Available via license: CC BY 4.0
Content may be subject to copyright.
J. Aerosp. Technol. Manag., São José dos Campos, Ahead of Print, 2017
ABSTRACT: Reference Governor is an important component
of Active Fault Tolerant Control. One of the main reasons for
using Reference Governor is to adjust/modify the reference
trajectories to maintain the stability of the post-fault system,
especially when a series of actuator faults occur and the
faulty system can not retain the pre-fault performance. Fault
estimation error and delay are important properties of Fault
Detection and Diagnosis and have destructive effects on the
performance of the Active Fault Tolerant Control. It is shown
that, if the fault estimation provided by the Fault Detection
and Diagnosis (initial “fault estimation”) is assumed to be
precise (an ideal assumption), the controller may not show an
acceptable performance. Then, it is shown that, if the worst
“fault estimation” is considered, it will be possible to reduce
the effects of fault estimation error and delay and to preserve the
performance of the controller. To reduce the effects of this
conservative assumption (worst “fault estimation”), a quadratic
cost function is dened and optimized. One of the advantages
of this method is that it gives the designer an option to select
a less sophisticated Fault Detection and Diagnosis for the
mission. The angular velocity stabilization of a spacecraft
subjected to multiple actuator faults is considered as a case
study.
KEYWORDS: Active Fault Tolerant Control, Fault estimation
error and delay, Reference Governor, Angular velocity
stabilization.
Reducing the Effects of Inaccurate Fault
Estimation in Spacecraft Stabilization
Rouzbeh Moradi1, Alireza Alikhani1, Mohsen Fathi Jegarkandi2
INTRODUCTION
Active Fault Tolerant Control (AFTC) is an important eld in
automatic control that has attracted a large amount of attention.
e main responsibility of an AFTC is to tolerate component
malfunctions while maintaining desirable performance and
stability properties of the faulty system (Zhang and Jiang 2008).
Latterly, a review paper published recent developments of the
spacecra AFTC system (Yin et al. 2016).
One of the main components of any AFTC is the Fault
Detection and Diagnosis (FDD) module. ere are several
challenges that FDD designs have in common (Zhang and
Jiang 2008). Among them, fault estimation error and delay
are considered in this paper. ese challenges have destructive
eects on the stability and performance (Zhang and Jiang 2008).
Reference Governor (RG) is one of the components of
the general AFTC structure (Zhang and Jiang 2008). The
terms Command Governor (CG) and Reference Trajectory
Management (RTM) have been also used in the literature. e
main responsibility of RG is to adjust/modify the reference
trajectories, so the post-fault model of the system remains
stable, even aer the occurrence of multiple actuator faults
(Garone et al. 2016). ere are several papers in the literature
that have studied the eects of RG on the performance and
stability of the post-fault model (Boussaid et al. 2010; Boussaid
et al. 2011; Boussaid et al. 2014; Almeida 2011). According to
these papers, RG has been able to deal with the actuator faults/
failures eciently.
To the authors’ best knowledge, reducing the eects of fault
estimation error and delay using the concept of RG still remains
an open problem. This is the main subject that is pursued
in this paper. It is shown that, as long as the estimated fault
doi: 10.5028/jatm.v9i4.826
1.Ministry of Science, Research and Technology – Aerospace Research Institute – Astronautics Department – Tehran/Tehran – Iran. 2.Sharif University of Technology
– Engineering College – Department of Aerospace Engineering – Tehran/Tehran – Iran.
Author for correspondence: Alireza Alikhani | Ministry of Science, Research and Technology – Aerospace Research Institute – Astronautics Department | PO box:
14665-834 – Tehran/Tehran – Iran | Email: aalikhani@ari.ac.ir
Received: Oct. 29, 2016 | Accepted: Mar. 25, 2017
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
454 Moradi R, Alikhani A, Fathi Jegarkandi M
reported by the FDD (initial “fault estimation”) is assumed to
be precise (an ideal assumption), the controller may not show
an acceptable performance.
