Stochastic stability analysis for fault tolerant control systems with ...
Internationa l Journal of Systems Science, 2002, volume 33, number 1, pages 55±65
Stochastic stability analysis for fault tolerant control systems with multiple failure processes M. Mahmoud, J. Jiang and Y. M. Zhang A new dynamical model is developed here to study the stochastic stability of Fault Tolerant Control Systems (FTCS) with multiple failure processes. In particular, two independent failure processes with Markovian characteristics are considered: one for plant component failures and the other for actuator failures. In this model, the Fault Detection and Isolation (FDI) process is also formulated as a Markov process with transition probabilities conditioned on the current state transition probabilities of the two failure processes. It is shown that the exponential stability in the mean square is su cient for almost sure asymptotic stability. In addition, a necessary and su cient condition for exponential stability in the mean square for FTCS is derived. Some previously known results are shown to be special cases of this new result. Failures in actuators with internal dynamics are also considered. A numerical example is included to demonstrate the theoretical analysis.
1.
Introduction
Safety-critical systems such as aircraft, space vehicles and nuclear power plants rely on Fault Tolerant Control Systems (FTCS) to improve reliability, maintainability and survivability. The performance of these systems should be maintained not only during normal operation, but also in the case of malfunctions in sensors, actuators and plants. FTCS can be classi®ed into two categories: active and passive. Active FTCS compensate for the e ects of failures either by selecting a new precomputed control law, or by synthesizing a new control law on-line. Both approaches need a Fault Detection and Isolation (FDI) scheme to identify the fault-induce d changes and to recon®gure the control law. Thus, the FDI and control law redesign have to work jointly. The dynamic behavior of active FTCS is governed by stochastic di erential equations because the failures and the FDI decisions are non-deterministic in nature (Willsky 1976). An active FTCS can be modelled as a general hybrid system, as it combines both the Euclidean
Received 24 January 2000. Revised 29 May 2001. Accepted 7 June 2001. Department of Electrical and Computer Engineering, University of Western Ontario, London, Ontario, Canada N6A 5B9.
space for system dynamics and the discrete space for fault-induced changes. Hybrid systems were ®rst studied by Kats and Krasovskii (1960). They considered the stability of moments using the stochastic Lyapunov function approach. Bucy (1965) and Kushner (1967) studied sample path stability employing the supermartingal e property of some stochastic Lyapunov functions. In the literature mentioned above, a hybrid system is modelled as a linear di erential equation whose coe cients vary randomly with Markovian characteristics. One class of hybrid systems is Jump Linear Systems (JLS). In JLS, the random jump process of the coe cients is represented by a ®nite state Markov chain called `plant regime mode’. The research in JLS covers two broad areas. The ®rst deals with deriving necessary and/or su cient conditions for the existence of the optimal quadratic regulator (Sworder 1969, Wonham 1971, Hopkins 1987, Boukas 1993). The second deals with the properties, such as stability, controllability and observability, of this class of systems (Ji and Chizeck 1990, Ji et al. 1991, Feng et al. 1992). It is important to mention that the models of JLS assume perfect knowledge of the regime. However, this is not the case in FTCS because one cannot generally assume perfect regime measurement due to failures. Therefore, it is important to consider the impact of the FDI process on the stochastic stability of the closed-loop system.
International Journal of Systems Science ISSN 0020±7721 print/ISSN 1464±5319 online # 2002 Taylor & Francis Ltd http://www.tandf.co.uk/journals DOI: 10.1080/00207720110071985
56
M. Mahmoud et al.
This issue was emphasized by Mariton (1989), where su cient conditions for the stability of hybrid systems with detection delays was derived. However, these results were based on the assumption of perfect regime knowledge. To relax this assumption and move one step closer to practical FTCS, another class of hybrid systems was de®ned by Srichander and Walker (1993). This class of systems is known as Fault Tolerant Control Systems with Markovian Parameters (FTCSMP). In FTCSMP, separate random processes with di erent state spaces are de®ned. The ®rst process represents system component failures and the second represents decisions of the FDI process used to recon®gure the control law. This model will allow not only for the study of detection delays, but also for the examination of errors in detection. Mahmoud et al. (2000) carried out a robustness study of FTCSMP against parameter uncertainties. Unfortunately, the model proposed in Srichander and Walker (1993) considered failures only in actuators, and actuators are assumed to be without any internal dynamics. In this work, two failure processes are used: one for plant components and the other for actuators. The situation with sensor failure has been dealt with elsewhere. The main reason for using two independent failure processes is that it allows the modelling of failures at di erent locations with independent failure characteristics. Furthermore, it permits the construction of conditional transition probabilities of the FDI process when there are delays or errors in detection with respect to each failure process individually. Under some special conditions the two failure processes may have a common state space. In this case, they may be replaced by one equivalent failure process as will be shown. One of the main goals of the current research is to relax the existing limitations and assumptions. Speci®cally, we will develop a dynamical model that permits us to consider multiple failures at di erent locations in the system to be controlled, namely, in plant components and actuators. Since most actuators in practical systems have their own dynamics, results will be extended to actuators with internal dynamics. At this point, a stochastic FDI process with Markovian characteristics is de®ned. The transition probabilities of the FDI process are conditioned on the current state of the two failure processes. In particular, a necessary and suf®cient condition for stochastic exponential stability in the mean square under these conditions is derived. These results are obtained without the restrictive assumptions of instantaneous failure detection, certainty of correct isolation, limitation to failure in actuators without internal dynamics, or failures only in actuators. The paper makes signi®cant contributions in the analysis of FTCS with some consideration to the practical aspects of applications.
This paper is organized as follows: Section 2 describes the dynamical model, the failure processes and the FDI process. A brief summary of basic terms, results and de®nitions in stochastic systems are given in Section 3. Stochastic stability of FTCSMP is de®ned in Section 4. Section 5 derives a necessary and su cient condition for stochastic exponential stability in the mean square. A numerical example is given in Section 6 to validate the theoretical results. Finally, a concluding summary is given in Section 7.
2.
Mathematical formulation of FTCSMP
2.1. Dynamical model A FTCS subject to failures in plant components and actuators is shown in ®gure 1. The system under normal operation can be described by x_ …t† ˆ A…t†x…t† ‡ B…t†u…t†:
…1†
where A 2 Rn n , B 2 Rn m , and x…t† 2 Rn represent the system state, and u…t† 2 Rm is the input. It is important to emphasize that the location of a fault and the nature of the faulty component are important when determining the appropriate dynamical model to describe the faulty system. In this paper, the random changes in plant components are represented by a homogeneous Markov process ±…t† with ®nite state space Z ˆ f1; 2; . . . ; zg. Similarly, the random changes that occur in control actuators are represented by another homogeneous Markov process ²…t† with ®nite state space S ˆ f1; 2; . . . ; sg. These two failure processes are not directly measurable but can be detected by an FDI process, ª…t†. For a single sample FDI test acting on signals with additive white noise, ª…t† has Markovian characteristics (Srichander and Walker 1993). The state space of the FDI process is denoted by R ˆ f1; 2; . . . ; rg. FDI
Reference input +
-
Actuators
Failures
Plant
Sensors
Failures
Controller Figure 1.
Schematic diagram for FTCSMP subject to failures in plant components and actuators.
Stochastic stability of FTCS The failure processes ±…t†, ²…t†, and the FDI process ª…t† are de®ned in Section 2.2. If the plant components undergo a change due to a component failure, the system matrix A will change accordingly. If the actuators are also subject to random variations due to malfunctions , then system input matrix B will also change. If any of the control actuators fail completely (total failure), then the corresponding column in the input matrix will be a zero vector and no actuating signal will be fed to the system from that particular actuator. For that reason, the system to be controlled must possess a su cient degree of actuator redundancy (Zhao and Jiang 1998). The FDI process has to consider the combinations of changes in A and B. For example, the plant components may undergo one failure resulting in two system matrices that describe our model: A1 for normal operation and A2 for faulty operation. The corresponding failure process will also have two states Z ˆ f1; 2g. Similarly, if the failures in the actuators result in three forms for the input matrix B1 (normal), B2 and B3 (faulty matrices), the corresponding failure process will have three states S ˆ f1; 2; 3g. In this case, the FDI process will have six states to identify the di erent failures encountered in the system, i.e. R ˆ f1; 2; 3; 4; 5; 6g. From ®gure 1, the control law for active FTCS is only a function of the measurable FDI process ª…t†. Therefore, the FTCSMP can be modelled as x_ …t† ˆ A…±…t††x…t† ‡ B…²…t††u…x…t†; ª…t†; t† u…x…t†; ª…t†; t† ˆ ¡K …ª…t††x…t†;
…2†
where x…t† 2 Rn is the system state, u…x…t†; ª…t†; t† 2 R m is the input and K…ª…t†† is a constant gain matrix that depends on the FDI process. A…±…t†† and B…²…t†† are properly dimensioned matrices and are random in nature with Markovian transition characteristics. ±…t†; ²…t† and ª…t† are separable and measurable Markov processes (Doob 1990) with ®nite state spaces Z ˆ f1; 2; . . . ; zg, S ˆ f1; 2; . . . ; sg and R ˆ f1; 2; . . . ; rg, respectively. In the sequel, A…±…t†† ˆ Aj when ±…t† ˆ j 2 Z; B…²…t†† ˆ Bk when ²…t† ˆ k 2 S and u…x…t†; ª…t†; t† ˆ ui when Also denote x…t† ˆ x; ª…t† ˆ i 2 R. ±…t† ˆ ±; ²…t† ˆ ²; ª…t† ˆ ª and the initial conditions are x…to † ˆ xo ; ±…to † ˆ ±o ; ²…to † ˆ ²o ; ª…to † ˆ ªo :
2.2. FDI and failure processes Recall that the random processes ±…t†; ²…t† and ª…t† are assumed to be homogeneous Markov processes with ®nite state spaces Z; S and R, respectively. The transition probability for the plant component failure process, ±…t†, is de®ned as:
57
pjh …¢t† ˆ jh ¢t ‡ o…¢t† X pjj …¢t† ˆ 1 ¡ jh ¢t ‡ o…¢t†
… j 6ˆ h† … j ˆ h†;
j6ˆh
…3†
while the transition probability for the actuator failure process, ²…t†, is pkl …¢t† ˆ ¬kl ¢t ‡ o…¢t† X pkk …¢t† ˆ 1 ¡ ¬kl ¢t ‡ o…¢t† k6ˆl
…k 6ˆ l† …k ˆ l†;
…4†
where ¬kl represents the actuator failure rate, and jh is the plant component failure rate. Given that ± ˆ j and ² ˆ k, the conditional transition probability of the FDI process; ª…t†, is: jk pjk iv …¢t† ˆ qiv ¢t ‡ o…¢t†
pjk ii …¢t† ˆ 1 ¡
X i6ˆv
qjk iv ¢t ‡ o…¢t†
…i 6ˆ v† …i ˆ v†:
…5†
Depending on the indices j; k; i and v, di erent interpretations can be given to qjk iv , such as the rate of false alarm, correct detection and isolation, etc. It is important to mention that the rates qjk iv are determined by the nature of the FDI process. These rates are vital in deciding the stochastic stability of the closed-loop system (Srichander and Walker 1993, Mahmoud et al. 1999, 2000). In other words, the stochastic stability of FTCSMP depends on the performance of the FDI process through qjk iv .
