- Email: [email protected]
Exponential small-gain theorem and fault tolerant safe control of interconnected nonlinear systems
Automatica 115 (2020) 108866
Contents lists available at ScienceDirect
Automatica journal homepage: www.elsevier.com/locate/automatica
Exponential small-gain theorem and fault tolerant safe control of interconnected nonlinear systems✩ ∗
Hao Yang , Chencheng Zhang, Zixin An, Bin Jiang College of Automation Engineering, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China
article
info
Article history: Received 5 April 2019 Received in revised form 1 December 2019 Accepted 10 January 2020 Available online xxxx Keywords: Interconnected nonlinear system Small-gain theorem Fault tolerant safe control
a b s t r a c t This paper considers a class of interconnected nonlinear systems where each subsystem, in the absence of coupling, is individually exponentially stable. The cyclic-small-gain theorem is significantly extended in such a way that the interconnected system is proved to be globally exponentially stable, an exponential converging upper bound of state norm is obtained which fully reveals the relations between the gains, the decay rate and the upper bound of the states. The new result is further applied to fault tolerant safe control problem of interconnected nonlinear systems. A fault recoverability condition with respect to safety is established, under which both individual and cooperative fault tolerant safe control strategies are provided under the decentralized control structure. This guarantees that the states are always within a given safe domain in the presence of faults. © 2020 Elsevier Ltd. All rights reserved.
1. Introduction The well-known small-gain theorem implies that a loop-gain of less than unity ensures the stability of dynamical feedback systems. Such a theorem has been widely used for stability analysis and control design of nonlinear systems in the past several decades (Ito & Jiang, 2009; Jiang, Mareels, & Wang, 1996). With the rise of research interest in large-scale and network systems, a concept of ‘‘cyclic-small-gain’’ has been proposed and deeply investigated in Dashkovskiy, Rüffer, and Wirth (2010), Ito, Jiang, Dashkovskiy, and Rüffer (2013) and Liu, Hill, and Jiang (2011), the latest progress can be seen in Jiang and Liu (2018). The main idea of cyclic-small-gain theorem is that the composition of the gain functions along every simple cycle in the related graph of the network system is less than the identity function. Note that most of the existing results on (cyclic-) small-gain theorem only focus on the stability analysis of interconnected systems, while the upper bound and the decay rate of states of the whole system are not easy to be found, and their relations with the gains are also not clear. One may ask: how do the upper bound and decay rate of the state norm change as the gains’ magnitudes change? A strong motivation to researching this problem lies in handling the fault tolerant safe control. ✩ This work is supported by National Natural Science Foundation of China (61622304, 61773201). The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Angelo Alessandri under the direction of Editor Thomas Parisini. ∗ Corresponding author. E-mail addresses: [email protected] (H. Yang), [email protected] (C. Zhang), [email protected] (Z. An), [email protected] (B. Jiang). https://doi.org/10.1016/j.automatica.2020.108866 0005-1098/© 2020 Elsevier Ltd. All rights reserved.
Fault tolerant control (FTC) aims at guaranteeing the system goal to be achieved in spite of faults (Blanke, Kinnaert, Lunze, & Staroswiecki, 2006). Modern interconnected control systems have an increasing demand for the reliability of each subsystem as well as their coupling components. This attracts a lot of research interests on FTC for interconnected systems. Two kinds of FTC methodologies are proposed including individual and cooperative methods (Yang et al., 2020): The individual FTC method mainly adjusts the controllers of faulty subsystems (Li & Tong, 2017; Li & Yang, 2018; Panagi & Polycarpou, 2011), while the cooperative one considers the overall system rather than any individual subsystem, which comprehensively adjusts the controllers of both faulty and healthy subsystems (Yang, Huang, Jiang, & Polycarpou, 2019; Yang, Jiang, Staroswiecki, & Zhang, 2015). It should be emphasized that the cyclic-small-gain theorem has been shown to be powerful in FTC design of interconnected systems, which helps to provide a decentralized control structure and reveal coupling’s effect on FTC from the overall system point of view (Yang et al., 2015). On the other hand, a dynamic system is often constrained by various design specifications, material strength, structural characteristics and some other inevitable factors. This leads to a safe domain that contains the equilibrium point for the states. The state norm is expected to be always within such a safe domain. Control Barrier Function technique is often adopted to analyze the safety (Romdlony & Jayawardhana, 2016). Fault tolerant safe control is of particular interest, especially for the safety-critical systems. For example, if a plane hits the ground, a networked control system is driven out of the safety zone by the attack, or nuclear fuel reaches its melting temperature, the disaster
2
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
will happen. The safety-critical states must be within the safety domain subject to any fault. The requirement of the safe control goal is much higher than that of stability. This brings great challenge to fault tolerant safe control design (Yu & Jiang, 2015; Zhang et al., 2020). To the best of the authors’ knowledge, nearly no research has been devoted to FTC of interconnected systems with respect to safety requirement. It is a natural idea to apply the cyclicsmall-gain theorem to fault tolerant safe control design. However, as mentioned before, the existing results do not give the upper bound and the decay rate of states. Such an upper bound is typically required for safety verification, and the decay rate would reveal the converging behavior of the fault tolerant system. Based on the observations above, this paper focuses on a class of interconnected nonlinear systems where each subsystem, in the absence of coupling, is individually exponentially stable. The main contributions are twofold: – The cyclic-small-gain theorem is significantly extended, which proves the global exponential stability of the interconnected system at the origin. An exponential form of the state norm upper bound is obtained, which fully reveals the relations between the cyclic gains, the converging rate, and the upper bound of the states. Such a new result is the beneficial supplement to the cyclic-small-gain theorem in such a way that it provides the explicit upper bound and decay rate of the states. The analysis follows three steps: the strongly connected component is firstly considered, then the system described by the proper layered digraph is focused, finally the interconnected system with arbitrary connection topology is investigated. – The above result is further applied to fault tolerant safe control of interconnected systems under a decentralized control structure. A fault recoverability condition with respect to safety is established, which is convenient to check. Under such a condition, both individual and cooperative fault tolerant safe control strategies are proposed, whose main idea is to modify the cyclic gains by adjusting subsystems’ controllers such that the state norm is always restricted to be within a given safe domain in the presence of faults. The decay rate of the whole fault tolerant interconnected system is also given. The rest of the paper is arranged as follows: Section 2 gives some preliminaries. Section 3 focuses on the exponential stability of interconnected systems. Fault tolerant safe control issues are addressed in Section 4, followed by some conclusions in Section 5. All technical proofs are put in Appendix. 2. Preliminaries In this paper, ℜ is the real field, ℜ≥0 ⊂ ℜ is the set of nonnegative real numbers, ℜn is the n-dimensional real vector space. |·| is the Euclidean norm and sup0≤τ ≤t |·| (denoted by ∥ · ∥[0,t] for brevity) is the supremum of a function of time. ∅ denotes the empty set. ⊤ represents the matrix transposition. Some notations in graph theory that will be used in this paper are introduced. A directed graph (digraph) D(V , E) consists of the node-set V ≜ {1, 2, . . . , N } and the arc-set E ≜ {(j, i)|i ∈ V , j ∈ V }, where (j, i) ∈ E represents an arc from j to i. The connection behavior of an interconnected system is described by a digraph D, where node i, i ∈ V , models subsystem i, while arc (j, i) implies that node j is a neighbor of node i in the sense that subsystem i is coupled with subsystem j. Denote N(i) as the set of neighbors of node i. Node i is a source if N(i) = ∅. A path from node 1 to node r, defined as p ≜ (1, 2, . . . , r), is a sequence of distinct nodes 1, 2, . . . , r, where (i, i + 1) ∈ E, ∀i ∈ {1, 2, . . . , r − 1}, r ≥ 2. The
path C ≜ p + (r , 1) is called a cycle. A directed acyclic graph (DAG) represents a digraph without any cycles. A digraph D(V ′ , E ′ ) is a subgraph of D(V , E) if V ′ ⊆ V and ′ E ⊆ E. A digraph D(V , E) is strongly connected if for any two nodes i ∈ V and j ∈ V , there exist paths from node i to node j and from node j to node i. The strongly connected components (SCCs) are maximal strongly connected subgraphs of a digraph, i.e., an SCC is a digraph which is no longer strongly connected after adding any other nodes to it. Although a single node may also be regarded as a special SCC, in this paper we only consider SCC that consists of more than one node. The following lemma provides a solution to transform a digraph into a DAG. Lemma 1 (Wilson, 1972). A digraph can be decomposed into several irrelevant SCCs, this process is called Strongly Connected Component Decomposition. By regarding each decomposed SCC as a whole, a DAG is obtained. □ An n-layered digraph Ω (V , E , n) is a DAG satisfying two conditions: (1) The node-set V can be divided into n non-empty subsets, i.e., V = Vl1 ∪ Vl2 ... ∪ Vln (Vli ∩ Vlj = ∅ for i ̸ = j) where li represents the layer i of Ω (V , E , n); (2) For each arc (p, q) ∈ E with p ∈ Vli , q ∈ Vlj , it holds that i < j. The span of (p, q) is j − i. An arc having a span greater than one is called long arc. An n-layered digraph is proper if it has no long arc. 3. Exponential stability of interconnected systems Consider an interconnected nonlinear system described by a digraph D(V , E), the dynamics of subsystem i take the following autonomous form: x˙ i = fi (x) , i ∈ V where x ≜
(1)
) ⊤ ⊤
x1 x2 ... xN
(
⊤
⊤
with xi ∈ ℜ
subsystem i. fi : ℜn → ℜni with n ≜ locally Lipschitz with respect to x.
ni
being the state of
∑N
i=1 ni is continuous and
Definition 1 (Exponential Stability). System (1) is globally exponentially stable at the origin if there exist constants M > 0 and λ > 0 such that
|x (t )| ≤ Me−λt |x (0)| , ∀x(0) ∈ ℜn , ∀t ≥ 0 Assumption 1. For each i ∈ V of system (1), there exists a Lyapunov function Vi : ℜni → ℜ≥0 and constants αi > 0, βi > 0, γij > 0, λi > 0 satisfying:
αi |xi |2 ≤ Vi (xi ) ≤ βi |xi |2 { ( )} Vi (xi ) ≥ max γij Vj xj j∈N(i)
⇒
dVi dxi
fi (x) ≤ −λi Vi (xi )
Assumption 1 implies that each subsystem is input-to-state stable (ISS) with respect to the states of its neighboring subsystems, and is exponentially stable at the origin if there is no coupling. Such an assumption is standard in small-gain theory (Jiang & Liu, 2018), under which the following result can be directly obtained by cyclic-small-gain theorem in Liu et al. (2011). Lemma 2. System (1) under Assumption 1 is asymptotically stable at the origin if for each cycle (i1 , i2 , . . . , ir , i1 ),
γi1 i2 γi2 i3 · · · γir i1 < 1
(2)
where r ∈ {2, . . . , N }, ij ∈ V , ij ̸ = ij′ if j ̸ = j . □ ′
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
Lemma 2 ensures the asymptotical stability, i.e., limt →∞ |x| = 0, while the upper bound and the decay rate of |x| are not clear. This section aims at establishing a cyclic-small-gain theorem to achieve the global exponential stability of system (1). Firstly, the interconnected systems described by an SCC and by a proper layered digraph are considered respectively, then the general interconnected system with arbitrary connection topology is investigated.
3
⏐ ⏐ ⏐ ⏐ ⏐xl (t )⏐ ≤Ml e−λˆ li t ⏐xl (0)⏐ + i i i { max γˆl l xl i i−1
li−1 ∈N(li )
where Mli ≜
√
i −1
} (τ )[0,t]
βli /αli , λˆ li ≜ λli /2, and γˆli li−1 ≜
(6) (αli−1 γli li−1 )/βli . □
√
Lemma 4 reveals the ISS property of each subsystem in layer i with respect to states of all its neighbors in layer i−1. Particularly, it holds that
3.1. An SCC
⏐ ⏐ ⏐ ⏐ ⏐xl (t )⏐ ≤ Ml e−λˆ l1 t ⏐xl (0)⏐ 1 1 1
Consider system (1) that can be described by an SCC, construct a Lyapunov function as:
Lemma 5. Consider system (1) described by a proper n-layered digraph Ω (V , E , n) satisfying Assumption 1. It holds that ∀x(0) ∈ ℜn , ∀t ≥ 0,
{
V (x) ≜ max
[w] ij ,w∈V
( )} γi[w] i[w] · · · γi[w] i[w] Vi[w] xi[w] 1
j−1 j
2
j
|x (t )| ≤ Me−λt |x (0)| ˆ
j
(
= γim1 im2 · · · γimk−1 imk · · · γimj−1 imj Vimj ximj
)
(3)
∈ ∈ V, ̸= if k ̸ = k . { V with k ∈ {2, . . . ,(j}, j )} [w] represents the potenVj (x) ≜ γi[w] i[w] · · · γi[w] i[w] Vi[w] xi[w] where
im k
im k
1
2
j−1 j
j
(7)
im k′
where λˆ ≜ minli ∈Li ,i∈N
′
j
tial influence from subsystem j that acts on subsystem w , where [w ] [w ] [w ] [w ] i1 ≜ w , ik ∈ V , k ∈ {1, . . . , j}, j ∈ V , ik ̸ = ik′ if k ̸ = k′ .
