieved by control re-allocation technique. By this, the nom-
inal (in-placed and certified) control laws remain unchanged
which is a prior condition from an industrial perspective.
13
2
2014 UKACC International Conference on Control
9th - 11th July 2014, Loughborough, U.K
9
978-1-4799-5011-9/14/$31.00 ©2014 IEEE
II. PRELIMINARIES:LMIREGIONS
Chilali and Gahinet [15] showed, that a convex set that
represents the desired constraints on the eigenvalues of a real
matrix can be expressed as LMIs. We recall here the definition
of an LMI region and the pole placement LMI constraints.
Definition 1 (LMI region [15]): A subset Dof the com-
plex plane is called an LMI region if there exist two symmetric
matrices α=[αkl ]∈Rp×pand β=[βkl ]∈Rp×p, such that
D={z∈C:fD(z)=α+βz+βT¯z<0}(1)
where fD(z)is called the characteristic function.
Theorem 1: Eigenvalues of a real matrix Xlie in D,if
and only if there exists a symmetric positive definite matrix
P>0, such that
α⊗P+β⊗(AP )+βT⊗(AP )T<0(2)
where ⊗stands for the Kronecker product of two matrices.
Examples of LMI regions from definition 1 are:
•Left-half plane delimited by a vertical line −a,a>0
fD(z)=z+¯z+2a(3)
•Disk with center at (−q, 0) and radius rwith q>0
fD(z)=−rq+z
q+¯z−r(4)
•Conic region with center at the origin and with inner
angle 0<θ<π/2pointing left
fD(z)=sin θ(z+¯z)cosθ(z−¯z)
cos θ(z−¯z)sinθ(z+¯z)(5)
LMIs can be easily obtained from (3)-(5) using Theorem 1.
III. NONLINEAR UNKNOWN INPUT OBSERVER
A. Problem statement
Let us consider the following nonlinear system given by
˙
x(t)=Ax(t)+Bu(t)+f(x(t)) + Ed(t)(6)
y(t)=Cx(t)(7)
where x∈Rnstands for the state vector, y∈Rnmis the
output, u∈Rnris the input, and d∈Rnqis the unknown
input (disturbance or fault) vector. A,B,C,andEare known
matrices of appropriate dimensions. Without loss of generality,
it is assumed that Eis of full column rank.
The known function f(x)∈Rncontains the nonlinearities
of the system. Assume that f(x)is globally Lipschitz or at
least locally Lipschitz in a region S, i.e. it satisfies:
f(x1)−f(x2)≤κx1−x2(8)
∀x1,x2∈Rnglobally Lipschitz
∀x1,x2∈S locally Lipschitz
where κ>0stands for the Lipschitz constant and ·is the
Euclidian norm. Many nonlinearities satisfy (8) at least locally.
The goal which is pursued is to design a NUIO of the
following structure [13]:
˙
z(t)=Nz(t)+Gu(t)+Ly(t)+Mf (ˆ
x(t)) (9)
ˆ
x(t)=z(t)−Hy(t)(10)
where ˆ
x∈Rnis an estimate of x,z∈Rnis an auxiliary
signal and the matrices N,G,L,Mare designed as
N=MA −KC,G=MB (11)
L=K(I+CH)−MAH (12)
M=I+HC (13)
and Kand Hare designed subsequently.
Define the state estimation error as
e(t)=ˆ
x(t)−x(t)=z(t)−Hy(t)−x(t)(14)
Taking the time derivative of the estimation error yields
˙
e(t)=Ne(t)+(NM+LC −MA)x(t)−MEd(t)
+(G−MB)u(t)+Mf(ˆ
x(t))−f(x(t)
Definition 2 (Adjustable NUIO): In this paper, an observer
of the form (9)-(10) is referred to as an adjustable NUIO for
the system (6)-(7) if the estimation error tends asymptotically
to zero despite the presence of an unknown input d(t)=0
and if all eigenvalues of the observer dynamics matrix Nlies
in a prescribed region Dof the complex left-half plane.
