9th IFAC Symposium on Fault Detection, Supervision and 9th IFAC on Fault Detection, Supervision and Safety of Symposium Technical Processes 9th IFAC Symposium on 9th IFAC Symposium on Fault Fault Detection, Detection, Supervision Supervision and and Safety of Technical Processes Available online at www.sciencedirect.com Safety of Technical Processes September 2-4, 2015. Arts et Métiers ParisTech, Paris, France Safety of Technical Processes September 2-4, 2015. Arts et Métiers ParisTech, Paris, France September September 2-4, 2-4, 2015. 2015. Arts Arts et et Métiers Métiers ParisTech, ParisTech, Paris, Paris, France France
ScienceDirect
IFAC-PapersOnLine 48-21 (2015) 1471–1478
Structural Analysis for Diagnosability and Structural Analysis for Diagnosability and Structural Analysis for Diagnosability and Reconfigurability, with Application to Reconfigurability, with Application to Reconfigurability, with Application to Electric Vehicle Drive System Electric Vehicle Drive System Electric Vehicle Drive System ∗ ∗∗
Jiyu Zhang ∗∗ Giorgio Rizzoni ∗∗ ∗∗ Jiyu Zhang ∗∗ Giorgio Rizzoni ∗∗ Jiyu Jiyu Zhang Zhang Giorgio Giorgio Rizzoni Rizzoni ∗∗ ∗ ∗ Department of Mechanical and Aerospace Engineering, The Ohio ∗ ∗ of Mechanical and Aerospace Engineering, The Ohio ∗ Department Department of and Engineering, The State University, Columbus, Ohio 43210 USA (e-mail: Department of Mechanical Mechanical and Aerospace Aerospace Engineering, The Ohio Ohio State University, Columbus, Ohio 43210 USA (e-mail: State University, Columbus, Ohio 43210 USA (e-mail:
[email protected]). State University, Columbus, Ohio 43210 USA (e-mail: ∗∗
[email protected]). ∗∗
[email protected]). Department of Mechanical and Aerospace Engineering, The Ohio
[email protected]). ∗∗ ∗∗ Department of Mechanical and Aerospace Engineering, The Ohio ∗∗ Department of Mechanical and Engineering, The State University, Columbus, Ohio 43210 USA (e-mail: Department of Mechanical and Aerospace Aerospace Engineering, The Ohio Ohio State University, University, Columbus, Ohio 43210 43210 USA (e-mail: (e-mail: State Ohio USA
[email protected]) State University, Columbus, Columbus, Ohio 43210 USA (e-mail:
[email protected])
[email protected])
[email protected]) Abstract: This paper presents a structural approach for analyzing a system’s diagnosability and Abstract: This paper presents a structural approach for analyzing aa system’s diagnosability and Abstract: This presents approach for diagnosability and reconfigurability, with application on a PMSM drive system in an electric vehicle. Diagnosability Abstract: This paper paper presents a a structural structural approach for analyzing analyzing a system’s system’s diagnosability and reconfigurability, with application on a PMSM drive system in an electric vehicle. Diagnosability reconfigurability, with application on a PMSM drive system in an electric vehicle. Diagnosability analysis is aimed at finding out whether a fault can be detected and isolated when it occurs. reconfigurability, with application on a PMSM drive system in an electric vehicle. Diagnosability analysis is at whether fault can be and isolated when it analysis is aimed aimed analysis at finding finding out whetherinaaaorder fault to can be detected detected andfault isolated when capability it occurs. occurs. Reconfigurability is out conducted access a system’s tolerance analysis is aimed at finding out whether fault can be detected and isolated when it occurs. Reconfigurability analysis is conducted in order to access aa of system’s fault tolerance capability Reconfigurability analysis is conducted in order to access system’s fault tolerance capability by system reconfiguration. This paper formalizes conditions system reconfigurability through Reconfigurability analysis is conducted in order to access a system’s fault tolerance capability by system reconfiguration. This paper formalizes system reconfigurability by system This paper conditions of system through structural analysis to check whether a system conditions is able to of maintain performance by through system by system reconfiguration. reconfiguration. This paper formalizes formalizes conditions ofmaintain system reconfigurability reconfigurability through structural analysis to check whether a system is able to performance by system structural analysis to check whether a system is able to maintain performance by system reconfiguration under actuation or sensor faults. structural analysis to actuation check whether a system is able to maintain performance by system reconfiguration reconfiguration under under actuation actuation or or sensor sensor faults. faults. reconfiguration under or sensor faults. © 2015, IFAC (International Federation of Automatic Control) Hosting by Elsevier Ltd. All rights reserved. Keywords: Diagnosability, Reconfigurability, PMSM drive, Structural analysis Keywords: Keywords: Diagnosability, Diagnosability, Reconfigurability, Reconfigurability, PMSM PMSM drive, drive, Structural Structural analysis analysis Keywords: Diagnosability, Reconfigurability, PMSM drive, Structural analysis 1. INTRODUCTION Before the appropriate fault diagnosis algorithm and fault 1. INTRODUCTION INTRODUCTION Before the appropriate fault diagnosis algorithm and fault 1. Before appropriate diagnosis and tolerantthe control schemesfault are applied, it algorithm is important tofault first 1. INTRODUCTION Before the appropriate fault diagnosis algorithm and fault tolerant control schemes are applied, it is important to first tolerant control schemes are applied, it is important to first know diagnosability of various faults and controllability of control schemes are applied, itand is important to first Fault diagnosis and fault tolerant control are critical to tolerant know diagnosability of various various faultsis controllability of diagnosability of faults and controllability of Fault diagnosis and fault tolerant control are areforcritical critical to know the system, and whether the system able to maintain its Fault diagnosis and fault tolerant control to know diagnosability of various faults and controllability of guarantee safety and continuity of operation complex Fault diagnosis and fault tolerant control areforcritical to the the system, and andunder whether theconditions. system is is able to maintain its system, whether the system its controllability faulty A lotto ofmaintain engineering guarantee safety andin continuity of operation complex guarantee and continuity operation for complex system, andunder whether theconditions. system is able able its engineeringsafety systems case any of components fail to oper- the guarantee safety and continuity of operation for complex controllability faulty A lot lotto ofmaintain engineering controllability under faulty conditions. A of engineering engineering systems in case any components fail to opersystems