3.
Basic de®nitions
In this section, some concepts of stochastic stability are brie¯y stated without proof. For more details, see Bucy (1965), Kushner (1967) , Khasminskii (1980) and Doob (1990). Under the assumption that the system (2) satis®es the global Lipschitz condition, the solution x…t† determines a family of unique continuous stochastic processes, one for each choice of the random variable x…to †. The joint process fx; ±; ²; ªg ˆ fx…t†; ±…t†; ²…t†; ª…t†; t 2 I g is a Markov process. 3.1. Stochastic Lyapunov function A very important tool in the stability analysis of stochastic systems is the stochastic Lyapunov function. It is used to describe the stability property without explicit solution to the di erential equations. Kushner (1967) stated the conditions that a stochastic function must meet to qualify as a stochastic Lyapunov function. De®nition 1: The random function V…x; ±; ²; ª; t† of the joint Markov process fx; ±; ²; ªg quali®es as a stochastic
M. Mahmoud et al.
58
Lyapunov function candidate if the following conditions hold for some ®xed · < 1. (a) The function V…x; ±; ²; ª; t† is positive de®nite and continuous in x in the open set O· ˆ fx…t†: V…x; j; k; i; t† < ·g 8j 2 Z, k 2 S, i 2 R and t 0, V…x; ±; ²; ª; t† ˆ 0 only if x ˆ 0. (b) The joint Markov process fx; ±; ²; ªg is de®ned until at least some ½· ˆ inf ft: x…t† 2 = O· g with probability one, if x…t† 2 O· then ½· ˆ 1.
(c) The function V…x; ±; ²; ª; t† is in the domain of the weak in®nitesimal operator of the joint Markov process fx…½t †; ±…½t †; ²…½t †; ª…½t †; ½t g, where ½t ˆ min…t; ½· †.
3.2. Weak in®nitesimal operator The weak in®nitesimal operator can be considered as the derivative of the function Vfx; ±; ²; ª; tg along the trajectory of the joint Markov process fx; ±; ²; ª; tg which emerges at the point fx; ± ˆ j; ² ˆ k; ª ˆ ig at time t. The weak in®nitesimal operator is de®ned as: De®nition 2: Let the joint Markov process fx…t†; ±…t†; ²…t†; ª…t†g be denoted by À…t†. Then the continuous function V…x…t†; ±…t†; ²…t†; ª…t†; t† represented as V…À…t†; t† with a bounded time derivative Vt …À…t†; t† for every À…t† is said to be in the domain of the weak in®nitesimal operator `, if the limit "fV…À…t ‡ ½†; t ‡ ½†j…À…t†; t†gV…À…t†; t† lim ½!o ½ ˆ lim "fVt …À…t ‡ ½ †; t ‡ ¬†g ½!o ½>¬!o
‡ lim
½!o
"fV…À…t ‡ ½ †; t†j…À…t†; t†g ¡ V…À…t†; t† ½
ˆ Vt …À…t†; t† ‡ h…À…t†; t† ˆ `V…À…t†; t† exists pointwise, and satis®es lim "fVt …À…t ‡ ½ †; t ‡ ½†g ‡ h…À…t ‡ ½†; t ‡ ½ †
½!o
ˆ Vt …À…t†; t† ‡ h…À…t†; t†; where "fV…À…t ‡ ½†; t ‡ ½ †j…À…t†; t†, is the conditional expectation of the stochastic Lyapunov function at time t ‡ ½ , given its value at time t. h…À…t†; t† is the weak in®nitesimal operator of the function V…À…t†; t† ˆ V …x…t†; ±…t†; ²…t†; ª…t†; t† when t is ®xed. 4.
Stochastic stability
There are several de®nitions for stochastic stability in the literature. They are extensions to deterministic stability in the three modes of convergence: convergence in probability, convergence in the mean, and almost sure convergence (Kozin 1969). Despite the di erent de®ni-
tions, it is the almost sure convergence that is of prime interest when considering practical systems (Loparo and Feng 1996). In the context of fault-tolerant control, it is important to consider the almost sure asymptotic stability and the stochastic exponential stability in the mean square. This section de®nes and states the theorems that guarantee both forms of stochastic stability for the FTCSMP in (2). De®nition 3: The solution x…t† ˆ 0 of the system (2) is said to be almost surely asymptotically stable if for any ±o 2 Z, ²o 2 S, ªo 2 R, " > 0, » > 0, there exists such that for any ¯…"; »; to † > 0 kxo ˆ x…±o; ²o ; ªo ; to †k < ¯, we have: » ¼ P sup kx…t; xo ; to †k > " µ » 0µtµ1
and P
»
lim sup kx…t; xo ; to †k ˆ 0
t!1 t to
¼
ˆ 1:
De®nition 4: The solution x…t† ˆ 0 of the system (2) is said to be exponentiall y stable in the mean square if, for any ±o 2 Z, ²o 2 S, ª o 2 R, and some ¯ > 0, there exist two constants a > 0 and b > 0 such that when kxo ˆ x…±o; ²o ; ªo ; to †k µ ¯, the following inequality holds 8t to : Efkx…t; xo ; to †k2 g µ bkxo k2 expf¡a…t ¡ to †g:
For a ®nite state Markov FDI process, the following theorems of stochastic stability are applicable to the dynamical system (2). These theorems were originally derived and proved (Kats and Krasovskii 1960) for the stochastic Lyapunov function V …x…t†; ·…t†; t† where ·…t† is the Markov jump process. An extension to the proof of these theorems was carried out (Srichander and Walker 1993) for the proposed Lyapunov function V…x…t†; r…t†; ²…t†; t†. Using similar arguments we can prove the theorems for the stochastic Lyapunov function V…x…t†; ±…t†; ²…t†; ª…t†; t†. However, they are not shown here to avoid repetition. The interested reader may refer to the mentioned references. Theorem 1: Assume that V…x…t†; ±…t†; ²…t†; ª…t†; t† is a stochastic Lyapunov function, and let the weak in®nitesimal operator `V …x…t†; ±…t†; ²…t†; ª…t†; t† µ ¡N…x…t†; ±…t†; ²…t†; ª…t†; t† < 0 in the open set O· for the system (2) when ±…t† 2 Z, ²…t† 2 S, and ª…t† 2 R, where N…x…t†; ±…t†; ²…t†; ª…t†; t† is continuous in x…t†; 8t 0 and N…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ 0 only if x…t† ˆ 0, then the solution x…t† ˆ 0 of the system (2) is almost surely asymptoticall y stable.
Stochastic stability of FTCS Theorem 2: The solution x…t† ˆ 0 of the system (2) is exponentially stable in the mean square if and only if there exists a Lyapunov function V …x…t†; ±…t†; ²…t†; ª…t†; t† that satis®es, for some constants 0 < c1 < c2 , c3 > 0, 2
2
(a) c1 kx…t†k µ V…x…t†; ±…t†; ²…t†; ª…t†; t† µ c2 kx…t†k , (b) `V…x…t†; ±…t†; ²…t†; ª…t†; t† µ ¡c3 kx…t†k2 .
The following theorem is used to de®ne the necessary condition for exponential stability in the mean square of the system (2). Moreover, in this work it will also be used as the su cient condition for almost sure asymptotic stability. Theorem 3: If the system (2) is exponentially stable in the mean square, then for any given positive de®nite function W …x…t†; ±…t†; ²…t†; ª…t†; t† which is bounded and continuous 8t to ; ±…t† 2 Z; ²…t† 2 S and ª…t† 2 R, there exists a positive de®nite function V…x…t†; ±…t†; ²…t†; ª…t†; t† of the same order which satis®es the conditions of Theorem 2 and such that `V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ ¡W …x…t†; ±…t†; ²…t†; ª…t†; t†. This positive de®nite function, V…x…t†; ±…t†; ²…t†; ª…t†; t†, actually satis®es both conditions of Theorems 1 and 2. Therefore, a very important conclusion is that the exponential stability in the mean square implies almost sure asymptotic stability. That is, a su cient (but not necessary) condition for almost sure stability for the equilibrium solutions of the system (2) is established. In other words, only one set of conditions needs to be satis®ed to guarantee both types of stochastic stability.
5.