m m ≜ (im 1 , . . . , ij ) is one of paths corresponding to the elements taking the value of V , we denote M as the set of all these paths. It follows from Assumption 1 and (3) that there exist constants α > 0, β > 0 such that
α|x|2 ≤ V (x) ≤ β|x|2
(4)
M≜
ai n i ∑ ∑ ∑ i=1 li =ai−1 +1 k=1
(8)
{ } λˆ li and
⎛ ⎝ max
lm ∈N(lm+1 ) m∈{k,...,i−1}
⎧ ⎨ ⎩
Mlk
i ∏ j=k
⎫⎞ ⎬ γˆlj+1 lj ⎠ ⎭
□
Remark 2. Inequality (8) shows that for the interconnected system described by a proper n-layered digraph, its state upper bound largely relies on the numbers of layers, subsystems in each layer, and the couplings among them. As these numbers and gains among subsystems increase, the state upper bound increase. □ 3.3. An arbitrary digraph
′
Denote V ≜ V − {ij }. The following result is given. Lemma 3. Consider system (1) described by an SCC satisfying Assumption 1. If each cycle satisfies small gain condition (2), then ∀x(0) ∈ ℜn , ∀t ≥ 0,
√
β λ e− 2 t |x (0)| α (1 − γmax ) } { where γmax ≜ maxil ∈V ′ γil il+1 · · · γij−1 ij γij il , ij {1, . . . , j − 1} and λ ≜ minm∈M {λimj /2}. □ |x (t )| ≤
(5)
∈
V, l
∈
Remark 1. Inequality (5) is consistent with the existing cyclicsmall-gain theorem where γmax < 1 since the denominator should be greater than 0. The relation between the cyclic gains and the state upper bound is revealed quantitatively: As γmax approaches 1, the state upper bound becomes larger; Conversely, such an upper bound becomes smaller as γmax tends to 0. Each subsystem im j , m ∈ M, can be used to construct a global Lyapunov function as in (3). The decay rate of system (1) can be obtained by the minimal decay rate among all these subsystems. □ 3.2. A proper n-layered digraph This section considers system (1) described by a proper n-layered digraph Ω (V , E , n) as defined in Section 2. The number of subsystems in layer i, i ∈ N ≜ {1, . . . , n}, is denoted as ai − ai−1 with a0 = 0. Define Li ≜ {ai⋃ −1 + 1, ai−1 + 2, . . . , ai } as the set of subsystems in layer i. Thus i∈N Li = V . Lemma 4. Consider system (1) described by a proper n-layered digraph Ω (V , E , n) satisfying Assumption 1. It holds that ∀x(0) ∈ ℜn , ∀t ≥ 0, and ∀li ∈ Li , i ∈ N ,
Now we start to analyze system (1) described by an arbitrary digraph. Firstly, we find all SCCs of the digraph based on Lemma 1, and regard each SCC as a new ‘‘big’’ node. The exponential stability of these ‘‘big’’ nodes can be analyzed based on Lemma 3 provided that they have no coupling with other nodes; Secondly, we regard all other single nodes that are not contained in any ‘‘big’’ node as ‘‘small’’ nodes. All the ‘‘big’’ and ‘‘small’’ nodes form a new digraph; Finally, the obtained new digraph is transformed into a proper layered digraph whose global exponential stability can be analyzed by following the similar idea of Lemma 5. We shall first consider the graph transformation problem, then address the stability issue. 3.3.1. Digraph transformation algorithm In order to transform an arbitrary digraph D(V , E) into a proper layered digraph, an algorithm is proposed:
Algorithm 1: Diagraph transformation 1. Find b(b ≥ 0) SCCs in D(V , E) and denote the set of them by V B ≜ {V1B , V2B , . . . , VbB }. 2. Find s (s ≥ 0) single nodes that are not contained in any SCC and denote the set of them by V S ≜ {V1S , V2S , . . . , VsS }. 3. Define V ′ ≜ V B ∪ V S be the new node-set. 4. Replace multiple arcs among any two nodes i, j ∈ V ′ by one arc. Denote the new arc-set by E ′ . 5. Denote L′1 ⊆ V ′ as the set of nodes that have no neighbor, these nodes are located at layer 1. 6. For each node i ∈ V ′ − L′1 , denote N ′ (i) as the set of its neighbors in D(V ′ , E ′ ). Locate node i at layer s, i.e., i ∈ L′s , where s = k + 1 with k being the largest number among layer indexes of nodes in N ′ (i).
4
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
Fig. 2. Layered digraphs.
Fig. 1. SCC decomposition of the digraph.
(q) the ith subsystem in Vq , i(q) ∈ N¯q ≜ {1(q) , . . . , N¯ q } with N¯ q being the number of subsystems in Vq . Also denote the states of
( 7. For each long arc (j, i) ∈ E with span w , plug in a sequence of ‘‘virtual’’ nodes dji1 , dji2 , . . ., djiw−1 such that (j, i) is replaced by the new path ji ji ji (j, d1 , d2 , . . . , dw−1 , i). ■ ′
The main idea behind Algorithm 1 is that for an arbitrary digraph D(V , E), steps 1–2 do the SCC decomposition as mentioned in Lemma 1 (a detailed method can be found in Fleischer, Hendrickson, & Pinar, 2000), which results in b ‘‘big’’ nodes and s ‘‘small’’ nodes; Steps 3–4 form a new node-set V ′ and a new arc-set E ′ respectively. Since there is no cycle in D(V ′ , E ′ ), thus D(V ′ , E ′ ) is a DAG; Consequently, steps 5–6 transform this DAG into an n′ -layered digraph. All nodes that have no neighbor are located at layer 1, then the layer indexes of other nodes are determined by those of their neighbors; Finally, step 7 further transforms this n′ -layered digraph into a proper one, which removes long arcs by plugging in a new path containing multiple virtual nodes into each long arc. This leads to a proper n′ -layered digraph. The maximal times of executions are respectively: N for steps 1, 2, 5, 6; 1 for step 3; e for steps 4 and 7 where e denotes the number of arcs in E. Therefore, the complexity of Algorithm 1 is O(N + e). 3.3.2. A numerical example Consider an interconnected nonlinear systems with 13 subsystems whose dynamics will be given later in Section 4.4. The connection topology is shown in Fig. 1. We shall illustrate Algorithm 1 in this section. Fig. 1 illustrates the SCC decomposition from which one finds that there are 3 SCCs (‘‘big’’ nodes) and 5 single nodes (‘‘small’’ nodes). There are multiple arcs from V1B to V2B , from V2B to V4S , and from V1S to V3B as shown by the thick lines, replacing them with one arc respectively results in a DAG. An n′ -layered digraph can be further obtained with n′ = 5 as in Fig. 2. By plugging two ‘‘virtual’’ nodes respectively in (V1S , V3B ) and (V2S , V3S ), a proper n′ -layered digraph is finally obtained as in Fig. 2. 3.3.3. Exponential stability of general interconnected systems Algorithm 1 allows us to analyze the stability of general interconnected systems (1) with diagraph D(V , E) by using its transformed proper layered diagraph Ω (V ′ , E ′ , n′ ). In order to apply Lemma 5, it is necessary to analyze the relations among new nodes in V ′ and get an analogous result as Lemma 4 for Ω (V ′ , E ′ , n′ ). To distinguish the notations between D(V , E) and Ω (V ′ , E ′ , n′ ), denote Vq as node q in V ′ , q ∈ N¯ ≜ {1, 2, . . . , N¯ } with N¯ being the number of nodes in V ′ . For each Vq ∈ V B , denote i(q) as
Vq as x¯ q ≜
x⊤ ... x⊤(q) 1(q)
)⊤
N¯ q
. Note that for subsystem i(q) in Vq ,
its neighbor may be in Vq or not, denote Vp (i(q) ) as the set of subsystems in Vp that are the neighbors of subsystem i(q) . As for the transformed proper n′ -layered digraph, the number of nodes in layer i, i ∈ N ′ ≜ {1, 2, . . . , n′ } is denoted as bi − bi−1 with ′ b0 = 0. Define L⋃ i ≜ {bi−1 + 1, bi−1 + 2, . . . , bi } as the set of nodes in layer i. Thus i∈N ′ L′i = V ′ . Assumption 1 can be reformulated as Vi(q) ≥
{
max j∈N(i(q) )∩Vq , s(p) ∈Vp i(q) ,
γi(q) j Vj , γi(q) s(p) Vs(p)
}
( )
p∈N ′ (q)
⇒ V˙ i(q) ≤ −λi(q) Vi(q) Lemma 6. Consider system (1) described by the transformed proper n′ -layered graph without virtual node under Algorithm 1. If each subsystem in node Vq , q ∈ N¯ , satisfies Assumption 1 and each cycle satisfies
γi(q) i(q) γi(q) i(q) · · · γi(q) i(q) < 1 1
2
2
r
3
(9)
1
if j ̸ = j′ , then ̸= i(q) ∈ Vq , i(q) j j′ ⏐ ⏐ ⏐ ⏐ { } ⏐x¯ q (t )⏐ ≤ Aq e−λ¯ q t ⏐x¯ q (0)⏐ + max γ¯qp ∥¯xp ∥[0,t) (q)
where r ∈ N¯ q , ij
p∈N ′ (q)
(10)
√
√ ( ( )) (q) (q) β¯ q / α¯ q 1 − γmax , γ¯qp ≜ β¯ p Γqp /α¯ q , γmax ≜ { } { } γ max (q) (q) (q) · · · γ (q) (q) γ (q) (q) , (q) il il+1 i i i i il ∈Vq − ij { j−1 j j l } Γqp ≜ maxi(q) ∈V ,s(p) ∈V (i(q) ) γi(q) i(q) · · · γi(q) i(q) × γi(q) s(p) , and λ¯ q ≜ j 1 2 j−1 j {j q } p j mini(q) ∈V λi(q) /4 . □ where Aq ≜
j
q
j
Remark 3. It is interesting to compare Lemma 6 with Lemma 4. Lemma 6 implies that each node Vq in V ′ is ISS with respect to its neighboring nodes. One can infer from (10) that γ¯qp increases (q) as γi(q) i(q) , ik ∈ Vq , increases. Since multiple subsystems and couk−1 k
plings are considered together in one node, when a coupling from one subsystem to another in the original diagraph is regarded as a new coupling from one node to another in the transformed DAG or the proper layered diagraph, its gain may increase. □ Now we give the result on the global exponential stability of a general interconnected nonlinear system.
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
5
Theorem 1. Consider system (1) which satisifies Assumption 1 and is described by the transformed proper layered diagraph under Algorithm 1. If each cycle satisfies small gain condition (2), then
leads to ) ) ( dVi ( p fi + φi + gi + φia ui ≤ −σi |xi |2 dxi
¯ −λt |x (0)| |x (t )| ≤ Me
where σi ≜ αi λi . The decay rate σi depends on λi that is often impossible to be designed arbitrarily large. There exists an admissible ui with maximal λmax under which a maximal decay rate i σimax with respect to Vi is reached. Assumption 2 is a counterpart of Assumption 1 for system (11), which facilitates the decentralized control design. Indeed many control methods can be used for various nonlinear systems such that inequality (13) holds as introduced in Blanke et al. (2006). Since we focus on the fault tolerant safety analysis of the whole interconnected systems, we do not pay much attentions on more detailed individual control design in subsystems.
¯
where λ¯ ≜ minli ∈L′ ,i∈N ′ λ¯ li
{ }
i
n′
¯ ≜ M
bi
i ∑ ∑ ∑
and
⎛
{
⎝ max ′
lm ∈N (lm+1 ) m∈{k,...,i−1}
i=1 li =bi−1 +1 k=1
Alk
i ∏
}⎞ γ¯lr +1 lr ⎠
r =k
with Alk , γ¯lr +1 lr and λ¯ li being defined in (10). □ 4. Fault tolerant safe control This section applies the results of Section 3 to fault tolerant safe control problem of interconnected systems. We continue to use the notations in Section 3 if there is no confusion.
(13)
Definition 2 (Safety). System (11) is safe with respect to η if
|x(t)| ≤ η,
∀t ≥ 0
(14)
where η > 0 is a constant denoting the boundary of the safe domain. □
4.1. Problem formulation Rewrite system (1) into the following form:
(
) p x˙ i =fi (xi ) + φi (xi ) + gi (xi ) + φia (xi ) ui ∑( ( ) ( )) + hij xj + φijc xj , i ∈ V
(11)
j∈N (i)
where ui ∈ ℜmi represents the control input, both fi : ℜni → ℜni and gi : ℜni → ℜni ×mi are continuous functions and locally Lipschitz with respect to xi , fi + gi ui is the self-dynamic of subsystem i. hij : ℜnj → ℜni represents the coupling dynamics with respect to subsystem j, hij = 0 if j ∈ / N (i) and hij is also locally Lipschitz. p The fault terms φi and φia ui represent process and actuator faults of the self-dynamic respectively, φijc represents the coup pling fault. φi changes the autonomous dynamics of the subsystem, while φia affects the input distribution functional matrix. φijc makes the coupling term deviate from normal. φip , φia and
φijc are locally Lipschitz. These fault models effectively reveal the departure from an acceptable range of an variable or a parameter associated with the original system, and have been widely used in the literature (Blanke et al., 2006; Patton et al., 2007), whose information can be obtained by certain fault diagnosis and estimation schemes, see e.g., Boem, Ferrari, Keliris, Parisini, and Polycarpou (2013). It is further ⏐ Zhang ⏐ ⏐ (2017) )⏐ and ( ) and(Zhang obtained that ⏐hij xj + φijc xj ⏐ ≤ ¯lij ⏐xj ⏐ for ¯lij > 0. Assumption 2. For each i ∈ V of system (11), there exists a Lyapunov function Vi : ℜni → ℜ≥0 and constants αi > 0, βi > 0, di > 0, λi > 0 satisfying:
The problems to be solved in this section is to design ui (12) and find an initial bound for |x(0)| such that system (11) is globally exponentially stable at the origin, and safe with respect to a given η. In the following, a fault recoverability condition with respect to safety is established, based on which both individual and cooperative fault tolerant safe control strategies are provided. 4.2. Fault recoverability with respect to safety Under Assumption 1 and control law (12), the time derivative of Vi along the solution of system (11) is V˙ i ≤ −σi |xi |2 + di |xi |
∑ ⏐ ⏐ ¯lij ⏐xj ⏐ j∈N (i)
Pick a constant θi such that 0 < θi < σi , one has that
|xi | ≥
di
∑
⏐ ⏐ ¯ ⏐xj ⏐
j∈N (i) lij
(15)
θi ⇒ V˙ i ≤ − (σi − θi ) |xi |2
where (15) can be derived from Vi ≥ max
{ ( )2 } βi nN (i) di¯lij
j∈N (i)
Vj
αj θi2
where nN(i) is the number of elements in N(i). If θi = σi − τ with τ being an infinite small number, then the gain from Vj to Vi is minimal. Define
γij ≜
( )2 βi nN (i) di¯lij αj (σi )2
, γ
min ij
)2 ( βi nN (i) di¯lij ≜ ( )2 αj σimax
⏐ ⏐ ⏐ dVi ⏐ ⏐ ≤ d i | xi | , αi |xi |2 ≤ Vi (xi ) ≤ βi |xi |2 , ⏐⏐ dxi ⏐ { ( } ( ) ) dVi p inf fi + φi + gi + φia ui + λi Vi < 0 m
The diagraph of system (11) also needs to be transformed into a proper layered diagraph. We shall use the same notations as in Section 3.3.3.