make use of system reconfiguration to achieve engineering systems in case any components fail to opercontrollability under faulty conditions. A lot of engineering ate normally. In general, fault diagnosis methods can be engineering systems in case anydiagnosis components fail tocan opersystems make use use of system system reconfiguration to achieve make of ate normally. In general, general, fault methods be systems fault tolerance so that systemreconfiguration will continue to to achieve satisfy ate normally. In fault diagnosis methods can be systems make use of system reconfiguration to achieve classified as data-driven approaches and model-based apate normally. In general, fault diagnosis methods can be fault tolerance so that system will continue to satisfy fault tolerance so that system will continue to satisfy classified as data-driven approaches and model-based ap- fault performance requirements underwill faults. Reconfigurabilclassified as data-driven approaches and model-based aptolerance so that system continue to satisfy proaches. Data-driven approaches are based on experimenclassified as data-driven approaches model-based ap- performance performance requirements under faults. ReconfigurabilReconfigurabilfaults. ity means therequirements system can under be reconfigured by changing proaches. Data-driven approaches areand based on experimenexperimenproaches. Data-driven approaches are based on requirements under faults. Reconfigurabiltal data and employ system-identification techniques while performance proaches. Data-driven approaches are based on experimenity means the system can be reconfigured by changing ity means the system can be reconfigured by changing tal data and employ system-identification techniques while controller input/output relationships so that performance tal data and employ system-identification techniques means input/output the system can be reconfigured by changing model-based diagnosis rely on an accurate model while that ity tal data and employ system-identification techniques while controller relationships so that performance relationships so that performance model-based diagnosis rely on an an dynamic accurate performance model that that controller objectives input/output can be achieved. This paper presents a strucmodel-based on accurate model controller input/output relationships so that performance is capable of diagnosis capturing rely a system’s model-based diagnosis rely on an accurate model that objectives can be be achieved. This paper presents presents strucobjectives can paper aa structural approach for achieved. analyzingThis diagnosability and reconfigis capableetof ofal., capturing a such system’s dynamic performance is capable capturing a system’s dynamic performance objectives can be achieved. This paper presents a struc(Rizzoni 2009). If a model is available, then is capableetofal., capturing a such system’s dynamic performance tural approach for analyzing analyzing diagnosability and reconfigtural approach for diagnosability and reconfigurability properties, with application to an electric drive (Rizzoni 2009). If a model is available, then (Rizzoni et al., 2009). If such a model is available, then tural approach for analyzing diagnosability and reconfigmodel based diagnosis are advantageous since they give a (Rizzoni et al., 2009). are If such a model issince available, then urability properties, with application application to synchronous an electric electric drive drive urability properties, with to an model based diagnosis advantageous they give a system driven by a permanent magnet mamodel advantageous they give urability properties, with application to synchronous an electric drive deeper based insightdiagnosis into the are process behavior, since and are capable model based diagnosis are advantageous since theycapable give aa system system driven byanalysis a permanent permanent magnet madriven by a magnet synchronous madeeper insight into the process behavior, and are chine. Structural converts the system mathematideeper insight into the process behavior, and are capable driven byanalysis a permanent magnet synchronous maof detecting faults at early age (Isermann,and 2005),which is system deeper insight into at theearly process are capable chine. Structural converts the system system mathematiStructural analysis the mathematical model into a structural model represented by bipartite of detecting faults age behavior, (Isermann, 2005),which is chine. of detecting faults early age (Isermann, 2005),which is chine. Structural analysis converts converts the system by mathemativery important to at avoid catastrophic failure and ensure of detecting faults at early age (Isermann, 2005),which is cal model into a structural model represented bipartite model aa structural model represented bipartite graphs or into Incidence Matrix, from which theby structural very important to avoid avoidModel-based catastrophicdiagnosis failure and and ensure cal very important to catastrophic failure ensure cal model structural model represented bipartite reliability of operation. is usually very important to avoidModel-based catastrophicdiagnosis failure and ensure graphs graphs or into Incidence Matrix, from which thebystructural structural or Incidence Matrix, from which the reliability of operation. is usually properties are clear to see (Blanke et al., 2000). Through reliability of operation. Model-based diagnosis is usually graphs or Incidence Matrix, from which the structural achieved by applying parity equations or state observers reliability of applying operation. Model-based isobservers usually properties are are clear clear manipulation to see see (Blankeofet etthe al.,structural 2000). Through Through to al., 2000). achieved by parity equationsdiagnosis or state state some mathematical graph, achieved by equations or properties are clear manipulation to see (Blanke (Blankeofetthe al.,structural 2000). Through to generate residualparity that compares the actualobservers outputs properties achieved by aaapplying applying parity equationsthe or state observers some mathematical graph, some mathematical manipulation of the structural graph, it is possible to analyze the fault detectability and isolato generate residual that compares actual outputs to generate a residual that compares the actual outputs some mathematical manipulation of the structural graph, with the estimated or nominal outputs (Isermann, 2006; to generate a residual that compares the actual outputs it is possible possible to analyze analyze theasfault fault detectability and isolaisolait is to the detectability and bility properties, as well the system’s observability, with the estimated or nominal outputs (Isermann, 2006; with the or it is possible to analyze and isolaKinnaert, 2003). with the estimated estimated or nominal nominal outputs outputs (Isermann, (Isermann, 2006; 2006; bility bility properties, asreconfigurability welltheas asfault the detectability system’s observability, properties, well the system’s observability, Kinnaert, 2003). controllability andas from the structural Kinnaert, 2003). bility properties, as well as the system’s observability, Kinnaert, 2003). controllability and reconfigurability from the astructural structural Once a fault is detected, fault tolerant control schemes controllability reconfigurability the perspective. Inand addition, this paperfrom relates system’s controllability and reconfigurability from the astructural Once a be fault is detected, detected, fault tolerant tolerant control schemes perspective. In addition, this paper relates system’s Once a fault is fault control schemes perspective. In addition, this paper relates a system’s have to be enabled to guarantee safety and continuity of reconfigurability with its structural controllability and obOnce a fault is detected, fault tolerant control schemes perspective. In addition, this paper relates a system’s have to be be be be enabled to guarantee guarantee safety and and continuity of reconfigurability reconfigurability with its structural structural controllability and obhave to enabled to safety continuity of with its controllability and oboperation. Fault tolerant control strategies can be broadly servability in case of actuation and sensor faults so that have to be be enabled to guarantee safety and continuity of reconfigurability with its structural controllability and oboperation. Fault tolerant control strategies strategies can approaches be broadly broadly servability servability in case of actuation and sensor faults so that operation. Fault tolerant control can be categorized as passive approaches and active in case actuation and sensor that the conditions for of reconfigurability can be faults easily so formuoperation. Fault tolerant control strategies can approaches be broadly servability in case of actuation and sensor faults so that categorized as passive approaches and active the conditions foranalysis reconfigurability cantobe bebeeasily easily formucategorized passive approaches (Blanke and as Schr¨ oder, 2003; Blanke and et al.,active 2001;approaches Zhang and the conditions for reconfigurability can formulated. Structural has proven effective in categorized passive approaches and approaches the conditions foranalysis reconfigurability cantobebe easily formu(Blanke and as Schr¨ oder, der,approaches 2003; Blanke et robust al.,active 2001; Zhangtechand lated. lated. Structural has proven effective in (Blanke and Schr¨ o 2003; Blanke et al., 2001; Zhang and Structural analysis has proven to be effective in Jiang, 2008). Passive use control analyzing complex nonlinear engineering systems. In this (Blanke and Schr¨ o der, 2003; Blanke et al., 2001; Zhang and lated. Structural analysis has proven to be effective in Jiang, 2008). Passive approaches use robust control control techanalyzing complex nonlinear engineeringanalysis systems. In this this Jiang, Passive approaches robust techcomplex nonlinear engineering systems. In niques,2008). in which case the controlleruse is carefully designed so analyzing paper, Section 2 presents the structural approach Jiang, 2008). Passive approaches use robust control techanalyzing complex nonlinear engineeringanalysis systems. In this niques, in which which case the controller is carefully carefully designed so paper, paper, Section 2 presents the structural approach niques, in case the controller is designed so that a system can have certain degree of fault tolerance. Section 22 presents the approach for analyzing fault diagnosability and analysis reconfigurability. niques, in whichcan case the certain controller is carefully designed so paper, Section fault presents the structural structural analysis approach that system have degree of fault fault tolerance. for analyzing diagnosability andstructural reconfigurability. that aa system can have certain of tolerance. analyzing fault diagnosability and reconfigurability. On the other hand, active faultdegree tolerance involves con- for Section 3 shows the application of the methods that a system can have certain degree of fault tolerance. for analyzing fault diagnosability and reconfigurability. On the other hand, active fault tolerance involves conSection 3 shows the application of the structural methods On the other hand, fault tolerance involves 33 shows the application of the structural methods troller redesign in caseactive of faults, either by applying a connew Section on an electric vehicle drive system driven by a permanent On the other hand, active fault tolerance involves conSection shows the application of the structural methods troller redesign in case case of(fault faults,accommodation) either by by applying new on an electric electric vehicle machine drive system system drivenThe by aaresults permanent troller redesign in faults, either aaa new an vehicle drive driven by permanent set of control parameters or using a on magnet synchronous (PMSM). show troller redesign in case of of(fault faults,accommodation) either by applying applying new on an electric vehicle machine drive system drivenThe by aresults permanent set ofset control parameters or using using a magnet magnet synchronous (PMSM). show set of control parameters (fault accommodation) or a new of control inputs/outputs (system reconfiguration) synchronous machine (PMSM). The results show that various faults can be diagnosed if we incorporate set of control parameters (fault accommodation) or using a synchronous machine (PMSM).ifThe show new set of of control inputs/outputs (system reconfiguration) reconfiguration) magnet that various various faults can can be diagnosed diagnosed we results incorporate new set inputs/outputs (system in response to faults . new set of control control inputs/outputs (system reconfiguration) that that various faults faults can be be diagnosed if if we we incorporate incorporate in response to faults . in in response response to to faults faults .. Copyright © 2015, 2015 IFAC 1471Hosting by Elsevier Ltd. All rights reserved. 2405-8963 © IFAC (International Federation of Automatic Control) Copyright © 2015 IFAC 1471 Copyright © 2015 IFAC 1471 Peer review under responsibility of International Federation of Automatic Copyright © 2015 IFAC 1471Control. 10.1016/j.ifacol.2015.09.732
SAFEPROCESS 2015 1472 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
sufficient number of sensors and the system can be successfully reconfigured to maintain its performance in case these faults occur. 2. STRUCTURAL ANALYSIS FOR FAULT DIAGNOSABILITY Structural analysis represents a system by its structural model using bipartite graphs or Incidence Matrix, where the relations between the system variables and constraints are described.
