Available via license: CC BY 4.0

Content may be subject to copyright.

J. Aerosp. Technol. Manag., São José dos Campos, Ahead of Print, 2017

ABSTRACT: Reference Governor is an important component

of Active Fault Tolerant Control. One of the main reasons for

using Reference Governor is to adjust/modify the reference

trajectories to maintain the stability of the post-fault system,

especially when a series of actuator faults occur and the

faulty system can not retain the pre-fault performance. Fault

estimation error and delay are important properties of Fault

Detection and Diagnosis and have destructive effects on the

performance of the Active Fault Tolerant Control. It is shown

that, if the fault estimation provided by the Fault Detection

and Diagnosis (initial “fault estimation”) is assumed to be

precise (an ideal assumption), the controller may not show an

acceptable performance. Then, it is shown that, if the worst

“fault estimation” is considered, it will be possible to reduce

the effects of fault estimation error and delay and to preserve the

performance of the controller. To reduce the effects of this

conservative assumption (worst “fault estimation”), a quadratic

cost function is dened and optimized. One of the advantages

of this method is that it gives the designer an option to select

a less sophisticated Fault Detection and Diagnosis for the

mission. The angular velocity stabilization of a spacecraft

subjected to multiple actuator faults is considered as a case

study.

KEYWORDS: Active Fault Tolerant Control, Fault estimation

error and delay, Reference Governor, Angular velocity

stabilization.

Reducing the Effects of Inaccurate Fault

Estimation in Spacecraft Stabilization

Rouzbeh Moradi1, Alireza Alikhani1, Mohsen Fathi Jegarkandi2

INTRODUCTION

Active Fault Tolerant Control (AFTC) is an important eld in

automatic control that has attracted a large amount of attention.

e main responsibility of an AFTC is to tolerate component

malfunctions while maintaining desirable performance and

stability properties of the faulty system (Zhang and Jiang 2008).

Latterly, a review paper published recent developments of the

spacecra AFTC system (Yin et al. 2016).

One of the main components of any AFTC is the Fault

Detection and Diagnosis (FDD) module. ere are several

challenges that FDD designs have in common (Zhang and

Jiang 2008). Among them, fault estimation error and delay

are considered in this paper. ese challenges have destructive

eects on the stability and performance (Zhang and Jiang 2008).

Reference Governor (RG) is one of the components of

the general AFTC structure (Zhang and Jiang 2008). The

terms Command Governor (CG) and Reference Trajectory

Management (RTM) have been also used in the literature. e

main responsibility of RG is to adjust/modify the reference

trajectories, so the post-fault model of the system remains

stable, even aer the occurrence of multiple actuator faults

(Garone et al. 2016). ere are several papers in the literature

that have studied the eects of RG on the performance and

stability of the post-fault model (Boussaid et al. 2010; Boussaid

et al. 2011; Boussaid et al. 2014; Almeida 2011). According to

these papers, RG has been able to deal with the actuator faults/

failures eciently.

To the authors’ best knowledge, reducing the eects of fault

estimation error and delay using the concept of RG still remains

an open problem. This is the main subject that is pursued

in this paper. It is shown that, as long as the estimated fault

doi: 10.5028/jatm.v9i4.826

1.Ministry of Science, Research and Technology – Aerospace Research Institute – Astronautics Department – Tehran/Tehran – Iran. 2.Sharif University of Technology

– Engineering College – Department of Aerospace Engineering – Tehran/Tehran – Iran.

Author for correspondence: Alireza Alikhani | Ministry of Science, Research and Technology – Aerospace Research Institute – Astronautics Department | PO box:

14665-834 – Tehran/Tehran – Iran | Email: aalikhani@ari.ac.ir

Received: Oct. 29, 2016 | Accepted: Mar. 25, 2017

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

454 Moradi R, Alikhani A, Fathi Jegarkandi M

reported by the FDD (initial “fault estimation”) is assumed to

be precise (an ideal assumption), the controller may not show

an acceptable performance.