However, if the maximum fault estimation error is
considered (worst “fault estimation”), RG can be used to reduce
the e ects of FDD errors and preserve the performance of the
closed-loop system. To reduce the e ects of this conservative
assumption (considering maximum fault estimation error), a
quadratic cost function is de ned and optimized.
In order to validate the results, the angular velocity
stabilization of a spacecra subjected to multiple actuator
faults is considered. It is shown that, if the initial “fault
estimation” (the fault estimation reported by the FDD) is
considered accurate, the response will not converge to the
origin. However, if RG is designed based on the worst “fault
estimation”, AFTC will be able to asymptotically stabilize the
faulty spacecra in a wide range of actuator fault and despite
FDD errors. is paper consists of the following sections:
rstly, the modeling of the proposed RG is described. en,
the spacecra dynamics and controller are shown. Finally,
results obtained and the discussions are presented.
MODELING THE REFERENCE GOVERNOR
e structure of the considered AFTC is shown in Fig. 1.
It is assumed that the FDD block provides “an estimation of”
the post-fault model of the system. e RG block uses the
proposed methodology to nd the most suitable reference
trajectories for the post-fault model, despite the presence of fault
estimation error and delay. e signals ω and ωd are the plant
output (angular velocity) and the desired reference trajectory
vectors, respectively.
It is assumed that the actuator fault/failure occurs at
t = tfault and the FDD determines ˆ
tfault (estimated tfault) with a
fault estimation delay equal to:
Figure 1. Structure of the AFTC.
In this paper, the mission of the controller is to make the
origin an asymptotically stable equilibrium for the post-fault
system, i.e. ω → 0 as t → tf ( nal time).
Spacecra
dynamics
Controller
FDD
RG
ωdω
which is a positive value, since ˆ
tfault is always bigger than tfault.
Fault estimation error is another property of the considered
FDD block. e control inputs are bounded according to the
following saturation function:
where umax is the maximum torque that can be produced by
the actuators.
e reduction in the actuator region is considered as the
actuator fault and is modeled according to Eq. 3 (Miksch and
Gambier 2011):
The subscript p-f shows the post-fault condition. The
relation between pre- and post-fault actuator region is given
according to:
where a is the actuator e ec tiveness coe cient (Sobhani-Tehrani
and Khosravi 2009), a real value between 0 and 1; umax is the
pre-fault actuator region. FDD determines the estimated value
of a (shown by â). It is assumed that the FDD provides â with
an estimation error given by:
where δa/â is a value between 0 and 1. e larger/smaller values
of δa/â show better/worse fault estimation, respectively.
According to the considered mission, the goal of RG is to
determine ωd such that the faulty model of the system remains
asymptotically stable, even a er the occ urrence of multiple actuator
faults and in the presence of fault estimation error and delay
(1)
(2)
(3)
(4)
(5)
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
455
Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization
in the FDD module. e RG owchart is presented in Fig. 2. e
consecutive steps are explained in the following paragraphs.
According to Fig. 3, ωd (t1) ... ωd (tn) are initialized by the
solver, which is the Genetic Algorithm (GA), as will be explained
in the results section.
Note 1: although the GA is used to solve the problem,
other numerical solvers can be also employed. However, the
main concern of this paper is to nd a method to decrease
the consequences of fault estimation error and delay. erefore,
any numerical solver (possibly faster than GA) that solve the
problem can be considered as well.
Note 2: as will be seen in the simulation section, GA can
nd a solution within a reasonable time.
When these points are determined, a cubic spline is passed
through them, similarly to Fig. 4. A detailed analysis about cubic
spline interpolation can be found in de Boor (1978). One of
the main advantages of cubic splines is their smoothness (they
are twice continuously di erentiable). is will prevent the
controller inputs from being discontinuous (refer to Eqs. 25 – 27).
According to the FDD information, an estimation of the
post-fault model of the system is known. e faulty closed-loop
system is simulated from tfault to tf . is simulation is a part of
the owchart shown in Fig. 2 and several simulations may be
needed to obtain ωd.
A er simulation, the value of ω (tf ) is checked to see whether
the following equality is satis ed or not:
Figure 3. Initializing ωd (t1) ... ωd (tn).