This definition accommodates the observer given in [13], such
that the state estimation error has an adjustable error dynamics.
The sufficient condition under which the observer given by (9)-
(10) is an adjustable NUIO is given in Theorem 2.
Theorem 2 (Sufficient condition): Let Dbe an LMI region
contained in the complex left-half plane and with (1). If there
exist two matrices Hand Kand a positive definite matrix
P=PT>0such that
HCE =−E(15)
NTP+PN +κPMMTP+κI<0(16)
α⊗P+β⊗(NP)+βT⊗(NP)T<0(17)
then the adjustable NUIO given by (9)-(10) can make e(t)
tend to zero asymptotically for any e(0) and all eigenvalues
of the observer dynamics matrix Nwill belong to D.
Proof: Using (11)-(13) equalities NM+LC−MA =0
and G−MB =0are satisfied, and if His chosen such that
(15) holds, then the condition (15) can be rewritten as
ME =(I+HC)E=0(18)
and therefore the error dynamics is be governed by
˙
e(t)=Ne(t)+Mf(ˆ
x(t)) −f(x(t))(19)
Consider a quadratic Lyapunov function V(t)=e(t)TPe(t),
then it follows from (8) and (19) that
˙
V=eT(NTP+PN)e+2eTPM(f(ˆ
x)−f(x))
≤eT(NTP+PN)e+2eTPMf(ˆ
x)−f(x)
≤eT(NTP+PN)e+2κeTPMe
≤eT(NTP+PN)e+κ(eTPM2+e2)
=eT(NTP+PN +κPMMTP+κI)e
Obviously, ˙
V<0holds if (16) is satisfied, thus lim
t→∞ e(t)=0
for any e(0). Moreover, if (16)-(17) are satisfied at the same
time, Theorem 1 implies that all eigenvalues of Nare in D.
Remark 1: The LMI (17) itself does not impose stability
of (19), even if all eigenvalues of Nlies in a stable region D.
14
The necessary condition for HCE =−Eto have a solu-
tion is that CE is of full column rank, i.e. rank(CE)=nq,
and the solution is given in a generalized form by
H=U+YV (20)
where Ycan be chosen arbitrarily, Uand Vare given by
U=−E(CE)+,V=I−(CE)(CE)+(21)
and (CE)+denotes the generalized pseudo-inverse of the
matrix CE given by (CE)+=((CE)T(CE))−1(CE)T.
It is clear that there is no systematic way to obtain the
adjustable NUIO parameters directly from Theorem 2. This
motivates us to reformulate (16)-(17) as LMIs.
B. LMI formulation
For sake of simplicity, let Dbe a LMI region defining
a disk with a center (−q, 0) and a radius r>0.SinceH
can be computed using (20), the only unknown parameters in
(11)-(13) are Kand Y. The following theorem shows that the
sufficient condition of existence given by Theorem 2 can be
reformulated as LMIs to design the NUIO parameters.
Proposition 1 (LMI based design): Assume that CE is of
full column rank and that the following LMIs
Q1Q2
∗−I<0(22)
−rPqP+Q3
∗−rP<0(23)
where ∗denotes the symmetric item in a symmetric matrix,
and Q1,Q2and Q3are defined as
Q1=((I+UC)A)TP+P(I+UC)A−CT¯
KT
−¯
KC +(VCA)T¯
YT+¯
Y(VCA)+κI
Q2=√κ[P(I+UC)+ ¯
Y(VC)]
Q3=ATP+(UCA)TP+(VCA)T¯
YT−CT¯
KT
have feasible solutions for ¯
Y,¯
Kand P=PT>0. Moreover,
if (22) and (23) are fulfilled simultaneously with the same ¯
Y,
¯
Kand P, then the adjustable NUIO given by (9)-(10) can
be designed with Y=P−1¯
Y,andK=P−1¯
Kmaking all
eigenvalues of Nlying inside a disk centered at (−q, 0) with
radius rand the estimation error e(t)=ˆ
x(t)−x(t)tending
to zero asymptotically for any initial value of e(0).