However, if the maximum fault estimation error is

considered (worst “fault estimation”), RG can be used to reduce

the e ects of FDD errors and preserve the performance of the

closed-loop system. To reduce the e ects of this conservative

assumption (considering maximum fault estimation error), a

quadratic cost function is de ned and optimized.

In order to validate the results, the angular velocity

stabilization of a spacecra subjected to multiple actuator

faults is considered. It is shown that, if the initial “fault

estimation” (the fault estimation reported by the FDD) is

considered accurate, the response will not converge to the

origin. However, if RG is designed based on the worst “fault

estimation”, AFTC will be able to asymptotically stabilize the

faulty spacecra in a wide range of actuator fault and despite

FDD errors. is paper consists of the following sections:

rstly, the modeling of the proposed RG is described. en,

the spacecra dynamics and controller are shown. Finally,

results obtained and the discussions are presented.

MODELING THE REFERENCE GOVERNOR

e structure of the considered AFTC is shown in Fig. 1.

It is assumed that the FDD block provides “an estimation of”

the post-fault model of the system. e RG block uses the

proposed methodology to nd the most suitable reference

trajectories for the post-fault model, despite the presence of fault

estimation error and delay. e signals ω and ωd are the plant

output (angular velocity) and the desired reference trajectory

vectors, respectively.

It is assumed that the actuator fault/failure occurs at

t = tfault and the FDD determines ˆ

tfault (estimated tfault) with a

fault estimation delay equal to:

Figure 1. Structure of the AFTC.

In this paper, the mission of the controller is to make the

origin an asymptotically stable equilibrium for the post-fault

system, i.e. ω → 0 as t → tf ( nal time).

Spacecra

dynamics

Controller

FDD

RG

ωdω

which is a positive value, since ˆ

tfault is always bigger than tfault.

Fault estimation error is another property of the considered

FDD block. e control inputs are bounded according to the

following saturation function:

where umax is the maximum torque that can be produced by

the actuators.

e reduction in the actuator region is considered as the

actuator fault and is modeled according to Eq. 3 (Miksch and

Gambier 2011):

The subscript p-f shows the post-fault condition. The

relation between pre- and post-fault actuator region is given

according to:

where a is the actuator e ec tiveness coe cient (Sobhani-Tehrani

and Khosravi 2009), a real value between 0 and 1; umax is the

pre-fault actuator region. FDD determines the estimated value

of a (shown by â). It is assumed that the FDD provides â with

an estimation error given by:

where δa/â is a value between 0 and 1. e larger/smaller values

of δa/â show better/worse fault estimation, respectively.

According to the considered mission, the goal of RG is to

determine ωd such that the faulty model of the system remains

asymptotically stable, even a er the occ urrence of multiple actuator

faults and in the presence of fault estimation error and delay

(1)

(2)

(3)

(4)

(5)

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

455

Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization

in the FDD module. e RG owchart is presented in Fig. 2. e

consecutive steps are explained in the following paragraphs.

According to Fig. 3, ωd (t1) ... ωd (tn) are initialized by the

solver, which is the Genetic Algorithm (GA), as will be explained

in the results section.

Note 1: although the GA is used to solve the problem,

other numerical solvers can be also employed. However, the

main concern of this paper is to nd a method to decrease

the consequences of fault estimation error and delay. erefore,

any numerical solver (possibly faster than GA) that solve the

problem can be considered as well.

Note 2: as will be seen in the simulation section, GA can

nd a solution within a reasonable time.

When these points are determined, a cubic spline is passed

through them, similarly to Fig. 4. A detailed analysis about cubic

spline interpolation can be found in de Boor (1978). One of

the main advantages of cubic splines is their smoothness (they

are twice continuously di erentiable). is will prevent the

controller inputs from being discontinuous (refer to Eqs. 25 – 27).

According to the FDD information, an estimation of the

post-fault model of the system is known. e faulty closed-loop

system is simulated from tfault to tf . is simulation is a part of

the owchart shown in Fig. 2 and several simulations may be

needed to obtain ωd.

A er simulation, the value of ω (tf ) is checked to see whether

the following equality is satis ed or not:

Figure 3. Initializing ωd (t1) ... ωd (tn).