Figure 2. RG owchart.
ωd(t1) ... ωd(tn) are initialized
Determine ωd via cubic interpolating splines
Simulate the closed loop system from tfault to tf
Equation 34 is satisfied
Ye s
No
ωd
ωd(t1)
t2
t1 = tfault
ωd(t2)
ωd(t3)
t3
ωd(tn)
tntf
ωd(t1)
t2
t1 = tfault
ωd(t2)
ωd(t3)
t3
ωd(tn)
tntf
Figure 4. ωd produced by cubic spline.
Such a nal state constraint is well-known in the literature
and is introduced to ensure asymptotic stability (Fontes 2001).
Since this equality will never hold numerically, Eq. 34 will be
considered in simulations.
Note 3: to ensure that ωd approaches the origin before
t = tf, its value is set to 0 as t passes ts (settling time). In other
words:
To give the solver more exibility, another variable (ks) is
introduced, satisfying Eq. 8:
In addition to ωd (t1) ... ωd (tn), ks is another variable that
should be found by the solver.
SPACECRAFT DYNAMICS AND
CONTROLLER STRUCTURE
SPACECRAFT DYNAMICS
The rigid body spacecraft rotational dynamics in the
principal coordinate system is described by the following
equations (Sidi 2000):
(6)
(7)
(8)
(9)
(10)
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
456 Moradi R, Alikhani A, Fathi Jegarkandi M
where ω1, ω2, ω3 are the angular velocities; u ´ 1, u ´ 2, u ´ 3 are the
normalized control inputs; J1, J2, J3 are the principal moments
of inertia of the rigid body. e relation between control torques
and inputs are given by Eqs. 12 – 14:
and the following form of control inputs
where u1, u2, u3 are the control moments acting on the spacecra .
CONTROLLER STRUCTURE
e error signal is de ned as:
where ωd and ωe are the desired and error angular velocity
vectors, respectively.
Inserting the scalar form of Eq. 15 into Eqs. 9 – 11 and
eliminating ω, one has:
Canceling the non-linear terms using feedback lineari-
zation, the closed-loop system will change into the following
simple linear time invariant form:
will lead to the exponential stabilization of ωe to 0; consequen-
tl y, ω will converge to ωd exponentially. e numerical values of
k1, k2 and k3 determine the exponential convergence rate
of ωe to 0. erefore, larger values of k1, k2 and k3 mean a faster
response and vice-versa.
Considering Eqs. 16 – 18 and Eqs. 22 – 24, the following
relations will be obtained:
For feedback purposes, it is better to rewrite u ´ 1, u ´ 2 and u ´ 3
as a function of the original variables:
According to Eqs. 28 – 30, for the control inputs to be
continuous, the desired reference trajectory (ωd) should
be continuously differentiable. As stated previously,
this is one of the main reasons for using cubic spline
interpolation to find ωd. These are the desired control
inputs that will lead to the exponential convergence of
ω to ωd.
If ωd = 0, the equations of closed-loop system will be:
(11)
(12)
(13)
(14)
(15)
(16)
(17)
(18)
(19)
(20)
(21)
(22)
(23)
(24)
(25)
(26)
(27)
(28)
(29)
(30)
(31)
(32)
(33)
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
457
Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization
Clearly, as long as there is no saturation and the actuators
can produce the required control inputs, will remain globally
exponentially stable (GES). However, a er the occurrence of
severe actuator faults, GES will not be guaranteed.
RESULTS
e system/controller parameters and initial conditions are
given in Table 1. e values chosen for the moments of inertia
are taken from Wang et al. (2013), and the range of variables
is presented in Table 2.
respectively. e direction of the arrows shows the direction
of the forces produced by the thrusters (Fig. 5). erefore, the
relation between control torques (u1, u2, u3) and T1 – T6 can
be obtained according to the following equations:
Optimization variable Range
ωd[–100 100] deg/s
ks[0.5 0.9]
Table 1. System/controller parameters and initial conditions
Controller
parameters
Initial conditions
(deg/s)
Moments of
inertia (kgm2)
k1 = 0.1 ω1 (0) = 10 J1 = 449.5
k2 = 0.1 ω2 (0) = –10 J2 = 449.5
k3 = 0.1 ω3 (0) = 5 J3 = 449.5
Table 2. Range of variables.