Fig. 1. Bipartite Graph of System 1 Table 1. Incidence Matrix of System 1
2.1 Structural Model The structural model of a system by bipartite graph or Incidence Matrix are defined as follows: Definition 1. Structural Model by Bipartite Graph (Blanke and Schr¨ oder, 2003) : The structure model represented by a bipartite graph is the set of system constraints, variables and edges (C, Z, E), where E = C × Z is the set of edges defined by: E = {(ci , zj ): the variable zj appears in the constraint ci } The set of variables Z consists of known variables K and unknown variables X : Z = (K, X ). The known variables stand for the measured variables, known control inputs as well as known parameters, while the unknown variables refer to the algebraic variables and dynamic states defined in the model as well as unknown inputs and unknown parameters. Definition 2. Structural Model by Incidence Matrix (Blanke and Schr¨ oder, 2003): The structure model represented by an Incidence Matrix is a matrix in which the number of rows equals to the number of constraints |C|, and the number of columns is equivalent to the number of variables |Z|, the elements (ci , zj ) in the matrix correspond to the edges in the bipartite graph and are defined as: (ci , zj ) = 1, if zj appears in the constraint ci ; (ci , zj ) = 0, otherwise. Take an example of a simple system given by the following form: e1 : u1a = u1 e2 : u2a = u2 e3 : x˙ 1 = a1 x1 + b1 x1 x2 + u1a (1) e4 : x˙ 2 = a2 x2 + b2 x1 + u2a e 5 : y 1 = x1 e 6 : y 2 = x2 where, e1 , e2 are actuator equations which gives inputs u1a , u2a to the dynamic system described by equations e3 and e4 . e5 and e6 are sensor equations that measures states x1 , x2 . The structural model of this system is shown in Fig. 1 and Table. 1: 2.2 Redundancy of a Structural Model If a structural model has more equations than unknowns, there exist redundant constraints in the model, which can be used for fault detection and isolation (FDI). This FDI strategy is therefore called Analytic Redundant Relation
e1 e2 e3 e4 e5 e6
Known Variables y1 y2 u1 u2 X X X X X X
Unknown Variables x1 x2 u1a u2a X X X X X X X X
(ARR) based FDI. An analytic redundant relation of a structural model is defined as: Definition 3. Analytic Redundant Relation (ARR) of a structural model (Krysander, 2006; Staroswiecki and Comtet-Varga, 2001): Given a structural model |M | that has more equations than unknowns, a redundant relation is a constraint that involves only the known variables k, which belongs to the set of measured outputs Z and known inputs U , after eliminating all the unknown variables, i.e. R(k) = 0 k∈U ∪Z (2) If a subset of constraints in the original model can be found such that all the unknown variables contained in the structural model can be calculated from these constraints, then the rest of the equations are redundant relations. In order to find a system’s redundant relations, we need to calculate all the unknown variables. However, the bipartite graph or Incidence matrix only tells us the correlation between variables and constraints, whereas does not give any information about how the unknown variables are determined. This fact leads us to define matchings on a structural model. Definition 4. Matching (Blanke and Schr¨oder, 2003) : A matching M on a bipartite graph is the subset of edges E such that the projection of the edges on the constraint set pc : E → C and the projection of the edges on the variable set pz : E → Z are both injective, i.e. ∀e1 , e2 ∈ E, e1 = e2 : {pC (e1 ) = pC (e2 )} ∧ {pZ (e1 ) = pZ (e2 )}
A matching on a bipartite graph assigns orientation of the edges, by which an oriented graph is generated. The oriented bipartite graph, which is also called a causal graph, defines a computation sequence where each constraint is associated with an unknown variable that is to be determined. Since there can be more than one way of computing the unknown variables, matchings of a model are not unique. For the example system 1, one possible matching is found as shown in Fig 2, where, the system inputs are calculated from the actuator equations e1 and e2 , the state variables x1 , x2 are calculated from the measurement equations
1472
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
e5 and e6 , while the e1 and e2 become two redundant equations, which are represented by zero outputs in the causal graph. They can be used for consistency check, and thereby used to detect faults.
Fig. 2. A matching on the bipartite graph of system 1 The analytic redundancy of a model defines all the possible redundant relations existing in the model that could be used for diagnosis. The analytic redundancy of a model can be found through canonical decomposition of its structural model by using the mathematical tool Dulmage-Mendelsohn Decomposition(Dulmage and Mendelsohn (1958)), through which the structure model of a system can be decomposed into three parts: • Structurally under-constrained subsystem S − , where there are less constraints than unknowns; • Structurally just-constrained subsystem S 0 , where there are equally number of constraints than unknowns; • Structurally over-constrained subsystem S + , where there are more constraints than unknowns. The structural under-constrained subsystem is the part where the unknown variables can not be uniquely defined. The structurally just-constrained subsystem is the part where the unknown variables can be uniquely determined. In the structural over-constrained subsystem not only the unknown variables can be uniquely defined, but also it defines all the equations that can be used as analytic redundant relations for fault detection and isolation.