A necessary and su cient condition for exponential stability
In this section, a necessary and su cient condition for the exponential stability of the FTCSMP (2) under the state feedback ui ˆ ¡Ki x 8i 2 R is derived. The stability must be maintained not only under normal operation, but also when there are failures in the plant components, the actuators, or any combination thereof. Let V…x…t†; ±…t†; ²…t†; ª…t†; t† be the stochastic Lyapunov function of the joint Markov process fx…t†; ±…t†; ²…t†; ª…t†g. From De®nition 2, the weak in®nitesimal operator for the system (2) at the point fx ˆ x; ± ˆ j; ² ˆ k; ª ˆ i; tg is given by: `V …x; ±; ²; ª; t† ˆ
@V @V ‡ f …x; j; k; i; t†; @t @x X ‡ jh ‰V…x; h; k; i; t† ¡ V…x; j; k; i; t†Š h2Z h6ˆj
59
‡
X
¬kl ‰V …x; j; l; i; t† ¡ V…x; j; k; i; t†Š
‡
X
qjk iv ‰V …x; j; k; v; t† ¡ V…x; j; k; i; t†Š:
l2S l6ˆk
v2R v6ˆi
…6†
The results of Theorems 1±3 are also applicable to the FTCSMP (2). However, the conditions are di cult to test and to verify. We will thus state and derive a testable necessary and su cient condition for the exponential stability in the mean square for the FTCSMP using the weak in®nitesimal operator de®ned in (6). Theorem 4: A necessary and su cient condition for exponential stability in the mean square of the FTCSMP (2) under the control law ui ˆ ¡Ki x, i 2 R, is that there exist steady-stat e solutions Pjki …t† > 0; j 2 Z; k 2 S and i 2 R as t ! ¡1 to the following coupled matrix di erential equations: P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki
‡
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
X h2Z h6ˆj
jh Phki …t†
qjk iv Pjkv …t† ‡ Qjki ˆ 0;
where Pjki …0† ˆ 0, and Qjki > 0 with A~jki given by 1 A~jki ˆ Aj ¡ Bk Ki ¡ I 2
X h2Z h6ˆj
jh ¡
1 X 1 X jk I q : ¬kl ¡ I 2 l2S 2 v2R iv l6ˆk
v6ˆi
Proof of necessity: Assume that the dynamic system (2) is exponentially stable in the mean square under the control law ui ˆ ¡Ki x 8i 2 R. By Theorem 4 there exists a quadratic positive function V …x…t†; ±…t†; ²…t†; ª…t†; t† such that `V …x…t†; ±…t†; ²…t†; ª…t†; t† ˆ ¡W …x…t†; ±…t†; ²…t†; ª…t†; t† < 0. Consider the following quadratic stochastic Lyapunov function for the FTCSMP (2): V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ xT …t†P…±…t†; ²…t†; ª…t††x…t†:
…7†
The weak in®nitesimal operator in (6) can be written as: `V…x; ±; ²; ª; t† ˆ xT P_ jki …t†x ‡ xT Pjki …t†Aj x ‡ xT Pjki …t†Bk ui ‡ xT ATj Pjki …t†x ‡ uTi BTk Pjki …t†x
M. Mahmoud et al.
60 8 > <X
9 > = ‡ xT jh ‰Phki …t† ¡ Pjki …t†Š x > > : h2Z ;
Let W …x…t†; ±…t†; ²…t†; ª…t†; t†
h2j
‡ xT
8 > <X > : l2S
l6ˆk
8 > <X
ˆ xT …t†Q…±…t†; ²…t†; ª…t††x…t† > 0:
9 > = ¬kl ‰Pjli …t† ¡ Pjki …t†Š x > ;
Setting `V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ ¡W …x…t†; ±…t†; ²…t†; ª…t†; t†: …13†
9 > = jk T ‡x qiv ‰Pjkv …t† ¡ Pjki …t†Š x: > > : v2R ;
…8†
v2i
With the state feedback ui ˆ ¡Ki x, the weak in®nitesimal operator becomes: `V…x; ±; ²; ª; t† ˆ xT P_ jki …t†x ‡ xT Pjki …t†Aj x
‡ xT
9 > = ‰P …t† ¡ P …t†Š x ¬kl jli jki > ;
> : l2S
l6ˆk
8 > <X
9 > = jk T ‡x qiv ‰Pjkv …t† ¡ Pjki …t†Š x: …9† > > : v2R ;
1 A~jki ˆ Aj ¡ Bk Ki ¡ I 2
X
jh
h2Z h6ˆj
¡
1 X 1 X jk I q ; ¬kl ¡ I 2 l2S 2 v2R iv l6ˆk
v6ˆi
…10† where I is the identity matrix. Rearranging terms we have »
`V…x; ±; ²; ª; t† ˆ xT P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki X X ‡ jh Phki …t† ‡ ¬kl Pjli …t† h2Z h6ˆ j
‡
X v2R v6ˆ i
l2S l6ˆ k
qjk iv
¼
Pjkv …t† x:
jh Phki
l2S l6ˆk
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
qjk iv Pjkv …t†
¼
‡ Q jki x …14†
0
v2i
De®ne
‡
X
Let ©jki …t; ½ † ˆ exp…A~jki …t ¡ ½ †† be the fundamental matrix associated with A~jki , then the solutions of the coupled di erential equations under the boundary condition Pjki …0† ˆ 0 are " …t X T Pjki …t† ˆ ¡ ©jki …t; ½ † jh Phki …½ †
‡ xT ATj Pjki …t†x ¡ xT KiT BTk Pjki …t†x 8 9 > > <X = T ‡x jh ‰Phki …t† ¡ Pjki …t†Š x > > : h2Z ; h6ˆj
We have: » xT P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki
ˆ 0:
¡ xT Pjki …t†Bk Ki x
8 > <X
…12†
…11†
h2Z h6ˆj
‡
X
¬kl Pjli …½ †
‡
X
qjk iv Pjkv …½ † ‡ Qjki ©jki …t; ½ † d½:
l2S l6ˆk
v2R v6ˆi
#
…15†
Similar coupled ordinary di erential equations have been studied in detail (Wonham 1971). For the nonsingular matrices ©jki …t; ½† and positive de®nite matrices Qjki …t†, the solutions are unique, continuous on t 2 …¡1; 0Š and Pjki …t† > 0 8j 2 Z; k 2 S, and i 2 R. These solutions are monotonically increasing on (¡1; 0Š as t ! ¡1. They are bounded and will converge to steady-state solutions. Proof of su ciency: Assume that steady-state solutions fPjki …t† > 0; j 2 Z; k 2 S; i 2 Rg for the coupled matrix di erential equations under the boundary conditions Pjki …0† ˆ 0 exist, then V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ xT …t†P…±…t†; ²…t†; ª…t††x…t† is a stochastic Lyapunov function and satis®es conditions (a)±(c) in De®nition 1 and condition (a) in Theorem 2. That is V…x…t†; ±…t†; ²…t†; ª…t†; t† is positive de®nite, bounded, continuous and in the domain of the weak in®nitesimal operator. Furthermore, the steady-state solutions of Pjki …t† imply that fPjki …t† > 0; j 2 Z; k 2 S; i 2 Rg satisfy the
Stochastic stability of FTCS coupled matrix di erential equations in Theorem 3, that is: 8 > < X P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki ‡ jh Phki > : h2Z h6ˆj
‡
or
X
jh Phki
h2Z h6ˆj
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
qjk iv Pjkv …t† ‡ Qjki
(
xT P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki ‡
‡
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
qjk iv Pjkv …t†
)
X
9 > = > ;
ˆ0 (16)
61
P_ ji …t† ‡ A~Tji Pji …t† ‡ Pji …t†A~ji ‡ ‡
X v2R v6ˆi
X l2S l6ˆj
jl Pli …t†
qjiv Pvj …t† ‡ Q ji ˆ 0
8Pji …0† ˆ 0; t 2 …¡1; 0Š;
…20†
where A~ji is de®ned as
1 A~ji ˆ Aj ¡ BKi ¡ I 2
X l2S l6ˆj
1 X j q : jl ¡ I 2 v2R iv
…21†
v2i
The necessary and su cient condition for the stochastic exponential stability of this type of system is the existence of steady-state solutions for equation (20).
jh Phki
h2Z h6ˆj
5.2. Failures in actuators with no dynamics T
x ˆ ¡x Qjki x:
…17†
For ui ˆ ¡Ki x 8i 2 R, the weak in®nitesimal operator `V…x…t†; ±…t†; ²…t†; ª…t†; t† is given by (11) with A~jki given by (10). Therefore, it follows that: `V…x…t†; ±…t†; ²…t†; ª…t†; t†
In this case, integrity of the plant components is assumed, and the actuators have no internal dynamics. Therefore, only the input matrix B may change as a result of the random failures in the actuators. The system can be described by: x_ …t† ˆ Ax…t† ‡ Bk u…t†
k2S
with A~ki de®ned as
T
ˆ ¡x …t†Q…±…t†; ²…t†; ª…t††x…t† < 0:
…18†
By Theorem 2 the system under the control law ui ˆ ¡Ki x 8i 2 R is exponentially stable in the mean square 8t 0. Hence, the proof is complete. For a given control law and relying on Theorem 4, one can verify the existence of the steady-state solutions of fPjki …t† > 0; j 2 Z; k 2 S; i 2 Rg. If the bounded solutions exist, the system (2) is exponentially stable in the mean square. Theorem 3 guarantee s that the system is also almost surely asymptotically stable. Remarks: Under certain assumptions, several special cases of the above general result can be derived. Some of these cases were considered by other researchers for the stochastic stability of hybrid systems. Others are new and have not been considered in the literature. It is important to consider the nature of faulty components, the occurrence of failures at di erent locations in the system, and the nature of the FDI process.
1 A~ki ˆ A ¡ Bk Ki ¡ I 2
X l2S l6ˆk
1 X k q : ¬kl ¡ I 2 v2R iv
…22† …23†
v2i
The bounded solutions of the following coupled matrix di erential equation X P_ ki …t† ‡ A~Tki Pki …t† ‡ Pki …t†A~ki ‡ ¬kl Pli …t† ‡
X v2R v6ˆi
l2S l6ˆk
qkiv Pvk …t† ‡ Qki ˆ 0
8Pki …0† ˆ 0; t 2 …¡1; 0Š;
…24†
is the necessary and su cient condition for the stochastic exponential stability of the system (22). This leads to a similar result obtained by Srichander and Walker (1993). 5.3. Failures in actuators with dynamics
5.1. Plant components failures In this case, only system matrix A is subject to change due to random failures in one or more plant components. The system model then becomes: x_ …t† ˆ Aj x…t† ‡ Bu…t†
j 2 Z:
…19†
The coupled matrix di erential equations in Theorem 4 become:
In this case, random failures are in actuators with internal dynamics. The system is modelled by x_ …t† ˆ Ak x…t† ‡ Bk u…t†
k 2 Z ˆ S:
…25†
Note that both the system matrix A and the input matrix B have the same failure index. This means that one failure induces simultaneous changes in both matrices. In other words, the two failure processes are replaced
