2013 IEEE International Conference on Control System, Computing and Engineering, 29 Nov. - 1 Dec.

2013, Penang, Malaysia

Reconfigurable Fault-Tolerant Control of Linear

System with Actuator and Sensor Faults
Katherin Indriawati, Trihastuti Agustinah, Achmad Jazidie
Department of Electrical Engineering
ITS
Surabaya, Indonesia
katherin@ep.its.ac.id
difference matrix equation. The estimated sensor faults are
used to modify the nominal control law to compensate for the
effects of the sensor faults. In [3], both sensor and actuator
faults are isolated and estimated by using of a unique structured
residual generator. The residual generator consist of a bank of
unknown input observer that each observer may be used to
detect a single fault. In [4] linear time invariant systems with
sensor faults are transformed into descriptor system and then
the proportional plus derivative observers are used to
simultaneously estimates the states of the system and the
sensor faults. However, all of those researches assume the
perfect condition of the plant regime and there is no
environmental noise in measurement system, which implies
that FDI algorithm detect faults instantaneously and always
correct [5].
To develop an active FTCS, it is required to examine
reconfigurable control and FDI to ensure that they can work in
harmony. The kind of information needed from a FDI should
be examined to achieve a reasonable control strategy. An
imperfect FDI algorithm may not only result in loss of
performance, but also instability for the overall FTCS. This
paper focuses on active FTC based on analytical redundancy
which combines the functions of FDI and reconfigurable
control in noisy environment. Studies to this area is fewer than
other areas of fault-tolerant control research [6]. Furthermore,
many challenging issues still remain open for further research
and development for this area [1].
Generally reconfiguration scheme for the linear control
system that has been proposed in the scientific paper is only
detecting one sensor or actuator faults occur at a particular
time, as in [2] and [3]. This paper presents the results of a
simulation study for linear control system reconfiguration
scheme that tolerant of sensor and actuator faults that occur
sequentially. Furthermore, the measurement noise influences
are also considered in designing of FDI algorithm in order to
minimize the occurence of false alarm and missed alarm.
This paper is organized as follows. In section II, the
nominal linear control system and the reconfigurable control
probem dealing with actuator and sensor faults are presented.
In section III, the strategy of reconfigurable linear control

AbstractThis paper presents an active fault-tolerant control

for linear system in case of actuator and sensor faults where these
minor faults lead to degraded performance of the system. Three
steps are proposed to achieve fault tolerant control based on
simplified analytical redundancy. Firstly, a bank of linear
observer is proposed to estimate the actuator and sensor faults by
modeling a descriptor LTI system using the SVD technique.
Secondly, the estimated faults are used to design a fault decision
scheme to detect the faults correctly. Thirdly, a reconfigurable
fault-tolerant control scheme is designed by using the estimated
faults to compensate the fault effects on controller performance.
Simulation on the three tank system is given to illustrate the
performance of the proposed method.
Index TermsObserver, SVD, reconfigurable FTC.

INTRODUCTION
Control systems which have the ability to accommodate
component (actuator or/and sensor) failures automatically are
called Fault Tolerant Control Systems. These systems are able
to maintain the stability and the desired performance of the
system in the presence of such failures [1]. FTCS is needed to
increase reliability and automation level in modern engineering
systems. Generally, FTCS can be performed by passive
methods or by active methods. In passive methods, controller is
fixed and can be designed using robust control techniques to
ensure that a closed-loop system remains insensitive to certain
faults. This approach needs neither on-line fault information
nor controller reconfiguration, but it has limited fault-tolerant
capabilities [1]. On the other hand, in active methods, a new
control system is redesigned by using on line fault information
in order to maintain the stability and acceptable performance of
the entire system, or in circumstances, to achieve accepted
degraded performance. Active FTCS are often referred to as
reconfigurable control. The design of an active FTCS requires
quick but effective fault detection and isolation (FDI) scheme
for adequate decision making that refers to the task of inferring
the occurrence of faults in a system.
A general approach of active FTCSis based on analytical
redundancy. Noura et al. in [2] has presented this approach for
discrete linear systems. They treat the sensor faults as the
actuator faults, then it used to estimate all faults by solving a

978-1-4799-1508-8/13/$31.00 2013 IEEE

22

2013 IEEE International Conference on Control System, Computing and Engineering, 29 Nov. - 1 Dec. 2013, Penang, Malaysia

based on a bank of observers is propossed. A numerical

example of a three-tank system and its sim
mulation results are
given in section IV. Finally, concluding rem
marks are given in
section V.
N
PROBLEM FORMULATION