on Definition 4, all the faults can be isolable from each other. 2.4 Structural Analysis for Reconfigurability When faults occur, the controller has to be re-designed so that the system objective continues to be satisfied. Control reconfiguration is one way of achieving fault tolerant control when the fault mechanism is unknown and fault compensation can not be achieved, in which case a new input/output relationship between the controller and the plant has to be established. In case of actuator and sensor faults, reconfiguration is usually done by replacing the faulty sensors/actuators by redundant sensors/actuators or virtual sensors/actuators using estimation techniques. In latter case, state observability should be preserved under a specific sensor fault so that the state measured by the faulty sensor can be estimated by the other sensor outputs. It is therefore useful to analyze the structural observability and controllability before a reconfigured controller is properly designed. Structural Controllability Before a fault tolerant controller is applied, one important step is to analyze the structural controllability of the system. Controllability means there exists a control such that the states can be driven to any given states from any initial conditions in a finite interval of time. Controllability analysis solves for the control inputs U. Therefore, for a dynamic model that incorporates dynamic and algebraic variables: X = Xd ∪ Xa , from the controllability standpoint, the known variables are the state variables Kc = X˙d ∪ Xd , while the unknown variables are the algebraic variables Xa that could be determined by the state variables as well the control inputs U : Xc = Xa ∪ U Theorem 1. (Blanke and Schr¨oder, 2003) A necessary and sufficient condition for a system to be structurally controllable is: 1. Kc is reachable from the inputs. 2. The canonical decomposition of (CXc , Xc , EXc ) contains no over-constrained subsystem.
2.3 Structrual Analysis for Detectability and Isolability (Krysander and Frisk, 2008) gives the conditions of checking the detectability and isolability of faults in a system by its structural model: Definition 5. A fault fi can be detected if the equation it affects lies in the structurally over-constrained subsystem, i.e.: (3) e fi ∈ S + Definition 6. A fault fi is structurally isolable from fj in the structure model S if fi lies in the structurally over-constrained part of the model after removing the constraint that fj appears: efi ∈ (S /efj )+
(4)
Take system (1) as an example, performing DM decomposition of the structural Incidence Matrix, it can been found that the system has no under-constrained and justconstrained subsystem, therefore the redundant part of the system is the entire model,, meaning each equation of the model can be used for model consistency check. And based
1473
where, CXc denote the constraints that involve the unknown variables, and EXc stand for the relations between the constraint set CXc and the variable set Xc . The first condition claims that there exists a computational sequence so that the states can be determined from the inputs. The second condition suggests the subsystem (CXc , Xc , EXc ) can either be just-constrained or contains under-constrained subsystem. If the system is justconstrained, there exists unique solution to the control problem; If it is under-constrained, there exist more than one sets of control that can drive the system states to the desired values. However, if the canonical decomposition contains over-constrained subsystem, then there are some manifolds f (xd ) = 0 which the system states must satisfy. Thus it is not possible to find a control to drive the states to any desired values if the desired system states lie on this manifold. For actuator faults, whether it is stuck, disconnected, or completely broken, it is impossible to determine to system inputs from the actuator equations alone if faults are
1473
SAFEPROCESS 2015 1474 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
unknown. In this case, to characterize actuation faults, we introduce fault variables to the structural model. For system 1, the structural Incidence Matrix from the controllability standpoint is shown in Table. 3, where, the measurement equations are removed since they are uncorrelated to controllability analysis. Table 2. Incidence Matrix for Controllability of System 1 Known Variables x1 x2 e1 e2 e3 e4
X X
Unknown Variables u1a u2a u1 u2 X X X X X X
X X
As can be shown from the table, the system is just constrained, thus is structurally controllable. However, if there is a fault in the actuator u1 , we introduce a fault variable in the actuator equation u1 = u1a + fu1 . In this case, the Incidence Matrix for Controllability becomes: Table 3. Incidence Matrix for Controllability of System 1 Known Variables x1 x2 e1 e2 e3 e4
X X
X X
u1a X
Unknown Variables u2a u1 u2 fu1 X X X X
X X
X
This model is uncontrollable since u1 can not be computed unless fault fu1 is known. One solution to this problem is to find a way to estimate fault fu1 from the actuator outputs of the system yx1 , yx2 , or completely cut of actuator u1a and use additional actuator u3 for compensation, in which case the system structure is changed. Structural Observability Most engineering systems are closed loop systems, where the controller send out the control signals based the sensors measuring the current states. As a result, sensors play a crucial role in feed back control. When a sensor fault occurs, the remedial action is either to use a redundant sensor or a virtual sensor that utilizes the rest of the sensors to estimate the state originally measured by the faulty sensor (Burner and Isermann, 2004). In the latter case, the observability of the state from the other measurements have to be ensured. Since hardware redundancy is usually expensive, it is better to take advantages of analytic redundancy, therefore it is critical to analyze the observability of the system states when the faulty sensors are removed. Theorem 2. Blanke and Schr¨ oder (2003) A necessary and sufficient condition for the system to be structurally observable is: 1. All the unknown variables X are reachable from the known ones. K 2. The over-constrained and just-constrained subsystems are causal.i.e. the unknown variables can be practically computed. 3. The under-constrained subsystem is empty. Condition 1 states that there are no variables that cannot be reached from the known variables. Condition 2 and