M. Mahmoud et al.
62
with one failure process in the system (2). The transition probability for the failure process is pkl …¢t† ˆ ®kl ¢t ‡ o…¢t† X pkk …¢t† ˆ 1 ¡ ®kl ¢t ‡ o…¢t†
…k 6ˆ l† …k ˆ l†:
k6ˆl
…26†
The necessary and su cient condition for the stochastic stability of this system is the existence of bounded solutions to the following coupled matrix di erential equation X P_ ki …t† ‡ A~Tki Pki …t† ‡ Pki …t†A~ki ‡ ®kl Pli …t† ‡
X v2R v6ˆi
Markovian transition characteristics. The FDI process is also Markovian with four states R ˆ f1; 2; 3; 4g. The following numerical parameters are used: A1 ˆ ‰1:0Š; A2 ˆ ‰0:50Š; B1 ˆ ‰0:80Š; B2 ˆ ‰0:20Š: ¬12 ˆ 0:005; ¬21 ˆ 0:001; 12 ˆ 0:003; 21 ˆ 0:001:
q11 iv
l2S l6ˆk
qkiv Pvk …t†
‡ Qki ˆ 0
q12 iv
8Pki …0† ˆ 0; t 2 …¡1; 0Š;
…27†
where 1 X 1 X k A~ki ˆ Ak ¡ Bk Ki ¡ I q : ®kl ¡ I 2 l2S 2 v2R iv
…28†
v6ˆi
l6ˆk
q21 iv
5.4. Nature of the FDI process In this case, the FDI process is assumed to detect instantaneously and always correctly isolate failures. Therefore, the two failure processes and the FDI process are assumed to have identical state spaces. This situation is similar to a JLS. The transition probability for the common failure process is pil …¢t† ˆ ®il ¢t ‡ o…¢t† X pii …¢t† ˆ 1 ¡ ®il ¢t ‡ o…¢t† i6ˆl
…i 6ˆ l† …i ˆ l†:
…29†
The conditional transition probability of the FDI process for this case will become » 1 vˆk k qiv ˆ ¯…v ¡ k† ˆ …30† 0 v 6ˆ k and 1 A~ii ˆ Ai ¡ Bi Ki ¡ I 2
X l2R l6ˆ i
®il :
…31†
This is the result similar to the one given by Wonham (1971). 6.
Numerical example
To illustrate the concepts presented above, we consider a scalar system with one possible failure in the actuator, i.e. S ˆ f1; 2g, and one possible failure in the plant components, i.e. Z ˆ f1; 2g. Both failure processes have
q22 iv
2
0:1
0:1
¡1:6
0:2
0:2
¡1:6
0:2
0:2
1:2
0:2
¡0:3
0:1
1:2
¡1:6
0:2
1:2
0:2
¡1:6 6 6 0:2 6 ˆ6 6 0:1 4 0:2 2 ¡1:6 6 6 0:2 6 ˆ6 6 0:2 4
0:2
1:2
¡1:6
1:2
0:1
¡0:3
0:2
1:2
0:2
0:2
¡1:6
0:2
0:2
¡1:6
0:1
0:1
¡0:3
6 6 1:2 6 ˆ6 6 1:2 4 1:2 2 ¡1:6 6 6 0:1 6 ˆ6 6 0:2 4 2
0:1
0:1
3
7 0:2 7 7 7 0:2 7 5 ¡1:6 3 0:2 7 0:1 7 7 7 0:2 7 5 ¡1:6 3 0:2 7 0:2 7 7 7 0:1 7 5 ¡1:6 3 1:2 7 1:2 7 7 7: 1:2 7 5 ¡0:3
Note that the open-loop system is unstable. The objective is to test the existence of the steady-state solutions fPjki > 0; j 2 Z; k 2 S; i 2 Rg under a certain precomputed control law; ui ˆ ¡Ki x 8i 2 R. As per Theorem 4, the existence of the steady-state solutions guarantee s the exponential stability in the mean and the almost sure asymptotic stochastic stability. Since the FDI process has four states, there are four controller gains. The ®rst set is K1 ˆ 2; K2 ˆ 8; K3 ˆ 3 and K4 ˆ 5. The second set is K1 ˆ 2; K2 ˆ 6; K3 ˆ 3, and K4 ˆ 5. The solutions of Pjki > 0 under the boundary conditions Pjki …0† ˆ 0 are shown in ®gures 2 and 3, respectively. For the ®rst set of controller gains, the steady-state solutions exist. However, the solutions are unbounded as t ! ¡1 for the second set of controller gains. According to Theorem 4, the system is exponentially stable in the mean square and almost sure asymptotically stable for K1 ˆ 2; K2 ˆ 8; K3 ˆ 3 and K4 ˆ 5, but is not for K1 ˆ 2; K2 ˆ 6; K3 ˆ 3 and K4 ˆ 5. It is worthwhile to mention that deterministic stability does not imply stochastic stability. It is easy to check that the deterministic stability is guaranteed as long as K1 > 1:25, K2 > 5, K3 > 0:625 and K4 > 2:5. The selected controller gains in the two sets (in fact)
Stochastic stability of FTCS
63
0.9
0.7
0.6 P113
0.5
0.4 P114
0.3
0.2
P112
0.1
0 -100
-90
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
12 P123
10
8
6
P124
4 P122 2
0 -100
-90
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
0
2.5
P211 0.35
Solutions of coupled differential equations
Solutions of coupled differential equations
14
0
0.4
0.3 P213 0.25
0.2 P214 0.15 P212 0.1
0.05
0 -100
-90
-80
-70
-60 -50 Time (sec)
Figure 2.
-40
-30
-20
-10
0
Bounded solutions with K1 5
guarantee the deterministic closed-loop stability. However, as illustrated, the stochastic stability is only ensured for the ®rst set of controller gains. 7.
P121
16
P111
Solutions of coupled differential equations
Solutions of coupled differential equations
0.8
Conclusion
A dynamical model for active fault tolerant control systems with multiple failure processes, for the purpose of studying stochastic stability, has been developed. In particular, a necessary and su cient condition for exponential stability in the mean square has been derived. It has been shown that expo-
P221 2
P223 1.5
P224 1 P222
0.5
0 -100
2, K2 5
-90
-80
8, K3 5
-70
-60 -50 Time (sec)
3, and K4 5
-40
-30
-20
-10
0
5.
nential stability in the mean square is su cient for almost sure asymptoti c stability. The proposed model uses two separate failure processes to describe all possible combinations of plant component failures and actuator failures. Existing results in stochastic stability analysis have been shown as special cases of this general result. Moreover, this model takes into consideration the failure of actuators with internal dynamics. A numerical example is included to illustrate the theoretical results, and to demonstrate that deterministic stability does not necessarily imply stochastic stability.
M. Mahmoud et al.
64 8
2500 P111
Solutions of coupled differentail equations
Solutions of coupled differentail equations
7
6
5
4
P113
3
2
P114
1
P112
2000
P121
1500
P123 1000
P124 500
P122 0 -100
-90
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
0 -100
0
0.4
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
0
-40
-30
-20
-10
0
4.5
P211 0.35
Solutions of coupled differentail equations
Solutions of coupled differentail equations
-90
0.3 P213 0.25
0.2 P214 0.15 P212 0.1
0.05
4
P221
3.5
3
P223
2.5
2 P224 1.5 P222 1
0.5 0 -100
-90
-80
-70
-60 -50 Time (sec)
Figure 3.
-40
-30
-20
-10
0
0 -100
Unbounded solutions with K1 5
References Boukas, E. K., 1993, Control of systems with controlled jump Markov disturbances. Control Theory and Advanced Technology, 9, 577±595. Bucy, R. S., 1965, Stability and positive supermartigales. Journal of Di erential equations, 1, 151±155. Doob, J. L., 1990, Stochastic Processes (New York; Wiley). Feng, X., Loparo, K. A., Ji, Y., and Chizeck, H. J., 1992, Stochastic stability properties of jump linear systems. IEEE Transactions on Automatic Control, 37, 38±53. Hopkins, W., 1987, Optimal stabilization of families of linear stochastic di erential equations with jump coe cients and multiplicative noise, SIAM Journal of Control and Optimization, 25, 1587±1590.
2, K2 5
-90
-80
6, K3 5
-70
-60 -50 Time (sec)
3 and K4 5
5.
Ji, Y., and Chizeck, H. J., 1990, Controllability, stabilizability, and continuous-time Markovian jump linear quadratic control. IEEE Transactions on Automatic Control, 35, 777±788. Ji, Y., Chizeck, H. J., Feng, X., and Loparo, K. A., 1991, Stability and control of discrete-time jump linear systems. Control Theory and Advanced Technology, 7, 247±270. Kats, I. I., and Krasovskii, N. N., 1960, On stability of systems with random parameters. Journa l of Applied Mathematics and Mechanics, 24, 1225±1296. Khasminskii, R. Z., 1980, Stochastic Stability of Di erential Equations S. Swierczkowski, B. V. Alphen van den Rijn (eds.) (Sijtho & Noordho , The Netherlands).
Stochastic stability of FTCS Kozin, F., 1969, A survey of stability of stochastic systems. Automatica, 5, 95±112. Kushner, H. J., 1967, Stochastic Stability and Control (New York: Academic Press). Loparo, K., and Feng, X., 1996, Stability of stochastic systems. In William S. Levine (ed.) The Control Handbook (Boca Raton, FL.: CRC Press), pp. 1105±1126. Mahmoud, M. M., Jiang, J., and Zhang, Y. M., 1999, Analysis of the stochastic stability for fault tolerant control systems. Proceedings of the 38th IEEE Conference on Decision and Control, Phoenix, AZ, pp. 3188±3193. Mahmoud, M. M., Jiang, J., and Zhang, Y. M., 2000, Stochastic stability of fault tolerant control systems with system uncertainties. Proceedings of the American Control Conference, Chicago, IL, pp. 4294±4298.
65
Mariton, M., 1989, Detection delays, false alarm rates and recon®guration of control aystems. Internationa l Journa l of Control, 49, 981±992. Srichander, R., and Walker, B. K., 1993, Stochastic stability analysis for continuous-time fault tolerant control systems. International Journa l of Control, 57, 433±452. Sworder, D. D., 1969, Feedback control of a class of linear systems with jump parameters. IEEE Transactions on Automatic Control, 14, 9±14. Willsky, A. S., 1976, A survey of design methods for failure detection in dynamic systems. Automatica, 12, 601±611. Wonham, W. M., 1971, Random di erential equations in control theory, Probabilisti c Methods in Applied Mathematics (Academic Press: New York), vol. 2, pp. 131±212. Zhao, Q., and Jiang, J., 1998, Reliable state feedback control system design against actuator failures. Automatica, 34, 1267±1272.