In order to satisfy the nal state constraint given by Eq. 6,
the following inequality is de ned:
As already mentioned, to determine ωd , GA (Goldberg
989) is used as the solver; [ω1d (t1) ... ω1d (tn)], [ω2d (t1) ... ω2d (tn)]
and [ω3d (t1) ... ω3d (tn)] are initialized every 10 s ( ∆t = 10 s
or equivalently, n = 10) from the beginning of the fault time
(tfault). erefore, considering ks, the total number of decision
variables will be 31. e considered parameters for GA are
presented in Table 3. Other GA parameters are the default
values considered in MATLAB® (MathWorks® 2011).
The actuation system consists of 6 thrusters (without
considering hardware redundancy), that are placed in opposite
directions, and each thruster can produce maximum 50 N
variable thrust. e e ective moment arm of all thrusters is 1 m
along the principal body axis. However, the con guration of the
thrusters is such that (T1 − T2), (T3 − T4) and (T5 − T6) produce
net moments about the rst, second and third principal axes,
where the superscripts + and – show the positive and negative
control torques, respectively.
Note 4: it seems that the thrusters T3, T4, T5 and T6 pass
through the center of gravity. However, as indicated before,
they have a moment arm of 1 m along the rst body axis. ree
important concepts are introduced:
• Initial “fault estimation”: the fault estimation reported
by the FDD.
• Worst “fault estimation”: the biggest error of the FDD
in providing the fault information. Its value is
determined from the initial “fault estimation”, according
to the experience or the FDD speci cations.
• Real fault: the fault that happens in reality (unknown).
e fault scenario that FDD reports is:
Figure 5. Thruster con guration.
T2T1
T6
T3
T4
T5
CG
12
3
(34)
(35)
(36)
(37)
Parameter Value
Cross-over fraction 0.8
Elite count 2
Population size 5 × number of decision
variables = 5 × 31 = 155
Initial population ωd,initial = 0 , ks,initial = 0
Table 3. GA parameters.
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
458 Moradi R, Alikhani A, Fathi Jegarkandi M
• Initial “fault estimation”: T5 and T6 have lost 99% of
their e ectiveness (â5 = â6 = 0.01) and the remaining
thrusters are at a good health (â1 = â2 = â3 = â4 = 1).
e fault occurs at ˆ
tfault = 10 s.
• Worst “fault estimation”: based on the experience
or the FDD specifications; in the worst case, the
following parameters are given: δtfault = 5 s and
δa/â = 0.01. erefore, it can be concluded that, in the
worst case, a5 = a6 = 0.0001, i.e. T5 and T6 can produce a
maximum 0.05 N thrust and the fault occurrence time
is tfault = 5 s .
Note 5: it is assumed that the real fault is less severe than
the one reported by the worst “fault estimation”. In this case,
the controller will show an acceptable performance for less
severe, and therefore, a wide range of faults.
Qualitatively, it is assumed that the severity of the faults
satis es the following inequalities:
where S is a quality that represents the severity of the fault; the
subscripts w.f.e, r.f and i.f.e stand for worst “fault estimation”,
real fault and initial “fault estimation”, respectively.
According to the previous discussion, the proposed method
is very conservative, because it considers the worst “fault
estimation”. To reduce the adverse e ects of this assumption,
the following quadratic cost function is introduced:
Minimizing this cost function will decrease the adverse
e ects of considering the worst fault estimation. e consi-
dered sample time for integration is 0.1 s. e problem consists
of 2 phases: first, GA tries to satisfy the constraint given
by Eq. 34. Then, the result is used as an initial solution to
optimize Eq. 39. e following penalty on cost function is
considered:
It was verified that 1,000 s elapsed time is considered as
the stopping criterion for the second phase — Intel(R) Core™
2 CPU, T7200@2.00 GHz; MATLAB® (MathWorks® 2011).
To observe the consequences of employing the proposed
method, 2 different cases are considered and summarized
in Table 4.