3 mean that the unknown variables can be uniquely determined from the known variables. Structural Reconfigurability Reconfiguration changes the structure of a system, in which some nodes and computational chains that are affected by faults are cut off or rearranged. Reconfiguration must ensure that the reconfigured system has the same performance as the nominal system. (Gehin and Dulac, 2005) talk about reconfigurability of a system under structural properties, but a formal definition is not given. This paper will not only provide a formal definition of reconfigurability, but also presents the reconfigurability analysis applied on a promising example electric drive system. Definition 7. Structural Reconfigurability: A system is structurally reconfigurable under a certain fault if the states are controllable after the constraint associated with the faulty component (such as sensor equations or actuator equations) is removed (such as complete failure) or changed (such as stuck constantly at some unknown values,) form from the structural model. In other words, there exists a new set of control Ur , such that the system performance maintains the same as the healthy case. The system performance is maintained by changing the system structure. In particular, a closed-loop system under a sensor fault is reconfigurable if the state measured by the faulty sensor is observable from other sensor outputs after the faulty sensor is removed. For the example system 1, if the input depends on the system outputs : u1 = f (yx1 ), u2 = g(yx2 ), but a fault occurs on the output sensor that measures x1 , the constraint e5 is removed from the structural bipartite graph, however, since x1 can be estimated from e3 if x2 measurement is healthy, the system is reconfigurable under this fault. 3. APPLICATION EXAMPLE: ELECTRIC DRIVE SYSTEM Electric and hybrid electric vehicles(EV/HEVs) have seen increasing market penetration in recent years due to their potential of significantly improving fuel economy and reducing emissions compared with conventional internal combustion engine vehicles. However, due to the employment of high voltage systems and the associated electrical and electronic components, reliability and safety issue become a big concern for automobile consumers as well as manufacturers. One of the effective on-line solutions for reliability and safety is the development of On-Board Diagnosis and Fault Tolerant Control to enable continuity of operation in case of failures. The electric drive system, which is a key subsystem in electric vehicles is usually subject to a a variety of stresses including mechanical stress due to wear and fatigue, thermal stresses resulting from extreme high or low temperatures, electrical stress such as frequent high voltages/currents, etc. These stresses may lead to serious problems in the vehicle such as increased vibrations and reduced performance (Arenas et al., 2013). The research on developing diagnosis and fault tolerant control strategies for electric drive systems have attracted an increasing amount of attention among researchers worldwide. Bolognani et al. (2000); Wallmark et al. (2005); Tabbache et al. (2013) investigate fault tolerant control
1474
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
schemes for three phase voltage-source inverter by using redundant legs. In addition to inverters, the importance of sensors must not be ignored in that they provide the controller with critical state information to ensure correct control actions. Zhang and G. Rizzoni (2014) study fault detection and isolation for current sensor, rotor position sensor and wheel speed sensor faults in an electric vehicle drive system using a bank of state observers. Jeong et al. (2005) study fault detection, isolation and fault tolerant control for resolver faults, DC link voltage sensor faults as well as current sensor faults in a permanent magnet synchronous machine (PMSM) drive system for electric vehicles. In this section, we will show how structrual analysis approaches can be applied to analyze the diagnosability and reconfigurability of various faults in a PMSM drive system.
1475
electric machine,J is the lumped inertia of the rotating elements, b is the viscous friction coefficients, TL stands for the road load, ωwh is the wheel speed.
2 Vd (cos θr ) − Vq sin(θr ) 3 2 2 2 e2 : Vb = Vd cos(θr − π) − Vq sin(θr − π) 3 3 3 2 2 2 e3 : Vc = Vd cos(θr + π) − Vq sin(θr + π) 3 3 3 Rs + fRs Ld λm Vq diq e4 : =− iq − P ωm i d − P ωm + dt Lq Lq Lq Lq Lq Rs + f R s Vd did = e5 : P ωm i q − id + dt L Ld Ld d 2 id (cos θr ) − iq sin(θr ) e 6 : ia = 3 2 2 2 id cos(θr − π) − iq sin(θr − π) e 7 : ib = 3 3 3 2 2 2 e8 : i c = id cos(θr + π) − iq sin(θr + π) 3 3 3 dθr e9 : = P ωm dt e10 : Te = 1.5P [λm iq + (Lq − Ld )id iq ] 1 dωm = (Te − bωm − TL ) e11 : (5) dt J ωm e12 : ωwh = GR e13 : Vveh = ωwh × Rwh e14 : yVa = Va e15 : yVb = Vb e16 : yia = ia e17 : yib = ib e18 : yθr = θr e19 : yωwh = ωwh e1 : Va =
As shown in Fig. 3, a typical PMSM drive system in an electric vehicle is comprised of a battery source, a three phase inverter that converts DC voltages to AC voltages in order to drive an AC machine, a permanent magnet synchronous machine as well as a controller. A vehicle controller converts the pedal signals (Accelerator pedal command α or brake pedal command β) from the driver to a torque reference (Te∗ ). The EM controller receives the torque command from the supervisory controller and drives the electric machine to deliever the desired toque through controlling the three phase currents, using Field Oriented Control(FOC) techniques, in which the d axis current component is set to be zero and electromagnetic torque is only related to q axis current component. The EM controller is a hysteresis current controller that compares the desired three phase currents (i∗a , i∗b , i∗c ) with the measured ones (ia , ib , ic ) and sends out gate signals commands to the three phase inverter. A gearbox is used to magnify the EM torque in order to drive the wheels.
3.2 PMSM Drive System Structural Model For the PMSM drive system, the unknown variables are {Va , Vb , Vc , Vq , Vd , θr , ia , ib , ic , iq , id , ωm , Te , TL , Vveh , ωwh }, the known variables are defined as the measured variables {yVa , yVb , yVc , yia , yib , yic , yωm , yθr , yωwh }.
The structural bipartite graph and one possible matching on the bipartite graph of the PMSM drive system is shown in Fig. 4, where the measurement equations are used to compute the associated measured variables, and the rest of the unknown variables are computed from the measured variables. The corresponding matching on its Incidence Matrix is shown in Table. 4.
Fig. 3. PMSM drive system 3.1 PMSM Drive System Mathematical Model The mathematical model of a PMSM drive system is shown in Eq. 5, in which the relations of variables are linked by a set of constraints e1 ∼ e19 (model equations). Where, ia , ib , ic are the three phase currents, Va , Vb , Vc are the three phase voltages, iq and id are q and d axis currents. Vq and Vd are q and d axis voltages, Lq and Ld are q and d axis inductances, λm is the magnetic flux developed by the rotor magnets, ωm is the motor speed, θr is the electric angular position, P is the number of pole pairs, Te is the electromagnetic torque delivered by the
3.3 Diagnosability Analysis of PMSM Drive System In this paper, we consider two types of faults:
1475
a. All the sensor faults including voltage sensor faults in phase A and B, current sensor faults in phase A and B, wheel speed sensor fault and resolver faults; b. Internal faults inside the electric motor stator windings, which leads to parameter faults in internal resistance Rs .