Stochastic stability analysis for fault tolerant control systems with multiple failure processes M. Mahmoud, J. Jiang and Y. M. Zhang A new dynamical model is developed here to study the stochastic stability of Fault Tolerant Control Systems (FTCS) with multiple failure processes. In particular, two independent failure processes with Markovian characteristics are considered: one for plant component failures and the other for actuator failures. In this model, the Fault Detection and Isolation (FDI) process is also formulated as a Markov process with transition probabilities conditioned on the current state transition probabilities of the two failure processes. It is shown that the exponential stability in the mean square is su cient for almost sure asymptotic stability. In addition, a necessary and su cient condition for exponential stability in the mean square for FTCS is derived. Some previously known results are shown to be special cases of this new result. Failures in actuators with internal dynamics are also considered. A numerical example is included to demonstrate the theoretical analysis.
1.
Introduction
Safety-critical systems such as aircraft, space vehicles and nuclear power plants rely on Fault Tolerant Control Systems (FTCS) to improve reliability, maintainability and survivability. The performance of these systems should be maintained not only during normal operation, but also in the case of malfunctions in sensors, actuators and plants. FTCS can be classi®ed into two categories: active and passive. Active FTCS compensate for the e ects of failures either by selecting a new precomputed control law, or by synthesizing a new control law on-line. Both approaches need a Fault Detection and Isolation (FDI) scheme to identify the fault-induce d changes and to recon®gure the control law. Thus, the FDI and control law redesign have to work jointly. The dynamic behavior of active FTCS is governed by stochastic di erential equations because the failures and the FDI decisions are non-deterministic in nature (Willsky 1976). An active FTCS can be modelled as a general hybrid system, as it combines both the Euclidean
Received 24 January 2000. Revised 29 May 2001. Accepted 7 June 2001. Department of Electrical and Computer Engineering, University of Western Ontario, London, Ontario, Canada N6A 5B9.
space for system dynamics and the discrete space for fault-induced changes. Hybrid systems were ®rst studied by Kats and Krasovskii (1960). They considered the stability of moments using the stochastic Lyapunov function approach. Bucy (1965) and Kushner (1967) studied sample path stability employing the supermartingal e property of some stochastic Lyapunov functions. In the literature mentioned above, a hybrid system is modelled as a linear di erential equation whose coe cients vary randomly with Markovian characteristics. One class of hybrid systems is Jump Linear Systems (JLS). In JLS, the random jump process of the coe cients is represented by a ®nite state Markov chain called `plant regime mode’. The research in JLS covers two broad areas. The ®rst deals with deriving necessary and/or su cient conditions for the existence of the optimal quadratic regulator (Sworder 1969, Wonham 1971, Hopkins 1987, Boukas 1993). The second deals with the properties, such as stability, controllability and observability, of this class of systems (Ji and Chizeck 1990, Ji et al. 1991, Feng et al. 1992). It is important to mention that the models of JLS assume perfect knowledge of the regime. However, this is not the case in FTCS because one cannot generally assume perfect regime measurement due to failures. Therefore, it is important to consider the impact of the FDI process on the stochastic stability of the closed-loop system.
International Journal of Systems Science ISSN 0020±7721 print/ISSN 1464±5319 online # 2002 Taylor & Francis Ltd http://www.tandf.co.uk/journals DOI: 10.1080/00207720110071985
56
M. Mahmoud et al.
This issue was emphasized by Mariton (1989), where su cient conditions for the stability of hybrid systems with detection delays was derived. However, these results were based on the assumption of perfect regime knowledge. To relax this assumption and move one step closer to practical FTCS, another class of hybrid systems was de®ned by Srichander and Walker (1993). This class of systems is known as Fault Tolerant Control Systems with Markovian Parameters (FTCSMP). In FTCSMP, separate random processes with di erent state spaces are de®ned. The ®rst process represents system component failures and the second represents decisions of the FDI process used to recon®gure the control law. This model will allow not only for the study of detection delays, but also for the examination of errors in detection. Mahmoud et al. (2000) carried out a robustness study of FTCSMP against parameter uncertainties. Unfortunately, the model proposed in Srichander and Walker (1993) considered failures only in actuators, and actuators are assumed to be without any internal dynamics. In this work, two failure processes are used: one for plant components and the other for actuators. The situation with sensor failure has been dealt with elsewhere. The main reason for using two independent failure processes is that it allows the modelling of failures at di erent locations with independent failure characteristics. Furthermore, it permits the construction of conditional transition probabilities of the FDI process when there are delays or errors in detection with respect to each failure process individually. Under some special conditions the two failure processes may have a common state space. In this case, they may be replaced by one equivalent failure process as will be shown. One of the main goals of the current research is to relax the existing limitations and assumptions. Speci®cally, we will develop a dynamical model that permits us to consider multiple failures at di erent locations in the system to be controlled, namely, in plant components and actuators. Since most actuators in practical systems have their own dynamics, results will be extended to actuators with internal dynamics. At this point, a stochastic FDI process with Markovian characteristics is de®ned. The transition probabilities of the FDI process are conditioned on the current state of the two failure processes. In particular, a necessary and suf®cient condition for stochastic exponential stability in the mean square under these conditions is derived. These results are obtained without the restrictive assumptions of instantaneous failure detection, certainty of correct isolation, limitation to failure in actuators without internal dynamics, or failures only in actuators. The paper makes signi®cant contributions in the analysis of FTCS with some consideration to the practical aspects of applications.
This paper is organized as follows: Section 2 describes the dynamical model, the failure processes and the FDI process. A brief summary of basic terms, results and de®nitions in stochastic systems are given in Section 3. Stochastic stability of FTCSMP is de®ned in Section 4. Section 5 derives a necessary and su cient condition for stochastic exponential stability in the mean square. A numerical example is given in Section 6 to validate the theoretical results. Finally, a concluding summary is given in Section 7.
2.
Mathematical formulation of FTCSMP
2.1. Dynamical model A FTCS subject to failures in plant components and actuators is shown in ®gure 1. The system under normal operation can be described by x_ …t† ˆ A…t†x…t† ‡ B…t†u…t†:
…1†
where A 2 Rn n , B 2 Rn m , and x…t† 2 Rn represent the system state, and u…t† 2 Rm is the input. It is important to emphasize that the location of a fault and the nature of the faulty component are important when determining the appropriate dynamical model to describe the faulty system. In this paper, the random changes in plant components are represented by a homogeneous Markov process ±…t† with ®nite state space Z ˆ f1; 2; . . . ; zg. Similarly, the random changes that occur in control actuators are represented by another homogeneous Markov process ²…t† with ®nite state space S ˆ f1; 2; . . . ; sg. These two failure processes are not directly measurable but can be detected by an FDI process, ª…t†. For a single sample FDI test acting on signals with additive white noise, ª…t† has Markovian characteristics (Srichander and Walker 1993). The state space of the FDI process is denoted by R ˆ f1; 2; . . . ; rg. FDI
Reference input +
-
Actuators
Failures
Plant
Sensors
Failures
Controller Figure 1.
Schematic diagram for FTCSMP subject to failures in plant components and actuators.
Stochastic stability of FTCS The failure processes ±…t†, ²…t†, and the FDI process ª…t† are de®ned in Section 2.2. If the plant components undergo a change due to a component failure, the system matrix A will change accordingly. If the actuators are also subject to random variations due to malfunctions , then system input matrix B will also change. If any of the control actuators fail completely (total failure), then the corresponding column in the input matrix will be a zero vector and no actuating signal will be fed to the system from that particular actuator. For that reason, the system to be controlled must possess a su cient degree of actuator redundancy (Zhao and Jiang 1998). The FDI process has to consider the combinations of changes in A and B. For example, the plant components may undergo one failure resulting in two system matrices that describe our model: A1 for normal operation and A2 for faulty operation. The corresponding failure process will also have two states Z ˆ f1; 2g. Similarly, if the failures in the actuators result in three forms for the input matrix B1 (normal), B2 and B3 (faulty matrices), the corresponding failure process will have three states S ˆ f1; 2; 3g. In this case, the FDI process will have six states to identify the di erent failures encountered in the system, i.e. R ˆ f1; 2; 3; 4; 5; 6g. From ®gure 1, the control law for active FTCS is only a function of the measurable FDI process ª…t†. Therefore, the FTCSMP can be modelled as x_ …t† ˆ A…±…t††x…t† ‡ B…²…t††u…x…t†; ª…t†; t† u…x…t†; ª…t†; t† ˆ ¡K …ª…t††x…t†;
…2†
where x…t† 2 Rn is the system state, u…x…t†; ª…t†; t† 2 R m is the input and K…ª…t†† is a constant gain matrix that depends on the FDI process. A…±…t†† and B…²…t†† are properly dimensioned matrices and are random in nature with Markovian transition characteristics. ±…t†; ²…t† and ª…t† are separable and measurable Markov processes (Doob 1990) with ®nite state spaces Z ˆ f1; 2; . . . ; zg, S ˆ f1; 2; . . . ; sg and R ˆ f1; 2; . . . ; rg, respectively. In the sequel, A…±…t†† ˆ Aj when ±…t† ˆ j 2 Z; B…²…t†† ˆ Bk when ²…t† ˆ k 2 S and u…x…t†; ª…t†; t† ˆ ui when Also denote x…t† ˆ x; ª…t† ˆ i 2 R. ±…t† ˆ ±; ²…t† ˆ ²; ª…t† ˆ ª and the initial conditions are x…to † ˆ xo ; ±…to † ˆ ±o ; ²…to † ˆ ²o ; ª…to † ˆ ªo :
2.2. FDI and failure processes Recall that the random processes ±…t†; ²…t† and ª…t† are assumed to be homogeneous Markov processes with ®nite state spaces Z; S and R, respectively. The transition probability for the plant component failure process, ±…t†, is de®ned as:
57
pjh …¢t† ˆ jh ¢t ‡ o…¢t† X pjj …¢t† ˆ 1 ¡ jh ¢t ‡ o…¢t†
… j 6ˆ h† … j ˆ h†;
j6ˆh
…3†
while the transition probability for the actuator failure process, ²…t†, is pkl …¢t† ˆ ¬kl ¢t ‡ o…¢t† X pkk …¢t† ˆ 1 ¡ ¬kl ¢t ‡ o…¢t† k6ˆl
…k 6ˆ l† …k ˆ l†;
…4†
where ¬kl represents the actuator failure rate, and jh is the plant component failure rate. Given that ± ˆ j and ² ˆ k, the conditional transition probability of the FDI process; ª…t†, is: jk pjk iv …¢t† ˆ qiv ¢t ‡ o…¢t†
pjk ii …¢t† ˆ 1 ¡
X i6ˆv
qjk iv ¢t ‡ o…¢t†
…i 6ˆ v† …i ˆ v†:
…5†
Depending on the indices j; k; i and v, di erent interpretations can be given to qjk iv , such as the rate of false alarm, correct detection and isolation, etc. It is important to mention that the rates qjk iv are determined by the nature of the FDI process. These rates are vital in deciding the stochastic stability of the closed-loop system (Srichander and Walker 1993, Mahmoud et al. 1999, 2000). In other words, the stochastic stability of FTCSMP depends on the performance of the FDI process through qjk iv .