For each ε > 0, ∃δ >( 0 such that ( if 0 <) |x)i | < δ , then ∃ui with p i |ui | < ε such that dV fi + φi + gi + φia ui ≤ −λi Vi . dx
Theorem 2. Consider system (11) satisfying Assumption 2. There exists ui (12), i ∈ V , such that the system is globally exponentially stable and safe with respect to η if each cycle satisfies
ui ∈ℜ i
dxi
i
Under Assumption 2, each subsystem of system (11), without coupling, has the Small Control Property. A decentralized FTC law ui , i ∈ V , can be designed as (Sontag, 1989): ui (xi ) =
⎧ ⎨
− ⎩0
where Λ1
√ Λ1 + Λ21 +|Λ2 |4 |Λ2 |2
≜
dVi dxi
(
γimin γimin · · · γimin <1 r i1 1 i2 2 i3 for r ∈ {2, . . . , N }, ij ∈ V , ij ̸ = ij′ if j ̸ = j , and ′
bi n i ∑ ∑ ∑
(Λ2 )⊤ Λ2 ̸= 0
(12)
Λ2 = 0
) p
fi + φi
+ λi Vi , Λ2 ≜
i=1 li =bi−1 +1 k=1
( dVi dxi
gi + φi . This
) a
(16) ′
⎛
{
⎝ max ′
lm ∈N (lm+1 ) m∈{k,...,i−1}
Amin lk
i ∏
γ¯lmin r +1 lr
}⎞ ⎠
r =k
≤
η |x (0)|
(17)
6
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
where Amin lk
(
≜ √
√
β¯ lk min ( ( )min ) , γ¯lr +1 lr ≜ (lk ) α¯ lk 1 − γmax
β¯ lr Γlrmin +1 lr
(l
) ) ′
f γmax
≜
il
α¯ lr +1 Γlf′ lf −1 ≜
( )min (lk ) γmax ≜
≜ Γlrmin +1 lr
max{
(l ) (l ) il k ∈Vl − ij k k
⎧ ⎫ min ⎪ ⎨ γi(lk ) i(lk ) · · · × ⎪ ⎬ l
}
max
(lr +1 ) ∈Vl , j ( r +1 ) (lr +1 ) s(lr ) ∈Vl i r j i
l+1
min min ⎪ ⎩γi(lk ) i(lk ) γi(lk ) i(lk ) ⎪ ⎭ j l j−1 j ⎧ ⎫ min ⎪ ⎨ γi(lr +1 ) i(lr +1 ) · · · × ⎪ ⎬ 1
2
min min ⎪ ⎩γi(lr +1 ) i(lr +1 ) γi(lr +1 ) s(lr ) ⎪ ⎭ j−1
j
□
Remark 4. Theorem 2 establishes a fault recoverability condition with respect to the safety specification. Condition (16) guarantees that the exponential stability can be achieved if all cyclic gains are minimized. It is clear that the upper bound of |x| becomes minimal if all interconnected gains are minimized by adjusting subsystems’ controllers. If such a minimal upper bound is no more than η as in (17), then there must exist ui , such that the fault can be recovered with respect to the safety. □ 4.3. Fault tolerant safe control In this section, two kinds of fault tolerant safe control strategies are designed for system (11). These strategies can be realized based on the two-level structure as proposed in Yang et al. (2015): in the low level, each subsystem obtains the instructions from its own supervisor and adjusts its controller only by its own states and faults information, this is consistent with the decentralized control structure; In the high level, the supervisors communicate with each other to share a global fault tolerant safe control strategy. The information that needs to be exchanged among supervisors is only the values of each subsystem’s gains with respect to its neighbors. This allows for a low frequency broadcast network that works only in the fault recovery period. Denote Θf ⊆ V as the set of faulty subsystems, and Θh ⊆ V as the set of healthy ones. Firstly, we focus on the individual fault tolerant safe control, i.e. the fault tolerant safe control goal can be achieved by reduce the gains of faulty subsystems only. Theorem 3. Consider system (11) satisfying Assumption 2. There exist control laws uic , ic ∈ Θf ⊆ V and ic ∈ Vlf ⊆ V ′ such that the system is globally exponentially stable and safe with respect to η if (18)
bi i ∑ ∑ ∑ i=1 li =bi−1 +1 k=1
⎛
{
⎝ max
lm ∈N(lm+1 ) m∈{k,...,i−1}
A′lk
i ∏
γ¯l′r +1 lr
f
β¯ lf −1 Γl′ l ¯βlf f f −1 √ ′ ( ( (l ) )′ ) , γ¯lf lf −1 ≜ α¯ lf f α¯ lf 1 − γmax
ic +1
max
ij−1 ij
ij
il
⎧ ⎫ ⎨γi(lf ) i(lf ) · · · γ min (lf ) (lf ) ×⎬ 1
2
ic
i c +1
ij
s
⎩ · · · γ (lf ) (lf ) γ (lf ) (lf −1 ) ⎭ ij−1 ij
□
Algorithm 2: Cooperative fault tolerant safe control strategy 1. ∀i ∈ Θf , adjust ui such that σi = σimax . 2. For each Vq ∈ V B , q ∈ N¯ , find all cycles that violate condition (18). adjust controllers of sub-
systems in these cycles to reduce their gains until the small gain condition (2) holds. 3. If (19) is violated, adjust controllers in sub¯ ≤ systems i ∈ Θh to reduce their gains until M ¯ is defined in Theorem 1. η/(|x(0)|) holds where M ■
Step 1 of Algorithm 2 applies the individual fault tolerant safe control strategy, while steps 2 and 3 guarantee the stability and safety of the faulty system respectively. Controller adjusting processes in steps 2 and 3 can be done by various methods. For example, one can check the ratio σimax /σi of each subsystem. Choosing subsystems in a descending order of their ratios makes the healthy subsystems involved as few as possible. The maximal times of executions are N for step 1 and N + e for steps 2 and 3, the complexity of Algorithm 2 is O(N + e). Theorem 4. Consider system (11) satisfying Assumption 2 and conditions (16)–(17). Algorithm 2 guarantees that the system is globally exponentially stable and safe with respect to η. □ 4.4. A numerical example (continued) Let us come back to the example in Section 3.3.2, this section continues to illustrate its fault tolerant safe control design. The dynamics of subsystem i, i ∈ V , is borrowed from Panagi and Polycarpou (2011) as
)
∑
cij sin(xj1 )
j∈N(i)
r =k
f f −1
ic
l+1
⎩ · · · γ (lf ) (lf ) γ (lf ) (lf ) ⎭
(l ) i j f ∈ Vl , f ( ) (lf ) (l ) s f −1 ∈Vl i f −1 j
(
(19)
where A′l ≜ Alk and γ¯l′ l ≜ γ¯lk lk−1 are as in (10) if lk ∈ N¯ − {lf }. k k k−1 While A′l and γ¯l′ l are defined as
A′lf ≜ √
l
}
x˙ i2 = ai sin xi1 + (bi + φi (xi ))ui +
}⎞ ⎠
η ≤ |x (0)|
∈Vlf −
(lf ) ij
x˙ i1 = xi2
for r ∈ {2, . . . , N }, ij ∈ V , ij ̸ = ij′ if j ̸ = j′ , and n′
max{
Under condition (18), an individual fault tolerant ( )safe control strategy can be provided: ∀ic ∈ Θf , adjust uic xic to reduce the gains of subsystem ic . However, adjusting the controllers of faulty subsystems only may not guarantee the stability and safety of system (11) if conditions (18) and (19) are violated. This motivates us to find a cooperative fault tolerant safe control strategy that comprehensively adjust controllers of both faulty and healthy subsystems.
j
γi1 i2 γi2 i3 · · · γimin · · · γir i1 < 1 c ic +1
(lf )
⎧ ⎫ ⎨γi(lf ) i(lf ) · · · γ min (lf ) (lf ) ×⎬
where for i ∈ {1, 2, 3, 5, 10, 13}, ai = 2.4, bi = 1.1; For i ∈ {4, 6, 7, 8, 9, 11, 12}, ai = 3.5, bi = 0.9; The coupling constants c12 = c21 = 0.1688, c8(10) = c98 = c(10)9 = 0.1166, c31 = c43 = c45 = 0.0769, c34 = c52 = c54 = c(12)4 = c(13)(12) = c(13)7 = 0.0481, c62 = c75 = c76 = c96 = c(11)7 = c(11)(10) = c(12)3 = 0.0591, c87 = c86 = 0.0287; Consider faults that may occur in subsystems 1 and 9, the fault functions φ1 (x1 ) = 0.5x11 cos(x11 x12 ), φ9 (x9 ) = 4.5x91 cos(x91 x92 ). The Lyapunov function of [each subsystem is chosen as Vi = ] 1.5 0.5 ⊤ xi Pxi , i ∈ V , where P = such that αi = 0.69, 0.5 1
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
7
Fig. 3. The trajectory of |x| under individual fault-tolerant safe control.
Fig. 4. The trajectory of |x| under cooperative fault-tolerant safe control.
βi = 1.81, di = 1.81, i ∈ {1, 2, . . . , 13}. Assumption 2 is satisfied. The safe domain is given as η = 3.5.
the case of nonlinear gains γij (·). In this case the constant upper bound and decay rate of state norm can also be obtained by following the proof of Lemma 3 and finding the smallest slopes of secants for some nonlinear functions related to γij (·). The details are not given due to limited space. Considering the uncertainties, external disturbances and/or the faults that do not vanish at the origin in each subsystem, the proposed theorem can be potentially extended by combining with the existing ISS cyclic-small-gain theorem, and guarantees that the whole system is exponentially ISS with respect to uncertainties/disturbances/faults. Such an extension in fact has been involved in the proof of Lemma 6. In terms of the cooperative fault tolerant safe control strategy, minimizing the number of healthy subsystems to be adjusted is of particular interest for large-scale systems with a large number of subsystems. These issues deserve further investigations in the future.
We first illustrate Theorem 2. Design ui and choose the initial states such that λmax = 1.2 and |xi (0)| = 0.057. The resulted i min min = 0.3623, = 0.3623, γ21 gains under λmax are as follows: γ12 i min min min min γ34 = 0.1254, γ31 = 0.3209, γ43 = 0.3209, γ45 = 0.3209, min min min min γ54 = 0.1254, γ52 = 0.1254, γ62 = 0.0451, γ75 = 0.1805, min min min min γ76 = 0.1805, γ86 = 0.1015, γ87 = 0.1015, γ8(10) = 1.6245, min min min min γ96 = 0.1805, γ98 = 0.7220, γ(10)9 = 0.1805, γ(11)7 = min min min 0.1805, γ(11)(10) = 0.1805, γ(12)3 = 0.1805, γ(12)4 = 0.1254, min min = 0.1254. The small gain condition (16) = 0.1254, γ(13)(12) γ(13)7
is satisfied. Calculating from (17) yields that the upper bound of the state norm is 1.4243 < η. This implies that the faults φ1 (x1 ) and φ9 (x9 ) are recoverable with respect to safety. Now we illustrate Theorem 3. Suppose that the fault φ1 occurs at t = 0 s. Consider the faulty system with λi = 0.77, conditions (18) and (19) hold. This implies that the system can be rendered stable and safe via adjusting u1 only. The dashed curve of Fig. 3 demonstrates that the interconnected system is not stable if there is no FTC; Adjust u1 such that λ1 = 1. The upper bound of state norm is 3.6082 > η. However, γ12 γ21 = 0.4590, γ34 γ43 = γ54 γ45 = 0.2373 and γ98 γ8(10) γ(10)9 = 0.9612. The dashed dotted curve in Fig. 3 shows that the state converges to the origin while the safe domain is exceeded; Adjust u1 such that λ1 = 1.15. The upper bound of state norm as 3.3505 < η. From the solid curve of Fig. 3 one can see that fault tolerant safe control goal is achieved. Finally, we illustrate Algorithm 2 and Theorem 4. Suppose that the fault φ9 occurs at t = 0 s. Consider the faulty system with λi = 0.75. This violates conditions (18) and (19). In fact, adjusting u9 such that λ9 = λmax = 1.2 leads to γ12 γ21 = 0.8601, γ34 γ43 = 9 γ45 γ54 = 0.2636, γ98 γ8(10) γ(10)9 = 1.3875. The dashed curve of Fig. 4 shows that the interconnected system cannot be rendered stable and safe under individual fault-tolerant safe control. Now adjust u8 such that λ8 = λ8 max = 1.2, this makes condition (2) hold again. However the upper bound of state norm is 3.5215 > η. The dashed dotted curve of Fig. 4 shows the interconnected system is stable but not safe. Next, adjust both u8 and u10 such that λ8 = λ8 max = 1.2 and λ10 = 1.18. The upper bound of state norm is 3.4448 < η. The solid curve of Fig. 4 verifies the stability and safety of the interconnected systems. 5. Conclusions
Appendix Proof of Lemma 3. Under Assumption 1, one has
(
Vim xim j
j
)
{
≥ max {
im ∈V − im l j
}
dVim
⇒
j
dxim
( )} γimj iml Viml ximl (
fim (x) ≤ −λim Vim xim j
j
j
)
j
j
where l ∈ {1, 2, . . . , j − 1} and λim > 0. The gain on path m can be j
defined as γm ≜ γim im · · · γim
im j−1 j
1 2
(
. Denote Vm xim j
Also denote N(m as) the number of paths { in M(. When Vim xim j
j
)
≥ maxim ∈V −{im } γimj iml Viml ximl l
(
j
j
)}
, considering
j
the case Nm = 1, one has dVim ∂V dVm j f (x) = fim (x) = γm fim (x) ∂x dxim j dxim j j j
≤ −γm λimj Vimj ≤ −λimj V (x)
(20)
When Nm ≥ 2, since Vim is continuously differentiable, it follows j
that
dVm fm dxim ij
(x) is continuous with respect to x, and there exists
j
This paper establishes an exponential cyclic-small-gain theorem and applies it to fault tolerant safe control of interconnected nonlinear systems. To emphasize the main idea and avoid complex mathematical derivations, only the linear gains γij are considered. The proposed methods can be straightly extended to
)
≜ γm Vim xim .
a neighborhood X ≜ X1 × · · · × XN of x such that
− λimj V (x), ∀ξ ∈ X and ∀m ∈ M. Then, 1 2
∂V f (x) ≤ −λV (x) ∂x
∂V ∂ξ
f (ξ ) ≤
(21)
8
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
where λ ≜ minm∈M {λim /2}. Combining (20) and (21) yields
−λˆ li t
j
Vij xij ≥ max γij il Vil xil
( )
{
( )}
il ∈V ′
≤ Mli e
⇒ V (x) ≤ e−λt V (0)
j=k
( )}
where Mli , λˆ li , and γˆli li−1 are defined in (6). Consequently, summing over all xli for li ∈ Li , i ∈ N , yields
il ∈V ′
⇒ V (x) ≤ e−λt V (0)
|x|
Therefore V (x) ≤ e
Mlk
( i−1 ) }⎞ ∏ ⏐ ⏐ ˆ × γˆlj+1 lj e−λlk t ⏐xlk (0)⏐ ⎠
V (x) ≥γi1 i2 γi2 i3 · · · γij−1 ij max γij il Vil xil
−λ t
{
lm ∈N(lm+1 ), m∈{k,...,i−1}
k=1
where V (0) denotes V (x(0)) if there ( )is no confusion. Since V (x) = γi1 i2 γi2 i3 · · · γij−1 ij Vij xij , it leads to
{
⎛ i−1 ⏐ ⏐ ∑ ⏐xl (0)⏐ + ⎝ max i
≤
V (0)+
ai n ∑ ∑ ⏐ ⏐ ⏐xl ⏐ i
i=1 li =ai−1 +1
γi1 i2 γi2 i3
{ ( )} · · · γij−1 ij max γij il Vil xil ′ il ∈V
≤
V (x)
( )
Note that Vil xil ≤
γi1 i2 γi2 i3 ···γil−1 il
ai n i ∑ ∑ ∑
, we further have
×e
≤ e−λt V (0) + max γi1 i2 · · · γij−1 ij il ∈V ′
{
≤ e−λt V (0) + max γil il+1 il ∈V ′
γij il V (x)
−λˆ t
j=k
Mlk
|x(0)|
Proof of Lemma 6. We regard Vs(p) as the input of Vi(q) . Define V¯ q as the Lyapunov function of Vq and define U¯ q as the input of
¯ q as follows Vq with q ∈ N¯ . Construct V¯ q and U
) }
1 e−λt V (0), 1−γmax
{
V¯ q ≜ max
V (x) ≤ e−λt V (0)
condition (2) and (4) lead to the result.
