Reconfigurable Distributed Control
He´ctor Benı´tez-Pe´rez and Fabia´n Garcı´a-Nocetti
Reconfigurable Distributed Co...
60 downloads
1384 Views
2MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
Reconfigurable Distributed Control
He´ctor Benı´tez-Pe´rez and Fabia´n Garcı´a-Nocetti
Reconfigurable Distributed Control With 108 Figures
He´ctor Benı´tez-Pe´rez, PhD Fabia´n Garcı´a-Nocetti, PhD DISCA-IIMAS, Universidad Nacional Auto´noma de Me´xico, Circuito Escolar, Ciudad Universitaria, Del. Coyoaca´n 04510, Me´xico D.F., Me´xico Cover illustration: General strategy of control reconfiguration and time graph strategy.
British Library Cataloguing in Publication Data Benı´tez-Pe´rez, He´ctor Reconfigurable distributed control 1. Adaptive control systems I. Title II. Garcı´a-Nocetti, D. Fabia´n, 1959– 629.8′36 ISBN 1852339543 Library of Congress Cataloging-in-Publication Data Benı´tez-Pe´rez, He´ctor. Reconfigurable distributed control/He´ctor Benı´tez-Pe´rez and Fabia´n Garcı´a-Nocetti. p. cm. Includes bibliographical references and index. ISBN 1-85233-954-3 (alk. paper) 1. Process control—Data processing. I. Garcı´a-Nocetti, D. Fabia´n, 1959– II. Title. TS156.8.G37 2005 670.42′75—dc22 2005040270 Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publishers, or in the case of reprographic reproduction in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers. ISBN-10: 1-85233-954-3 ISBN-13: 978-1-85233-954-8 Springer Science+Business Media springeronline.com © Springer-Verlag London Limited 2005 MATLAB® and Simulink® are the registered trademarks of The MathWorks, Inc., 3 Apple Hill Drive, Natick, MA 01760-2098, USA. http://www.mathworks.com The use of registered names, trademarks, etc., in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant laws and regulations and therefore free for general use. The publisher makes no representation, express or implied, with regard to the accuracy of the information contained in this book and cannot accept any legal responsibility or liability for any errors or omissions that may be made. Typesetting: Electronic camera-ready by authors Printed in the United States of America (SBA) 69/3830-543210 Printed on acid-free paper
Preface
This work is the result of the development of reconfigurable control around unknown scenarios known as fault scenarios over system performance that consider distributed communication. In that respect, control law is modified to overcome these unknown scenarios. To perform this task, several issues need to be considered such as fault diagnosis and related time delays. Several strategies have been reviewed to come up with the implementation and integration of three main stages: fault diagnosis and related heuristic confidence value, fault tolerance strategy and the related real-time scheduling approach, and those control strategies suitable for different scenarios that consider fault presence and time delays. To accomplish this integration, reconfigurable control is proposed in which the main issue is to keep a system under safety conditions even in the case of selfdegradation. Therefore, reconfigurable control is neither only a gain scheduler algorithm nor only a decision-maker algorithm; it is a procedure in which safety degradation and its effects need to be taken into account to overcome hazardous situations. This approach is based on the use of a finite state machine to pursue reconfigurable control. This strategy is not the only feasible one; however, it becomes the most suitable for providing coherence under hazardous situations and when various sources of information are present. The aim of this book is to describe a complex problem in which two areas are combined, computer and control engineering. From the description of this problem, several algorithms are presented to obtain as much information as possible from the disposable sources that consider two main scenarios, fault and time delay presence. Therefore, how to produce suitable control and process monitoring strategies under hazardous conditions following a feasible and understandable approach is the main issue of this work. To accomplish such a task, a well-known computer engineering strategy is pursued: the finite state machine, in which different healthy and unhealthy conditions are monitored for system status definition. The objective of this work is to present to the reader a way to perform reconfigurable control on-line without jeopardizing the safety and the stability of the system. This book is written for undergraduate and postgraduate students interested in reconfigurable control as a strategy to overcome local fault conditions and
v
vi
Preface
performance degradation during still manageable fault situations. An exhaustive review of model-based and model-free strategies for fault detection is provided to introduce the reader to the area of process monitoring, which looks for a practical approximation of it. Furthermore, an extensive review of network control is given to define how time delays are accommodated due to fault tolerance strategies. To that respect, a guide for how to approximate to this interesting open field is presented. Special mention should be made of the software used in this work; in this case, three major packages are used: first, MATLAB 6.5, especially the Simulink and State Flow toolboxes. The second package is True Time, which is used to simulate the communication network, and it is available through the Internet http://www.control.lth.se/~dan/truetime/; this package has been found to be an efficient tool for understanding the functionality of a network. Finally, ADMIRE is another useful package (ADMIRE, 2003) that is an aerodynamic model of an aircraft, which has presented interesting scenarios under fault and time delay scenarios worthy to be studied in future work. This book is divided into five chapters. The first chapter is a basic review of communication networks in which a description of network protocols is provided based on a common standard of open systems interconnection (OSI); particular interest is presented over the control area network databus (CAN bus) because of its common use over real-time distributed systems. The second chapter is focused on the real-time background, and it presents how a real-time system can define time delays based on its inherent deterministic behavior using scheduling algorithms; in fact, an overview of most classic scheduling algorithms is presented. The outline of the third chapter is based on fault diagnosis strategies for a common and unknown situation, which is an unhealthy scenario. Specifically, this chapter concentrates on a smart element paradigm that understands this element as an autonomous device that can self-diagnose. Chapter 3 presents the most common strategies of fault diagnosis and their use for health treatment. The fourth chapter presents an implementation of the control reconfiguration strategy based on a review of network control systems to pursue a feasible option for safety during fault conditions. Strategies such as time delay modeling, interloop connection, and others such as fuzzy control or model predictive control are presented as alternatives for network control. This review allows the reader to choose any of these techniques according to the model of the plant. It is obvious that some of these possibilities would not have the proper stability analysis to probe. Moreover, this chapter presents fault tolerance control as a way to overcome fault appearance without any fault accommodation procedure; in this case, control law is designed to loosen peripheral elements such as sensors or actuators. At last, reconfigurable control is presented as a combination of these two strategies; in this case, the use of an automata procedure is followed. For instance, the pursued scenario is a fault environment with inherent communication time delays. To define a feasible strategy suitable for a sporadic situation, it is necessary to design several control laws that can switch from one scenario to another, bearing in mind safety and availability issues. A way to overcome this environment by combining both scenarios using an automata is presented here. The final chapter provides some implementing examples based on two different approaches. First, an example of three conveyor belts is given, in which modeling is
Preface vii
pursued; in this case, time delays are bounded as are possible local faults. The only restriction is that one local fault per belt is allowed. The second example is based on an aircraft model in which multiple sensors and actuators are presented and the mathematical model is a challenge. In this case, the strategy pursued is based on fuzzy control that provides feasible results during reconfiguration. It is important to mention that fuzzy control is pursued, bearing in mind that the model is a simulation because this implementation is virtually impossible in real-life implementation. The background of this book is mainly related to a Ph.D. thesis developed by the first author (Benítez-Pérez, 1999) while with the Department of Automatic Control and Systems Engineering, University of Sheffield, U.K. From this experience, several strategies were pursued such as fault diagnosis for smart elements and reconfigurable control (Benítez-Pérez and García-Nocetti, 2003). Moreover, the use of network control is pursued to accomplish stability during unknown and sporadic time delays; in that respect, an interesting issue has been presented by the IEEE Transactions on Automatic Control (IEEE TAC, 2004). Acknowledgments. The authors of this book would like to thank several people who have helped in its creation: Dr. Gerardo Espinosa for his valuable comments in the network control chapter, Dr. Luis Álvarez for his comments on the outline of the book, and Ms. Sara Garduño Antonio for her valuable help in editing this work. Furthermore, the authors would like to recognize the sponsorship of two projects involved in the creation of the book, PAPIIT-UNAM IN105303, and PAPIITUNAM IN106100 and IIMAS-UNAM. Héctor Benítez-Pérez Fabián García-Nocetti México November 2004
Contents
