This disclosure relates to automatic control systems in general, and in particular, to methods and apparatus for monitoring the actuation of control systems and the rapid detection of failures occurring therein.
Control systems are used for a myriad of applications, including manufacturing, transportation and energy production. Failures of a control system affect the performance, and often, the safety of the system if not detected and handled properly. In fact, an undetected failure can result in undesirable consequences. Thus, it is crucial to detect failures and reconfigure the system to adapt to such failures.
In the case of developing improved flight control systems for aircraft, for example., helicopters, robust, reliable failure detection is a requisite for the architectures. Typically, single channel electrical control may be used, but if a failure is detected in a subsystem, the flight control system must then be capable of disengaging the electrical control system and reverting to an underlying mechanical flight control system.
Failures in control systems can be classified into three categories, viz., “front end” (i.e., sensor-related), “middle” (i.e., processing-related) and “back end” (i.e., actuation-related). In the last of these, the term “actuation” is used rather than “actuator,” because the failure detection technique must detect failures occurring not only in the actuators themselves, but also in the commanding of the actuators.
Over the last several decades, control system failure detection and isolation have been well researched, and many failure detection techniques have been developed for each of the above categories, although most of these relate to front end (i.e., sensor) failure detection. The methods developed have also been applied in a wide variety of applications of varying criticality, such as flight controls, semiconductor manufacturing and nuclear power systems, and generally speaking.
Examples of failure detection and isolation methods include:
1) physical redundancy;
2) analytic redundancy; and,
3) statistical methods, such as the “Generalized Likelihood Ratio Test” (GLRT) and the “Sequential Probability Ratio Test” (SPRT).
A thorough overview of the techniques and issues involved with both physical and analytic redundancy management is provided in Osder, S., “Practical View of Redundancy Management Application and Theory,” AIAA Journal of Guidance, Control and Dynamics, Vol. 22, No. 1, January-February 1999, pp. 12-21.
Physical redundancy methods require additional hardware, which increases cost, and present other difficulties when used for actuation monitoring. Analytic redundancy usually requires large tolerances because of the uncertainty in the physical relationships being exploited to provide the solution. Statistical methods do not take into account the known physics of the problem. Most methods used in practice typically compare the outputs of the actual system to those of a nominal model of the system and compute the error (residual) between the system and the model. When the residual goes above a fixed tolerance, the system is deemed to have failed. However, when using fixed tolerances, the tolerances chosen must account for the worst case condition, making the tolerance/envelope much larger than is practical or efficient in many applications.
Accordingly, methods and apparatus are needed for the monitoring and rapid detection of failures occurring in the “back end,” i.e., the actuation, of a control system that overcome the above problems of the actuation failure detection and isolation techniques of the prior art.