(q)
which together with
U¯ q ≜
□
⏐ ⏐2 ⏐ ⏐2 αli ⏐xli ⏐ ≤ Vli (xli ) ≤ βli ⏐xli ⏐ ( )} ( ) { Vli xli ≥ max γli li−1 Vli−1 xli−1
{ (q) i ∈Vq , j ( ) (q) (p) , s ∈Vp i j ′ p∈N (q)
(q) i j−1 j
1
⇒ Vli (xli ) ≤ e
(q) γ (q) (p) Vs(p) i s i j
j −1 j
2
}
j
2
1
Vi(q) ≜ Vi(q) = Vi(q) where i(q) ∈ Vq . 1
According to Lemma 3, we have from condition (9) that V¯ q ≥ U¯ q ⇒ V¯ q ≤
Vli (0)
It further yields that
} ⏐ γli li−1 αli−1 ⏐ ⏐ xl ⏐ i−1 li−1 ∈N(li ) βli √ ⏐ ⏐ ⏐ βli − λli t ⏐⏐ ⇒ ⏐xli ⏐ ≤ e 2 xli (0)⏐ αli
where γ
−λˆ li t
⏐ ⏐ ⏐ ⏐} { ⏐xl (0)⏐ + max γˆl l ⏐xl ⏐ ≤ Mli e i i i−1 i−1 li−1 ∈N(li ) { ⏐ ˆ ⏐ −λˆ t ≤ Mli e−λli t ⏐xli (0)⏐ + max γˆli li−1 Mli−1 e li−1 li−1 ∈N(li ) { } ⏐ ⏐} × ⏐xli−1 (0)⏐ + max γˆli li−1 γˆ l l |xli−2 | i−1 i−2
(24)
}
γi(q) i(q) · · · γi(q) i(q) ×γi(q) i(q) and j l l l+1 j−1 j { } λi(q) /2 . By replacing q by p in (23), we have
j
q
j
V¯ p ≥ Vs(p) . Thus, one further has (22)
Proof of Lemma 5. We can derive from (7) and (22) that subsystem li in layer i, i ∈ N − {1}, satisfies i
e−λq t V¯ q (0) ˜
q
≜ maxi(q) ∈V −i(q) q j l
λ˜ q ≜ mini(q) ∈V
Inequality (6) is obtained. □
⏐ ⏐ ⏐xl ⏐
1 1 − γmax
{
(q) max
{√
li−1 ∈N(li ) li−2 ∈N(l i −1 )
(23)
j
γi(q) i(q) · · · γi(q)
li−1 ∈N(li )
−λli t
Vi(q)
= i(p) . Specially, in the case of j = 1, γi(q) i(q) · · ·
where i1
γi(q)
(q) i j−1 j
2
max
(p)
}
γi(q) i(q) · · · γi(q) 1
ij ∈Vq
Proof of Lemma 4. It follows from Assumption 1 that each subsystem li satisfies
.. .
⎩
⎫⎞ ⎬ γˆlj+1 lj ⎠ ⎭
γˆli+1 li ≜ 1. □
il ∈V
⏐ ⏐ ⏐xl ⏐ ≥ max i
i ∏
{ }
γi1 i2 · · · γil−1 il } · · · γij−1 ij γij il V (x)
{ 1 − max γil il+1 · · · γij−1 ij γij il ′
It follows that V (x) ≤
lm ∈N(lm+1 ) m∈{k,...,i−1}
⎧ ⎨
where λˆ ≜ minli ∈Li ,i∈N λˆ li . Specifically, in case of j = k = i,
}
This is equivalent to
(
⎝ max
i=1 li =ai−1 +1 k=1
V (x)
{
⎛
U¯ q ≤
{ max (q) i ∈Vq , j ( ) (q) (p) s ∈Vp i , j p∈N ′ (q)
≜ max
p∈N ′ (q)
{
γi(q) i(q) · · · γi(q) 1
Γqp Wp
(q) i j−1 j
2
γi(q) s j
¯ (p) Vp
}
}
where Γqp ≜ max (q)
ij ∈Vq
(25)
{ ,s(p) ∈V
(
(q) p ij
)
γi(q) i(q) · · · × γi(q) 1
(q) i j−1 j
2
}
γi(q) s(p) . j
Combining (24) and (25) yields V¯ q ≥ max
p∈N ′ (q)
{ } Γqp V¯ p ⇒ V¯ q ≤
1
e−λq t V¯ q (0) ˜
(q)
1 − γmax
(26)
According to Assumption 1 and (23), there exist constants
α¯ q > 0 and β¯ q > 0 such that ⏐ ⏐2 ⏐ ⏐2 α¯ q ⏐x¯ q ⏐ ≤ V¯ q ≤ β¯ q ⏐x¯ q ⏐
(27)
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
It follows from (26) and (27) that
⎫ ⎧√ ⎬ ⎨ β¯ Γ p qp |¯xp | |¯xq | ≥ max ⎭ α¯ q p∈N ′ (q) ⎩ λ˜ q β¯ q ) e 2 t |¯xq (0)| ⇒ |¯xq | ≤ √ ( (q) α¯ q 1 − γmax Inequality (10) is obtained. □ Proof of Theorem 1. The proof of Theorem 1 is similar to that of Lemma 5, the difference is that virtual nodes need to be considered. The subsystems modeled by virtual nodes, which are called ‘‘virtual’’ subsystems in the following, are of no practical physical meanings, but only for the purpose of forming a proper ji ji ji n′ -layered digraph. For ‘‘virtual’’ subsystems d1 , d2 , . . . , dw−1 that are inserted ⏐ into⏐ the long arc⏐ (j, i) ∈ ⏐E1 , their initial states are
9
Romdlony, M. Z., & Jayawardhana, B. (2016). Stabilization with guaranteed safety using control lyapunov-barrier function. Automatica, 66, 29–47. Sontag, E. D. (1989). A ‘‘universal’’ construction of artstein’s theorem on nonlinear stabilization. Systems & Control Letters, 13(2), 117–123. Wilson, R. J. (1972). Introduction to graph theory. London: Longman. Yang, H., Han, Q.-L., Ge, X., Ding, L., Xu, Y., & Jiang, B. (2020). Fault tolerant cooperative control of multi-agent systems: a survey of trends and methodologies. IEEE Transactions on Industrial Informatics, 16(1), 4–17. Yang, H., Huang, C., Jiang, B., & Polycarpou, M. M. (2019). Fault estimation and accommodation of interconnected systems: a separation principle. IEEE Transactions on Cybernetics, 49(12), 4103–4116. Yang, H., Jiang, B., Staroswiecki, M., & Zhang, Y. (2015). Fault recoverability and fault tolerant control for a class of interconnected nonlinear systems. Automatica, 54, 49–55. Yu, X., & Jiang, J. (2015). A survey of fault-tolerant controllers based on safety-related issues. Annual Reviews in Control, 39(1), 46–57. Zhang, X.-M., Han, Q.-L., Ge, X., Ding, D., Ding, L., & Yue, D. (2020). Networked control systems: a survey of trends and techniques. IEEE/CAA Journal of Automatica Sinica, 7(1), 1–17. Zhang, X., & Zhang, Q. (2013). Distributed fault diagnosis in a class of interconnected nonlinear uncertain systems. International Journal of Control, 37(1), 170–179.
given as ⏐xdji (0)⏐ = · · · = ⏐xdji
⏐ (0)⏐ = 0. The gains among ‘‘virtual’’ subsystems are given as γ¯ ( ji ) = γ¯ji and γ¯( ji ) = i d d j ⏐
⏐
⏐
w−1
1
w−1
· · · = γ¯(dji
w−1
)(
ji
dw−2
)
1
= 1. These ‘‘virtual’’ subsystems are not
added when summing over all subsystems as in Lemma 5. □ Proof of Theorem 4. Conditions (16) and (17) guarantee that system (11) can be rendered stable and safe at least when all interconnected gains are minimized, These are fault recoverability conditions with respect to the safety specification. Algorithm 2 applies individual fault tolerant safe control strategy firstly. If it cannot guarantee the stability and safety goals, controllers of other subsystems will be adjusted until the goals are met. □ References Blanke, M., Kinnaert, M., Lunze, J., & Staroswiecki, M. (2006). Diagnosis and fault-tolerant control. Berlin: Springer Verlag. Boem, F., Ferrari, R. M. G., Keliris, C., Parisini, T., & Polycarpou, M. M. (2017). A distributed networked approach for fault detection of large-scale systems. IEEE Transactions on Automatic Control, 62(1), 18–33. Dashkovskiy, S., Rüffer, B. S., & Wirth, F. R. (2010). Small gain theorems for large scale systems and construction of iss lyapunov functions. SIAM Journal on Control and Optimization, 48, 4089–4118. Fleischer, L. K., Hendrickson, B., & Pinar, A. (2000). On identifying strongly connected components in parallel. International Parallel and Distributed Processing Symposium, 205–511. Ito, H., & Jiang, Z. P. (2009). Necessary and sufficient small gain conditions for integral input-to-state stable systems: A lyapunov perspective. IEEE Transactions on Automatic Control, 54, 2389–2404. Ito, H., Jiang, Z. P., Dashkovskiy, S., & Rüffer, B. S. (2013). Robust stability of networks of iiss systems: Construction of sum-type lyapunov functions. IEEE Transactions on Automatic Control, 58, 1192–1207. Jiang, Z. P., & Liu, T. (2018). Small-gain theory for stability and control of dynamical networks: A survey. Annual Reviews in Control, 46, 58–79. Jiang, Z. P., Mareels, I. M., & Wang, Y. (1996). A Lyapunov formulation of the nonlinear small-gain theorem for interconnected ISS systems. Automatica, 32(8), 1211–1215. Li, Y., & Tong, S. (2017). Adaptive neural networks decentralized ftc design for nonstrict-feedback nonlinear interconnected large-scale systems against actuator faults. IEEE Transactions on Neural Networks and Learning Systems, 28(11), 2541–2554. Li, X. J., & Yang, G. H. (2018). Neural-network-based adaptive decentralized faulttolerant control for a class of interconnected nonlinear systems. IEEE Transactions on Neural Networks and Learning Systems, 29(1), 144–155. Liu, T., Hill, D. J., & Jiang, Z. P. (2011). Lyapunov formulation of iss cyclicsmall-gain in continuous-time dynamical networks. Automatica, 47(9), 2088–2093. Panagi, P., & Polycarpou, M. M. (2011). Distributed fault accommodation for a class of interconnected nonlinear systems with partial communication. IEEE Transactions on Automatic Control, 56(12), 2962–2967. Patton, R. J., Kambhampati, C., Casavola, A., Zhang, P., Ding, S., & Sauter, D. (2007). A generic strategy for fault-tolerance in control systems distributed over a network. European Journal of Control, 13, 280–296.
Hao Yang received the B.Sc. Degree in electrical automation from Nanjing Tech University, Nanjing, China, in 2004, and the Ph.D. degrees in automatic control from Université de Lille 1: Sciences et Technologies, Lille, France, and Nanjing University of Aeronautics and Astronautics (NUAA), Nanjing, China, both in 2009. Since 2010, he has been working at College of Automation Engineering in NUAA, where he has been a full professor since 2015. His research interest includes fault tolerant and safe control of switched and interconnected systems, multi-agent systems with their aerospace applications. He has published 2 books and over 80 international journal papers. He was the recipient of the National Science Fund for Excellent Young Scholars in 2016, and the Top-Notch Young Talents of Central Organization Department of China in 2017. He has served as Associate Editor for Nonlinear Analysis: Hybrid Systems, Cyber–Physical Systems, and Acta Automatica Sinica. He is also a member of the IFAC Technical Committee on Fault Detection, Supervision & Safety of Technical Processes.
Chencheng Zhang received the B.S. degree in automation from Yangzhou University, Yangzhou, China, in 2017. She is currently pursuing the Ph.D. degree of automatic control in Nanjing University of Aeronautics and Astronautics, Nanjing, China. Her current research interests include stability analysis and the fault-tolerant control design of switched and interconnected systems.
Zixin An received the B.S. degree in automation from the Nanjing University of Aeronautics and Astronautics (NUAA), Nanjing, China, in 2018, and she is currently pursuing the M.S. degree in NUAA. Her current research interests include stability analysis and the fault-tolerant control design of interconnected systems.
Bin Jiang received the Ph.D. degree in Automatic Control from Northeastern University, Shenyang, China, in 1995. He had ever been postdoctoral fellow, research fellow and visiting professor in Singapore, France, USA and Canada, respectively. Now he is a Chair Professor of Cheung Kong Scholar Program in Ministry of Education, and Vice President in Nanjing University of Aeronautics and Astronautics, China. His research interests include fault diagnosis and fault tolerant control and their applications in aircrafts, satellites and high-speed trains. He has been the principle investigator on several
10
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
projects of National Natural Science Foundation of China. He is the author of 8 books and over 200 referred international journal papers and conference papers. He is a Fellow of the IEEE, the Chair of Control Systems Chapter in IEEE Nanjing Section, and a member of IFAC Technical Committee on Fault Detection, Supervision, and Safety of Technical Processes. He won the 2nd Class Award
of National Natural Science of China in 2018. He currently serves as Associate Editor or Editorial Board Member for a number of journals such as IEEE Trans. on Control Systems Technology; Int. J. of Control, Automation and Systems; J. of Franklin Institute; Neurocomputing; Control and Decision; Systems Engineering and Electronics Technologies.