Preface ........................................................................................................................v Contents .................................................................................................................... ix 1. Introduction to Network Communication ...............................................................1 1.1. Background .....................................................................................................1 1.2. Review of Open Systems Interconnection Layer ............................................1 1.2.1. Application Layer ....................................................................................2 1.2.2. Presentation Layer ...................................................................................3 1.2.3. Session Layer ..........................................................................................3 1.2.4. Transport Layer .......................................................................................3 1.2.5. Network Layer.........................................................................................4 1.2.6. Data-Link Layer ......................................................................................4 1.2.7. Physical Layer .........................................................................................4 1.3. General Overview of Transport Control Protocol/Internet Protocol ...............5 1.4. Industrial Networks .........................................................................................6 1.5. Databuses ........................................................................................................8 1.5.1. ARINC 429..............................................................................................8 1.5.2. ARINC 629..............................................................................................8 1.5.3. MIL-STD 1553b....................................................................................10 1.5.4. Control Area Network Databus .............................................................11 1.6. Concluding Remarks .....................................................................................13 2. Real-Time Systems ...............................................................................................15 2.1. Background ...................................................................................................15 2.2. Overview.......................................................................................................16 2.3. Scheduling Algorithms..................................................................................25 2.4. Distributed Real-Time Systems.....................................................................35 2.5. Conclusions ...................................................................................................37 3. Smart Peripheral Elements....................................................................................39 3.1. Overview.......................................................................................................39 3.2. Peripheral Autonomy ....................................................................................39
ix
x
Table of Contents
3.3. Typical Smart Elements ................................................................................40 3.4. Smart Elements Designs................................................................................44 3.5. Fault Diagnosis Approximations...................................................................44 3.5.1. Parameter Estimation.............................................................................44 3.5.2. Observer-Based Techniques ..................................................................46 3.5.3. Parity Equations ....................................................................................47 3.5.4. Principal Components Analysis.............................................................48 3.5.5. Neural Network Approach.....................................................................49 3.5.6. Logic as Fault Diagnosis Strategy .........................................................60 3.5.7. Heuristic Confidence Value Definition .................................................61 3.6. Conclusions ...................................................................................................63 4. Reconfigurable Control.........................................................................................65 4.1. Network Control............................................................................................65 4.2. Other Control Structures for Network Control Systems................................79 4.3. Reconfiguration Issues ..................................................................................86 4.4. Fault Tolerant Control...................................................................................86 4.5. Reconfigurable Control Strategies ................................................................88 4.6. Concluding Remarks .....................................................................................94 5. Case Study ............................................................................................................95 5.1. Introduction ...................................................................................................95 5.2. Case Studies ..................................................................................................95 5.2.1. Conveyor Belt Model ............................................................................95 5.2.2. Aircraft Model .....................................................................................108 5.3. Conclusions .................................................................................................126 References...............................................................................................................127 Index .......................................................................................................................137
1 Introduction to Network Communication
1.1 Background In this chapter, a general review of several databuses that comprise the most common strategies for interprocess communication is provided. This review describes common databus behavior by presenting how time delays are the result of data transfer. The objective of this chapter is to show how different protocols communicate to understand communication time delays, which are reviewed in the subsequent chapters.
1.2 Review of Open Systems Interconnection Layer One key issue in distributed systems is the protocol in which the integration of the information to be transmitted through the network is comprised. Several points can be developed into that respect. For instance, the number of open systems interconnection (OSI) layers has a direct repercussion on user applications. A distributed system is one in which several autonomous processors and data stores supporting processes and/or databases interact to cooperate and achieve an overall goal. The processes coordinate their activities and exchange information by means of information transferred over a communication network (Sloman and Kramer, 1987). One basic characteristic of distributed systems is that interprocess messages are subject to variable delays and failure. There is a defined time between the occurrence of an event and its availability for observation at some other point. The simplest view of the structure of a distributed system is that it consists of a set of physical distributed computer stations interconnected by some communications network. Each station can process and store data, and it may have connections to external devices. Table 1.1 is a summary that provides an impression of the functions performed by each layer in a typical distributed system (Sloman and Kramer, 1987). It is important to highlight that this table is just a first attempt to define an overall formal concept of the OSI layer.
1
2
Reconfigurable Distributed Control
Table 1.1. OSI layer nonformal attempt Layer
Example
Application software
Monitoring and control modules
Utilities
File transfer, device handlers
Local management
Software process management
Kernel
Multitasking, I/O drivers, memory management
Hardware
Processors, memory I/O devices
Communication system
Virtual circuits, network routing, flow control error control
This local layered structure is the first attempt in understanding how a distributed system is constructed. It provides a basis for describing the functions performed and the services offered at a station. The basic idea of layering is that, regardless of station boundaries, each layer adds value to the services provided by the set of lower layers. Viewed from above, a particular layer and the ones below it may be considered to be a “black box”, which implements a set of functions to provide a service. A protocol is the set of rules governing communication between the entities, which constitute a particular layer. An interface between two layers defines the means by which one local layer makes use of services provided by the lower layer. It defines the rules and formats for exchanging information across the boundary between adjacent layers within a single station. The communication system at a station is responsible for transporting system and application messages to/from that station. It accepts messages from the station software and prepares them for transmission via a shared network interface. It also receives messages from the network and prepares them for receipt by the station software. In 1977, the International Standard Organisation (ISO) started working on a reference model for open system interconnection. The ISO model defines the seven layers as shown in Figure 1.1. The emphasis of the ISO work is to allow interconnection of independent mainframes rather than distributed processing. The current version of the model only considers point-to-point connections between two equal entities. 1.2.1 Application Layer Those application entities performing local activities are not considered part of the model. A distributed system would not make this distinction as any entity can potentially communicate with local or remote similar entities. The application layer includes all entities, which represent human users or devices, or performs an application function.