Figure 2. RG owchart.

ωd(t1) ... ωd(tn) are initialized

Determine ωd via cubic interpolating splines

Simulate the closed loop system from tfault to tf

Equation 34 is satisfied

Ye s

No

ωd

ωd(t1)

t2

t1 = tfault

ωd(t2)

ωd(t3)

t3

ωd(tn)

tntf

ωd(t1)

t2

t1 = tfault

ωd(t2)

ωd(t3)

t3

ωd(tn)

tntf

Figure 4. ωd produced by cubic spline.

Such a nal state constraint is well-known in the literature

and is introduced to ensure asymptotic stability (Fontes 2001).

Since this equality will never hold numerically, Eq. 34 will be

considered in simulations.

Note 3: to ensure that ωd approaches the origin before

t = tf, its value is set to 0 as t passes ts (settling time). In other

words:

To give the solver more exibility, another variable (ks) is

introduced, satisfying Eq. 8:

In addition to ωd (t1) ... ωd (tn), ks is another variable that

should be found by the solver.

SPACECRAFT DYNAMICS AND

CONTROLLER STRUCTURE

SPACECRAFT DYNAMICS

The rigid body spacecraft rotational dynamics in the

principal coordinate system is described by the following

equations (Sidi 2000):

(6)

(7)

(8)

(9)

(10)

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

456 Moradi R, Alikhani A, Fathi Jegarkandi M

where ω1, ω2, ω3 are the angular velocities; u ´ 1, u ´ 2, u ´ 3 are the

normalized control inputs; J1, J2, J3 are the principal moments

of inertia of the rigid body. e relation between control torques

and inputs are given by Eqs. 12 – 14:

and the following form of control inputs

where u1, u2, u3 are the control moments acting on the spacecra .

CONTROLLER STRUCTURE

e error signal is de ned as:

where ωd and ωe are the desired and error angular velocity

vectors, respectively.

Inserting the scalar form of Eq. 15 into Eqs. 9 – 11 and

eliminating ω, one has:

Canceling the non-linear terms using feedback lineari-

zation, the closed-loop system will change into the following

simple linear time invariant form:

will lead to the exponential stabilization of ωe to 0; consequen-

tl y, ω will converge to ωd exponentially. e numerical values of

k1, k2 and k3 determine the exponential convergence rate

of ωe to 0. erefore, larger values of k1, k2 and k3 mean a faster

response and vice-versa.

Considering Eqs. 16 – 18 and Eqs. 22 – 24, the following

relations will be obtained:

For feedback purposes, it is better to rewrite u ´ 1, u ´ 2 and u ´ 3

as a function of the original variables:

According to Eqs. 28 – 30, for the control inputs to be

continuous, the desired reference trajectory (ωd) should

be continuously differentiable. As stated previously,

this is one of the main reasons for using cubic spline

interpolation to find ωd. These are the desired control

inputs that will lead to the exponential convergence of

ω to ωd.

If ωd = 0, the equations of closed-loop system will be:

(11)

(12)

(13)

(14)

(15)

(16)

(17)

(18)

(19)

(20)

(21)

(22)

(23)

(24)

(25)

(26)

(27)

(28)

(29)

(30)

(31)

(32)

(33)

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

457

Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization

Clearly, as long as there is no saturation and the actuators

can produce the required control inputs, will remain globally

exponentially stable (GES). However, a er the occurrence of

severe actuator faults, GES will not be guaranteed.

RESULTS

e system/controller parameters and initial conditions are

given in Table 1. e values chosen for the moments of inertia

are taken from Wang et al. (2013), and the range of variables

is presented in Table 2.

respectively. e direction of the arrows shows the direction

of the forces produced by the thrusters (Fig. 5). erefore, the

relation between control torques (u1, u2, u3) and T1 – T6 can

be obtained according to the following equations:

Optimization variable Range

ωd[–100 100] deg/s

ks[0.5 0.9]

Table 1. System/controller parameters and initial conditions

Controller

parameters

Initial conditions

(deg/s)

Moments of

inertia (kgm2)

k1 = 0.1 ω1 (0) = 10 J1 = 449.5

k2 = 0.1 ω2 (0) = –10 J2 = 449.5

k3 = 0.1 ω3 (0) = 5 J3 = 449.5

Table 2. Range of variables.