Contents lists available at ScienceDirect
Automatica journal homepage: www.elsevier.com/locate/automatica
Exponential small-gain theorem and fault tolerant safe control of interconnected nonlinear systems✩ ∗
Hao Yang , Chencheng Zhang, Zixin An, Bin Jiang College of Automation Engineering, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China
article
info
Article history: Received 5 April 2019 Received in revised form 1 December 2019 Accepted 10 January 2020 Available online xxxx Keywords: Interconnected nonlinear system Small-gain theorem Fault tolerant safe control
a b s t r a c t This paper considers a class of interconnected nonlinear systems where each subsystem, in the absence of coupling, is individually exponentially stable. The cyclic-small-gain theorem is significantly extended in such a way that the interconnected system is proved to be globally exponentially stable, an exponential converging upper bound of state norm is obtained which fully reveals the relations between the gains, the decay rate and the upper bound of the states. The new result is further applied to fault tolerant safe control problem of interconnected nonlinear systems. A fault recoverability condition with respect to safety is established, under which both individual and cooperative fault tolerant safe control strategies are provided under the decentralized control structure. This guarantees that the states are always within a given safe domain in the presence of faults. © 2020 Elsevier Ltd. All rights reserved.
1. Introduction The well-known small-gain theorem implies that a loop-gain of less than unity ensures the stability of dynamical feedback systems. Such a theorem has been widely used for stability analysis and control design of nonlinear systems in the past several decades (Ito & Jiang, 2009; Jiang, Mareels, & Wang, 1996). With the rise of research interest in large-scale and network systems, a concept of ‘‘cyclic-small-gain’’ has been proposed and deeply investigated in Dashkovskiy, Rüffer, and Wirth (2010), Ito, Jiang, Dashkovskiy, and Rüffer (2013) and Liu, Hill, and Jiang (2011), the latest progress can be seen in Jiang and Liu (2018). The main idea of cyclic-small-gain theorem is that the composition of the gain functions along every simple cycle in the related graph of the network system is less than the identity function. Note that most of the existing results on (cyclic-) small-gain theorem only focus on the stability analysis of interconnected systems, while the upper bound and the decay rate of states of the whole system are not easy to be found, and their relations with the gains are also not clear. One may ask: how do the upper bound and decay rate of the state norm change as the gains’ magnitudes change? A strong motivation to researching this problem lies in handling the fault tolerant safe control. ✩ This work is supported by National Natural Science Foundation of China (61622304, 61773201). The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Angelo Alessandri under the direction of Editor Thomas Parisini. ∗ Corresponding author. E-mail addresses: [email protected] (H. Yang), [email protected] (C. Zhang), [email protected] (Z. An), [email protected] (B. Jiang). https://doi.org/10.1016/j.automatica.2020.108866 0005-1098/© 2020 Elsevier Ltd. All rights reserved.
Fault tolerant control (FTC) aims at guaranteeing the system goal to be achieved in spite of faults (Blanke, Kinnaert, Lunze, & Staroswiecki, 2006). Modern interconnected control systems have an increasing demand for the reliability of each subsystem as well as their coupling components. This attracts a lot of research interests on FTC for interconnected systems. Two kinds of FTC methodologies are proposed including individual and cooperative methods (Yang et al., 2020): The individual FTC method mainly adjusts the controllers of faulty subsystems (Li & Tong, 2017; Li & Yang, 2018; Panagi & Polycarpou, 2011), while the cooperative one considers the overall system rather than any individual subsystem, which comprehensively adjusts the controllers of both faulty and healthy subsystems (Yang, Huang, Jiang, & Polycarpou, 2019; Yang, Jiang, Staroswiecki, & Zhang, 2015). It should be emphasized that the cyclic-small-gain theorem has been shown to be powerful in FTC design of interconnected systems, which helps to provide a decentralized control structure and reveal coupling’s effect on FTC from the overall system point of view (Yang et al., 2015). On the other hand, a dynamic system is often constrained by various design specifications, material strength, structural characteristics and some other inevitable factors. This leads to a safe domain that contains the equilibrium point for the states. The state norm is expected to be always within such a safe domain. Control Barrier Function technique is often adopted to analyze the safety (Romdlony & Jayawardhana, 2016). Fault tolerant safe control is of particular interest, especially for the safety-critical systems. For example, if a plane hits the ground, a networked control system is driven out of the safety zone by the attack, or nuclear fuel reaches its melting temperature, the disaster
2
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
will happen. The safety-critical states must be within the safety domain subject to any fault. The requirement of the safe control goal is much higher than that of stability. This brings great challenge to fault tolerant safe control design (Yu & Jiang, 2015; Zhang et al., 2020). To the best of the authors’ knowledge, nearly no research has been devoted to FTC of interconnected systems with respect to safety requirement. It is a natural idea to apply the cyclicsmall-gain theorem to fault tolerant safe control design. However, as mentioned before, the existing results do not give the upper bound and the decay rate of states. Such an upper bound is typically required for safety verification, and the decay rate would reveal the converging behavior of the fault tolerant system. Based on the observations above, this paper focuses on a class of interconnected nonlinear systems where each subsystem, in the absence of coupling, is individually exponentially stable. The main contributions are twofold: – The cyclic-small-gain theorem is significantly extended, which proves the global exponential stability of the interconnected system at the origin. An exponential form of the state norm upper bound is obtained, which fully reveals the relations between the cyclic gains, the converging rate, and the upper bound of the states. Such a new result is the beneficial supplement to the cyclic-small-gain theorem in such a way that it provides the explicit upper bound and decay rate of the states. The analysis follows three steps: the strongly connected component is firstly considered, then the system described by the proper layered digraph is focused, finally the interconnected system with arbitrary connection topology is investigated. – The above result is further applied to fault tolerant safe control of interconnected systems under a decentralized control structure. A fault recoverability condition with respect to safety is established, which is convenient to check. Under such a condition, both individual and cooperative fault tolerant safe control strategies are proposed, whose main idea is to modify the cyclic gains by adjusting subsystems’ controllers such that the state norm is always restricted to be within a given safe domain in the presence of faults. The decay rate of the whole fault tolerant interconnected system is also given. The rest of the paper is arranged as follows: Section 2 gives some preliminaries. Section 3 focuses on the exponential stability of interconnected systems. Fault tolerant safe control issues are addressed in Section 4, followed by some conclusions in Section 5. All technical proofs are put in Appendix. 2. Preliminaries In this paper, ℜ is the real field, ℜ≥0 ⊂ ℜ is the set of nonnegative real numbers, ℜn is the n-dimensional real vector space. |·| is the Euclidean norm and sup0≤τ ≤t |·| (denoted by ∥ · ∥[0,t] for brevity) is the supremum of a function of time. ∅ denotes the empty set. ⊤ represents the matrix transposition. Some notations in graph theory that will be used in this paper are introduced. A directed graph (digraph) D(V , E) consists of the node-set V ≜ {1, 2, . . . , N } and the arc-set E ≜ {(j, i)|i ∈ V , j ∈ V }, where (j, i) ∈ E represents an arc from j to i. The connection behavior of an interconnected system is described by a digraph D, where node i, i ∈ V , models subsystem i, while arc (j, i) implies that node j is a neighbor of node i in the sense that subsystem i is coupled with subsystem j. Denote N(i) as the set of neighbors of node i. Node i is a source if N(i) = ∅. A path from node 1 to node r, defined as p ≜ (1, 2, . . . , r), is a sequence of distinct nodes 1, 2, . . . , r, where (i, i + 1) ∈ E, ∀i ∈ {1, 2, . . . , r − 1}, r ≥ 2. The
path C ≜ p + (r , 1) is called a cycle. A directed acyclic graph (DAG) represents a digraph without any cycles. A digraph D(V ′ , E ′ ) is a subgraph of D(V , E) if V ′ ⊆ V and ′ E ⊆ E. A digraph D(V , E) is strongly connected if for any two nodes i ∈ V and j ∈ V , there exist paths from node i to node j and from node j to node i. The strongly connected components (SCCs) are maximal strongly connected subgraphs of a digraph, i.e., an SCC is a digraph which is no longer strongly connected after adding any other nodes to it. Although a single node may also be regarded as a special SCC, in this paper we only consider SCC that consists of more than one node. The following lemma provides a solution to transform a digraph into a DAG. Lemma 1 (Wilson, 1972). A digraph can be decomposed into several irrelevant SCCs, this process is called Strongly Connected Component Decomposition. By regarding each decomposed SCC as a whole, a DAG is obtained. □ An n-layered digraph Ω (V , E , n) is a DAG satisfying two conditions: (1) The node-set V can be divided into n non-empty subsets, i.e., V = Vl1 ∪ Vl2 ... ∪ Vln (Vli ∩ Vlj = ∅ for i ̸ = j) where li represents the layer i of Ω (V , E , n); (2) For each arc (p, q) ∈ E with p ∈ Vli , q ∈ Vlj , it holds that i < j. The span of (p, q) is j − i. An arc having a span greater than one is called long arc. An n-layered digraph is proper if it has no long arc. 3. Exponential stability of interconnected systems Consider an interconnected nonlinear system described by a digraph D(V , E), the dynamics of subsystem i take the following autonomous form: x˙ i = fi (x) , i ∈ V where x ≜
(1)
) ⊤ ⊤
x1 x2 ... xN
(
⊤
⊤
with xi ∈ ℜ
subsystem i. fi : ℜn → ℜni with n ≜ locally Lipschitz with respect to x.
ni
being the state of
∑N
i=1 ni is continuous and
Definition 1 (Exponential Stability). System (1) is globally exponentially stable at the origin if there exist constants M > 0 and λ > 0 such that
|x (t )| ≤ Me−λt |x (0)| , ∀x(0) ∈ ℜn , ∀t ≥ 0 Assumption 1. For each i ∈ V of system (1), there exists a Lyapunov function Vi : ℜni → ℜ≥0 and constants αi > 0, βi > 0, γij > 0, λi > 0 satisfying:
αi |xi |2 ≤ Vi (xi ) ≤ βi |xi |2 { ( )} Vi (xi ) ≥ max γij Vj xj j∈N(i)
⇒
dVi dxi
fi (x) ≤ −λi Vi (xi )
Assumption 1 implies that each subsystem is input-to-state stable (ISS) with respect to the states of its neighboring subsystems, and is exponentially stable at the origin if there is no coupling. Such an assumption is standard in small-gain theory (Jiang & Liu, 2018), under which the following result can be directly obtained by cyclic-small-gain theorem in Liu et al. (2011). Lemma 2. System (1) under Assumption 1 is asymptotically stable at the origin if for each cycle (i1 , i2 , . . . , ir , i1 ),
γi1 i2 γi2 i3 · · · γir i1 < 1
(2)
where r ∈ {2, . . . , N }, ij ∈ V , ij ̸ = ij′ if j ̸ = j . □ ′
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
Lemma 2 ensures the asymptotical stability, i.e., limt →∞ |x| = 0, while the upper bound and the decay rate of |x| are not clear. This section aims at establishing a cyclic-small-gain theorem to achieve the global exponential stability of system (1). Firstly, the interconnected systems described by an SCC and by a proper layered digraph are considered respectively, then the general interconnected system with arbitrary connection topology is investigated.
3
⏐ ⏐ ⏐ ⏐ ⏐xl (t )⏐ ≤Ml e−λˆ li t ⏐xl (0)⏐ + i i i { max γˆl l xl i i−1
li−1 ∈N(li )
where Mli ≜
√
i −1
} (τ )[0,t]
βli /αli , λˆ li ≜ λli /2, and γˆli li−1 ≜
(6) (αli−1 γli li−1 )/βli . □
√
Lemma 4 reveals the ISS property of each subsystem in layer i with respect to states of all its neighbors in layer i−1. Particularly, it holds that
3.1. An SCC
⏐ ⏐ ⏐ ⏐ ⏐xl (t )⏐ ≤ Ml e−λˆ l1 t ⏐xl (0)⏐ 1 1 1
Consider system (1) that can be described by an SCC, construct a Lyapunov function as:
Lemma 5. Consider system (1) described by a proper n-layered digraph Ω (V , E , n) satisfying Assumption 1. It holds that ∀x(0) ∈ ℜn , ∀t ≥ 0,
{
V (x) ≜ max
[w] ij ,w∈V
( )} γi[w] i[w] · · · γi[w] i[w] Vi[w] xi[w] 1
j−1 j
2
j
|x (t )| ≤ Me−λt |x (0)| ˆ
j
(
= γim1 im2 · · · γimk−1 imk · · · γimj−1 imj Vimj ximj
)
(3)
∈ ∈ V, ̸= if k ̸ = k . { V with k ∈ {2, . . . ,(j}, j )} [w] represents the potenVj (x) ≜ γi[w] i[w] · · · γi[w] i[w] Vi[w] xi[w] where
im k
im k
1
2
j−1 j
j
(7)
im k′
where λˆ ≜ minli ∈Li ,i∈N
′
j
tial influence from subsystem j that acts on subsystem w , where [w ] [w ] [w ] [w ] i1 ≜ w , ik ∈ V , k ∈ {1, . . . , j}, j ∈ V , ik ̸ = ik′ if k ̸ = k′ .