Proof: It is straightforward to show that (22) is equivalent
to (16) if we let H=U+YV and M=I+HC,and
if we substitute Ngiven by (11) into (16) and use Schur’s
complement and assignment Y=P−1¯
Yand K=P−1¯
K.
Thus, asymptotical stability yields. The LMI region with
characteristic function (4) gives the following LMI (see [15]):
−rPqP+XP
∗−rP<0,P=PT>0(24)
Using the fact that the eigenvalues of any square matrix X
are equal to the eigenvalues of its transpose XT, then by the
following notation XT=N=A+UCA+YVCA−KC,
it follows that (24) implies (23). All eigenvalues of Nwill
therefore lie inside a disk of radius rand center (−q, 0).Note
that H=U+YV implies HCE =−E, i.e. all conditions
required by Theorem 2 are met and the theorem is proved.
IV. SOLUTION FOR THRUSTER FAULT DETECTION AND
ISOLATION PROBLEM
In the following, it is shown how a bank of NUIOs can
be used to isolate actuator faults in the chaser spacecraft of
the MSR mission. The chaser is equipped with a chemical
propulsion system composed of N=12 thrusters. The consid-
ered thruster configuration in this paper is not a baseline MSR
configuration but a special one designed by Thales Alenia
Space to study active FTC strategies. The thrusters are physi-
cally organised in four clusters and are in charge of producing
force F∈R3and torque T∈R3vectors expressed in
the chaser body-fixed reference frame Fb={Ob;ˆ
xb,ˆ
yb,ˆ
zb}.
Let Sall ={1,2,...N}denote the set of all thruster indices.
Thrusters have fixed directions di∈R3,∀i∈S
all and each
one is able to produce a maximum thrust of FN= 22N. The
Chemical Propulsion Drive Electronics (CPDE), that drives
the thrusting actuators, is initiating the opening of the thruster
valve for the commanded duration 0≤ui(t)≤1,∀i∈S
all.
The propulsion system is obviously a source of uncertainty
in the system. The irrational transfer H(s)=e−τ(t)saims to
model the effect of the unknown time-varying delays τ(t)≥0
induced by the CPDE and the uncertainties on the thruster
rise times. Let ui(t−τ(t)) be the commanded open rate of the
ith thruster delayed by τ(t), then the net forces and torques
generated by thrusters are
F(t)=BFu(t−τ(t)),T(t)=BTu(t−τ(t)) (25)
where u(t)=[
u1(t)... u
12(t)]T,and
BF=[
bF1... bF12 ],BT=[
bT1... bT12 ](26)
are the thruster sensitivity (configuration) matrices with
bFi=−diFN,bTi=(Ri−RM)×bFi,∀i∈S
all (27)
where ”×”denotes the cross product. RM∈R3is the position
vector of the Center of Mass (CoM), and Ri∈R3,∀i∈S
all
are the position vectors of the thrusters, both expressed in the
chaser body-fixed frame Fb.
By analysing the configuration matrices BFand BTin
terms of directional properties, the following can be concluded:
thruster indices inside the sets STi,i =1,...,5have similar
torque directions and are defined as
ST1={1,11},ST3={4,8},ST5={3,6,9,12}
ST2={2,10},ST4={5,7},
(28)
In terms of force directions, the following is revealed
bF1=−bF11 ,bF4=−bF8,bF3=−bF12
bF2=−bF10 ,bF5=−bF7,bF6=−bF9
(29)
which means that the thruster pairs given by STi,i =1,...4
produce exactly opposite forces. The last thruster group, i.e.
ST5, has the following orthogonal property
bF3·bF6=0,bF9·bF12 =0 (30)
where ”·”denotes the dot product.
