To detect whether a control system and the device which it controls (the object) is working properly it is known to compare the output or a feedback signal from the object to the output of a mathematical model having the input/output characteristics of the combined control and object and which receives the same input as the control. When the deviation or error between the actual output and the model output exceeds a predetermined value, an error signal is generated which indicates a fault or failure of either the control system or the object. Since the response delay of the object is known and is built into the model, false failure signals due to such delay are avoided even though there may initially be a large deviation between the commanded output of the object and its actual output.
A mathematical model usually cannot exactly duplicate the characteristics of a control system and object, particularly during transient as opposed to steady state operation. Furthermore, a model of fixed configuration cannot account for characteristic changes due to deterioration of the control system and its object with time, which is also more of a problem during transient operation. A high failure threshold is, therefore, required so as not to falsely signal a failure due to inaccuracies of the model. The more complex the control system, the greater will be the inaccuracies of the model during transient control system operation, and the higher the required failure threshold. Put another way, the simpler the model, the larger the expected deviation between its output and the actual output (at least during transient control system operation) even when there is no failure, thus requiring the use of a higher failure threshold. A high failure threshold may increase the time it takes to detect a true fault since the system will have to ignore larger output deviations.
A further undesirable feature of some prior art failure detection systems is that a large, unpredictable, but only temporary output deviation which may be caused by poor model simulation may trigger an improper fault signal.
The prior art, as represented by U.S. Pat. Nos. 4,213,175 and 4,214,301, has developed a complex method for avoiding some of the foregoing problems by using fault detection systems which continuously correct the model as the operating characteristics of the control system and object change with time, such as due to deterioration of components. It is desirable, however, to use the simplest model possible and to avoid the complexities of a model correcting system, and to still reduce the possibility of sending false failure signals and to increase the sensitivity of the system to faults which produce only relatively small deviations from normal output.
Several other patents relating to the general subject matter of the present invention and which may be of interest are Nos. 3,221,230; 3,394,294; 3,446,946; 3,680,069; 3,902,051; 3,974,364; and 4,092,716.