In order to satisfy the nal state constraint given by Eq. 6,

the following inequality is de ned:

As already mentioned, to determine ωd , GA (Goldberg

989) is used as the solver; [ω1d (t1) ... ω1d (tn)], [ω2d (t1) ... ω2d (tn)]

and [ω3d (t1) ... ω3d (tn)] are initialized every 10 s ( ∆t = 10 s

or equivalently, n = 10) from the beginning of the fault time

(tfault). erefore, considering ks, the total number of decision

variables will be 31. e considered parameters for GA are

presented in Table 3. Other GA parameters are the default

values considered in MATLAB® (MathWorks® 2011).

The actuation system consists of 6 thrusters (without

considering hardware redundancy), that are placed in opposite

directions, and each thruster can produce maximum 50 N

variable thrust. e e ective moment arm of all thrusters is 1 m

along the principal body axis. However, the con guration of the

thrusters is such that (T1 − T2), (T3 − T4) and (T5 − T6) produce

net moments about the rst, second and third principal axes,

where the superscripts + and – show the positive and negative

control torques, respectively.

Note 4: it seems that the thrusters T3, T4, T5 and T6 pass

through the center of gravity. However, as indicated before,

they have a moment arm of 1 m along the rst body axis. ree

important concepts are introduced:

• Initial “fault estimation”: the fault estimation reported

by the FDD.

• Worst “fault estimation”: the biggest error of the FDD

in providing the fault information. Its value is

determined from the initial “fault estimation”, according

to the experience or the FDD speci cations.

• Real fault: the fault that happens in reality (unknown).

e fault scenario that FDD reports is:

Figure 5. Thruster con guration.

T2T1

T6

T3

T4

T5

CG

12

3

(34)

(35)

(36)

(37)

Parameter Value

Cross-over fraction 0.8

Elite count 2

Population size 5 × number of decision

variables = 5 × 31 = 155

Initial population ωd,initial = 0 , ks,initial = 0

Table 3. GA parameters.

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

458 Moradi R, Alikhani A, Fathi Jegarkandi M

• Initial “fault estimation”: T5 and T6 have lost 99% of

their e ectiveness (â5 = â6 = 0.01) and the remaining

thrusters are at a good health (â1 = â2 = â3 = â4 = 1).

e fault occurs at ˆ

tfault = 10 s.

• Worst “fault estimation”: based on the experience

or the FDD specifications; in the worst case, the

following parameters are given: δtfault = 5 s and

δa/â = 0.01. erefore, it can be concluded that, in the

worst case, a5 = a6 = 0.0001, i.e. T5 and T6 can produce a

maximum 0.05 N thrust and the fault occurrence time

is tfault = 5 s .

Note 5: it is assumed that the real fault is less severe than

the one reported by the worst “fault estimation”. In this case,

the controller will show an acceptable performance for less

severe, and therefore, a wide range of faults.

Qualitatively, it is assumed that the severity of the faults

satis es the following inequalities:

where S is a quality that represents the severity of the fault; the

subscripts w.f.e, r.f and i.f.e stand for worst “fault estimation”,

real fault and initial “fault estimation”, respectively.

According to the previous discussion, the proposed method

is very conservative, because it considers the worst “fault

estimation”. To reduce the adverse e ects of this assumption,

the following quadratic cost function is introduced:

Minimizing this cost function will decrease the adverse

e ects of considering the worst fault estimation. e consi-

dered sample time for integration is 0.1 s. e problem consists

of 2 phases: first, GA tries to satisfy the constraint given

by Eq. 34. Then, the result is used as an initial solution to

optimize Eq. 39. e following penalty on cost function is

considered:

It was verified that 1,000 s elapsed time is considered as

the stopping criterion for the second phase — Intel(R) Core™

2 CPU, T7200@2.00 GHz; MATLAB® (MathWorks® 2011).

To observe the consequences of employing the proposed

method, 2 different cases are considered and summarized

in Table 4.