Assuming no simultaneous faults, the considered thruster
faults can be modeled in a multiplicative way according to:
uf(t)=(I−Ψ(t))u(t),Ψ(t)=diag(ψ1(t)...ψ
12(t)) (31)
where 0<ψ
i≤1,∀i∈S
all are unknown. ψiis about to
model closed fault types, i.e. ith thruster blocked-closed (ψi=
1) and/or loss of efficiency (0<ψ
i<1)oftheith thruster.
15
A. Fault detection based on position model
The proposed fault detector design is based on the relative
position model of the chaser and target expressed in the local
(target) reference frame Fl={Ol;ˆ
xl,ˆ
yl,ˆ
zl}. The concerned
reader can found further details on modeling the relative
dynamics of two spacecrafts in the available space literature,
see for instance [16]. A linear 6th order state space model with
state vector x=[xyz ˙x˙y˙z]Tmodeling the chaser relative
motionexpressedinFl, both in fault free (i.e. Ψ=0)and
faulty (i.e. Ψ=0) situations is given by
˙
x(t)=Apx(t)+BpR(ˆ
qt(t),ˆ
qc(t))BFuf(t−τ(t)) (32)
y(t)=Cpx(t)(33)
where the rotation matrix R(ˆ
qt,ˆ
qc)is calculated from the
quaternion estimates of the chaser ˆ
qc∈R4and the target
ˆ
qt∈R4attitude, and rotates the force vector from Fbinto Fl.
These estimates come from the navigation unit. The output
vector y=[xyz]Tis the relative position in Flmeasured by
a Light Detection and Ranging (LIDAR) device.
In [7], a sensitivity/robustness analysis was performed
showing high reliability and efficiency (in terms of detection
times) of a fault detector based on a position model in Fl. Here,
an observer-based fault detector is designed that has enhanced
robustness to above mentioned time delay τ(t). This observer
uses the model given in (32) and (33) to generate the state
estimate ˆ
xused to produce the residual r=[r1,r
2,r
3]T,i.e.
r(t)=Qy(t)−Cpˆx(t)(34)
where Qis a weighting matrix. The design of (34) is based on
theoretical developments given in [3], using the Padé method.
The proposed decision making rule is based on the scalar
valued Generalized Likelihood Ratio (GLR) test given in [17].
The decision test (t)is then defined by:
(t)=1S(k)>J
th ⇒fault declared
0S(k)≤Jth ⇒fault not present (35)
with S(k)=3
i=1 wiSi(k),wherewi≥0,i=1,2,3are the
normalized weight factors used to prioritize certain elements
(axis) of the residual, Si(k)is the estimated likelihood of the
GLR algorithm applied to the ith residual ri(k)evaluated at
time instant t=kTs,k ∈Z+where Tsis the navigation
sampling time, and Jth is a fixed threshold.
B. Thruster group isolation using a bank of NUIOs
Recalling the thruster configuration properties given by
(28)-(30), we assume that it is easier to get explicit information
from the angular velocity ω∈R3measurement than from the
linear position/velocity. Therefore, the model of the attitude
dynamics of a rigid-body spacecraft , i.e.
J˙
ω(t)=BTuf(t)−ω(t)×Jω(t)(36)
is used for the design of a bank of NUIOs. In (36), J∈R3×3
stands for the inertia of the chaser in Fb. The adjustable NUIO,
introduced in section III, has been selected because of its de-
coupling properties, ability to take into account nonlinearities
of the attitude dynamics (36) and adjustable error dynamics.
The attitude model (36) can be represented in the form
of (6) and (7) with the following assignment: x=ω,
f(ω)=−J−1ω×Jω,A=0,B=J−1BT,andC=I.
One may argue that f(ω)is not globally Lipschitz, because
the Jacobian ∂f/∂ωis not uniformly bounded over R3.