3.
Basic de®nitions
In this section, some concepts of stochastic stability are brie¯y stated without proof. For more details, see Bucy (1965), Kushner (1967) , Khasminskii (1980) and Doob (1990). Under the assumption that the system (2) satis®es the global Lipschitz condition, the solution x…t† determines a family of unique continuous stochastic processes, one for each choice of the random variable x…to †. The joint process fx; ±; ²; ªg ˆ fx…t†; ±…t†; ²…t†; ª…t†; t 2 I g is a Markov process. 3.1. Stochastic Lyapunov function A very important tool in the stability analysis of stochastic systems is the stochastic Lyapunov function. It is used to describe the stability property without explicit solution to the di erential equations. Kushner (1967) stated the conditions that a stochastic function must meet to qualify as a stochastic Lyapunov function. De®nition 1: The random function V…x; ±; ²; ª; t† of the joint Markov process fx; ±; ²; ªg quali®es as a stochastic
M. Mahmoud et al.
58
Lyapunov function candidate if the following conditions hold for some ®xed · < 1. (a) The function V…x; ±; ²; ª; t† is positive de®nite and continuous in x in the open set O· ˆ fx…t†: V…x; j; k; i; t† < ·g 8j 2 Z, k 2 S, i 2 R and t 0, V…x; ±; ²; ª; t† ˆ 0 only if x ˆ 0. (b) The joint Markov process fx; ±; ²; ªg is de®ned until at least some ½· ˆ inf ft: x…t† 2 = O· g with probability one, if x…t† 2 O· then ½· ˆ 1.
(c) The function V…x; ±; ²; ª; t† is in the domain of the weak in®nitesimal operator of the joint Markov process fx…½t †; ±…½t †; ²…½t †; ª…½t †; ½t g, where ½t ˆ min…t; ½· †.
3.2. Weak in®nitesimal operator The weak in®nitesimal operator can be considered as the derivative of the function Vfx; ±; ²; ª; tg along the trajectory of the joint Markov process fx; ±; ²; ª; tg which emerges at the point fx; ± ˆ j; ² ˆ k; ª ˆ ig at time t. The weak in®nitesimal operator is de®ned as: De®nition 2: Let the joint Markov process fx…t†; ±…t†; ²…t†; ª…t†g be denoted by À…t†. Then the continuous function V…x…t†; ±…t†; ²…t†; ª…t†; t† represented as V…À…t†; t† with a bounded time derivative Vt …À…t†; t† for every À…t† is said to be in the domain of the weak in®nitesimal operator `, if the limit "fV…À…t ‡ ½†; t ‡ ½†j…À…t†; t†gV…À…t†; t† lim ½!o ½ ˆ lim "fVt …À…t ‡ ½ †; t ‡ ¬†g ½!o ½>¬!o
‡ lim
½!o
"fV…À…t ‡ ½ †; t†j…À…t†; t†g ¡ V…À…t†; t† ½
ˆ Vt …À…t†; t† ‡ h…À…t†; t† ˆ `V…À…t†; t† exists pointwise, and satis®es lim "fVt …À…t ‡ ½ †; t ‡ ½†g ‡ h…À…t ‡ ½†; t ‡ ½ †
½!o
ˆ Vt …À…t†; t† ‡ h…À…t†; t†; where "fV…À…t ‡ ½†; t ‡ ½ †j…À…t†; t†, is the conditional expectation of the stochastic Lyapunov function at time t ‡ ½ , given its value at time t. h…À…t†; t† is the weak in®nitesimal operator of the function V…À…t†; t† ˆ V …x…t†; ±…t†; ²…t†; ª…t†; t† when t is ®xed. 4.
Stochastic stability
There are several de®nitions for stochastic stability in the literature. They are extensions to deterministic stability in the three modes of convergence: convergence in probability, convergence in the mean, and almost sure convergence (Kozin 1969). Despite the di erent de®ni-
tions, it is the almost sure convergence that is of prime interest when considering practical systems (Loparo and Feng 1996). In the context of fault-tolerant control, it is important to consider the almost sure asymptotic stability and the stochastic exponential stability in the mean square. This section de®nes and states the theorems that guarantee both forms of stochastic stability for the FTCSMP in (2). De®nition 3: The solution x…t† ˆ 0 of the system (2) is said to be almost surely asymptotically stable if for any ±o 2 Z, ²o 2 S, ªo 2 R, " > 0, » > 0, there exists such that for any ¯…"; »; to † > 0 kxo ˆ x…±o; ²o ; ªo ; to †k < ¯, we have: » ¼ P sup kx…t; xo ; to †k > " µ » 0µtµ1
and P
»
lim sup kx…t; xo ; to †k ˆ 0
t!1 t to
¼
ˆ 1:
De®nition 4: The solution x…t† ˆ 0 of the system (2) is said to be exponentiall y stable in the mean square if, for any ±o 2 Z, ²o 2 S, ª o 2 R, and some ¯ > 0, there exist two constants a > 0 and b > 0 such that when kxo ˆ x…±o; ²o ; ªo ; to †k µ ¯, the following inequality holds 8t to : Efkx…t; xo ; to †k2 g µ bkxo k2 expf¡a…t ¡ to †g:
For a ®nite state Markov FDI process, the following theorems of stochastic stability are applicable to the dynamical system (2). These theorems were originally derived and proved (Kats and Krasovskii 1960) for the stochastic Lyapunov function V …x…t†; ·…t†; t† where ·…t† is the Markov jump process. An extension to the proof of these theorems was carried out (Srichander and Walker 1993) for the proposed Lyapunov function V…x…t†; r…t†; ²…t†; t†. Using similar arguments we can prove the theorems for the stochastic Lyapunov function V…x…t†; ±…t†; ²…t†; ª…t†; t†. However, they are not shown here to avoid repetition. The interested reader may refer to the mentioned references. Theorem 1: Assume that V…x…t†; ±…t†; ²…t†; ª…t†; t† is a stochastic Lyapunov function, and let the weak in®nitesimal operator `V …x…t†; ±…t†; ²…t†; ª…t†; t† µ ¡N…x…t†; ±…t†; ²…t†; ª…t†; t† < 0 in the open set O· for the system (2) when ±…t† 2 Z, ²…t† 2 S, and ª…t† 2 R, where N…x…t†; ±…t†; ²…t†; ª…t†; t† is continuous in x…t†; 8t 0 and N…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ 0 only if x…t† ˆ 0, then the solution x…t† ˆ 0 of the system (2) is almost surely asymptoticall y stable.
Stochastic stability of FTCS Theorem 2: The solution x…t† ˆ 0 of the system (2) is exponentially stable in the mean square if and only if there exists a Lyapunov function V …x…t†; ±…t†; ²…t†; ª…t†; t† that satis®es, for some constants 0 < c1 < c2 , c3 > 0, 2
2
(a) c1 kx…t†k µ V…x…t†; ±…t†; ²…t†; ª…t†; t† µ c2 kx…t†k , (b) `V…x…t†; ±…t†; ²…t†; ª…t†; t† µ ¡c3 kx…t†k2 .
The following theorem is used to de®ne the necessary condition for exponential stability in the mean square of the system (2). Moreover, in this work it will also be used as the su cient condition for almost sure asymptotic stability. Theorem 3: If the system (2) is exponentially stable in the mean square, then for any given positive de®nite function W …x…t†; ±…t†; ²…t†; ª…t†; t† which is bounded and continuous 8t to ; ±…t† 2 Z; ²…t† 2 S and ª…t† 2 R, there exists a positive de®nite function V…x…t†; ±…t†; ²…t†; ª…t†; t† of the same order which satis®es the conditions of Theorem 2 and such that `V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ ¡W …x…t†; ±…t†; ²…t†; ª…t†; t†. This positive de®nite function, V…x…t†; ±…t†; ²…t†; ª…t†; t†, actually satis®es both conditions of Theorems 1 and 2. Therefore, a very important conclusion is that the exponential stability in the mean square implies almost sure asymptotic stability. That is, a su cient (but not necessary) condition for almost sure stability for the equilibrium solutions of the system (2) is established. In other words, only one set of conditions needs to be satis®ed to guarantee both types of stochastic stability.
5.