Nominal Control
Consider a discrete linear time invariant (LTI) system
given by the following state space representaation
x ( k + 1) = Ax ( k ) + Bu ( k )

y ( k ) = Cx ( k )

Fig. 1 Nominal tracking contrrol with feedback structure [7]

Reconfigurable Control
The designed control systeem conducts reconfiguration of
control signal automatically in order to accommodate the
component faults so that the plaant still operates as desired. The
used algorithm in designing off that control system is based on
mple structure and techniques.
the suitable model with the sim
To achieve a control system
m that tolerant from actuator and
sensor faults, the proposed method
m
of this paper consist of
recalculation of the control siggnal based on the occured fault
type. The block diagram of thee reconfigurable control system
is shown in Figure 2. The new control law applied to the
system is given by

(1)

where xRn, uRp and yRm are the state vector,

v
the control
input, the output vector, respectively. ARnxnn, BRnxp, and C
Rmxn are the state, the control, and the output matrices,
t
can track a
respectively. The number of outputs m that
reference input vector yr do not exceed the number of control
inputs due to controlability requirement.
The nominal control system for that plaant uses feedback
structure with integrator as shown in Figurre 1,where y1Rh
(hp) represents the vector of the masuremeent outputs that are
required to follow the reference input vectorr yr while y2R(mh)
represents the vector of the unmeasurem
ment output. The
nominal control system take into account thhe operating point
(U0, Y0). The state space representation of the
t control system
shown in Figure 1 is

x(k + 1) A
0 n, p x ( k ) B
=

u (k )
+

z (k + 1) Ts C1 I p z (k ) 0 p ,m

0 n, p

+
y r (k )

Ts I p

x(k )

y (k ) = C 0 q, p

z (k )

u (k ) = u n (k ) + u adda (k ) + u addss (k )

where un (k) represents the noominal control signal, uadda (k)

represents the additive contrrol signal to compensate the
actuator faults, and uadds (k) represents
r
the additive control
signal to compensate the sensorr faults.
The control signal reconfiiguration needs fault diagnosis
process in order to detect and
a
isolate the occured fault,
commonly known as fault detection and isolation (FDI).
Here, the FDI proposed methhod in this paper is based on
mathematical model (analyticcal redundancy), that is using
observer to generate residual.. Thus the problem is how to
make the observer in a simplle manner that can be used to
handle both actuator and sensor faults at once. Furthermore, in
order to minimize the occurennce of false alarm and missed
alarm due to noise measureement, this paper propose the
modification algorithm of thee Shewhart control chart related
to the FDI threshold values.

(2)

c
state, Ts
where C1 is row of matrix C related to the controlled
is the sample period to be chosen properlyy, Ip is an identity
matrix of dimension pxp, and 0n,p is a null matrix of
dimension nxp. The nominal feedback coontrol law of this
system is computed by
u ( k ) = K X ( k ) = [K 1

x (k )
K 2 ]

z(k )

(4)

I
CONTROL DESIGN
RECONFIGURABLE LINEAR

Residual is the difference of the considered quantity

measurement value and the same
s
quantity value in normal
operating condition. It is assum
med that each controlled variable
taken by an actuator-sensor pair.
p
Therefore, the number of
observer needed for the FDI syystem is equal with the number
of actuator-sensor pairs connsidered. The results of each
observer then are used in the FDI
F system to make a decision
about where may the faults be occured by means of statistical
technique. Based on that deecision, the magnitude of the
occured fault is estimated and the estimation result is used in
order to recalculate the control signal.

(3)

K = [K1 K2] is the feedback gain matrix obtaained using several

techniques such as a pole placement technique,
t
linearquadratic optimization, and so on [8][9][10][[11].

23

2013 IEEE International Conference on Control System, Computing and Engineering, 29 Nov. - 1 Dec. 2013, Penang, Malaysia

it can be declared in a product of three matrix:

(7)

Ti and Mi represent orthonormal matrices, and Si is a diagonal

nonsingular matrix.
Substituting (7) to (6) and dividing matrix Ti to be two
parts, Ti = [Ti1 Ti2] leads to
Fig. 2. Reconfigurable fault-tolerant control scheme [7]

Actuator Fault Compensation

The state-space representation of a system that may be
affected by ith actuator fault is
0

1
1
0

;
;
;
is pseudo-inverse of matrix

(5)

0
0

where

where

(6)

0
0
0
0
0

0
0 ;

0
0

0
0

;
0
0;
0

;
;

(9)
;