However, f(ω)is continuously differentiable on R3. Thus, it is
locally Lipschitz. This means that the angular velocity shall be
bounded in magnitude which is a reasonable assumption from
a practical point of view. Using a constrained optimization
algorithm, one can find a Lipschitz constant κover the set
S={ω∈R3:|ωi|≤¯ω, i =1,2,3},where¯ωis the upper
bound of the angular velocity for each axis.
For each thruster group STi, a dedicated NUIO is thus
designed. Each NUIO is such that it can fully estimate the
angular velocity with all the inputs except those belonging to
STi,i.e.ui,i∈S
all\STi. As a result, the NUIO dedicated to
the group STi will not be affected by faults occurring in the
thrusters belonging to STi, while all the other NUIOs will be.
The proposed method is summarised by Algorithm 1.
Algorithm 1 Design of a Bank of Adjustable NUIOs
Find a Lipschitz constant κsatisfying (8)
for k=1to 5do
Construct B
kwhose columns are bTi,∀i∈S
all\STk
Set E=bTi for any arbitrary i∈S
Tk and B=B
k
Prescribe the desired dynamics using (−q, 0) and r
Compute Uand Vaccording to (21)
Solve LMIs defined by (22)-(23) for ¯
Y,¯
Kand P>0
Let Y=P−1¯
Yand K=P−1¯
K, then the observer
parameters for the kth NUIO are determined by (11)-(20)
end for
This suggests the following isolation procedure: defining
the angular velocity estimation error of the ith observer as
ei(t)= ˆ
ωi(t)−ω(t), then the faulty thruster group STi is
identified based on the following rule
σg(t)=argmin
i∈GTei(t),t>t
d(37)
where tdis the fault detection time, i.e. the time when the
fault is declared by (t),GT={1,2, ...5}denote the set of all
indices linked with the thruster groups ST1, ..., ST5,andthe
function σg(t):R+→G
Trepresents the identified thruster
group index that is most likely affected by a fault.
C. Thruster isolation logic
Once a thruster group STi is identified by σg(t), the faulty
thruster can be easily isolated by examining the angle of the
vector rgiven by (34) along the thruster directions di,i∈S
Ti.
If the ith thruster is faulty, then, the vectors rand dishould
be collinear (owing the fault model (31)). Using the directional
cosine approach, the following isolation logic reveals
σ(t) = arg max
j∈STi
dT
jr(t)
djr(t)(38)
which results in the thruster index matching the faulty thruster.
Only thrusters belonging to the (already) identified group
STi are tested in (38). The thruster directions within the
groups STi,i ∈G
Tare either exactly opposite, see (29),
or are orthogonal, see (30), what makes the isolation logic
σ(t):R+×G
T→S
all very reliable. The proposed FDI
strategy is summarised by algorithm 2.
To avoid initial transition phenomena and to ensure robust-
ness, two confirmation windows are introduced in Algorithm 2,
i.e. δg>0for σg(t)and δ>0for σ(t).
16
Algorithm 2 Thruster Fault Detection and Isolation
if (t)=1then
Declare the fault presence
if σg(t)=σg(ν),∀ν∈(t−δg,t]then
Declare the STj group to be faulty, where j=σg(t)
if σ(t)=σ(ν),∀ν∈(t−δ, t]then
Declare the ith thruster be faulty, where i=σ(t)
end all if
V. FAU LT ACCOMMODATION
The investigated thruster configuration disposes of an ad-
ditional freedom to achieve fault tolerance, i.e. it is possible
to achieve admissible GNC performance even if only N−1
(healthy) thrusters are used to control the spacecraft. The
nominal controller is designed based on certain predetermined
performance criteria. Since it is desirable to keep the nominal
controller in the loop, the proposed solution consists in per-
forming the fault accommodation using control re-allocation.