1. Introduction to Network Communication
3
End-user application process Distributed Information File transfer, access and management
Application layer
Syntax independent message
Transfer syntax negotiation Dialogue and synchronisation
Presentation layer Session layer
Network Independent End-to-end message transfer
Transport layer
Network routing, addressing and clearing
Network layer
Data link control Mechanical and electrical network definitions
Link layer Physical layer
Physical Connection Data communication network
Figure 1.1. OSI layers
1.2.2 Presentation Layer The purpose of the presentation layer is to resolve differences in information representation between application entities. It allows communication between application entities running on different computers or implemented using programming languages. This layer is concerned with data transformation, formatting, structuring, encryption, and compression. Many, functions are application dependent and are often performed by high-level language compilers, so the borderline between presentation and application layers is not clear. 1.2.3 Session Layer This layer provides the facilities to support and maintain sessions between application entities. Sessions may extend over a long time interval involving many message interactions or be very short involving one or two messages. 1.2.4 Transport Layer The transport layer is the boundary between what are considered the applicationoriented layers and the communication-oriented layer. This layer is the lowest using
4
Reconfigurable Distributed Control
an end-station-to-end-station protocol. It isolates higher layers from concerns such as how reliable and cost-effective transfer of data is actually achieved. The transport layers usually provide multiplexing: end-to-end error and flow control, fragmenting and reassembly of large messages into network packets, and mapping of transportlayer identifiers onto network addresses. 1.2.5 Network Layer The network layer isolates the higher layers from routing and switching considerations. The network layer masks the transport layer from all of the peculiarities of the actual transfer medium: whether a point-to-point link, packet switched network, local area network (LAN), or even interconnected networks. It is the network layer’s responsibility to get a message from a source station to the destination station across an arbitrary network topology. 1.2.6 Data-Link Layer The task of this layer is to take the raw physical circuit and convert it into a point-topoint link that is relatively error free to the network layer. It usually entails error and flow control, but many local area networks have low intrinsic error rates and so do not include error correction. 1.2.7 Physical Layer This layer is concerned with transmission of bits over a physical circuit. It performs all functions associated with signaling, modulation, and bit synchronization. It may perform error detection by signal quality monitoring. There are several types, which are based on their applications, type of physical networks, and specific demands such as fault tolerance or communication performance. The classification pursued in this work is related to that used in communication networks. There are two main divisions in respect to generalpurpose networks and industrial networks. These are characterized for the environment to be proposed. A general description of these protocols is listed next (Lönn, 1999): • • • • •
Collision Sense Multiple Access/Carrier Detect CSMA/CD–IEEE 802.3 Ethernet; Collision Sense Multiple Access/Collision Avoidance (CSMA/CA)Controller Area Network CAN Bosh; Token Passing–Token bus; Mini Slotting ARINC 629; Time Slot Allocation–Time Triggered Protocol (Kopetz, 1994), ARINC 659 (ARINC, 1991).
Two main types of databuses are taken into account: TCP/IP and CANbus. Several variations based on CANbus-like FTT-CAN or planning scheduler are also
1. Introduction to Network Communication
5
considered. Based on OSI computing layers, protocols are defined (Tanenbaum, 2003). Several aspects can be pursued such as load balancing, scheduling analysis, or synchronization. These aspects are reviewed in this work following the basis of real time and non migration; basis load balancing is out the scope of this work, and the interested reader may consult Nara et al. (2003). For clock synchronization, there are various feasible approaches like Krishna and Shin (1997) and Lönn (1999).
1.3 General Overview of Transport Control Protocol/Internet Protocol One major example of this type of databus is Transport Control Protocol/Internet Protocol (TCP/IP). The TCP/IP family protocols are defined to use the Internet and other applications that use interconnected networks. The protocols are layered but do not conform precisely to the ISO 7-layer model. Several layers are used by TCP/IP as shown in Figure 1.2.
Layer
Message Conformation
Application
Transport UDP Internet IP Network Interface NETWORK FRAME Underlying Network
Figure 1.2. TCP/IP protocol over OSI layer
The Internet protocol layer provides two transport protocols, TCP and user datagram protocol (UDP). TCP is a reliable connection-oriented protocol, and UDP is a datagram protocol that does not guarantee reliable transmission. IP is the underlying “network” protocol of the Internet virtual network. TCP/IP specifications do not specify the layers below the Internet datagram layer. The success of the TCP/IP protocols is based on the independence of
6
Reconfigurable Distributed Control
underlying transmission technology, which enables inter-networks to be built from many single heterogeneous networks and data links.
1.4 Industrial Networks It is important in a distributed system to ensure system synchronization. Without tight synchronization it is likely that the system will lose data consistency. For example, sensors may be sampled at different times, which leads to failures being detected due to differences between data values. It is also important to consider intermediate data and consistency between replicated processing if comparison/voting is used to avoid the states of the replicas from diverging (Brasileiro et al. 1995). Asynchronous events and processing of nonidentical messages could lead to replica state divergence. Synchronization at the level of processor micro-instructions is logically the most straightforward way to achieve replica synchronism. In this approach, processors are driven by a common clock source, which guarantees that they execute the same step at each clock pulse. Outputs are evaluated by a (possibly replicated) hardware component at appropriate times. Asynchronous events must be distributed to the processors of a node through special circuits that ensure that all correct processors will perceive such an event at the same point of their instruction flow. As every correct processor of a node executes the same instruction flow, all programs that run on the nonredundant version can be made to run, without any changes, on the node (as concurrent execution). There are, however, a few problems with the micro-instruction-level approach to synchronization. First, as indicated before, individual processors must be built in such a way that they will have a deterministic behavior at each clock pulse. Therefore, they will produce identical outputs. Second, the introduction of special circuits, such as a reliable comparator/voter, a reliable clock, asynchronous event handlers, and bus interfaces, increases the complexity of the design, which in the extreme can lead to a reduction in the overall reliability of a node. Third, every new microprocessor architecture requires a considerable re-design effort. Finally, because of their tight synchronization, a transient fault is likely to affect the processors in an identical manner, thus making a node susceptible to common mode failures. An alternative approach that tries to reduce the hardware level complexity associated with the approaches discussed here is to maintain replica synchronism at a higher level, for instance, at the process, or task, level by making use of appropriate software-implemented protocols. Such software-implemented nodes can offer several advantages over their hardware-implemented equivalents: • •
Technology upgrades seem easy because the principles behind the protocols do not change. Employing different types of processors within a node, there is a possibility that a measure of tolerance against design faults in processors can be obtained, without recourse to any specialized hardware.