A necessary and su cient condition for exponential stability
In this section, a necessary and su cient condition for the exponential stability of the FTCSMP (2) under the state feedback ui ˆ ¡Ki x 8i 2 R is derived. The stability must be maintained not only under normal operation, but also when there are failures in the plant components, the actuators, or any combination thereof. Let V…x…t†; ±…t†; ²…t†; ª…t†; t† be the stochastic Lyapunov function of the joint Markov process fx…t†; ±…t†; ²…t†; ª…t†g. From De®nition 2, the weak in®nitesimal operator for the system (2) at the point fx ˆ x; ± ˆ j; ² ˆ k; ª ˆ i; tg is given by: `V …x; ±; ²; ª; t† ˆ
@V @V ‡ f …x; j; k; i; t†; @t @x X ‡ jh ‰V…x; h; k; i; t† ¡ V…x; j; k; i; t†Š h2Z h6ˆj
59
‡
X
¬kl ‰V …x; j; l; i; t† ¡ V…x; j; k; i; t†Š
‡
X
qjk iv ‰V …x; j; k; v; t† ¡ V…x; j; k; i; t†Š:
l2S l6ˆk
v2R v6ˆi
…6†
The results of Theorems 1±3 are also applicable to the FTCSMP (2). However, the conditions are di cult to test and to verify. We will thus state and derive a testable necessary and su cient condition for the exponential stability in the mean square for the FTCSMP using the weak in®nitesimal operator de®ned in (6). Theorem 4: A necessary and su cient condition for exponential stability in the mean square of the FTCSMP (2) under the control law ui ˆ ¡Ki x, i 2 R, is that there exist steady-stat e solutions Pjki …t† > 0; j 2 Z; k 2 S and i 2 R as t ! ¡1 to the following coupled matrix di erential equations: P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki
‡
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
X h2Z h6ˆj
jh Phki …t†
qjk iv Pjkv …t† ‡ Qjki ˆ 0;
where Pjki …0† ˆ 0, and Qjki > 0 with A~jki given by 1 A~jki ˆ Aj ¡ Bk Ki ¡ I 2
X h2Z h6ˆj
jh ¡
1 X 1 X jk I q : ¬kl ¡ I 2 l2S 2 v2R iv l6ˆk
v6ˆi
Proof of necessity: Assume that the dynamic system (2) is exponentially stable in the mean square under the control law ui ˆ ¡Ki x 8i 2 R. By Theorem 4 there exists a quadratic positive function V …x…t†; ±…t†; ²…t†; ª…t†; t† such that `V …x…t†; ±…t†; ²…t†; ª…t†; t† ˆ ¡W …x…t†; ±…t†; ²…t†; ª…t†; t† < 0. Consider the following quadratic stochastic Lyapunov function for the FTCSMP (2): V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ xT …t†P…±…t†; ²…t†; ª…t††x…t†:
…7†
The weak in®nitesimal operator in (6) can be written as: `V…x; ±; ²; ª; t† ˆ xT P_ jki …t†x ‡ xT Pjki …t†Aj x ‡ xT Pjki …t†Bk ui ‡ xT ATj Pjki …t†x ‡ uTi BTk Pjki …t†x
M. Mahmoud et al.
60 8 > <X
9 > = ‡ xT jh ‰Phki …t† ¡ Pjki …t†Š x > > : h2Z ;
Let W …x…t†; ±…t†; ²…t†; ª…t†; t†
h2j
‡ xT
8 > <X > : l2S
l6ˆk
8 > <X
ˆ xT …t†Q…±…t†; ²…t†; ª…t††x…t† > 0:
9 > = ¬kl ‰Pjli …t† ¡ Pjki …t†Š x > ;
Setting `V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ ¡W …x…t†; ±…t†; ²…t†; ª…t†; t†: …13†
9 > = jk T ‡x qiv ‰Pjkv …t† ¡ Pjki …t†Š x: > > : v2R ;
…8†
v2i
With the state feedback ui ˆ ¡Ki x, the weak in®nitesimal operator becomes: `V…x; ±; ²; ª; t† ˆ xT P_ jki …t†x ‡ xT Pjki …t†Aj x
‡ xT
9 > = ‰P …t† ¡ P …t†Š x ¬kl jli jki > ;
> : l2S
l6ˆk
8 > <X
9 > = jk T ‡x qiv ‰Pjkv …t† ¡ Pjki …t†Š x: …9† > > : v2R ;
1 A~jki ˆ Aj ¡ Bk Ki ¡ I 2
X
jh
h2Z h6ˆj
¡
1 X 1 X jk I q ; ¬kl ¡ I 2 l2S 2 v2R iv l6ˆk
v6ˆi
…10† where I is the identity matrix. Rearranging terms we have »
`V…x; ±; ²; ª; t† ˆ xT P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki X X ‡ jh Phki …t† ‡ ¬kl Pjli …t† h2Z h6ˆ j
‡
X v2R v6ˆ i
l2S l6ˆ k
qjk iv
¼
Pjkv …t† x:
jh Phki
l2S l6ˆk
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
qjk iv Pjkv …t†
¼
‡ Q jki x …14†
0
v2i
De®ne
‡
X
Let ©jki …t; ½ † ˆ exp…A~jki …t ¡ ½ †† be the fundamental matrix associated with A~jki , then the solutions of the coupled di erential equations under the boundary condition Pjki …0† ˆ 0 are " …t X T Pjki …t† ˆ ¡ ©jki …t; ½ † jh Phki …½ †
‡ xT ATj Pjki …t†x ¡ xT KiT BTk Pjki …t†x 8 9 > > <X = T ‡x jh ‰Phki …t† ¡ Pjki …t†Š x > > : h2Z ; h6ˆj
We have: » xT P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki
ˆ 0:
¡ xT Pjki …t†Bk Ki x
8 > <X
…12†
…11†
h2Z h6ˆj
‡
X
¬kl Pjli …½ †
‡
X
qjk iv Pjkv …½ † ‡ Qjki ©jki …t; ½ † d½:
l2S l6ˆk
v2R v6ˆi
#
…15†
Similar coupled ordinary di erential equations have been studied in detail (Wonham 1971). For the nonsingular matrices ©jki …t; ½† and positive de®nite matrices Qjki …t†, the solutions are unique, continuous on t 2 …¡1; 0Š and Pjki …t† > 0 8j 2 Z; k 2 S, and i 2 R. These solutions are monotonically increasing on (¡1; 0Š as t ! ¡1. They are bounded and will converge to steady-state solutions. Proof of su ciency: Assume that steady-state solutions fPjki …t† > 0; j 2 Z; k 2 S; i 2 Rg for the coupled matrix di erential equations under the boundary conditions Pjki …0† ˆ 0 exist, then V…x…t†; ±…t†; ²…t†; ª…t†; t† ˆ xT …t†P…±…t†; ²…t†; ª…t††x…t† is a stochastic Lyapunov function and satis®es conditions (a)±(c) in De®nition 1 and condition (a) in Theorem 2. That is V…x…t†; ±…t†; ²…t†; ª…t†; t† is positive de®nite, bounded, continuous and in the domain of the weak in®nitesimal operator. Furthermore, the steady-state solutions of Pjki …t† imply that fPjki …t† > 0; j 2 Z; k 2 S; i 2 Rg satisfy the
Stochastic stability of FTCS coupled matrix di erential equations in Theorem 3, that is: 8 > < X P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki ‡ jh Phki > : h2Z h6ˆj
‡
or
X
jh Phki
h2Z h6ˆj
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
qjk iv Pjkv …t† ‡ Qjki
(
xT P_ jki …t† ‡ A~Tjki Pjki …t† ‡ Pjki …t†A~jki ‡
‡
X l2S l6ˆk
¬kl Pjli …t† ‡
X v2R v6ˆi
qjk iv Pjkv …t†
)
X
9 > = > ;
ˆ0 (16)
61
P_ ji …t† ‡ A~Tji Pji …t† ‡ Pji …t†A~ji ‡ ‡
X v2R v6ˆi
X l2S l6ˆj
jl Pli …t†
qjiv Pvj …t† ‡ Q ji ˆ 0
8Pji …0† ˆ 0; t 2 …¡1; 0Š;
…20†
where A~ji is de®ned as
1 A~ji ˆ Aj ¡ BKi ¡ I 2
X l2S l6ˆj
1 X j q : jl ¡ I 2 v2R iv
…21†
v2i
The necessary and su cient condition for the stochastic exponential stability of this type of system is the existence of steady-state solutions for equation (20).
jh Phki
h2Z h6ˆj
5.2. Failures in actuators with no dynamics T
x ˆ ¡x Qjki x:
…17†
For ui ˆ ¡Ki x 8i 2 R, the weak in®nitesimal operator `V…x…t†; ±…t†; ²…t†; ª…t†; t† is given by (11) with A~jki given by (10). Therefore, it follows that: `V…x…t†; ±…t†; ²…t†; ª…t†; t†
In this case, integrity of the plant components is assumed, and the actuators have no internal dynamics. Therefore, only the input matrix B may change as a result of the random failures in the actuators. The system can be described by: x_ …t† ˆ Ax…t† ‡ Bk u…t†
k2S
with A~ki de®ned as
T
ˆ ¡x …t†Q…±…t†; ²…t†; ª…t††x…t† < 0:
…18†
By Theorem 2 the system under the control law ui ˆ ¡Ki x 8i 2 R is exponentially stable in the mean square 8t 0. Hence, the proof is complete. For a given control law and relying on Theorem 4, one can verify the existence of the steady-state solutions of fPjki …t† > 0; j 2 Z; k 2 S; i 2 Rg. If the bounded solutions exist, the system (2) is exponentially stable in the mean square. Theorem 3 guarantee s that the system is also almost surely asymptotically stable. Remarks: Under certain assumptions, several special cases of the above general result can be derived. Some of these cases were considered by other researchers for the stochastic stability of hybrid systems. Others are new and have not been considered in the literature. It is important to consider the nature of faulty components, the occurrence of failures at di erent locations in the system, and the nature of the FDI process.
1 A~ki ˆ A ¡ Bk Ki ¡ I 2
X l2S l6ˆk
1 X k q : ¬kl ¡ I 2 v2R iv
…22† …23†
v2i
The bounded solutions of the following coupled matrix di erential equation X P_ ki …t† ‡ A~Tki Pki …t† ‡ Pki …t†A~ki ‡ ¬kl Pli …t† ‡
X v2R v6ˆi
l2S l6ˆk
qkiv Pvk …t† ‡ Qki ˆ 0
8Pki …0† ˆ 0; t 2 …¡1; 0Š;
…24†
is the necessary and su cient condition for the stochastic exponential stability of the system (22). This leads to a similar result obtained by Srichander and Walker (1993). 5.3. Failures in actuators with dynamics
5.1. Plant components failures In this case, only system matrix A is subject to change due to random failures in one or more plant components. The system model then becomes: x_ …t† ˆ Aj x…t† ‡ Bu…t†
j 2 Z:
…19†
The coupled matrix di erential equations in Theorem 4 become:
In this case, random failures are in actuators with internal dynamics. The system is modelled by x_ …t† ˆ Ak x…t† ‡ Bk u…t†
k 2 Z ˆ S:
…25†
Note that both the system matrix A and the input matrix B have the same failure index. This means that one failure induces simultaneous changes in both matrices. In other words, the two failure processes are replaced