Case Fault estimation

1 Considering the initial “fault estimation”

2 Considering the worst “fault estimation”

Table 4. Cases consi dered.

CASE 1

If the initial “fault estimation” is considered (FDD is assumed

to report the precise fault information), the results shown in

Figs. 6 and 7 will be obtained.

Figure 6. Angular velocities, initial “fault estimation” (case 1).

Figure 7. Control inputs, initial “fault estimation” (case 1).

1008060

Time [s]

T

5

[N]

40200

0

2

4

1008060

Time [s]

T

3

[N]

40200

0

5

10

1008060

Time [s]

T

1

[N]

40200

0

0.005

0.01

1008060

Time [s]

T

6

[N]

40200

0

0.01

0.005

1008060

Time [s]

T

4

[N]

40200

0

0.005

0.01

1008060

Time [s]

T

2

[N]

40200

0

5

10

6

4

2

00 10 20 30 40 50 60 70 80 90 100

0 10 20 30 40 50 60 70 80 90 100

0 10 20 30 40 50 60 70 80 90 100

ω

ωd

ω3 [deg/s]

5

0

–5

–10

ω2 [deg/s]

10

5

0

–5

ω1 [deg/s]

Time [s]

=

+

Eq. 34 is s a tis fied

Eq. 34 is not sa t isfie d

(38)

(39)

(40)

Eq. 34 is satis ed

Eq. 34 is not satis ed

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

459

Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization

Figure 6 shows that RG can not make the closed-loop system

asymptotically stable, because it assumes the fault scenario

reported by the FDD (initial “fault estimation”), which is precise.

However, since the real fault is worse than the fault reported by

the FDD (initial “fault estimation”), does not converge to the

origin. is simulation shows the consequences of considering the

initial “fault estimation”. e main conclusion of this simulation

is: if the FDD is assumed to report the precise fault information,

the response of the controller may not be acceptable.

CASE 2

e result of considering the worst “fault estimation” is

illustrated in Fig. 8. e control inputs are illustrated in Fig. 9.

According to Fig. 8, RG can asymptotically stabilize the

closed-loop system, when the worst “fault estimation” is

considered. A comparison of Figs. 6 and 8 shows the consequences

of considering the worst “fault estimation” in the RG design.

Clearly, considering the initial “fault estimation” (case 1) can

lead to the poor performance of the controller and even to a

non-convergent response. On the other hand, if RG is designed

for the worst “fault estimation” (case 2), it can cover less severe

faults and stabilize the faulty system for a wide range of faults

(Note 5).

Since the assumption of worst “fault estimation” is

conservative, the response is optimized via minimizing the

cost function (Eq. 39). e GA performance is illustrated in

Fig. 10. As stated previously, the quadratic cost function has been

introduced to reduce the adverse consequences of considering

the worst “fault estimation” (maximum fault estimation

error). According to Fig. 10, after 14 generations (1,000 s

elapsed time), the cost function is reduced from 8,758 to 5,944

1008060

Time [s]

T5 [N]

40200

0

2

4

1008060

Time [s]

T3 [N]

40200

0

5

10

1008060

Time [s]

T1 [N]

40200

0

0.005

0.01

1008060

Time [s]

T6 [N]

40200

0

0.01

0.005

1008060

Time [s]

T4 [N]

40200

0

2

4

1008060

Time [s]

T2 [N]

40200

0

5

10

0

5,500

6,000

6,500

7,000

7,500

8,000

8,500

9,000

2 4 6 8 10 12 14

Generation

J

6

4

2

00 10 20 30 40 50 60 70 80 90 100

0 10 20 30 40 50 60 70 80 90 100

0 10 20 30 40 50 60 70 80 90 100

ω

ωd

ω3 [deg/s]

20

10

0

–10

ω2 [deg/s]

10

5

0

ω1 [deg/s]

Time [s]

(about 32%). is reduction in the cost function decreases the

adverse consequences of considering the worst fault estimation.