Case Fault estimation
1 Considering the initial “fault estimation”
2 Considering the worst “fault estimation”
Table 4. Cases consi dered.
CASE 1
If the initial “fault estimation” is considered (FDD is assumed
to report the precise fault information), the results shown in
Figs. 6 and 7 will be obtained.
Figure 6. Angular velocities, initial “fault estimation” (case 1).
Figure 7. Control inputs, initial “fault estimation” (case 1).
1008060
Time [s]
T
5
[N]
40200
0
2
4
1008060
Time [s]
T
3
[N]
40200
0
5
10
1008060
Time [s]
T
1
[N]
40200
0
0.005
0.01
1008060
Time [s]
T
6
[N]
40200
0
0.01
0.005
1008060
Time [s]
T
4
[N]
40200
0
0.005
0.01
1008060
Time [s]
T
2
[N]
40200
0
5
10
6
4
2
00 10 20 30 40 50 60 70 80 90 100
0 10 20 30 40 50 60 70 80 90 100
0 10 20 30 40 50 60 70 80 90 100
ω
ωd
ω3 [deg/s]
5
0
–5
–10
ω2 [deg/s]
10
5
0
–5
ω1 [deg/s]
Time [s]
=
+
Eq. 34 is s a tis fied
Eq. 34 is not sa t isfie d
(38)
(39)
(40)
Eq. 34 is satis ed
Eq. 34 is not satis ed
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
459
Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization
Figure 6 shows that RG can not make the closed-loop system
asymptotically stable, because it assumes the fault scenario
reported by the FDD (initial “fault estimation”), which is precise.
However, since the real fault is worse than the fault reported by
the FDD (initial “fault estimation”), does not converge to the
origin. is simulation shows the consequences of considering the
initial “fault estimation”. e main conclusion of this simulation
is: if the FDD is assumed to report the precise fault information,
the response of the controller may not be acceptable.
CASE 2
e result of considering the worst “fault estimation” is
illustrated in Fig. 8. e control inputs are illustrated in Fig. 9.
According to Fig. 8, RG can asymptotically stabilize the
closed-loop system, when the worst “fault estimation” is
considered. A comparison of Figs. 6 and 8 shows the consequences
of considering the worst “fault estimation” in the RG design.
Clearly, considering the initial “fault estimation” (case 1) can
lead to the poor performance of the controller and even to a
non-convergent response. On the other hand, if RG is designed
for the worst “fault estimation” (case 2), it can cover less severe
faults and stabilize the faulty system for a wide range of faults
(Note 5).
Since the assumption of worst “fault estimation” is
conservative, the response is optimized via minimizing the
cost function (Eq. 39). e GA performance is illustrated in
Fig. 10. As stated previously, the quadratic cost function has been
introduced to reduce the adverse consequences of considering
the worst “fault estimation” (maximum fault estimation
error). According to Fig. 10, after 14 generations (1,000 s
elapsed time), the cost function is reduced from 8,758 to 5,944
1008060
Time [s]
T5 [N]
40200
0
2
4
1008060
Time [s]
T3 [N]
40200
0
5
10
1008060
Time [s]
T1 [N]
40200
0
0.005
0.01
1008060
Time [s]
T6 [N]
40200
0
0.01
0.005
1008060
Time [s]
T4 [N]
40200
0
2
4
1008060
Time [s]
T2 [N]
40200
0
5
10
0
5,500
6,000
6,500
7,000
7,500
8,000
8,500
9,000
2 4 6 8 10 12 14
Generation
J
6
4
2
00 10 20 30 40 50 60 70 80 90 100
0 10 20 30 40 50 60 70 80 90 100
0 10 20 30 40 50 60 70 80 90 100
ω
ωd
ω3 [deg/s]
20
10
0
–10
ω2 [deg/s]
10
5
0
ω1 [deg/s]
Time [s]
(about 32%). is reduction in the cost function decreases the
adverse consequences of considering the worst fault estimation.