The ith actuator fault compensation observer works using

the first equation in (8). Therefore, the each observer produce
results of the state vector estimate , the integral error vector
estimate , and the ith actuator fault vector estimate
, by
using the free-fault control signal u = ufsf, and the
measurement output signal y. Note that each
is not
sensitive to setpoint changes as well as to faults of the other
couples of actuator-sensor
The result of
then is used in statistical test in order to
produce alarm. Based on the behavior of , the statistical test
is done by adopting Shewhart control chart of Statistical
Process Control (SPC) method, that is evaluating each sample
of to determine wheter it is in the in-control area or not. The
in-control area is the region that has two boundary limits: the
upper control law (UCL) and the lower control law (LCL)
defined by

is the magnitude of ith actuator fault and

where
is the related fault matrix.
Detection, isolation even estimation of the actuator fault
magnitude is conducted by designing an observer that is able
to generate fault signal estimate of ith actuator,
:
0 if there is no actuator fault

0 if there is actuator fault

The observers in this paper are developed by modifying (5)

so that
to be component of state vector. The
modification results is [7]:
1

(8)

(10a)
(10b)

0
1

;
where
is mean value and
is deviation standard value of
in a windowing. Length
the successive sample data set of
and overlap of the windowing determine false alarm rate and
missed alarm rate. In this case, those both parameters of the
windowing is determined by trial and error by reference to the
value of signal-to-noise ratio (SNR) of the measurement.
is a constant determined by reference to the ratio value
between fault magnitude and noise measurement. If the
at time instant k is inside the in-control
sample value of
area, then the indicating signal Iai at that time is zero. On the
other hand, if the sample value of
at time instant k is
outside the
in-control area (out-of-control), then the

The estimation of the actuator fault magnitude

is
, that is the last
conducted by estimating the state vector
as shown in (6).
component of
. This
The next problem is obtaining an equation of
problem can be solved by means of singular value
decomposition (SVD) technique toward matrix
on
condition that it is of full column rank [12], with the result that

24

2013 IEEE International Conference on Control System, Computing and Engineering, 29 Nov. - 1 Dec. 2013, Penang, Malaysia

where Ci is a null vector except ith component equals to 1.

There is a trade off in determining the value of j, the delay
time detection and the false alarm. Note that each
is
sensitive to setpoint changes, but is not senstivite to faults of
the other couples of actuator-sensor.
As with the actuator fault detection, the results in
then
is used on satistical test in order to generate the sensor alarm.
Based on the characteristic of
, the statistical test is
conducted by using deviation standard
of the windowing
sample data set of . The two types of threshold used are:

indicating signal Iai at that time is one. Effort to minimize the

occurrence of false alarms is done by way of the alarm signal
on if and only if there are four successive value of Iai equal to
one. Next, to each the actuator being considered, the alarm
signal displays 0 if there is no fault but 1 if there is a fault.
The estimated fault signals of the each actuator are
combined into an actuator fault vector:

(11)

The additive control signal for compensating all actuator

faults is:

if
(15)

if
uadda (k ) = B 1Fa fa (k )

(12)

Di is detectability threshold that its value depends on the value

of SNR. The smaller the value of Di, the higher occurrence of
false.
is a scalar that its value is influenced by the related
setpoint changes. If the sample value of
at time instant k
exceed the threshold Ti, the the indicating signal Isi at that time
is equal to 1. Next, to each the sensor being considered, the
alarm signal displays 0 if there is no fault but 1 if there is a
fault.
The estimated fault signals of the each sensor are
combined into a vector of the sensor fault:

where matrix Fa is the overall fault matrix (commonly equal to

matrix C1).
Sensor Fault Compensation
The output equation model with feedback control system
in (9) should be changed in case of sensor faults, i.e.:
0

(13)

Thus, to detect and to estimate the magnitude of sensor

faults can be conducted by means of (13), using the
measurement output vector and the state vector estimate. As
mentioned above, the each developed observer produce results
of the state vector estimate , the integral error vector
estimate , and the ith actuator fault vector estimate
, by
using the free-fault control signal u = ufsf, and the
measurement output signal y. The state vector estimate
represent the free-fault condition state (the nominal condition
state). If there is an ith sensor fault which is the couple of an ith
actuator, then the components value of
is not anymore
equal with value of measurement results yi. The difference is
only occured at one time instant tsf, as a result of the nominal
control signal tries to bring the steady state error back to zero.
The difference turned out to be an estimate of the ith sensor
fault magnitude, . By using the assumption that the fault
sensor did not get better over time, but it may be getting
worse, then the sensor fault magnitude may not decrease with
increasing time. To minimize the possibility of false alarms
caused by outliers, it is used j successive samples of y that are
compared with on hold for three step sample times from tsf.
The determination of can be defined as:

for
for

(16)