Figure 8. Angular velocities, worst “fault estimation” (case 2).

Figure 10. Cost function versus generations (1,000 s elapsed

time).

Figure 9. Control inputs, worst “fault estimation” (case 2).

DISCUSSION

Fault estimation error and delay are important

characteristics of FDD schemes. RG is a method to adjust/

modify the reference trajectories to handle actuator fault/

failure. It was shown that, if the initial “fault estimation” was

assumed to be precise (an ideal assumption), the controller

might not be able to show an acceptable performance. On the

other hand, if the worst “fault estimation” was considered, it

J. Aerosp. Technol. Manag., São José dos Campos, Vol.9, No 4, pp.453-460, Oct.-Dec., 2017

460 Moradi R, Alikhani A, Fathi Jegarkandi M

would be possible to reduce the destructive effects of fault

estimation error. A quadratic cost function was defined

to reduce the adverse consequences of this conservative

assumption (assuming maximum fault estimation error).

Therefore, a less sophisticated FDD can be used to satisfy

the mission objectives.

AUTHOR’S CONTRIBUTION

Conceptualization, Moradi R; Methodology, Moradi R,

Alikhani A, and Fathi Jegarkandi M; Writing – Original Dra,

Moradi R and Alikhani A; Writing – Review & Editing, Moradi

R, Alikhani A, and Fathi Jegarkandi M.

REFERENCES

Almeida FA (2011) Reference management for fault-tolerant

model predictive control. J Guid Control Dynam 34(1):44-56. doi:

10.2514/1.50938

Boussaid B, Aubrun C, Abdelkrim MN (2010) Fault adaptation based

on reference governor. Proceedings of the Conference on Control and

Fault-Tolerant Systems; Nice, France.

Boussaid B, Aubrun C, Abdelkrim MN (2011) Two-level active fault

tolerant control approach. Proceedings of the 8th International Multi-

Conference on Systems, Signals and Devices; Sousse, Tunisia.

Boussaid B, Aubrun C, Jiang J, Abdelkrim MN (2014) FTC approach

with actuator saturation avoidance based on reference management.

International Journal of Robust and Nonlinear Control 24(17):2724-

2740. doi: 10.1002/mc.3020

De Boor C (1978) A practical guide to splines. Berlin: Springer.

Fontes FACC (2001) A general framework to design stabilizing

nonlinear model predictive controllers. Systems and Control Letters

42(2):127-143. doi: 10.1016/S0167-6911(00)00084-0

Garone E, Di Cairano S, Kolmanovsky IV (2016) Reference and

command governors for systems with constraints: A survey on

theory and applications. Automatica 75:306-328. doi: 10.1016/j.

automatica.2016.08.013

Goldberg DE (1989) Genetic algorithms in search, optimization &

machine learning. Reading: Addison-Wesley.

MathWorks® (2011) MATLAB® and SIMULINK®. Natick:

MathWorks®.

Miksch T, Gambier A (2011) Fault-tolerant control by using

lexicographic multi-objective optimization. Proceedings of the 8th Asian

control conference (ASCC); Kaohsiung, Taiwan.

Sidi MJ (2000) Spacecraft dynamics and control: a practical

engineering approach. Cambridge: Cambridge University Press.

Sobhani-Tehrani E, Khosravi KH (2009) Fault diagnosis of nonlinear

systems using a hybrid approach. Lecture Notes in Control and

Information Sciences. Dordrecht; New York: Springer.

Wang D, Jia Y, Jin L, Xu S (2013) Control analysis of an underactuated

spacecraft under disturbance. Acta Astronautica 83:44-53. doi:

10.1016/j.actaastro.2012.10.029

Yin S, Xiao B, Ding S, Zhou D (2016) A review on recent development

of spacecraft attitude fault tolerant control system. IEEE Trans Ind

Electron 63(5):3311-3320. doi: 10.1109/TIE.2016.2530789

Zhang Y, Jiang J (2008) Bibliographical review on recongurable

fault-tolerant control systems. Ann Rev Contr 32(2):229-252. doi:

10.1016/j.arcontrol.2008.03.008