m m ≜ (im 1 , . . . , ij ) is one of paths corresponding to the elements taking the value of V , we denote M as the set of all these paths. It follows from Assumption 1 and (3) that there exist constants α > 0, β > 0 such that
α|x|2 ≤ V (x) ≤ β|x|2
(4)
M≜
ai n i ∑ ∑ ∑ i=1 li =ai−1 +1 k=1
(8)
{ } λˆ li and
⎛ ⎝ max
lm ∈N(lm+1 ) m∈{k,...,i−1}
⎧ ⎨ ⎩
Mlk
i ∏ j=k
⎫⎞ ⎬ γˆlj+1 lj ⎠ ⎭
□
Remark 2. Inequality (8) shows that for the interconnected system described by a proper n-layered digraph, its state upper bound largely relies on the numbers of layers, subsystems in each layer, and the couplings among them. As these numbers and gains among subsystems increase, the state upper bound increase. □ 3.3. An arbitrary digraph
′
Denote V ≜ V − {ij }. The following result is given. Lemma 3. Consider system (1) described by an SCC satisfying Assumption 1. If each cycle satisfies small gain condition (2), then ∀x(0) ∈ ℜn , ∀t ≥ 0,
√
β λ e− 2 t |x (0)| α (1 − γmax ) } { where γmax ≜ maxil ∈V ′ γil il+1 · · · γij−1 ij γij il , ij {1, . . . , j − 1} and λ ≜ minm∈M {λimj /2}. □ |x (t )| ≤
(5)
∈
V, l
∈
Remark 1. Inequality (5) is consistent with the existing cyclicsmall-gain theorem where γmax < 1 since the denominator should be greater than 0. The relation between the cyclic gains and the state upper bound is revealed quantitatively: As γmax approaches 1, the state upper bound becomes larger; Conversely, such an upper bound becomes smaller as γmax tends to 0. Each subsystem im j , m ∈ M, can be used to construct a global Lyapunov function as in (3). The decay rate of system (1) can be obtained by the minimal decay rate among all these subsystems. □ 3.2. A proper n-layered digraph This section considers system (1) described by a proper n-layered digraph Ω (V , E , n) as defined in Section 2. The number of subsystems in layer i, i ∈ N ≜ {1, . . . , n}, is denoted as ai − ai−1 with a0 = 0. Define Li ≜ {ai⋃ −1 + 1, ai−1 + 2, . . . , ai } as the set of subsystems in layer i. Thus i∈N Li = V . Lemma 4. Consider system (1) described by a proper n-layered digraph Ω (V , E , n) satisfying Assumption 1. It holds that ∀x(0) ∈ ℜn , ∀t ≥ 0, and ∀li ∈ Li , i ∈ N ,
Now we start to analyze system (1) described by an arbitrary digraph. Firstly, we find all SCCs of the digraph based on Lemma 1, and regard each SCC as a new ‘‘big’’ node. The exponential stability of these ‘‘big’’ nodes can be analyzed based on Lemma 3 provided that they have no coupling with other nodes; Secondly, we regard all other single nodes that are not contained in any ‘‘big’’ node as ‘‘small’’ nodes. All the ‘‘big’’ and ‘‘small’’ nodes form a new digraph; Finally, the obtained new digraph is transformed into a proper layered digraph whose global exponential stability can be analyzed by following the similar idea of Lemma 5. We shall first consider the graph transformation problem, then address the stability issue. 3.3.1. Digraph transformation algorithm In order to transform an arbitrary digraph D(V , E) into a proper layered digraph, an algorithm is proposed:
Algorithm 1: Diagraph transformation 1. Find b(b ≥ 0) SCCs in D(V , E) and denote the set of them by V B ≜ {V1B , V2B , . . . , VbB }. 2. Find s (s ≥ 0) single nodes that are not contained in any SCC and denote the set of them by V S ≜ {V1S , V2S , . . . , VsS }. 3. Define V ′ ≜ V B ∪ V S be the new node-set. 4. Replace multiple arcs among any two nodes i, j ∈ V ′ by one arc. Denote the new arc-set by E ′ . 5. Denote L′1 ⊆ V ′ as the set of nodes that have no neighbor, these nodes are located at layer 1. 6. For each node i ∈ V ′ − L′1 , denote N ′ (i) as the set of its neighbors in D(V ′ , E ′ ). Locate node i at layer s, i.e., i ∈ L′s , where s = k + 1 with k being the largest number among layer indexes of nodes in N ′ (i).
4
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
Fig. 2. Layered digraphs.
Fig. 1. SCC decomposition of the digraph.
(q) the ith subsystem in Vq , i(q) ∈ N¯q ≜ {1(q) , . . . , N¯ q } with N¯ q being the number of subsystems in Vq . Also denote the states of
( 7. For each long arc (j, i) ∈ E with span w , plug in a sequence of ‘‘virtual’’ nodes dji1 , dji2 , . . ., djiw−1 such that (j, i) is replaced by the new path ji ji ji (j, d1 , d2 , . . . , dw−1 , i). ■ ′
The main idea behind Algorithm 1 is that for an arbitrary digraph D(V , E), steps 1–2 do the SCC decomposition as mentioned in Lemma 1 (a detailed method can be found in Fleischer, Hendrickson, & Pinar, 2000), which results in b ‘‘big’’ nodes and s ‘‘small’’ nodes; Steps 3–4 form a new node-set V ′ and a new arc-set E ′ respectively. Since there is no cycle in D(V ′ , E ′ ), thus D(V ′ , E ′ ) is a DAG; Consequently, steps 5–6 transform this DAG into an n′ -layered digraph. All nodes that have no neighbor are located at layer 1, then the layer indexes of other nodes are determined by those of their neighbors; Finally, step 7 further transforms this n′ -layered digraph into a proper one, which removes long arcs by plugging in a new path containing multiple virtual nodes into each long arc. This leads to a proper n′ -layered digraph. The maximal times of executions are respectively: N for steps 1, 2, 5, 6; 1 for step 3; e for steps 4 and 7 where e denotes the number of arcs in E. Therefore, the complexity of Algorithm 1 is O(N + e). 3.3.2. A numerical example Consider an interconnected nonlinear systems with 13 subsystems whose dynamics will be given later in Section 4.4. The connection topology is shown in Fig. 1. We shall illustrate Algorithm 1 in this section. Fig. 1 illustrates the SCC decomposition from which one finds that there are 3 SCCs (‘‘big’’ nodes) and 5 single nodes (‘‘small’’ nodes). There are multiple arcs from V1B to V2B , from V2B to V4S , and from V1S to V3B as shown by the thick lines, replacing them with one arc respectively results in a DAG. An n′ -layered digraph can be further obtained with n′ = 5 as in Fig. 2. By plugging two ‘‘virtual’’ nodes respectively in (V1S , V3B ) and (V2S , V3S ), a proper n′ -layered digraph is finally obtained as in Fig. 2. 3.3.3. Exponential stability of general interconnected systems Algorithm 1 allows us to analyze the stability of general interconnected systems (1) with diagraph D(V , E) by using its transformed proper layered diagraph Ω (V ′ , E ′ , n′ ). In order to apply Lemma 5, it is necessary to analyze the relations among new nodes in V ′ and get an analogous result as Lemma 4 for Ω (V ′ , E ′ , n′ ). To distinguish the notations between D(V , E) and Ω (V ′ , E ′ , n′ ), denote Vq as node q in V ′ , q ∈ N¯ ≜ {1, 2, . . . , N¯ } with N¯ being the number of nodes in V ′ . For each Vq ∈ V B , denote i(q) as
Vq as x¯ q ≜
x⊤ ... x⊤(q) 1(q)
)⊤
N¯ q
. Note that for subsystem i(q) in Vq ,
its neighbor may be in Vq or not, denote Vp (i(q) ) as the set of subsystems in Vp that are the neighbors of subsystem i(q) . As for the transformed proper n′ -layered digraph, the number of nodes in layer i, i ∈ N ′ ≜ {1, 2, . . . , n′ } is denoted as bi − bi−1 with ′ b0 = 0. Define L⋃ i ≜ {bi−1 + 1, bi−1 + 2, . . . , bi } as the set of nodes in layer i. Thus i∈N ′ L′i = V ′ . Assumption 1 can be reformulated as Vi(q) ≥
{
max j∈N(i(q) )∩Vq , s(p) ∈Vp i(q) ,
γi(q) j Vj , γi(q) s(p) Vs(p)
}
( )
p∈N ′ (q)
⇒ V˙ i(q) ≤ −λi(q) Vi(q) Lemma 6. Consider system (1) described by the transformed proper n′ -layered graph without virtual node under Algorithm 1. If each subsystem in node Vq , q ∈ N¯ , satisfies Assumption 1 and each cycle satisfies
γi(q) i(q) γi(q) i(q) · · · γi(q) i(q) < 1 1
2
2
r
3
(9)
1
if j ̸ = j′ , then ̸= i(q) ∈ Vq , i(q) j j′ ⏐ ⏐ ⏐ ⏐ { } ⏐x¯ q (t )⏐ ≤ Aq e−λ¯ q t ⏐x¯ q (0)⏐ + max γ¯qp ∥¯xp ∥[0,t) (q)
where r ∈ N¯ q , ij
p∈N ′ (q)
(10)
√
√ ( ( )) (q) (q) β¯ q / α¯ q 1 − γmax , γ¯qp ≜ β¯ p Γqp /α¯ q , γmax ≜ { } { } γ max (q) (q) (q) · · · γ (q) (q) γ (q) (q) , (q) il il+1 i i i i il ∈Vq − ij { j−1 j j l } Γqp ≜ maxi(q) ∈V ,s(p) ∈V (i(q) ) γi(q) i(q) · · · γi(q) i(q) × γi(q) s(p) , and λ¯ q ≜ j 1 2 j−1 j {j q } p j mini(q) ∈V λi(q) /4 . □ where Aq ≜
j
q
j
Remark 3. It is interesting to compare Lemma 6 with Lemma 4. Lemma 6 implies that each node Vq in V ′ is ISS with respect to its neighboring nodes. One can infer from (10) that γ¯qp increases (q) as γi(q) i(q) , ik ∈ Vq , increases. Since multiple subsystems and couk−1 k
plings are considered together in one node, when a coupling from one subsystem to another in the original diagraph is regarded as a new coupling from one node to another in the transformed DAG or the proper layered diagraph, its gain may increase. □ Now we give the result on the global exponential stability of a general interconnected nonlinear system.
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
5
Theorem 1. Consider system (1) which satisifies Assumption 1 and is described by the transformed proper layered diagraph under Algorithm 1. If each cycle satisfies small gain condition (2), then
leads to ) ) ( dVi ( p fi + φi + gi + φia ui ≤ −σi |xi |2 dxi
¯ −λt |x (0)| |x (t )| ≤ Me
where σi ≜ αi λi . The decay rate σi depends on λi that is often impossible to be designed arbitrarily large. There exists an admissible ui with maximal λmax under which a maximal decay rate i σimax with respect to Vi is reached. Assumption 2 is a counterpart of Assumption 1 for system (11), which facilitates the decentralized control design. Indeed many control methods can be used for various nonlinear systems such that inequality (13) holds as introduced in Blanke et al. (2006). Since we focus on the fault tolerant safety analysis of the whole interconnected systems, we do not pay much attentions on more detailed individual control design in subsystems.
¯
where λ¯ ≜ minli ∈L′ ,i∈N ′ λ¯ li
{ }
i
n′
¯ ≜ M
bi
i ∑ ∑ ∑
and
⎛
{
⎝ max ′
lm ∈N (lm+1 ) m∈{k,...,i−1}
i=1 li =bi−1 +1 k=1
Alk
i ∏
}⎞ γ¯lr +1 lr ⎠
r =k
with Alk , γ¯lr +1 lr and λ¯ li being defined in (10). □ 4. Fault tolerant safe control This section applies the results of Section 3 to fault tolerant safe control problem of interconnected systems. We continue to use the notations in Section 3 if there is no confusion.
(13)
Definition 2 (Safety). System (11) is safe with respect to η if
|x(t)| ≤ η,
∀t ≥ 0
(14)
where η > 0 is a constant denoting the boundary of the safe domain. □
4.1. Problem formulation Rewrite system (1) into the following form:
(
) p x˙ i =fi (xi ) + φi (xi ) + gi (xi ) + φia (xi ) ui ∑( ( ) ( )) + hij xj + φijc xj , i ∈ V
(11)
j∈N (i)
where ui ∈ ℜmi represents the control input, both fi : ℜni → ℜni and gi : ℜni → ℜni ×mi are continuous functions and locally Lipschitz with respect to xi , fi + gi ui is the self-dynamic of subsystem i. hij : ℜnj → ℜni represents the coupling dynamics with respect to subsystem j, hij = 0 if j ∈ / N (i) and hij is also locally Lipschitz. p The fault terms φi and φia ui represent process and actuator faults of the self-dynamic respectively, φijc represents the coup pling fault. φi changes the autonomous dynamics of the subsystem, while φia affects the input distribution functional matrix. φijc makes the coupling term deviate from normal. φip , φia and
φijc are locally Lipschitz. These fault models effectively reveal the departure from an acceptable range of an variable or a parameter associated with the original system, and have been widely used in the literature (Blanke et al., 2006; Patton et al., 2007), whose information can be obtained by certain fault diagnosis and estimation schemes, see e.g., Boem, Ferrari, Keliris, Parisini, and Polycarpou (2013). It is further ⏐ Zhang ⏐ ⏐ (2017) )⏐ and ( ) and(Zhang obtained that ⏐hij xj + φijc xj ⏐ ≤ ¯lij ⏐xj ⏐ for ¯lij > 0. Assumption 2. For each i ∈ V of system (11), there exists a Lyapunov function Vi : ℜni → ℜ≥0 and constants αi > 0, βi > 0, di > 0, λi > 0 satisfying:
The problems to be solved in this section is to design ui (12) and find an initial bound for |x(0)| such that system (11) is globally exponentially stable at the origin, and safe with respect to a given η. In the following, a fault recoverability condition with respect to safety is established, based on which both individual and cooperative fault tolerant safe control strategies are provided. 4.2. Fault recoverability with respect to safety Under Assumption 1 and control law (12), the time derivative of Vi along the solution of system (11) is V˙ i ≤ −σi |xi |2 + di |xi |
∑ ⏐ ⏐ ¯lij ⏐xj ⏐ j∈N (i)
Pick a constant θi such that 0 < θi < σi , one has that
|xi | ≥
di
∑
⏐ ⏐ ¯ ⏐xj ⏐
j∈N (i) lij
(15)
θi ⇒ V˙ i ≤ − (σi − θi ) |xi |2
where (15) can be derived from Vi ≥ max
{ ( )2 } βi nN (i) di¯lij
j∈N (i)
Vj
αj θi2
where nN(i) is the number of elements in N(i). If θi = σi − τ with τ being an infinite small number, then the gain from Vj to Vi is minimal. Define
γij ≜
( )2 βi nN (i) di¯lij αj (σi )2
, γ
min ij
)2 ( βi nN (i) di¯lij ≜ ( )2 αj σimax
⏐ ⏐ ⏐ dVi ⏐ ⏐ ≤ d i | xi | , αi |xi |2 ≤ Vi (xi ) ≤ βi |xi |2 , ⏐⏐ dxi ⏐ { ( } ( ) ) dVi p inf fi + φi + gi + φia ui + λi Vi < 0 m
The diagraph of system (11) also needs to be transformed into a proper layered diagraph. We shall use the same notations as in Section 3.3.3.