The additive control signal for compensating all sensor

faults is:
~
uadds (k ) = K1 Fs fs (k ) + K 2 f s (k )

(17)

~
where f s is the integral of Fs fs
Therefore, the free fault control signal is
ufsf(k) = un(k) + uadds(k)

(18)

Note that vector ufsf is the control signal which is used by

the observer in the FDI system..
APPLICATION EXAMPLE
To illustrate the proposed method, a three tank benchmark
system is considered. The dynamical model of the system is
given by [7]

(14)

25

2013 IEEE International Conference on Control System, Computing and Engineering, 29 Nov. - 1 Dec. 2013, Penang, Malaysia

The measurement noise is assumed to be zero-mean

Gaussian distribution. The sttandard deviation of the noise
distribution that used in the sim
mulations is 10-3 m and 10-4 m.
The simulation results are illustrated in Table 2. It is
DI is able to work well in noisy
concluded that the proposed FD
environment. Note that the larrger the noise standar deviation,
the larger the delay time of the FDI. In addition, the actuator
fault detection time is larger than the sensor fault detection
time. This is because the actuattor fault detection process relies
on the dynamics of the system response. While, the sensor
fault detection process is donne by comparing the results of
direct measurements and the sttate estimate thus be preventing
the controller from reacting.
Figure 3 shows the systeem responses when there is a
change in the reference value and followed with the actuator
faults, i.e the pump 1 at t = 1000 s and the pump 2 at t = 400 s.
It is noticed that the responsee of the reconfigurable control
system (with FTC) is better thhan that of the classical control
system (without FTC). Althouugh the system without FTC is
still able to track the referencce value, but the time response
and the overshoot of its outpputs are larger than that of the
system outputs with FTC. Thuus, it has been proved that the
additional control signal uadda from
f
the reconfiguration control
system capables of compensatee the actuator faults properly.
In the second simulation experiment, an abrupt sensor
i
50 s, and followed in the
faults appears in the tank 1 at instant
tank 2 at instant 500 s. Thee results of this experiment is
illustrated in Fig. 4. It can be noticed that with FTC method
p
it is not the case for the
the real level follows the set point;
classical control law. It is cauused the tank level information
used to generate the control siignal is not in accordance with
the real situation. The fault is isolated at instant 51 s and 501 s
for sensor 1 and sensor 2 respectively. Therefore, the
reconfiguration approach preseerves the dynamical behavior of
the system in the presence of seensor faults.
To know the ability of thhe proposed control system in
dealing with more than one fault, the sensor and actuator
faults occurrence is simulated sequentially. The sensor fault is
occured before the actuator fault in the tank 1. In contrast to
the tank 2, the actuator fault iss occured first before the sensor
fault. Figure 5 illustrates the simulation results which prove
that the developed control system has the ability to
compensate more than one faults, no matter what type of fault
first occured. The analysis of the
t integral absolute error (IAE)
also emphasizes the better perfo
formance of the FTCS compared
to the classical control, i.e. 401 with FTC and 428 without
FTC for the level of tank 1; ass well as 200 with FTC and 214
without FTC for the level of tannk 2.

(19)
where

(m, n = 1,2,3 m n)

The variables l1, l2, l3 denote the level inn tank 1, 2, and 3
respectively; qmn represents the flow rate from
f
tank m to n
while q20 is the outflow rate at tank 2. The description
d
and the
numerical values of the plant model param
meters are listed in
Table 1. The controlled variables are l1 and l2 while the
manipulated variables are q1and q2.The linnear model of the
plant can be derived in the equilibrium pointts (U0;Y0) = ([0.35
0.325]T10-4 (m3/s);[0.4 0.2 0.3]T (m))
TABLE I. PARAMETER VALUES OF THE THREEE TANK SYSTEM
Parameter
Tank cross sectional area
Inter tank cross sectional area
Inter tank outflow coefficient
Outflow coefficient at tank 2
Maximum flow rate
Maximum level

Symbol
S
Sp
13=32
20
qmax
lmax

Value
0.00154 m2
5x110-5 m2
0.5
0.6675
1.22x10-4 m3/s
0.662 m

TABLE II. ISOLATION TIME OF THEE FDI

Faults on

Noise standard
deviation of 10-4 m
Occurence

Pump 1
Sensor 1
Pump 2
Sensor 2

100 s
50 s
400 s
500 s

Isolation

107 s
51 s
407 s
501 s

Noisse standard
deviattion of 10-3 m
Occurencee

100 s
50 s
400 s
500 s

Isolation

119 s
51 s
427 s
501 s

The simulation is intended to determinee the ability of the

developed control system to overcome pum
mp actuator faults
and level sensor faults as well, by means of the
reconfiguration scheme. Therefore, the simulated fault types is
not the component functional failure, but thee component faults
with small severity. The actuator faults aree simulated as the
loss of effectiveness of the actuator pumpss, by using a gain
degradation of 0.3 on the output control signal.
s
The sensor
faults are simulated as a constant offset or bias of 0.03 m on
the piezoresistif level sensor so that the faaulty measurement
used by the controller is equal to l + 0.03.