M. Mahmoud et al.
62
with one failure process in the system (2). The transition probability for the failure process is pkl …¢t† ˆ ®kl ¢t ‡ o…¢t† X pkk …¢t† ˆ 1 ¡ ®kl ¢t ‡ o…¢t†
…k 6ˆ l† …k ˆ l†:
k6ˆl
…26†
The necessary and su cient condition for the stochastic stability of this system is the existence of bounded solutions to the following coupled matrix di erential equation X P_ ki …t† ‡ A~Tki Pki …t† ‡ Pki …t†A~ki ‡ ®kl Pli …t† ‡
X v2R v6ˆi
Markovian transition characteristics. The FDI process is also Markovian with four states R ˆ f1; 2; 3; 4g. The following numerical parameters are used: A1 ˆ ‰1:0Š; A2 ˆ ‰0:50Š; B1 ˆ ‰0:80Š; B2 ˆ ‰0:20Š: ¬12 ˆ 0:005; ¬21 ˆ 0:001; 12 ˆ 0:003; 21 ˆ 0:001:
q11 iv
l2S l6ˆk
qkiv Pvk …t†
‡ Qki ˆ 0
q12 iv
8Pki …0† ˆ 0; t 2 …¡1; 0Š;
…27†
where 1 X 1 X k A~ki ˆ Ak ¡ Bk Ki ¡ I q : ®kl ¡ I 2 l2S 2 v2R iv
…28†
v6ˆi
l6ˆk
q21 iv
5.4. Nature of the FDI process In this case, the FDI process is assumed to detect instantaneously and always correctly isolate failures. Therefore, the two failure processes and the FDI process are assumed to have identical state spaces. This situation is similar to a JLS. The transition probability for the common failure process is pil …¢t† ˆ ®il ¢t ‡ o…¢t† X pii …¢t† ˆ 1 ¡ ®il ¢t ‡ o…¢t† i6ˆl
…i 6ˆ l† …i ˆ l†:
…29†
The conditional transition probability of the FDI process for this case will become » 1 vˆk k qiv ˆ ¯…v ¡ k† ˆ …30† 0 v 6ˆ k and 1 A~ii ˆ Ai ¡ Bi Ki ¡ I 2
X l2R l6ˆ i
®il :
…31†
This is the result similar to the one given by Wonham (1971). 6.
Numerical example
To illustrate the concepts presented above, we consider a scalar system with one possible failure in the actuator, i.e. S ˆ f1; 2g, and one possible failure in the plant components, i.e. Z ˆ f1; 2g. Both failure processes have
q22 iv
2
0:1
0:1
¡1:6
0:2
0:2
¡1:6
0:2
0:2
1:2
0:2
¡0:3
0:1
1:2
¡1:6
0:2
1:2
0:2
¡1:6 6 6 0:2 6 ˆ6 6 0:1 4 0:2 2 ¡1:6 6 6 0:2 6 ˆ6 6 0:2 4
0:2
1:2
¡1:6
1:2
0:1
¡0:3
0:2
1:2
0:2
0:2
¡1:6
0:2
0:2
¡1:6
0:1
0:1
¡0:3
6 6 1:2 6 ˆ6 6 1:2 4 1:2 2 ¡1:6 6 6 0:1 6 ˆ6 6 0:2 4 2
0:1
0:1
3
7 0:2 7 7 7 0:2 7 5 ¡1:6 3 0:2 7 0:1 7 7 7 0:2 7 5 ¡1:6 3 0:2 7 0:2 7 7 7 0:1 7 5 ¡1:6 3 1:2 7 1:2 7 7 7: 1:2 7 5 ¡0:3
Note that the open-loop system is unstable. The objective is to test the existence of the steady-state solutions fPjki > 0; j 2 Z; k 2 S; i 2 Rg under a certain precomputed control law; ui ˆ ¡Ki x 8i 2 R. As per Theorem 4, the existence of the steady-state solutions guarantee s the exponential stability in the mean and the almost sure asymptotic stochastic stability. Since the FDI process has four states, there are four controller gains. The ®rst set is K1 ˆ 2; K2 ˆ 8; K3 ˆ 3 and K4 ˆ 5. The second set is K1 ˆ 2; K2 ˆ 6; K3 ˆ 3, and K4 ˆ 5. The solutions of Pjki > 0 under the boundary conditions Pjki …0† ˆ 0 are shown in ®gures 2 and 3, respectively. For the ®rst set of controller gains, the steady-state solutions exist. However, the solutions are unbounded as t ! ¡1 for the second set of controller gains. According to Theorem 4, the system is exponentially stable in the mean square and almost sure asymptotically stable for K1 ˆ 2; K2 ˆ 8; K3 ˆ 3 and K4 ˆ 5, but is not for K1 ˆ 2; K2 ˆ 6; K3 ˆ 3 and K4 ˆ 5. It is worthwhile to mention that deterministic stability does not imply stochastic stability. It is easy to check that the deterministic stability is guaranteed as long as K1 > 1:25, K2 > 5, K3 > 0:625 and K4 > 2:5. The selected controller gains in the two sets (in fact)
Stochastic stability of FTCS
63
0.9
0.7
0.6 P113
0.5
0.4 P114
0.3
0.2
P112
0.1
0 -100
-90
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
12 P123
10
8
6
P124
4 P122 2
0 -100
-90
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
0
2.5
P211 0.35
Solutions of coupled differential equations
Solutions of coupled differential equations
14
0
0.4
0.3 P213 0.25
0.2 P214 0.15 P212 0.1
0.05
0 -100
-90
-80
-70
-60 -50 Time (sec)
Figure 2.
-40
-30
-20
-10
0
Bounded solutions with K1 5
guarantee the deterministic closed-loop stability. However, as illustrated, the stochastic stability is only ensured for the ®rst set of controller gains. 7.
P121
16
P111
Solutions of coupled differential equations
Solutions of coupled differential equations
0.8
Conclusion
A dynamical model for active fault tolerant control systems with multiple failure processes, for the purpose of studying stochastic stability, has been developed. In particular, a necessary and su cient condition for exponential stability in the mean square has been derived. It has been shown that expo-
P221 2
P223 1.5
P224 1 P222
0.5
0 -100
2, K2 5
-90
-80
8, K3 5
-70
-60 -50 Time (sec)
3, and K4 5
-40
-30
-20
-10
0
5.
nential stability in the mean square is su cient for almost sure asymptoti c stability. The proposed model uses two separate failure processes to describe all possible combinations of plant component failures and actuator failures. Existing results in stochastic stability analysis have been shown as special cases of this general result. Moreover, this model takes into consideration the failure of actuators with internal dynamics. A numerical example is included to illustrate the theoretical results, and to demonstrate that deterministic stability does not necessarily imply stochastic stability.
M. Mahmoud et al.
64 8
2500 P111
Solutions of coupled differentail equations
Solutions of coupled differentail equations
7
6
5
4
P113
3
2
P114
1
P112
2000
P121
1500
P123 1000
P124 500
P122 0 -100
-90
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
0 -100
0
0.4
-80
-70
-60 -50 Time (sec)
-40
-30
-20
-10
0
-40
-30
-20
-10
0
4.5
P211 0.35
Solutions of coupled differentail equations
Solutions of coupled differentail equations
-90
0.3 P213 0.25
0.2 P214 0.15 P212 0.1
0.05
4
P221
3.5
3
P223
2.5
2 P224 1.5 P222 1
0.5 0 -100
-90
-80
-70
-60 -50 Time (sec)
Figure 3.
-40
-30
-20
-10
0
0 -100
Unbounded solutions with K1 5
References Boukas, E. K., 1993, Control of systems with controlled jump Markov disturbances. Control Theory and Advanced Technology, 9, 577±595. Bucy, R. S., 1965, Stability and positive supermartigales. Journal of Di erential equations, 1, 151±155. Doob, J. L., 1990, Stochastic Processes (New York; Wiley). Feng, X., Loparo, K. A., Ji, Y., and Chizeck, H. J., 1992, Stochastic stability properties of jump linear systems. IEEE Transactions on Automatic Control, 37, 38±53. Hopkins, W., 1987, Optimal stabilization of families of linear stochastic di erential equations with jump coe cients and multiplicative noise, SIAM Journal of Control and Optimization, 25, 1587±1590.
2, K2 5
-90
-80
6, K3 5
-70
-60 -50 Time (sec)
3 and K4 5
5.
Ji, Y., and Chizeck, H. J., 1990, Controllability, stabilizability, and continuous-time Markovian jump linear quadratic control. IEEE Transactions on Automatic Control, 35, 777±788. Ji, Y., Chizeck, H. J., Feng, X., and Loparo, K. A., 1991, Stability and control of discrete-time jump linear systems. Control Theory and Advanced Technology, 7, 247±270. Kats, I. I., and Krasovskii, N. N., 1960, On stability of systems with random parameters. Journa l of Applied Mathematics and Mechanics, 24, 1225±1296. Khasminskii, R. Z., 1980, Stochastic Stability of Di erential Equations S. Swierczkowski, B. V. Alphen van den Rijn (eds.) (Sijtho & Noordho , The Netherlands).
Stochastic stability of FTCS Kozin, F., 1969, A survey of stability of stochastic systems. Automatica, 5, 95±112. Kushner, H. J., 1967, Stochastic Stability and Control (New York: Academic Press). Loparo, K., and Feng, X., 1996, Stability of stochastic systems. In William S. Levine (ed.) The Control Handbook (Boca Raton, FL.: CRC Press), pp. 1105±1126. Mahmoud, M. M., Jiang, J., and Zhang, Y. M., 1999, Analysis of the stochastic stability for fault tolerant control systems. Proceedings of the 38th IEEE Conference on Decision and Control, Phoenix, AZ, pp. 3188±3193. Mahmoud, M. M., Jiang, J., and Zhang, Y. M., 2000, Stochastic stability of fault tolerant control systems with system uncertainties. Proceedings of the American Control Conference, Chicago, IL, pp. 4294±4298.
65
Mariton, M., 1989, Detection delays, false alarm rates and recon®guration of control aystems. Internationa l Journa l of Control, 49, 981±992. Srichander, R., and Walker, B. K., 1993, Stochastic stability analysis for continuous-time fault tolerant control systems. International Journa l of Control, 57, 433±452. Sworder, D. D., 1969, Feedback control of a class of linear systems with jump parameters. IEEE Transactions on Automatic Control, 14, 9±14. Willsky, A. S., 1976, A survey of design methods for failure detection in dynamic systems. Automatica, 12, 601±611. Wonham, W. M., 1971, Random di erential equations in control theory, Probabilisti c Methods in Applied Mathematics (Academic Press: New York), vol. 2, pp. 131±212. Zhao, Q., and Jiang, J., 1998, Reliable state feedback control system design against actuator failures. Automatica, 34, 1267±1272.