SAFEPROCESS 2015 1476 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
Table 4. Matching on the PMSM Drive System Incidex Matrix yV a e1 e2 e3 e4 e5 e6 e7 e8 e9 e10 e11 e12 e13 e14 e15 e16 e17 e18 e19
yV
b
Known Variables yi a yi yθ b
yωwh
Vd 1 1 1
Vq 1 1 1 1
Va 1
Vb
Vc
iq
id
1 1 1 1 1
1 1 1 1 1
Unknown Variables ωm ia ib
ic
1 1
1
1
1
θ 1 1 1
1
1 1
1
1 1 1
1
1 1
Te
TL
1 1 1 1 1 1 1 1
1
1
Vveh
1 1
1 1 1
ωwh
1
1
1
1
1
unknown variables are the voltage inputs, we obtain a new Incidence Matrix as shown in Table 5, where the part that is dependent directly on the inputs are depicted in the shaded area, from which it is possible to find a matching with respect to the inputs. In this matrix, the subsystem (CXc , Xc , EXc ) is just-constrained. The system is controllable.
Fig. 4. PMSM Drive System Structure Oriented Graph Zhang and Rizzoni (2014) study detectability and isolability of various sensor faults in a PMSM drive system, where the DM-decomposition result is presented. The sensor faults affect constraints e14 through e19 . The internal resistance fault affects equations e4 and e5 . According to (Zhang and Rizzoni, 2014), these equations lie in the structurally over-constrained part, thus they can be detected. In addition, by using the structural isolability definition, it is found out that all faults are isolable from each other. 3.4 Reconfigurability Analysis for PMSM drive system This subsection conducts reconfigurability analysis by offering examples of current sensor fault and resolver fault. These two faults are very important in that they provide feedback to the EM controller, and directly affect the torque output of the electric drive. Controllability Analysis For the PMSM drive system, if we re-arrange its structural model so that the known variables are the dynamic and algebraic states while the
Reconfigurability Analysis Under Current Sensor Fault If one of the three phase current sensors becomes faulty, the controller will receive the wrong current signal information, resulting in incorrect voltage signals of the motor, which may lead to reduced performance in the vehicle. If a current sensor is faulty, without loss of generality, it is assumed that phase A current sensor is faulty, it is not possible to determine ia from its measurement. Therefore, the sensor equation e14 is removed from the Incidence Matrix. In this case, we should try to see if it is possible to estimate the phase current through the other measurements. This is achieved by finding the observability of ia from the rest of the known variables. From the Incidence Matrix showin in Tab. 4, once we lose e14 to calculate ia , it is still possible to calculate ia from e6 , by using the relationship between θr , iq , id and ia . In this case the system will lose one redundancy, but maintains functionality of the electric drive system. The structural bipartite graph under current sensor fault is shown in Fig. 5. As can be seen, the system is reconfigurable under current sensor fault, since the states are all observable from the available measurements. Reconfigurability under Rotor Position Sensor/Resolver Fault If something goes wrong with the resolver, the measured rotor angular position will be faulty, this will directly result in wrong calculation of the input voltages Vd ,Vq , motor speed ωm as well as the currents ia and ib . As can be seen from the mathematical model, the electrical angle is not practically computable from its model equations since we should avoid direct integration from the electric motor speed ωm . Incorrect calculation will result in wrong calculation of the input voltages Va , Vb , Vc references sent out to the inverter. However, θr could be estimated from the electromotive force (Back EMF) if we add the state equations in the stationary frame (dq s ) (H.Kim et al. (2011)) :
1476
SAFEPROCESS 2015 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
1477
Table 5. Incidence Matrix for Controllability i˙ q e1 e2 e3 e4 e5 e6 e7 e8 e9 e10 e11 e12
1 1
i˙ d
Known Variables ω˙ m iq id ωm
1 1
1 1 1 1 1
1 1 1 1 1
ia
1 1
1
ib
ic
ωwh
1 1
Vd 1 1 1
Va 1
Vb 1
Vc
1
1
1
1
1
1
Unknown Variables Vveh Te TL Vq 1 1 1 1
1 1
1
θ 1 1 1
1 1
1 1
1
1
e26 : θr = − tan−1
esd esq
(11)
Adding these equations e20 ∼ e26 and the associated causal assignments to the bipartite graph, a new causal graph is obtained as shown in Fig. 6. In this case, θ is observable, and the system is reconfigurable under resolver fault.
