Contemporary technical systems such as processing or power plants, aerial and space vehicles, and air traffic management system are characterized by a large number of highly complex and interconnected subsystems. A typical complex system consists of a large number of subsystems and components such as sensors, actuators, power supplies, and control computers. All these components and subsystems are prone to failures either due to the wear and tear, or due to manufacturing flaws or improper usage. Failures or other faults in such subsystem or components, if not properly accommodated for, may lead to catastrophic consequences. Hardware redundancy is one way in which the deleterious effect of faults and failures on the system performance can be prevented. The resulting system consists of double, triple, or quadruple redundant sensors, actuators and control computers which substantially increases costs of the system. For this reason the concept of software redundancy, also referred to as the analytic redundancy has attracted a lot of attention in different areas of engineering. The realted techniques have been shown to be able to compensate for actuator faults and failures by redistributing the control effort among the healthy actuators, and using healthy sensors to infer the measurements from failed sensors. This concept has found particularly fertile ground in the area of flight control.
An important aspect of aviation safety for manned aircraft and Intelligent Autonomy for Unmanned Aerial Vehicles (UAV) is on-line Failure Detection, Identification and Reconfiguration (FDIR) whose role is to quickly and accurately detect and identify subsystem and/or component failures, distinguish between failures and disturbances, and achieve effective control reconfiguration that maintains the performance of the vehicle close to the desired one. While there are many results available regarding detection, identification and accommodation of different types of failures and upsets, there have been virtually no attempts to arrive at a fully integrated Fault Management System (FMS) that would constantly monitor the vehicle's health and take appropriate actions in the presence of many different types of failures and disturbances even when they occur simultaneously. Current approach to this problem is to design separately FDIR systems for sensors failures, control effector or actuator failures, and structural damage, and integrate them with the reconfigurable controller. Due to the heterogeneous nature of such a system, its Verification and Validation (V&V) is often a tedious process of demonstrating that the system will achieve the desired performance under a variety of circumstances. Hence there is a need to develop a fully functional modular FDIR system whose design is integrated from the outset so that the FDI algorithms for a large number of different failures and upsets are developed in concert with the reconfigurable control laws. This enables easy integration, guarantees certain properties of the overall system, and, consequently, simplifies its V&V process.
Substantial development time and cost is involved in the certification of flight control software for aircraft. Current software validation and verification methods used during the certification process are based on extensive and tedious computer simulations of the flight control algorithms on high-fidelity piloted aircraft simulators in different flight regimes. While this high level of development time and cost may be acceptable during the development of a new aircraft, it is often difficult to justify during upgrades to an existing aircraft. As a result, in many cases only incremental changes to flight control software are considered when upgrading an aircraft and/or software. Confining the scope of changes in this fashion shortens the time and cost associated with validation, verification, and certification while still assuring that flight control system and aircraft will perform as desired. In contrast, implementing completely new control algorithms for existing aircraft would require the corresponding control software to repeat the entire validation, verification, and software certification process.
Existing failure detection, identification and reconfiguration (FDIR) techniques for technical systems often involve control systems having two main subsystems, namely, a failure detection and identification (FDI) subsystem and a reconfigurable control subsystem that can be either adaptive or non-adaptive. In many situations it is beneficial to retain the original nominal or baseline controller whose design has evolved over long periods of time, and which achieves desired control objectives in the nominal (i.e., no failure/fault/damage) case while upgrading the reconfigurable controller. In such situations, the reconfigurable controller may be implemented as a retrofit module (i.e., as an add-on signal) that enables the designer to retain the nominal baseline controller designed for the no-failure/fault/damage case, even while achieving all the benefits of adaptive reconfigurable control for failure/fault/damage accommodation.
Even though the idea of retrofit control is appealing due to the ability to retain a “trusted” baseline controller, work in this area in the context of FDIR has been limited. Existing approaches tend, for example, to assume that the failures are described by a constant vector. This substantially narrows the class of failures that can be handled, since many failures result in perturbations that can be described as both time-varying and/or state dependent disturbances.
Some approaches utilize on-line estimation of a large number of parameters, which are used in the reconfigurable control law. These approaches may not be viable as a practical matter, and in any case, verification and validation of such systems represents a formidable problem. In addition, on-line adjustment of a large number of parameters inevitably slows down the failure detection and identification process, which may result in performance deterioration and system instability.