Fail silent nodes are implemented at the higher software fault tolerance layer. The main goal is to detect faults inside of several processors (initially two) that comprise
1. Introduction to Network Communication
7
a node. As soon as one processor has detected a fault, it has two options: either remain fail silent or decrease its performance. The latter option is suitable when the faulty processor is still checking information from the other processor. This implementation involves, first, a synchronization technique called “order protocol”, and second, a comparison procedure that validates and transmits the information or remains silent if there is a fault. The concept used for local fault tolerance in fail silent nodes is the basis of the approach followed in this book for the “smart” elements. However, in this case, in the presence of a fault, the nodes should not remain silent. The main advantage of fail silent nodes is the use of object-oriented programming for synchronization protocols to allow comparison of results from both processors at the same time. Fail silent nodes within fault tolerance are considered to be the first move toward mobile objects (Caughey and Shrivastava, 1995). Although the latter technique is not explained here, it remains an interesting research area for fault tolerance. System model and assumptions. It is necessary to assume that the computation performed by a process on a selected message is deterministic. This assumption is well known in state machine models because the precise requirements for supporting replicated processing are known (Schneider, 1990). Basically, in the replicated version of a process, multiple input ports of the nonreplicated process are merged into a single port and the replica selects the message at the head of its port queue for processing. So, if all nonfaulty replicas have identical states, then they produce identical output messages. Having provided the queues with all correct replicas, they can be guaranteed to contain identical messages in identical order. Thus, replication of a process requires the following two conditions to be met: Agreement: All nonfaulty replicas of a process receive identical input messages. Order: All nonfaulty replicas process the messages in an identical order. Practical distributed programs often require some additional functionality such as using time-outs when they are waiting for messages. Time-outs and other asynchronous events, such as high-priority messages, are potential sources of nondeterminism during input message selection, which makes such programs difficult to replicate. In Chapter 4, this nondeterminism is handled as an inherent characteristic of the system. It is assumed that each processor of a fail silent node has network interfaces for internode communication over networks. In addition, the processors of a node are internally connected by communication links for intranode communication needed for the execution of the redundancy management protocols. The maximum intranode communication delay over a link is known and bounded. If a nonfaulty process of a neighbor processor sends a message, then the message will be received within δ time units. Communication channel failures will be categorized as processor failures.
8
Reconfigurable Distributed Control
1.5 Databuses For aerospace application, it was first necessary to consider the databus standard to be used on-engine for the distributed system. Several standards are used in aerospace. In the following sections, the most common databuses are introduced. 1.5.1 ARINC 429 The ARINC 429 databus is a digital broadcast databus developed by the Airlines Electronics Engineering Committee’s (AEEC) Systems Architecture and Interfaces (SAI). The AEEC, which is sponsored by ARINC, released the first publication of the ARINC specification 429 in 1978. The ARINC 429 databus (Avionics Communication, 1995) is a unidirectionaltype bus with only one transmitter. Transmission contention is thus not an issue. Another factor contributing to the simplicity of this protocol is that it was originally designed to handle “open loop” data transmission. In this mode, there is no required response from the receiver when it accepts a transmission from the sender. This databus uses a word length of 32 bits and two transmission rates: low speed, which is defined as being in the range of 12 to 14.5 Kbits/s consistency with units for 1553b (Freer, 1989), and high speed, which is 100 Kbits/s. There are two modes of operation in the ARINC 429 bus protocol: characteroriented mode and bit-oriented mode. As the ARINC 429 bus is a broadcast bus, the transmitter on the bus uses no access protocols. Out of the 32-bit word length used, a typical usage of the bits would be as follows: • • • •
eight bits for the label; two bits for the source/Destination Identifier; twenty-one data bits; one parity bit.
This databus has the advantage of simplicity; however, if the user needs more complicated protocols or it is necessary to use a complicated communication structure, the data bandwidth is used rapidly. One characteristic used by ARINC 429 is the logical remote unit (LRU), to verify that the number of words expected match with those received. If the number of words does not match the expected number, the receiver notifies the transmitter within a specific amount of time. Parity checks use one bit of the 32-bit ARINC 429 data word. Odd parity was chosen as the accepted scheme for ARINC 429-compatible LRUs. If a receiving LRU detects odd parity in a data word, it continues to process that word. If the LRU detects even parity, it ignores the data word. 1.5.2 ARINC 629 ARINC 629-2 (1991) has a speed of 2 MHz with two basic modes of protocol operation. One is the Basic Protocol (BP), where transmissions may be periodic or aperiodic. Transmission lengths are fairly constant but can vary somewhat without
1. Introduction to Network Communication
9
causing aperiodic operation if sufficient overhead is allowed. In the Combined Protocol (CP) mode, transmissions are divided into three groups of scheduling: • • •
level 1 is periodic data (highest priority); level 2 is aperiodic data (mid-priority); level 3 is aperiodic data (lowest priority).
Level one data are sent first, followed by level two and level three. Periodic data are sent in level one in a continuous stream until finished. Afterward, there should be time available for transmission of aperiodic data. The operation of transferring data from one LRU to one or more other LRUs occurs as follows: • • • •
The terminal controller (TC) retrieves 16-bit parallel data from the transmitting LRU’s memory. The TC determines when to transmit, attaches the data to a label, converts the parallel data to serial data, and sends it to the serial interface module (SIM). The SIM converts the digital serial data into an analogue signal and sends them to the current mode coupler (CMC) via the stub (twisted pair cable). The CMC inductively couples the doublets onto the bus. At this point, the data are available to all other couplers on the bus.