The proposed fault accommodation strategy works as fol-
lows: as soon as the faulty thruster index is clearly isolated by
Algorithm 2, the faulty thruster is turned off using the dedi-
cated thruster latch valve and the desired forces and torques
are re-allocated among the N−1healthy thrusters. Here,
the quadratic programming approach is used. This problem
is posed as the following Sequential Least-Squares (SLS)
problem:
u=arg min
u∈M Wu(u−ud)(39)
M=arg min
0≤u≤¯
uWv(Bau−vd)(40)
where BT
a=[BT
FBT
T]is the overall configuration matrix,
vdis the vector of the desired forces and torques, and
¯
u=[¯u1, ..., ¯u12]Tare the upper limits defined as: ¯uj=
1,∀j∈S
all\σ(t)and ¯ui=0,i =σ(t). This optimization
problem should be interpreted as follows: given M,thesetof
feasible control inputs that minimize Bau−vd(weighted by
Wv), pick the control input that minimizes u−ud(weighted
by Wu). Here, udis the desired control input and Wu
and Wvare nonsingular weighting matrices. Wuaffects
the control distribution among the thrusters and Wvaffects
the prioritization among the virtual control components when
Bau−vdcannot be attained due to, e.g. thruster constraints.
A faster algorithm can be obtained by approximating the SLS
formulation as a Weighted Least-Squares (WLS) problem:
min Wu(u−ud)2+γWv(Bau−vd)2
subj.to 0≤u≤¯
u(41)
As γ→∞, the two formulations have the same optimal solu-
tion u. An iterative Fixed-Point (FXP) algorithm can be used to
solve the WLS formulation (41), see [18] for implementation
details. This algorithm asymptotically converges to the optimal
solution and the maximum number of iteration Nca can be
considered to reflect the maximum computation time available.
VI. SIMULATIONS
The thruster Fault Detection, Isolation and Accommodation
(FDI-A) strategy described in the previous sections is imple-
mented within the MSR “high-fidelity” industrial simulator
provided by Thales Alenia Space. Following the design steps
given in Algorithm 1, a bank of 5 adjustable NUIOs is designed
1 2 3 4 5 6 7 8 9 1011 12
0
20
40
60
80
100
Thruster indices distribution
020 40 60 80 100
0
10
20
30
40
Thrust loss size
[
%
]
0.9 0.95 11.05 1.1
0
50
100
Mass (10%)
−0.02 00.02
0
50
100
CoM
(
x−axis
)
−0.02 00.02
0
50
100
CoM
(y
−axis
)
−0.02 00.02
0
50
100
CoM
(
z−axis
)
0.8 1 1.2
0
50
100
Inertia (Ixx)
0.8 1 1.2
0
50
100
Inertia (Ixy)
0.8 1 1.2
0
50
100
Inertia (Ixz)
0.8 1 1.2
0
50
100
Inertia (Iyx)
0.8 1 1.2
0
50
100
Inertia (Iyy)
0.8 1 1.2
0
50
100
Inertia (Iyz)
0.8 1 1.2
0
50
100
Inertia (Izx)
0.8 1 1.2
0
50
100
Inertia (Izy)
0.8 1 1.2
0
50
100
Inertia (Izz)
Fig. 1. Inertia (top left), mass (middle left), CoM (bottom left), thruster
indices (top right), and thrust loss size (bottom right) distribution, respectively
with κ=0.2,q=0.5and r=0.1. The FXP algorithm is
used for control re-allocation with Wv=I,Wu=I,ud=0,
Nca = 200,andγ=10
6. The remaining design parameters
are chosen as follows: Q=I,Jth = 300,Ts=0.1s,
δg=1s,δ=1s,andwi=1/3,∀i∈{1,2,3}.Asetof
1000 Monte Carlo (MC) simulations is performed in order to
assess the performance and robustness of the proposed FDI-A
scheme. The navigation is considered to deliver “non-perfect”
estimates. We also assume delays induced by the CPDE unit,
1% uncertainty on the thruster rise times, ±3cm uncertainty
on CoM (thus uncertain BT), 10% uncertainty on mass, 20%
uncertainty on inertia, and spatial disturbances (i.e. gravity
gradient, atmospheric drag, and solar radiation pressure). See
Fig. 1 for an illustration of considered uncertainties. All sim-
ulations are carried out during the last 20m of the rendezvous
phase (capture phase) and are associated with a fault scenario
when the ith thruster lose its effectiveness (thrust loss) of a
size ψi∈[0%,100%]. The other thrusters are fault-free. Faults
starts at tf= 1000sand are maintained. The two marginal
cases, i.e. ψi=0%and ψi= 100%, represent a nominal
operational and fully closed thruster, respectively.