26

2013 IEEE International Conference on Control System, Computing and Engineering, 29 Nov. - 1 Dec. 2013, Penang, Malaysia
0.5

0.45
with FTC

CONCLUSION

Tank 1

level (m)

0.4

After The simulation example of the fault tolerant control

of linear system with more than one fault has been conducted.
The three tank system is used to illustrate the abilities of the
proposed method to compensate for both sensor and actuator
faults. A bank of observers has been developed to detect,
isolate, and estimate faults of the sensor-actuator pairs. Based
on the simulation results, it is concluded that the control system
with FTC has the output responses which are closer to the
nominal outputs rather than that of the system with the classical
control law.

without FTC

0.35

Tank 3
0.3

0.25
Tank 2
with FTC

0.2

without FTC
0

100

200

300

400

500
time (s)

600

700

800

900

1000

Fig. 3. The output measurement responses when the actuator faults occurred
in the tank 1 and the tank 2
0.5

REFERENCES

0.45

Y. Zhang, J. Jiang, "Bibliographical review on reconfigurable faulttolerant control systems", Annual Reviews in Control, vol. 32,
issue 2, pp. 229-252, December 2008.
H. Noura, D. Sauter, F. Hamelin, D. Theilliol, Fault-tolerant control
in dynamic systems: Application to a winding machine, IEEE
Control Syst. Mag.,vol. 20, pp. 33-49, 2000.
D. Theilliol, H. Noura, J.C. Ponsart, "Fault diagnosis and
accommodation of a three-tank system based on analytical
redundancy", ISA Transactions, vol. 41, no. 3, pp.365382,
2002.
Z. Gao, H. Wang, Descriptor observer approaches for multivariable
system with measurement noises and application in fault
detection and diagnosis, Systems & Control Letters, vol. 55, pp.
304313, 2006.
M. Mahmoud, J. Jiang, Y.M. Zhang, "Active fault tolerant control
systems: Stochastic analysis and synthesis", Lecture notes in
control and information sciences, vol. 287, Berlin, Germany:
Springer, 2003.
R.J. Patton, Fault-tolerant control: The 1997 situation (survey),
Proseding IFAC SAFEPROCESS'97, Hull, U.K., vol.2, 10331055, 1997
H. Noura, D. Theilliol, J.C. Ponsart, A. Chamseddine, Fault-tolerant
Control Systems: Design and Practical Applications, SpringerVerlag London, 2009.
K. Ogata, Modern Control Engineering - 4th ed., Prentice Hall, 2006.
R.L. Williams-II and D.A. Lawrence, Linear state-space control
systems, John Wiley & Sons, Inc., 2007.
K.J. Astrom, R.M. Murray, Feedback systems: an indtroduction for
scientists and engineers, Princenton University Press, 2008.
D. Xue, Y. Chen, D.P. Atherton, Linear feedback control: analysis
and design with MATLAB (Advances ind design and control),
Society for Industrial Mathematics, first ed., 2008.
A. Bassong-Onana, M. Darouach, G. Krzakala, "Optimal estimation
of state and inputs for stochastic dynamical systems with
unknown inputs", Proceedings of International Conference on
Fault Diagnosis, pages 267275, Toulouse, France, 1993.

with FTC

Tank 1

0.4

level (m)

0.35
without FTC
Tank 3

0.3
0.25
with FTC

Tank 2

0.2
0.15
without FTC
0.1

100

200

300

400

500
time (s)

600

700

800

900

1000

Fig. 4. The real output responses when the sensor faults occurred in the tank 1
and the tank 2
0.5

0.45

Tank 1

measured

level (m)

0.4
real

0.35

Tank 3

0.3

0.25

Tank 2
measured

0.2
real
0

100

200

300

400

500
time (s)

600

700

800

900

1000

Fig. 5. The system responses when the actuator and sensor faults occured
sequential (sensor fault then actuator fault for tank 1; actuator fault then
sensor fault for tank 2)

27