This protocol has three conditions, which must be satisfied for proper operation: the occurrence of a transmit interval (TI), the occurrence of a synchronization gap (SG), and the occurrence of a terminal gap (TG). The TI defines the minimum period that a user must wait to access the bus. It is set to the same value for all users. In the periodic mode, it defines the update rate of every bus user. The SG is also set to the same value for all users and is defined as a bus quiet time greater than the largest TG value. Every user is guaranteed bus access once every TI period. The TG is a bus quiet time, which corresponds to the unique address of a bus user. Once the number of users is known, the range of TG values can be assigned and the SG and TI values can be determined. TI is given by Table 1.2. Table 1.2. ARINC 629 time characteristics Binary Value (BV)
BV
TI (ms)
TG (micro seconds)
TI6
TI5
TI4
TI3
TI2
TI1
TI0
0
0
0
0
0
0
0
0
0.5005625
Not used
0
0
0
0
0
0
1
1
1.0005625
Not used
...
...
...
...
...
...
...
...
1
1
1
1
1
1
1
126
...
...
64.0005625
127.6875
To program the desired TG for each node, the user must follow Table 1.2 from TI6 to TI0, which represent the binary value (BV).
10
Reconfigurable Distributed Control
1.5.3 MIL-STD 1553b Another commonly used databus is MIL-STD 1553b (Freer, 1989), which is a serial, time-division-multiplexed databus using screened twisted-pair cable to transmit data at 1 Mbit/s. Data are transmitted in 16-bit words with a parity and a 3-bit period synchronization signal, with a whole word taking 20 microseconds to be transmitted. Transformer-coupled baseband signaling with Manchester encoding is employed. Three types of devices may be attached to the databus: • • •
Bus Controller (BC); Remote Terminal (RT); Bus Monitor (BM).
The use of MIL-STD-1553b in military aircraft has simplified the specification of interfaces between avionics subsystems and goes a long way toward producing offthe-shelf interoperability. Most avionics applications of this databus require a duplicated, redundant bus cable and bus controller to ensure continued system operation in case of a single bus or controller failure. MIL-STD-1553b is intended primarily for systems with central intelligence and intelligent terminals in applications where the data flow patterns are predictable. Information flow on the databus includes messages, which are formed from three types of words (command, data, and status). The maximum amount of data that may be contained in a message is 32 data words, each word containing 16 data bits, one parity bit, and three synchronization bits. The bus controller only sends command words; their content and sequence determine which of the four possible data transfers must be undertaken: • • • •
Point-to-Point between controller and remote terminal; Point-to-Point between remote terminals; Broadcast from controller; Broadcast from a remote terminal.
There are six formats for point-to-point transmissions: • • • • • •
Controller to RT data transfer; RT to controller data transfer; RT to RT data transfer; Mode command without a data word; Mode command with data transmission; Mode command with data word reception;
and four broadcast transmission formats are specified: • • • •
Controller to RT data transfer; RT to RT(s) data transfer; Mode command without a data word; Mode command with a data word.
This databus incorporates two main features for safety-critical systems, a predictable behavior based on its pooling protocol and the use of bus controllers. They permit
1. Introduction to Network Communication
11
communication handling to avoid collisions on the databus. MIL-STD-1553b also defines a procedure for issuing a bus control transfer to the next potential bus controller, which can accept or reject control by using a bit in the returning status word. From this information, it can be concluded that MIL-STD-1553b is a very flexible databus. A drawback, however, is that the use of a centralized bus controller reduces transmission speed as well as reliability. 1.5.4 Control Area Network Databus This sort of databus is based on CANbus. This type of databus is based on the bottom two layers, and its protocol is simple. It is based on CSMA. This databus was defined by Lawrenz, (1997). One key characteristic of this databus is Kopetz, (1997). Another type of databus is MIL-STD-1553b, which is outside of the scope of this work. This is a serial, time-division-multiplexed databus using screened twisted-pair cable to transmit data at 1 Mbit/s. Data are transmitted in 16-bit words with a parity and a 3-bit period synchronization signal, with a whole word taking 20 microseconds to be transmitted. Transformer-coupled baseband signaling with Manchester encoding is employed. Three types of devices may be attached to the databus: • • •
Bus Control; Remote Terminal; Bus Monitor.
The use of MIL-STD-1553b in military aircraft has simplified the specification of interfaces between avionics subsystems and goes a long way toward producing offthe-shelf interoperability. Most avionics applications of this databus require a duplicated, redundant bus cable and bus controller to ensure continued system operation in case of a single bus or controller failure. This databus is intended primarily for systems with central intelligence and intelligent terminals in applications where the data flow patterns are predictable. Information flow on the databus includes messages, which are formed from three types of words (command, data, and status). The maximum amount of data that may be contained in a message is 32 data words, each word containing 16 data bits, 1 parity bit, and 3 synchronization bits. The bus controller only sends commands words; their content and sequence determine which of the four possible data transfers must be taken: • • • •
Point-to-point between controller and remote terminal; Point-to-point between remote terminals; Broadcast from controller; Broadcast from remote terminal.
There are six formats for point-to-point transmissions: • • •
Controller to RT data transfer; RT to controller data transfer; RT to RT data transfer;
12
Reconfigurable Distributed Control
• • •
Mode command without a data word; Mode command with data transmission; Mode command with data word reception.
This databus incorporates two main features for safety-critical systems: a predictable behavior based on its pooling protocol and the use of a bus controller. These permit communication handling to avoid collisions on the databus. This databus has been modelled after several strategies such as Markov Chain and time delays such as Nilsson (1998). The CANbus protocol is based on the protocol standard named Carrier Sense Multiple Access Collision Avoidance. A CAN word consists of six field as shown in Figure 1.3. Arbitration
Control
Data Field
11
6
0-64
CRC A 16
2
EOF Field 7
Number of Bits
Figure 1.3. Data word configuration from CANbus
This databus is a broadcast bus in which the data source may be transmitted periodically, sporadically, or on-demand. The data source is assigned a unique identifier. The identifier serves as priority to the message. The use of this identifier is the most important characteristic of CAN regarding real time. If a particular node needs to receive certain information, then it indicates the identifier to the interface processor. Only messages with valid identifiers are received and presented. The identifier field of a CAN message is used to control access to the bus after collisions by taking advantage of recessive bit strategy. For instance, if multiple stations are transmitting concurrently and one station transmits a “0” bit, then all stations monitoring the bus see a “0”. When silence is detected, each node begins to transmit the highest priority message held on its queue. If a node sends a recessive bit as part of the message identifier but monitors the bus and sees a dominant bit then a collision is detected. The node determines that the message it is transmitting is not the highest priority in the system, stops transmitting, and waits for the bus to become idle. It is important to recall that each message in CAN bus has a unique identifier that is based on the priority. CAN, in fact, can resolve in a deterministic way any collision that could take place on the shared bus. When a collision occurs and the arbitration procedure is set off, it immediately stops all transmitting nodes, except for that one that is sending the message with the highest priority (lowest numerical identifier). One perceived problem of CAN is the inability to bound the response time messages. From the observations above, the worst-case time from queuing the highest priority message to the reception of that message can be calculated easily. The longest time a node must wait for the bus to become idle is the longest time to transmit a message. According to Tindell et al. (1995), the largest message (8 bytes) takes 130 microseconds to be transmitted. The CAN specification (ISO 11898) discusses only the physical and data link layers for a CAN network:
1. Introduction to Network Communication
•
13
The data link layer is the only layer that recognizes and understands the format of messages. This layer constructs the messages to be sent to the physical layer and decodes messages received from the physical layer. In CAN controllers, the data link layer is implemented in hardware. Because of its complexity and commonality with most other networks, this is divided into a: Logical link control layer, which handles transmission and reception of data messages to and from other, higher level layers in the model. Media access control layer, which encodes and serializes messages for transmission and decodes received messages. The MAC also handles message prioritization (arbitration), error detection, and access to the physical layer.