For each ε > 0, ∃δ >( 0 such that ( if 0 <) |x)i | < δ , then ∃ui with p i |ui | < ε such that dV fi + φi + gi + φia ui ≤ −λi Vi . dx
Theorem 2. Consider system (11) satisfying Assumption 2. There exists ui (12), i ∈ V , such that the system is globally exponentially stable and safe with respect to η if each cycle satisfies
ui ∈ℜ i
dxi
i
Under Assumption 2, each subsystem of system (11), without coupling, has the Small Control Property. A decentralized FTC law ui , i ∈ V , can be designed as (Sontag, 1989): ui (xi ) =
⎧ ⎨
− ⎩0
where Λ1
√ Λ1 + Λ21 +|Λ2 |4 |Λ2 |2
≜
dVi dxi
(
γimin γimin · · · γimin <1 r i1 1 i2 2 i3 for r ∈ {2, . . . , N }, ij ∈ V , ij ̸ = ij′ if j ̸ = j , and ′
bi n i ∑ ∑ ∑
(Λ2 )⊤ Λ2 ̸= 0
(12)
Λ2 = 0
) p
fi + φi
+ λi Vi , Λ2 ≜
i=1 li =bi−1 +1 k=1
( dVi dxi
gi + φi . This
) a
(16) ′
⎛
{
⎝ max ′
lm ∈N (lm+1 ) m∈{k,...,i−1}
Amin lk
i ∏
γ¯lmin r +1 lr
}⎞ ⎠
r =k
≤
η |x (0)|
(17)
6
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
where Amin lk
(
≜ √
√
β¯ lk min ( ( )min ) , γ¯lr +1 lr ≜ (lk ) α¯ lk 1 − γmax
β¯ lr Γlrmin +1 lr
(l
) ) ′
f γmax
≜
il
α¯ lr +1 Γlf′ lf −1 ≜
( )min (lk ) γmax ≜
≜ Γlrmin +1 lr
max{
(l ) (l ) il k ∈Vl − ij k k
⎧ ⎫ min ⎪ ⎨ γi(lk ) i(lk ) · · · × ⎪ ⎬ l
}
max
(lr +1 ) ∈Vl , j ( r +1 ) (lr +1 ) s(lr ) ∈Vl i r j i
l+1
min min ⎪ ⎩γi(lk ) i(lk ) γi(lk ) i(lk ) ⎪ ⎭ j l j−1 j ⎧ ⎫ min ⎪ ⎨ γi(lr +1 ) i(lr +1 ) · · · × ⎪ ⎬ 1
2
min min ⎪ ⎩γi(lr +1 ) i(lr +1 ) γi(lr +1 ) s(lr ) ⎪ ⎭ j−1
j
□
Remark 4. Theorem 2 establishes a fault recoverability condition with respect to the safety specification. Condition (16) guarantees that the exponential stability can be achieved if all cyclic gains are minimized. It is clear that the upper bound of |x| becomes minimal if all interconnected gains are minimized by adjusting subsystems’ controllers. If such a minimal upper bound is no more than η as in (17), then there must exist ui , such that the fault can be recovered with respect to the safety. □ 4.3. Fault tolerant safe control In this section, two kinds of fault tolerant safe control strategies are designed for system (11). These strategies can be realized based on the two-level structure as proposed in Yang et al. (2015): in the low level, each subsystem obtains the instructions from its own supervisor and adjusts its controller only by its own states and faults information, this is consistent with the decentralized control structure; In the high level, the supervisors communicate with each other to share a global fault tolerant safe control strategy. The information that needs to be exchanged among supervisors is only the values of each subsystem’s gains with respect to its neighbors. This allows for a low frequency broadcast network that works only in the fault recovery period. Denote Θf ⊆ V as the set of faulty subsystems, and Θh ⊆ V as the set of healthy ones. Firstly, we focus on the individual fault tolerant safe control, i.e. the fault tolerant safe control goal can be achieved by reduce the gains of faulty subsystems only. Theorem 3. Consider system (11) satisfying Assumption 2. There exist control laws uic , ic ∈ Θf ⊆ V and ic ∈ Vlf ⊆ V ′ such that the system is globally exponentially stable and safe with respect to η if (18)
bi i ∑ ∑ ∑ i=1 li =bi−1 +1 k=1
⎛
{
⎝ max
lm ∈N(lm+1 ) m∈{k,...,i−1}
A′lk
i ∏
γ¯l′r +1 lr
f
β¯ lf −1 Γl′ l ¯βlf f f −1 √ ′ ( ( (l ) )′ ) , γ¯lf lf −1 ≜ α¯ lf f α¯ lf 1 − γmax
ic +1
max
ij−1 ij
ij
il
⎧ ⎫ ⎨γi(lf ) i(lf ) · · · γ min (lf ) (lf ) ×⎬ 1
2
ic
i c +1
ij
s
⎩ · · · γ (lf ) (lf ) γ (lf ) (lf −1 ) ⎭ ij−1 ij
□
Algorithm 2: Cooperative fault tolerant safe control strategy 1. ∀i ∈ Θf , adjust ui such that σi = σimax . 2. For each Vq ∈ V B , q ∈ N¯ , find all cycles that violate condition (18). adjust controllers of sub-
systems in these cycles to reduce their gains until the small gain condition (2) holds. 3. If (19) is violated, adjust controllers in sub¯ ≤ systems i ∈ Θh to reduce their gains until M ¯ is defined in Theorem 1. η/(|x(0)|) holds where M ■
Step 1 of Algorithm 2 applies the individual fault tolerant safe control strategy, while steps 2 and 3 guarantee the stability and safety of the faulty system respectively. Controller adjusting processes in steps 2 and 3 can be done by various methods. For example, one can check the ratio σimax /σi of each subsystem. Choosing subsystems in a descending order of their ratios makes the healthy subsystems involved as few as possible. The maximal times of executions are N for step 1 and N + e for steps 2 and 3, the complexity of Algorithm 2 is O(N + e). Theorem 4. Consider system (11) satisfying Assumption 2 and conditions (16)–(17). Algorithm 2 guarantees that the system is globally exponentially stable and safe with respect to η. □ 4.4. A numerical example (continued) Let us come back to the example in Section 3.3.2, this section continues to illustrate its fault tolerant safe control design. The dynamics of subsystem i, i ∈ V , is borrowed from Panagi and Polycarpou (2011) as
)
∑
cij sin(xj1 )
j∈N(i)
r =k
f f −1
ic
l+1
⎩ · · · γ (lf ) (lf ) γ (lf ) (lf ) ⎭
(l ) i j f ∈ Vl , f ( ) (lf ) (l ) s f −1 ∈Vl i f −1 j
(
(19)
where A′l ≜ Alk and γ¯l′ l ≜ γ¯lk lk−1 are as in (10) if lk ∈ N¯ − {lf }. k k k−1 While A′l and γ¯l′ l are defined as
A′lf ≜ √
l
}
x˙ i2 = ai sin xi1 + (bi + φi (xi ))ui +
}⎞ ⎠
η ≤ |x (0)|
∈Vlf −
(lf ) ij
x˙ i1 = xi2
for r ∈ {2, . . . , N }, ij ∈ V , ij ̸ = ij′ if j ̸ = j′ , and n′
max{
Under condition (18), an individual fault tolerant ( )safe control strategy can be provided: ∀ic ∈ Θf , adjust uic xic to reduce the gains of subsystem ic . However, adjusting the controllers of faulty subsystems only may not guarantee the stability and safety of system (11) if conditions (18) and (19) are violated. This motivates us to find a cooperative fault tolerant safe control strategy that comprehensively adjust controllers of both faulty and healthy subsystems.
j
γi1 i2 γi2 i3 · · · γimin · · · γir i1 < 1 c ic +1
(lf )
⎧ ⎫ ⎨γi(lf ) i(lf ) · · · γ min (lf ) (lf ) ×⎬
where for i ∈ {1, 2, 3, 5, 10, 13}, ai = 2.4, bi = 1.1; For i ∈ {4, 6, 7, 8, 9, 11, 12}, ai = 3.5, bi = 0.9; The coupling constants c12 = c21 = 0.1688, c8(10) = c98 = c(10)9 = 0.1166, c31 = c43 = c45 = 0.0769, c34 = c52 = c54 = c(12)4 = c(13)(12) = c(13)7 = 0.0481, c62 = c75 = c76 = c96 = c(11)7 = c(11)(10) = c(12)3 = 0.0591, c87 = c86 = 0.0287; Consider faults that may occur in subsystems 1 and 9, the fault functions φ1 (x1 ) = 0.5x11 cos(x11 x12 ), φ9 (x9 ) = 4.5x91 cos(x91 x92 ). The Lyapunov function of [each subsystem is chosen as Vi = ] 1.5 0.5 ⊤ xi Pxi , i ∈ V , where P = such that αi = 0.69, 0.5 1
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
7
Fig. 3. The trajectory of |x| under individual fault-tolerant safe control.
Fig. 4. The trajectory of |x| under cooperative fault-tolerant safe control.
βi = 1.81, di = 1.81, i ∈ {1, 2, . . . , 13}. Assumption 2 is satisfied. The safe domain is given as η = 3.5.
the case of nonlinear gains γij (·). In this case the constant upper bound and decay rate of state norm can also be obtained by following the proof of Lemma 3 and finding the smallest slopes of secants for some nonlinear functions related to γij (·). The details are not given due to limited space. Considering the uncertainties, external disturbances and/or the faults that do not vanish at the origin in each subsystem, the proposed theorem can be potentially extended by combining with the existing ISS cyclic-small-gain theorem, and guarantees that the whole system is exponentially ISS with respect to uncertainties/disturbances/faults. Such an extension in fact has been involved in the proof of Lemma 6. In terms of the cooperative fault tolerant safe control strategy, minimizing the number of healthy subsystems to be adjusted is of particular interest for large-scale systems with a large number of subsystems. These issues deserve further investigations in the future.
We first illustrate Theorem 2. Design ui and choose the initial states such that λmax = 1.2 and |xi (0)| = 0.057. The resulted i min min = 0.3623, = 0.3623, γ21 gains under λmax are as follows: γ12 i min min min min γ34 = 0.1254, γ31 = 0.3209, γ43 = 0.3209, γ45 = 0.3209, min min min min γ54 = 0.1254, γ52 = 0.1254, γ62 = 0.0451, γ75 = 0.1805, min min min min γ76 = 0.1805, γ86 = 0.1015, γ87 = 0.1015, γ8(10) = 1.6245, min min min min γ96 = 0.1805, γ98 = 0.7220, γ(10)9 = 0.1805, γ(11)7 = min min min 0.1805, γ(11)(10) = 0.1805, γ(12)3 = 0.1805, γ(12)4 = 0.1254, min min = 0.1254. The small gain condition (16) = 0.1254, γ(13)(12) γ(13)7
is satisfied. Calculating from (17) yields that the upper bound of the state norm is 1.4243 < η. This implies that the faults φ1 (x1 ) and φ9 (x9 ) are recoverable with respect to safety. Now we illustrate Theorem 3. Suppose that the fault φ1 occurs at t = 0 s. Consider the faulty system with λi = 0.77, conditions (18) and (19) hold. This implies that the system can be rendered stable and safe via adjusting u1 only. The dashed curve of Fig. 3 demonstrates that the interconnected system is not stable if there is no FTC; Adjust u1 such that λ1 = 1. The upper bound of state norm is 3.6082 > η. However, γ12 γ21 = 0.4590, γ34 γ43 = γ54 γ45 = 0.2373 and γ98 γ8(10) γ(10)9 = 0.9612. The dashed dotted curve in Fig. 3 shows that the state converges to the origin while the safe domain is exceeded; Adjust u1 such that λ1 = 1.15. The upper bound of state norm as 3.3505 < η. From the solid curve of Fig. 3 one can see that fault tolerant safe control goal is achieved. Finally, we illustrate Algorithm 2 and Theorem 4. Suppose that the fault φ9 occurs at t = 0 s. Consider the faulty system with λi = 0.75. This violates conditions (18) and (19). In fact, adjusting u9 such that λ9 = λmax = 1.2 leads to γ12 γ21 = 0.8601, γ34 γ43 = 9 γ45 γ54 = 0.2636, γ98 γ8(10) γ(10)9 = 1.3875. The dashed curve of Fig. 4 shows that the interconnected system cannot be rendered stable and safe under individual fault-tolerant safe control. Now adjust u8 such that λ8 = λ8 max = 1.2, this makes condition (2) hold again. However the upper bound of state norm is 3.5215 > η. The dashed dotted curve of Fig. 4 shows the interconnected system is stable but not safe. Next, adjust both u8 and u10 such that λ8 = λ8 max = 1.2 and λ10 = 1.18. The upper bound of state norm is 3.4448 < η. The solid curve of Fig. 4 verifies the stability and safety of the interconnected systems. 5. Conclusions
Appendix Proof of Lemma 3. Under Assumption 1, one has
(
Vim xim j
j
)
{
≥ max {
im ∈V − im l j
}
dVim
⇒
j
dxim
( )} γimj iml Viml ximl (
fim (x) ≤ −λim Vim xim j
j
j
)
j
j
where l ∈ {1, 2, . . . , j − 1} and λim > 0. The gain on path m can be j
defined as γm ≜ γim im · · · γim
im j−1 j
1 2
(
. Denote Vm xim j
Also denote N(m as) the number of paths { in M(. When Vim xim j
j
)
≥ maxim ∈V −{im } γimj iml Viml ximl l
(
j
j
)}
, considering
j
the case Nm = 1, one has dVim ∂V dVm j f (x) = fim (x) = γm fim (x) ∂x dxim j dxim j j j
≤ −γm λimj Vimj ≤ −λimj V (x)
(20)
When Nm ≥ 2, since Vim is continuously differentiable, it follows j
that
dVm fm dxim ij
(x) is continuous with respect to x, and there exists
j
This paper establishes an exponential cyclic-small-gain theorem and applies it to fault tolerant safe control of interconnected nonlinear systems. To emphasize the main idea and avoid complex mathematical derivations, only the linear gains γij are considered. The proposed methods can be straightly extended to
)
≜ γm Vim xim .
a neighborhood X ≜ X1 × · · · × XN of x such that
− λimj V (x), ∀ξ ∈ X and ∀m ∈ M. Then, 1 2
∂V f (x) ≤ −λV (x) ∂x
∂V ∂ξ
f (ξ ) ≤
(21)
8
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
where λ ≜ minm∈M {λim /2}. Combining (20) and (21) yields
−λˆ li t
j
Vij xij ≥ max γij il Vil xil
( )
{
( )}
il ∈V ′
≤ Mli e
⇒ V (x) ≤ e−λt V (0)
j=k
( )}
where Mli , λˆ li , and γˆli li−1 are defined in (6). Consequently, summing over all xli for li ∈ Li , i ∈ N , yields
il ∈V ′
⇒ V (x) ≤ e−λt V (0)
|x|
Therefore V (x) ≤ e
Mlk
( i−1 ) }⎞ ∏ ⏐ ⏐ ˆ × γˆlj+1 lj e−λlk t ⏐xlk (0)⏐ ⎠
V (x) ≥γi1 i2 γi2 i3 · · · γij−1 ij max γij il Vil xil
−λ t
{
lm ∈N(lm+1 ), m∈{k,...,i−1}
k=1
where V (0) denotes V (x(0)) if there ( )is no confusion. Since V (x) = γi1 i2 γi2 i3 · · · γij−1 ij Vij xij , it leads to
{
⎛ i−1 ⏐ ⏐ ∑ ⏐xl (0)⏐ + ⎝ max i
≤
V (0)+
ai n ∑ ∑ ⏐ ⏐ ⏐xl ⏐ i
i=1 li =ai−1 +1
γi1 i2 γi2 i3
{ ( )} · · · γij−1 ij max γij il Vil xil ′ il ∈V
≤
V (x)
( )
Note that Vil xil ≤
γi1 i2 γi2 i3 ···γil−1 il
ai n i ∑ ∑ ∑
, we further have
×e
≤ e−λt V (0) + max γi1 i2 · · · γij−1 ij il ∈V ′
{
≤ e−λt V (0) + max γil il+1 il ∈V ′
γij il V (x)
−λˆ t
j=k
Mlk
|x(0)|
Proof of Lemma 6. We regard Vs(p) as the input of Vi(q) . Define V¯ q as the Lyapunov function of Vq and define U¯ q as the input of
¯ q as follows Vq with q ∈ N¯ . Construct V¯ q and U
) }
1 e−λt V (0), 1−γmax
{
V¯ q ≜ max
V (x) ≤ e−λt V (0)
condition (2) and (4) lead to the result.