The effect of small thrust losses (ψi15%) is relatively
small on the system dynamics and shall be compensated by a
robust control law. On the other hand, these faults are very
hard or even impossible to detect and isolate. The aim of
this MC simulation campaign is to show that if the FDI
unit fails to detect or isolate the faulty thruster, the effect
that this fault has on the GNC system and/or on the final
MSR capture performance requirements is negligible. As seen
in Fig. 2, despite the fact that in some cases the FDI unit
failed, the final capture requirements in terms of position and
velocities are fully met. The final attitude and angular rate
error requirements (see Fig. 3) are met in 97.9% and 96.2%
simulation cases, respectively. These results may be further
improved by fine-tuning the FDI scheme (e.g. by adjusting
the NUIOs dynamics). Note that, in some cases, the angular
rate error requirement is not met even if the FDI succeed.
This can be the case when it took too long for the FDI
unit to detect and/or isolate the faulty thruster, thus the fault
accommodation unit has not enough time to fully recover the
faulty system. Figure 4 illustrates that the chaser maintains the
nominal trajectory, i.e. stays inside the rendezvous corridor,
and that the chaser keeps its attitude pointing towards the
target, thus the target remains visible from the sensors.
17
Chaser spacecraft Y axis
Chaser spacecraft Z axis
Basket aperture
Misalignment requirement
Target center (FDI success)
Target center (FDI failed)
Lateral Y velocity
Lateral Z velocity
Velocity requirement
Target lateral velocity (FDI success)
Target lateral velocity (FDI failed)
Longitudinal X velocity (cm/s)
Nominal velocity
Out of requirement (3 sigma)
Target velocity (FDI success)
Target velocity (FDI failed)
Fig. 2. MSR capture performance: position misalignment on +X face (top
left), lateral velocity (top right) and longitudinal velocity (bottom) errors
Fig. 3. Final attitude misalignments (left) and final angular rate errors (right)
VII. CONCLUSION
A method to detect, isolate, and accommodate thruster
faults of an autonomous spacecraft has been studied in this
paper. The FDI unit consists of a bank of nonlinear unknown
input observers with adjustable dynamics, a fault detector that
is based on judiciously chosen position model and an isolation
logic that uses the directional cosine approach. Once a fault
is isolated, a control re-allocation technique redistributes the
desired force and torque vectors among the remaining N−1
healthy actuators. This makes the FDI-A without any change
in the nominal controller, without any redundant thruster set
or without any additional valve position sensor. Results from
the MC simulation campaign show that the proposed FDI-A
scheme is able to accommodate thruster faults that may have
effect on the GNC performance and on the rendezvous criteria.
ACKNOWLEDGMENT
This research work was supported by ESA and Thales Ale-
nia Space in frame of ESA’s Networking/Partnering Initiative.
REFERENCES
[1] X. Olive, “FDI(R) for satellites: How to deal with high availability
and robustness in the space domain?” International Journal of Applied
Mathematics and Computer Science, vol. 22, no. 1, pp. 99–107, 2012.
[2] A. Zolghadri, D. Henry, J. Cieslak, D. Efimov, and P. Goupil, Fault
Diagnosis and Fault-Tolerant Control and Guidance for Aerospace
Vehicles, ser. Advances in Industrial Control. Eds. Springer, 2014.