•
The physical layer specifies the physical and electrical characteristics of the bus, which includes the hardware that converts the characters of a message into electrical signals from transmitted messages and likewise the electrical signals into characters for received messages.
1.6 Concluding Remarks A general review of some of the most common databuses is provided; in particular, a brief description of OSI layers and their relation to data communication through these databuses is highlighted. This chapter gives an introduction to computer networks in order to understand the needs for real-time systems.
2 Real-Time Systems
2.1 Background Nowadays real-time systems have become a common issue in modeling computer systems behavior for time performance. As the approach followed in this book is to present how computer communication affects control law performance, to achieve this strategy, it is necessary to understand how real-time systems can be modeled and measured. Several strategies comprise real-time systems. These strategies can be classified by two main aspects: the needs and the algorithms of real-time systems. The first aspect allows us to understand why real time is required for some conditions like the presence of the fault and the respective fault tolerance issue. For other conditions like clock synchronization, it is necessary to review real time to achieve a feasible communication performance. On the other hand, a second aspect is related to how scheduling algorithms are focused into several aspects having an impact on system performance. This is reviewed for consumption time, and it is accomplished by time diagrams. One of the most important issues for real-time systems is the conformation of time diagrams to define system behavior under several scenarios. This strategy visualizes how the algorithm would perform with certain variations in time. Because this strategy provides the visualization of system response, another issue arises related to how valid is scheduling configuration. This is known as schedulability analysis. Some other aspects such as load balancing, task precedence, and synchronization are reviewed, which provide an integral overview of modeling real-time systems and what are the repercussions of such an approach. This revision of real-time systems provides a strong idea of how control law is affected by these time variations, which are the results of several conditions that are beyond the scope of this book. The important outcome of this review is how time delays can be modeled to be defined under the control law strategy.
15
16
Reconfigurable Distributed Control
2.2 Overview One of the main characteristics of real-time systems is the determinism (Cheng, 2002) in terms of time consumption. This goal is achieved through several algorithms that take into account several characteristics of tasks as well as the computer system in which is going to be executed. Real-time systems are divided in two main approaches: mono-processor and multiprocessor. These two are defined by different characteristics. The monoprocessor has a common resource, the processor, and the multiprocessor has a common resource, the communication link. The last common resource can be challenged through different communication approximations. For instance, the use of shared memory is common in high-performance computing systems in which the use of databuses becomes common in network systems. The multiprocessor approach is the followed in this work. There are two main sources of information that should be reviewed as introduction to real-time systems: one is by Kopetz (1997) and other is by Krishna et al. (1997), both have a review of several basic concepts that are integrated to give a coherent overview of real-time systems, like fault tolerance strategies, the most common protocols, the most common clock synchronization algorithms, as well as some of the most useful performance measures. From this review, one of the most important needs for real time systems is fault tolerance because its performance evaluation is modified to cover an abnormal situation. Fault tolerance is a key issue that has a lot implications in different fields such as the configuration in communication and the structural strategy to accommodate failures. Most current strategies are based on the redundancy approach, which can be implemented in three different ways: • • •
Hardware; Software; Time Redundancy.
Hardware redundancy has a representation known as replication using voting algorithms named N-modular redundancy (NMR). Figure 2.1 shows the basic structure of this type of approach. In this case, several strategies can be pursued. x1 x2
N-Modular Redundancy xN
Figure 2.1. N-modular redundancy approach
2. Real-Time Systems
17
Different approaches are defined as voting algorithms to mask faults in a trustworthy manner. These are classified into two main groups as safe and reliable algorithms. The first group refers to those algorithms that produce a safe value when there is no consensus between redundant measures. Alternatively, the second group produces a value even in the case of no consensus, so this last approach becomes common when safety is not an issue. Some of the most common voting algorithms are presented next: • • •
Majority Voter; Weight Average Voter; Median Voter.
As an example of safe algorithms, the majority voter is presented: This algorithm defines its output as one element of the largest group of inputs with the minimum difference. For instance, consider xn inputs with a limit ε to evaluate the difference between two inputs d (x i ,x j ). A group g is conformed by those inputs whose difference is lower than the limit ε. This voter can be defined as: • • •
The difference between two inputs is defined as d ( x i ,x j )=|xi-xj|; Two inputs xi and xj belong to gi if d ( x i , x j )<ε; The largest (in terms of the number of the elements) gi is the winner, and one element that comprises the group is the output of the voter.