(q)
which together with
U¯ q ≜
□
⏐ ⏐2 ⏐ ⏐2 αli ⏐xli ⏐ ≤ Vli (xli ) ≤ βli ⏐xli ⏐ ( )} ( ) { Vli xli ≥ max γli li−1 Vli−1 xli−1
{ (q) i ∈Vq , j ( ) (q) (p) , s ∈Vp i j ′ p∈N (q)
(q) i j−1 j
1
⇒ Vli (xli ) ≤ e
(q) γ (q) (p) Vs(p) i s i j
j −1 j
2
}
j
2
1
Vi(q) ≜ Vi(q) = Vi(q) where i(q) ∈ Vq . 1
According to Lemma 3, we have from condition (9) that V¯ q ≥ U¯ q ⇒ V¯ q ≤
Vli (0)
It further yields that
} ⏐ γli li−1 αli−1 ⏐ ⏐ xl ⏐ i−1 li−1 ∈N(li ) βli √ ⏐ ⏐ ⏐ βli − λli t ⏐⏐ ⇒ ⏐xli ⏐ ≤ e 2 xli (0)⏐ αli
where γ
−λˆ li t
⏐ ⏐ ⏐ ⏐} { ⏐xl (0)⏐ + max γˆl l ⏐xl ⏐ ≤ Mli e i i i−1 i−1 li−1 ∈N(li ) { ⏐ ˆ ⏐ −λˆ t ≤ Mli e−λli t ⏐xli (0)⏐ + max γˆli li−1 Mli−1 e li−1 li−1 ∈N(li ) { } ⏐ ⏐} × ⏐xli−1 (0)⏐ + max γˆli li−1 γˆ l l |xli−2 | i−1 i−2
(24)
}
γi(q) i(q) · · · γi(q) i(q) ×γi(q) i(q) and j l l l+1 j−1 j { } λi(q) /2 . By replacing q by p in (23), we have
j
q
j
V¯ p ≥ Vs(p) . Thus, one further has (22)
Proof of Lemma 5. We can derive from (7) and (22) that subsystem li in layer i, i ∈ N − {1}, satisfies i
e−λq t V¯ q (0) ˜
q
≜ maxi(q) ∈V −i(q) q j l
λ˜ q ≜ mini(q) ∈V
Inequality (6) is obtained. □
⏐ ⏐ ⏐xl ⏐
1 1 − γmax
{
(q) max
{√
li−1 ∈N(li ) li−2 ∈N(l i −1 )
(23)
j
γi(q) i(q) · · · γi(q)
li−1 ∈N(li )
−λli t
Vi(q)
= i(p) . Specially, in the case of j = 1, γi(q) i(q) · · ·
where i1
γi(q)
(q) i j−1 j
2
max
(p)
}
γi(q) i(q) · · · γi(q) 1
ij ∈Vq
Proof of Lemma 4. It follows from Assumption 1 that each subsystem li satisfies
.. .
⎩
⎫⎞ ⎬ γˆlj+1 lj ⎠ ⎭
γˆli+1 li ≜ 1. □
il ∈V
⏐ ⏐ ⏐xl ⏐ ≥ max i
i ∏
{ }
γi1 i2 · · · γil−1 il } · · · γij−1 ij γij il V (x)
{ 1 − max γil il+1 · · · γij−1 ij γij il ′
It follows that V (x) ≤
lm ∈N(lm+1 ) m∈{k,...,i−1}
⎧ ⎨
where λˆ ≜ minli ∈Li ,i∈N λˆ li . Specifically, in case of j = k = i,
}
This is equivalent to
(
⎝ max
i=1 li =ai−1 +1 k=1
V (x)
{
⎛
U¯ q ≤
{ max (q) i ∈Vq , j ( ) (q) (p) s ∈Vp i , j p∈N ′ (q)
≜ max
p∈N ′ (q)
{
γi(q) i(q) · · · γi(q) 1
Γqp Wp
(q) i j−1 j
2
γi(q) s j
¯ (p) Vp
}
}
where Γqp ≜ max (q)
ij ∈Vq
(25)
{ ,s(p) ∈V
(
(q) p ij
)
γi(q) i(q) · · · × γi(q) 1
(q) i j−1 j
2
}
γi(q) s(p) . j
Combining (24) and (25) yields V¯ q ≥ max
p∈N ′ (q)
{ } Γqp V¯ p ⇒ V¯ q ≤
1
e−λq t V¯ q (0) ˜
(q)
1 − γmax
(26)
According to Assumption 1 and (23), there exist constants
α¯ q > 0 and β¯ q > 0 such that ⏐ ⏐2 ⏐ ⏐2 α¯ q ⏐x¯ q ⏐ ≤ V¯ q ≤ β¯ q ⏐x¯ q ⏐
(27)
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
It follows from (26) and (27) that
⎫ ⎧√ ⎬ ⎨ β¯ Γ p qp |¯xp | |¯xq | ≥ max ⎭ α¯ q p∈N ′ (q) ⎩ λ˜ q β¯ q ) e 2 t |¯xq (0)| ⇒ |¯xq | ≤ √ ( (q) α¯ q 1 − γmax Inequality (10) is obtained. □ Proof of Theorem 1. The proof of Theorem 1 is similar to that of Lemma 5, the difference is that virtual nodes need to be considered. The subsystems modeled by virtual nodes, which are called ‘‘virtual’’ subsystems in the following, are of no practical physical meanings, but only for the purpose of forming a proper ji ji ji n′ -layered digraph. For ‘‘virtual’’ subsystems d1 , d2 , . . . , dw−1 that are inserted ⏐ into⏐ the long arc⏐ (j, i) ∈ ⏐E1 , their initial states are
9
Romdlony, M. Z., & Jayawardhana, B. (2016). Stabilization with guaranteed safety using control lyapunov-barrier function. Automatica, 66, 29–47. Sontag, E. D. (1989). A ‘‘universal’’ construction of artstein’s theorem on nonlinear stabilization. Systems & Control Letters, 13(2), 117–123. Wilson, R. J. (1972). Introduction to graph theory. London: Longman. Yang, H., Han, Q.-L., Ge, X., Ding, L., Xu, Y., & Jiang, B. (2020). Fault tolerant cooperative control of multi-agent systems: a survey of trends and methodologies. IEEE Transactions on Industrial Informatics, 16(1), 4–17. Yang, H., Huang, C., Jiang, B., & Polycarpou, M. M. (2019). Fault estimation and accommodation of interconnected systems: a separation principle. IEEE Transactions on Cybernetics, 49(12), 4103–4116. Yang, H., Jiang, B., Staroswiecki, M., & Zhang, Y. (2015). Fault recoverability and fault tolerant control for a class of interconnected nonlinear systems. Automatica, 54, 49–55. Yu, X., & Jiang, J. (2015). A survey of fault-tolerant controllers based on safety-related issues. Annual Reviews in Control, 39(1), 46–57. Zhang, X.-M., Han, Q.-L., Ge, X., Ding, D., Ding, L., & Yue, D. (2020). Networked control systems: a survey of trends and techniques. IEEE/CAA Journal of Automatica Sinica, 7(1), 1–17. Zhang, X., & Zhang, Q. (2013). Distributed fault diagnosis in a class of interconnected nonlinear uncertain systems. International Journal of Control, 37(1), 170–179.
given as ⏐xdji (0)⏐ = · · · = ⏐xdji
⏐ (0)⏐ = 0. The gains among ‘‘virtual’’ subsystems are given as γ¯ ( ji ) = γ¯ji and γ¯( ji ) = i d d j ⏐
⏐
⏐
w−1
1
w−1
· · · = γ¯(dji
w−1
)(
ji
dw−2
)
1
= 1. These ‘‘virtual’’ subsystems are not
added when summing over all subsystems as in Lemma 5. □ Proof of Theorem 4. Conditions (16) and (17) guarantee that system (11) can be rendered stable and safe at least when all interconnected gains are minimized, These are fault recoverability conditions with respect to the safety specification. Algorithm 2 applies individual fault tolerant safe control strategy firstly. If it cannot guarantee the stability and safety goals, controllers of other subsystems will be adjusted until the goals are met. □ References Blanke, M., Kinnaert, M., Lunze, J., & Staroswiecki, M. (2006). Diagnosis and fault-tolerant control. Berlin: Springer Verlag. Boem, F., Ferrari, R. M. G., Keliris, C., Parisini, T., & Polycarpou, M. M. (2017). A distributed networked approach for fault detection of large-scale systems. IEEE Transactions on Automatic Control, 62(1), 18–33. Dashkovskiy, S., Rüffer, B. S., & Wirth, F. R. (2010). Small gain theorems for large scale systems and construction of iss lyapunov functions. SIAM Journal on Control and Optimization, 48, 4089–4118. Fleischer, L. K., Hendrickson, B., & Pinar, A. (2000). On identifying strongly connected components in parallel. International Parallel and Distributed Processing Symposium, 205–511. Ito, H., & Jiang, Z. P. (2009). Necessary and sufficient small gain conditions for integral input-to-state stable systems: A lyapunov perspective. IEEE Transactions on Automatic Control, 54, 2389–2404. Ito, H., Jiang, Z. P., Dashkovskiy, S., & Rüffer, B. S. (2013). Robust stability of networks of iiss systems: Construction of sum-type lyapunov functions. IEEE Transactions on Automatic Control, 58, 1192–1207. Jiang, Z. P., & Liu, T. (2018). Small-gain theory for stability and control of dynamical networks: A survey. Annual Reviews in Control, 46, 58–79. Jiang, Z. P., Mareels, I. M., & Wang, Y. (1996). A Lyapunov formulation of the nonlinear small-gain theorem for interconnected ISS systems. Automatica, 32(8), 1211–1215. Li, Y., & Tong, S. (2017). Adaptive neural networks decentralized ftc design for nonstrict-feedback nonlinear interconnected large-scale systems against actuator faults. IEEE Transactions on Neural Networks and Learning Systems, 28(11), 2541–2554. Li, X. J., & Yang, G. H. (2018). Neural-network-based adaptive decentralized faulttolerant control for a class of interconnected nonlinear systems. IEEE Transactions on Neural Networks and Learning Systems, 29(1), 144–155. Liu, T., Hill, D. J., & Jiang, Z. P. (2011). Lyapunov formulation of iss cyclicsmall-gain in continuous-time dynamical networks. Automatica, 47(9), 2088–2093. Panagi, P., & Polycarpou, M. M. (2011). Distributed fault accommodation for a class of interconnected nonlinear systems with partial communication. IEEE Transactions on Automatic Control, 56(12), 2962–2967. Patton, R. J., Kambhampati, C., Casavola, A., Zhang, P., Ding, S., & Sauter, D. (2007). A generic strategy for fault-tolerance in control systems distributed over a network. European Journal of Control, 13, 280–296.
Hao Yang received the B.Sc. Degree in electrical automation from Nanjing Tech University, Nanjing, China, in 2004, and the Ph.D. degrees in automatic control from Université de Lille 1: Sciences et Technologies, Lille, France, and Nanjing University of Aeronautics and Astronautics (NUAA), Nanjing, China, both in 2009. Since 2010, he has been working at College of Automation Engineering in NUAA, where he has been a full professor since 2015. His research interest includes fault tolerant and safe control of switched and interconnected systems, multi-agent systems with their aerospace applications. He has published 2 books and over 80 international journal papers. He was the recipient of the National Science Fund for Excellent Young Scholars in 2016, and the Top-Notch Young Talents of Central Organization Department of China in 2017. He has served as Associate Editor for Nonlinear Analysis: Hybrid Systems, Cyber–Physical Systems, and Acta Automatica Sinica. He is also a member of the IFAC Technical Committee on Fault Detection, Supervision & Safety of Technical Processes.
Chencheng Zhang received the B.S. degree in automation from Yangzhou University, Yangzhou, China, in 2017. She is currently pursuing the Ph.D. degree of automatic control in Nanjing University of Aeronautics and Astronautics, Nanjing, China. Her current research interests include stability analysis and the fault-tolerant control design of switched and interconnected systems.
Zixin An received the B.S. degree in automation from the Nanjing University of Aeronautics and Astronautics (NUAA), Nanjing, China, in 2018, and she is currently pursuing the M.S. degree in NUAA. Her current research interests include stability analysis and the fault-tolerant control design of interconnected systems.
Bin Jiang received the Ph.D. degree in Automatic Control from Northeastern University, Shenyang, China, in 1995. He had ever been postdoctoral fellow, research fellow and visiting professor in Singapore, France, USA and Canada, respectively. Now he is a Chair Professor of Cheung Kong Scholar Program in Ministry of Education, and Vice President in Nanjing University of Aeronautics and Astronautics, China. His research interests include fault diagnosis and fault tolerant control and their applications in aircrafts, satellites and high-speed trains. He has been the principle investigator on several
10
H. Yang, C. Zhang, Z. An et al. / Automatica 115 (2020) 108866
projects of National Natural Science Foundation of China. He is the author of 8 books and over 200 referred international journal papers and conference papers. He is a Fellow of the IEEE, the Chair of Control Systems Chapter in IEEE Nanjing Section, and a member of IFAC Technical Committee on Fault Detection, Supervision, and Safety of Technical Processes. He won the 2nd Class Award
of National Natural Science of China in 2018. He currently serves as Associate Editor or Editorial Board Member for a number of journals such as IEEE Trans. on Control Systems Technology; Int. J. of Control, Automation and Systems; J. of Franklin Institute; Neurocomputing; Control and Decision; Systems Engineering and Electronics Technologies.