Figure 8. Angular velocities, worst “fault estimation” (case 2).
Figure 10. Cost function versus generations (1,000 s elapsed
time).
Figure 9. Control inputs, worst “fault estimation” (case 2).
DISCUSSION
Fault estimation error and delay are important
characteristics of FDD schemes. RG is a method to adjust/
modify the reference trajectories to handle actuator fault/
failure. It was shown that, if the initial “fault estimation” was
assumed to be precise (an ideal assumption), the controller
might not be able to show an acceptable performance. On the
other hand, if the worst “fault estimation” was considered, it
J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017
460 Moradi R, Alikhani A, Fathi Jegarkandi M
would be possible to reduce the destructive effects of fault
estimation error. A quadratic cost function was defined
to reduce the adverse consequences of this conservative
assumption (assuming maximum fault estimation error).
Therefore, a less sophisticated FDD can be used to satisfy
the mission objectives.
AUTHOR’S CONTRIBUTION
Conceptualization, Moradi R; Methodology, Moradi R,
Alikhani A, and Fathi Jegarkandi M; Writing – Original Dra,
Moradi R and Alikhani A; Writing – Review & Editing, Moradi
R, Alikhani A, and Fathi Jegarkandi M.
REFERENCES
Almeida FA (2011) Reference management for fault-tolerant
model predictive control. J Guid Control Dynam 34(1):44-56. doi:
10.2514/1.50938
Boussaid B, Aubrun C, Abdelkrim MN (2010) Fault adaptation based
on reference governor. Proceedings of the Conference on Control and
Fault-Tolerant Systems; Nice, France.
Boussaid B, Aubrun C, Abdelkrim MN (2011) Two-level active fault
tolerant control approach. Proceedings of the 8th International Multi-
Conference on Systems, Signals and Devices; Sousse, Tunisia.
Boussaid B, Aubrun C, Jiang J, Abdelkrim MN (2014) FTC approach
with actuator saturation avoidance based on reference management.
International Journal of Robust and Nonlinear Control 24(17):2724-
2740. doi: 10.1002/mc.3020
De Boor C (1978) A practical guide to splines. Berlin: Springer.
Fontes FACC (2001) A general framework to design stabilizing
nonlinear model predictive controllers. Systems and Control Letters
42(2):127-143. doi: 10.1016/S0167-6911(00)00084-0
Garone E, Di Cairano S, Kolmanovsky IV (2016) Reference and
command governors for systems with constraints: A survey on
theory and applications. Automatica 75:306-328. doi: 10.1016/j.
automatica.2016.08.013
Goldberg DE (1989) Genetic algorithms in search, optimization &
machine learning. Reading: Addison-Wesley.
MathWorks® (2011) MATLAB® and SIMULINK®. Natick:
MathWorks®.
Miksch T, Gambier A (2011) Fault-tolerant control by using
lexicographic multi-objective optimization. Proceedings of the 8th Asian
control conference (ASCC); Kaohsiung, Taiwan.
Sidi MJ (2000) Spacecraft dynamics and control: a practical
engineering approach. Cambridge: Cambridge University Press.
Sobhani-Tehrani E, Khosravi KH (2009) Fault diagnosis of nonlinear
systems using a hybrid approach. Lecture Notes in Control and
Information Sciences. Dordrecht; New York: Springer.
Wang D, Jia Y, Jin L, Xu S (2013) Control analysis of an underactuated
spacecraft under disturbance. Acta Astronautica 83:44-53. doi:
10.1016/j.actaastro.2012.10.029
Yin S, Xiao B, Ding S, Zhou D (2016) A review on recent development
of spacecraft attitude fault tolerant control system. IEEE Trans Ind
Electron 63(5):3311-3320. doi: 10.1109/TIE.2016.2530789
Zhang Y, Jiang J (2008) Bibliographical review on recongurable
fault-tolerant control systems. Ann Rev Contr 32(2):229-252. doi:
10.1016/j.arcontrol.2008.03.008