As an example, consider the next group of inputs {1.001, 1.0002, 1.1, 0.99, 0.98, 0.999}, where the selected limit is ε = 0.01. The difference between these elements is presented in Table 2.1. Table 2.1. Basic table for voting algorithm example Evaluated Values
1.001
1.0002
1.1
0.99
0.98
0.999
1.001
0
0.0008
0.099
0.011
0.021
0.002
1.0002
0.0008
0
0.0998
0.0102
0.0202
0.0012
1.1
0.099
0.0998
0
0.11
0.12
0.101
0.99
0.011
0.0102
0.11
0
0.01
0.009
0.98
0.021
0.0202
0.12
0.01
0
0.019
0.999
0.002
0.0012
0.101
0.009
0.019
0
From this table there are three groups g1={1.001, 1.0002}, g2={0.99, 0.98, 0.999}, and g3={1,1}, and the output of this voter is any element of g2 because it is the largest group. Another safety algorithm is the median voter. This algorithm selects the middle value from the current group of inputs. In this case, the number of inputs has to be odd to select one single input. There are various ways to define this comparison. A common approach is the definition of differences between two input elements d (x i ,x j ), considering xn inputs, where the difference between two inputs is defined
18
Reconfigurable Distributed Control
as d (x i ,x j ) =|xi-xj|. The maximum difference value is discarded, as are the two related values. This process is kept working until one element is left and declared the output of the voter. As an example, consider the same group presented in Table 2.1. From this group of elements, there is one drawback because the number of elements is even, which means there is going to be one last pair of values that can be the output of the voter. In this case, any of these values can be selected. The result is shown in Table 2.2 where those values in bold are the winners. Table 2.2. Results of median voter evaluation based on Table 2.1 Evaluated Values
1.001
1.0002
1.1
0.99
0.98
0.999
1.001
0
0.0008
0.099
0.011
0.021
0.002
1.0002
0.0008
0
0.0998
0.0102
0.0202
0.0012
1.1
0.099
0.0998
0
0.11
0.12
0.101
0.99
0.011
0.0102
0.11
0
0.01
0.009
0.98
0.021
0.0202
0.12
0.01
0
0.019
0.999
0.002
0.0012
0.101
0.009
0.019
0
One example of a reliable algorithm is the weighted average algorithm. This algorithm (Lorczak, 1989) used the inputs xi from 1 to N to produce an output based on Equation 2.1. In this case, two values are involved, wi and s. These two values are defined from Equations 2.2 and 2.3. ⎛ wi ⎞ ⎟ xi s ⎟⎠ i =1 N
∑ ⎜⎜⎝
xo =
(2.1)
N
s = ∑ wi for i, j = 1… N and i ≠ j
(2.2)
i =1
wi =
1 ⎛ N ⎛d2 x − x ⎜ i j ⎜ ⎜1 + ⎜ α2 ⎜ i =1, j =1 ⎝ ⎝ i≠ j
∏
(
)⎞⎟ ⎞⎟
(2.3)
⎟⎟ ⎠⎟ ⎠
where d (x i ,x j ) is the difference between two inputs defined as d (x i ,x j ) =|xi-xj|. α value is a constant degree related to the sensibility of weights involved in Equation 2.1. From this kind of algorithm one concept of interconnection merges into a fully connected system. This algorithm defines interconnection between all involved components and a group of similar voting algorithms to reduce signal dependency as
2. Real-Time Systems
19
shown in Figure 2.2, as well as to mask local faults. However, the price that is paid is an increase in communication time.
Sensor A
Sensor B
Sensor C
Voting Algorithm A
Voting Algorithm B
Voting Algorithm C
Figure 2.2. Modular redundancy scheme
Alternatively, software redundancy is based on masking software faults, which are different from hardware faults. These are not a consequence of certain conditions during operation. They are the result of design problems in the system. Redundancy becomes an open issue because there is no a proper definition of checking points to evaluate several software versions. In fact, the nature of the faults is defined for design rather than for exogenous effects of time malfunctions. Certain strategies have been defined like n-version programming (Krishna and Shin, 1997) that are more related to how different programming teams interact to develop software rather than to how algorithms are specifically designed for fault tolerance. Another common approach is time redundancy, which is defined through recovery points used to roll back system execution when a fault is present. This corrective action takes place when a fault is present, and then the system (or these elements that are affected by the fault) rolls back to a safe point before where the failure occurred. A similar approach is known as rolling forward strategy. In this case, if a fault occurs, those evolved elements go forward up to a safe point where it is known that the system has a fault-free response. An element that arises as a result of this type of approximation is the evaluation of its performance. This issue alone has become a mature topic. Different approximations have been pursued for fault tolerance and real time. These are defined for reliability, availability, and time performance. Reliability is defined (Kopetz, 1997) as the probability that a system will provide a certain valid response during a time window. Availability has been defined as the probability that a system is performing correctly at an instant in time (Johnson, 1989 and Johannessen, 2004). Other performance measures are defined for time consumption and later response.
20
Reconfigurable Distributed Control
Another important issue that is similar to fault tolerance is clock synchronization. Several approaches can be pursued, although, some can be eliminated, like current time adjustment, as shown in Figure 2.3. Corrected ClockValue
Corrected ClockValue
vb va
va vb
t Current Time
t
Value
Current Time Value
Case B
Case A
Figure 2.3. Undesirable time correction
From both cases, there is an undesired correction. Case A at time t shows an uncorrect clock value va that is corrected instantly to vb value. This option is not valid due to abrupt forward clock modification and potential loss of current conditions. A similar situation is presented in case B where at time t there is an abrupt backward clock modification that is not acceptable due to loss of current conditions from one point to another. To avoid this behavior, a common algorithm based on clock skew can be followed using small changes between clocks. This approximation follows Figure 2.4 where correction is performed using skew correction. Clock Time B
Straight Line of Nominal Time Response
tB2 Line 1 tB1
t1
Line 2
tA'1 tA1
tA 2
Figure 2.4. Clock skew
Clock Time A
2. Real-Time Systems
21
In this case, time correction is performed following gradual changes according to a nominal point in time referred to as ( t B 2 , t A 2 ) . For instance, consider an observer in Line 2 at t A 1 where there is a known difference with respect to a nominal time ’ response between t1 and t A 1 . This is corrected by the use of gradual clock A modification until t 2 is achieved following Equation 2.4. ⎛ t B − t A' clock _ Time _ B = ⎜⎜ 2A 1A ⎝ t 2 − t1
⎞ ⎟ * clock _ Time _ A ⎟ ⎠
(2.4)
In this case, time correction is obtained at t A 2 . Another algorithm uses a similar principle but in a fault tolerance fashion, in which communication is presented and a comparison between current available clocks takes place in each involved node. This is shown in Figure 2.5. One disadvantage of this approach is related to communication vulnerability, where the time boundary should be present as shown in Figure 2.6. If this boundary is lost by one node, the related clock misses its synchronization and consequently it has to be performed in a broadcast manner. The result of this procedure is a communication overhead caused by time synchronization. However, it presents a reliable response against communication faults. Node 1 clock
Node 2
Node 4
clock
clock
Node 3 clock
Figure 2.5. Fault tolerance approach for clock synchronization Time Synchronization Clock 1 Time Clock 2 Time Clock 3 Time Clock 4 Time
Figure 2.6. Clock synchronization with bounded time
22
Reconfigurable Distributed Control
Another strategy is known as the bizantine clock (Krishna, 1997), which is common for intermittent faults (Lönn, 1999). Moreover, real-time systems hold several characteristics that are compatible with other research areas, like discrete control systems. In that respect, real-time control fundamentals have been explored by Törngren (1998), in which the basics are established in common terms such as time delays and time variations in both areas (Table 2.3). Table 2.3. Common characteristics between computer and control systems Discrete Control Systems
Computing Systems
Activation
Time Triggered
Event Triggered
Time Delays
Commonly defined as Constant
Variable
Communication paradigm
Periodic Communication Strategy
Flexible Communication Strategy based upon Scheduling Algorithm
Synchronization
Common Clock Synchronization, Sequential Procedure
Time Stamping Synchronization, Concurrent Programming
Time Variation
Bounded Time Variation
Bounded Time Variation with respect to Scheduling Algorithm.