Fig. 5. Reconfiguration Under Current Sensor Fault Rs 1 s 1 s e20 : i˙ sd = − isd − ed + v (6) Ls Ls Ls d Rs 1 s 1 s (7) eq + v e21 : i˙ sq = − isq − Ls Ls Ls q where, isd , isq , vds , vqs , esd , esq stands for the currents, voltages, Back EMF in stationary reference frame. The transformation from three phase variables in dq s reference frame variables is expressed Eq. 8 and Eq. 9: 1 1 3 s e22 : id = (ia − ib − ic ) 2 2 2 √ (8) √ 3 3 3 s e23 : iq = ( ib − ic ) 2 2 2 1 1 3 Va − Vb − Vc ) e24 : Vds = 2 2 2 √ (9) √ 3 3 3 s ( Vb − Vc ) e25 : Vq = 2 2 2 The Back EMF can be expressed as: esd = λm P ωr sin θr esq = −λm P ωr cos θr
Therefore, θr could be estimated by:
(10)
Fig. 6. Reconfiguration Under Position Sensor Faults 4. CONCLUSION This paper presents a structural approach for analyzing a system’s diagnosability and reconfigurability. In particular, this paper proposes to analyze a system’s reconfigurability by its structural controllability and observability under faults. The structural analysis approach is applied on a PMSM drive systems in an electric vehicle. A mathematical model for a system can be structurally represented through bipratite graphs and Incidence Matrix, in which the relationship between model equations and variables are clearly defined. The detectability and isolability of faults can be analyzed through the redundancy of the structural model. In case sensor faults occur, control reconfigurability can be achieved through the preserved observability of states under faulty conditions. Reconfigurability for various faults including current sensor faults and resolver faults are studied in this paper. It has been shown that
1477
SAFEPROCESS 2015 1478 September 2-4, 2015. Paris, France
Jiyu Zhang et al. / IFAC-PapersOnLine 48-21 (2015) 1471–1478
for each sensor fault, the structural controllability and observability are maintained under the reconfigured system so that a fault tolerant controller using control reconfiguration can be applied. In the future, the work will be extended to include a more complete reconfigurability analysis for the PMSM drive system by taking more types of faults such as motor internal faults and inverter faults into consideration. It is also expected to combine structural analysis tools with estimation techniques such as state observers to achieve stability of state or parameter estimates for better realization of fault tolerant control. ACKNOWLEDGEMENTS This paper is based upon work supported by the Department of Energy under Award Number DE-PI0000012. This paper was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof. REFERENCES Arenas, A.C., Zhang, J., and Rizzoni, G. (2013). Diagnostics and prognostics needs and requirements for electrified vehicles powertrains advances in automotive contro. In IFAC Symposium on Advances in Automotive Control, 524–529. IFAC, Tokyo, Japan. Blanke, M., Frei, C.W., , Kraus, F., Patton, R.J., and Staroswiecki, M. (2000). What is fault-tolerant control? Aalborg University, Department of Control Engineering. Blanke, M. and Schr¨ oder, J. (2003). Diagnosis and faulttolerant control, volume 115. Springer. Blanke, M., Staroswiecki, M., and Wu, N.E. (2001). Concepts and methods in fault-tolerant control. In American Control Conference, 2001. Proceedings of the 2001, volume 4, 2606–2620. IEEE. Bolognani, S., Zordan, M., and Zigliotto, M. (2000). Experimental fault-tolerant control of a PMSM drive. Industrial Electronics, IEEE Transactions on, 47(5), 1134–1141. Burner, M. and Isermann, R. (2004). Supervision, fault detection, and sensor fault tolerance of passenger cars. In Fault Detection, Supervision and Safety of Technical Processes 2003 (SAFEPROCESS 2003): A Proceedings Volume from the 5th IFAC Symposium, Washington, DC, USA, 9-11 June 2003, volume 1, 319. Elsevier. Dulmage, A. and Mendelsohn, N. (1958). Coverings of bipartite graphs. Canadian Journal of Mathematics, 10(4), 516–534.
Gehin, A. and Dulac, M. (2005). A graphical interpretation of the structural properties of a system. In Proceedings of the 13th Mediterranean Conference on Control and Automation. Limassol,Cyprus. H.Kim, J.Son, and J.Lee (2011). A high-speed slidingmode observer for the sensorless speed control of a pmsm. Industrial Electronics, IEEE Transactions on, 58(9), 4069–4077. Isermann, R. (2005). Model-based fault-detection and diagnosis–status and applications. Annual Reviews in control, 29(1), 71–85. Isermann, R. (2006). Fault-diagnosis systems. Springer. Jeong, Y., Schulz, S.S.S., and Patel, N. (2005). Fault detection and fault-tolerant control of interior permanentmagnet motor drive system for electric vehicle. Industry Applications, IEEE Transactions on, 41(1), 46–51. Kinnaert, M. (2003). Fault diagnosis based on analytical models for linear and nonlinear systems. a tutorial. In Preprints of the 5th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS2003, 37–50. Krysander, M. and Frisk, E. (2008). Sensor placement for fault diagnosis. Systems, Man and Cybernetics, Part A: Systems and Humans, IEEE Transactions on, 38(6), 1398–1410. Krysander, M. (2006). Design and analysis of diagnosis systems using structural methods. Rizzoni, G., Onori, S., and Rubagotti, M. (2009). Diagnosis and prognosis of automotive systems: motivations, history and some results. In Proceedings of the 7th IFAC Symposium on Fault Detection, Supervision and Safety of Technical Processes (SAFEPROCESS09). Staroswiecki, M. and Comtet-Varga, G. (2001). Analytical redundancy relations for fault detection and isolation in algebraic dynamic systems. Automatica, 37(5), 687–699. Tabbache, B., Benbouzid, M., Kheloui, A., and J.M. Bourgeot, a.A.M. (2013). An improved fault-tolerant control scheme for PWM inverter-fed induction motor-based evs. ISA transactions, 52(6), 862–869. Wallmark, O., Harnefors, L., and Carlson, O. (2005). Control algorithms for a fault-tolerant PMSM drive. In Industrial Electronics Society, 2005. IECON 2005. 31st Annual Conference of IEEE, pp.7. Zhang, J. and G. Rizzoni, G. (2014). Fault diagnosis for pmsm drive system in electric vehicle. In ASME 2014 Dynamic Systems and Control Conference. San Antonio, Texas, USA. Zhang, J. and Rizzoni, G. (2014). Structural analysis for FDI of PMSM drive system in electric vehicles. In Transportation Electrification Asia-Pacific (ITEC AsiaPacific), 2014 IEEE Conference and Expo, 1–7. IEEE. Zhang, Y. and Jiang, J. (2008). Bibliographical review on reconfigurable fault-tolerant control systems. Annual reviews in control, 32(2), 229–252.
1478