Fig. 4. LIDAR sensor field of view requirement (left) and the MSR
rendezvous corridor (right)
[3] R. Fonod, D. Henry, E. Bornschlegl, and C. Charbonnel, “Robust fault
diagnosis for systems with electronic induced delays,” in Proc. of
Workshop on Advanced Control and Diagnosis, Copenhagen, DK, 2012.
[4] W. Chen and M. Saif, “Observer-based fault diagnosis of satellite
systems subject to time-varying thruster faults,” Journal of Dynamic
Systems, Measurement and Control, vol. 129, no. 3, pp. 352–356, 2007.
[5] D. Henry, “Fault diagnosis of microscope satellite thrusters using
H∞/H−filters,” Journal of Guidance, Control, and Dynamics,vol.31,
no. 3, pp. 699–711, 2008.
[6] A. Falcoz, F. Boquet, M. Dinh, B. Polle, G. Flandin, and E. Bornschlegl,
“Robust fault diagnosis strategies for spacecraft application to LISA
pathfinder experiment,” in Proc. of IFAC Symposium on Automatic
Control in Aerospace, Nara, Japan, 2010, pp. 404–409.
[7] R. Fonod, D. Henry, E. Bornschlegl, and C. Charbonnel, “Robust fault
detection for systems with electronic induced delays: Application to the
rendezvous phase of the MSR mission,” in Proc. of European Control
Conference, Zurich, Switzerland, 2013, pp. 1439–1444.
[8] Y. Zhang and J. Jiang, “Bibliographical review on reconfigurable fault-
tolerant control systems,” Annual Reviews in Control, vol. 32, no. 2,
pp. 229–252, 2008.
[9] M. Hou and P. Müller, “Design of observers for linear systems with
unknown inputs,” IEEE Transactions on Automatic Control, vol. 37,
no. 6, pp. 871–875, 1992.
[10] M. Darouach, M. Zasadzinski, and S. Xu, “Full-order observers for
linear systems with unknown inputs,” IEEE Transactions on Automatic
Control, vol. 39, no. 3, pp. 606–609, 1994.
[11] A. Filasova and D. Krokavec, “On the Takagi-Sugeno model-based
state estimation for one class of bilinear systems,” in Prof. of 14th
International Carpathian Control Conference, 2013, pp. 83–87.
[12] A. Pertew, H. Marquez, and Q. Zhao, “Design of unknown input ob-
servers for Lipschitz nonlinear systems,” in Proc. of American Control
Conference. Portland, OR, USA: IEEE, 2005, pp. 4198–4203.
[13] W. Chen and M. Saif, “Unknown input observer design for a class of
nonlinear systems: an LMI approach,” in Proc. of American Control
Conference. Minneapolis, Minnesota USA: IEEE, 2006, pp. 834–838.
[14] R. Fonod, D. Henry, E. Bornschlegl, and C. Charbonnel, “Thruster fault
detection, isolation and accommodation for an autonomous spacecraft,”
in Proc. of IFAC World Congress, Cape Town, South Africa, 2014.
[15] M. Chilali and P. Gahinet, “H∞design with pole placement constraints:
An LMI aproach,” IEEE Transactions on Automatic Control,vol.41,
no. 3, pp. 358–367, 1996.
[16] H. Schaub and J. Junkins, Analytical Mechanics of Space Systems.
Reston, VA: AIAA Education Series, 2009.
[17] S. X. Ding, Model-based Fault Diagnosis Techniques: Design Schemes,
Algorithms, and Tools, 1st ed. Springer Verlag, 2008.
[18] J. J. Burken, P. Lu, Z. Wu, and C. Bahm, “Two Reconfigurable
Flight-Control Design Methods: Robust Servomechanism and Control
Allocation,” Journal of Guidance, Control, and Dynamics, vol. 24, no. 3,
pp. 482–493, May 2001.
18