From these basics, some common time intervals are defined, like communication time, jitter, preprocessing time, and events. Based on these representations, a common graph is defined and referred to as the time graph (Figure 2.7), where the time behavior of those components play a role in communication and need to be represented. P1 C1
Component 1
Where C 1, C2, C3 and C 4 are the Consumption Times
C2
Component 2
Where P 1 and P 4 are the Periodic Times
C3
Component 3 C4
Component 4 P4
Figure 2.7. Typical time graph
Figure 2.7 presents the classic time graph for four components. This graph shows those time intervals necessary to bound timing behavior from a real-time system. One element that plays an important role in communication is the jitter (J) that is
2. Real-Time Systems
23
defined as an uncertain time delay, which is a small fraction of any known time delay. It represents the undesirable variation of communication and computing times, in which the case is not clear. Figure 2.8 shows a typical representation of the jitter between elements during communication time. P1 C1
Time
Where tc is communication time and Jc is the jitter involved during communication procedure
P2 C2
tc
Time
Jc
Figure 2.8. Jitter presence during communication performance
From the time graph representation, real time can be measured by adding an action from certain time intervals or events where c1 is the consumption time of task 1, c2 is the consumption time of task 2, and p1 and p2 are the related periodic times. For instance, take Figure 2.9 as an example, when an event occurs in component 1 and the respective flow chart follows the relation among components 1, 2, and 3, the consumed time (ttc) from this procedure is defined as the sum of all elements involved in a consecutive transmission as shown in Equation 2.5.
ttc = tc1 + tct1 + t pp1 + tc 2 + t ct 2 + t pp 2 + tc 3 Event Where: tct1 is the communication time performed between c1 and c2.
Component 1
tc1
Time
tct2 is the communication time performed between c2 and c3.
tc2 Component 2 Time
tpp1 is the pre-processing time at node 2.
tc3
Component 3
Time
tct1
tpp1 tct2
tpp2 is the pre-processing time at node 3.
tpp2
Figure 2.9. Time graph describing communication procedure
(2.5)
24
Reconfigurable Distributed Control
In this case, there is no presence of jitter behavior, which in real systems is uncommon. Nevertheless, because communication is bounded through this representation, uncertainties are identified related to jitter assumption. Then, this measure becomes necessary to be known at least through the experience of ad hoc equipment knowledge. This graph allows issues like complexity, mutual exclusion, and to a certain extent load balancing, as presented in future sections. An example of this strategy is a fault tolerance approach with clock synchronization as shown in Figure 2.10.
At
Component 1
C1
t1
t3
t5
t2
t4
t6
t7 t8 t9
Clk 1
Time
C2 Component 1
Clk 2 Time
Component 1
C3
Clk 3 Time
Voting Algorithm
Cvtr Time
t10 Figure 2.10. Time graph representation of fault tolerance approach
In this case, communication times are t1, t2, t3, t4, t5, t6, t7, t8, and t9. Consumption times are c1, c2, and c3. Clock measurements are clk1, clk2, and clk3. Consumption time related to the voting algorithm is cvtr. As the reader may realize, these time intervals present an awkward characteristic related to the assumption of maximum communication times like t1, t3, t5, and t10 due to a heuristic selection. This maximum final consumption time (TCT) is presented in Equation 2.6. Having defined every component related to the time graph, these maximum communication times are defined according to protocol and priority definitions. TCT = At + t1 + Clk 2 + t 3 + Clk 3 + t 5 + t10 + C vtr
(2.6)
This example presents two important cases: one processor sending messages to two different processors and three processors sending messages to one processor.
2. Real-Time Systems
25
From this representation, it is possible to define several characteristics such as the need for algorithms that can define time behavior and clock synchronization. In that respect, a class of algorithm called the scheduling algorithm becomes essential. A real-time system is a multidisciplinary area related to modeling the behavior of a system, to verify its behavior and to analyze its performance. To review various strategies for modeling a real-time system, Liu (2000) and Cheng (2002) have presented a good revision of several scheduling algorithms as well as a formal representation such as deterministic finite state machines. Moreover, Cheng (2002) presents several formal approximations to verify whether a particular implementation to real-time systems is valid. In this direction, Koppenhoefer and Decotignie (1996) have proposed a formal verification of distributed real-time control based on periodic producer/consumer.
2.3 Scheduling Algorithms The advantage of using a scheduling algorithm in control systems allows us to bind time delays as well as to define the formal design of their time effects into dynamic systems (Arzen et al., 1999). Moreover, the scheduling strategy sets the boundary of system performance during known scenarios; thereafter, the effects of current control law can be defined off-line without an increase hazardous situations due to inherent timing modification. The incorporation of bounded time delays in control law is reviewed in Chapter 4. Scheduling algorithms allow us to allocate tasks during a certain time with respect to a common resource such as a processor. These sort of algorithms are defined for the common resource identified, like processors and communication media. The most well-known scheduling algorithms have been defined for the first common resource where there are characteristics to be defined like scheduler analysis. For instance, scheduler analysis for the mono-processor (the processor is the common resource) approach is focused to be less than 1, whereas scheduler analysis for the multiprocessor approach (the communication is the common resource) can be bigger than one depending on the number of nodes that will be involved. In this section, some of the most typical mono-processor algorithms are reviewed to view task allocation; their counterparts (multiprocessors algorithms) are mainly similar. Several algorithms can be used, such as rate monotonic (RT), earliest deadline first (EDF), flexible time triggered (FTT) (Almeida et al., 2002), and least slack time (LST). The difference between them is marked by the way tasks are ordered. It depends on the application which method for ordering tasks is the most suitable for a particular example. Those algorithms already mentioned are divided into two categories as static and dynamic schedulers. The main difference is that the static scheduler defines during the off-line process the allocation of task, whereas the dynamic scheduler allocates tasks based on current conditions considering a time slot. For instance, consider three tasks with the next characteristics (Table 2.4 and Figure 2.11). Under the EDF algorithm, if a task changes its deadline at ∆t , it would have a higher priority than those tasks already defined (Table 2.5).
26
Reconfigurable Distributed Control
Table 2.4. Tasks used to exemplify the EDF algorithm Consumption Time (C)
Periodic Time (P)
Deadline (D)
Priority
Task 1 (T1)
C1
P1
D1
Pr2
Task 2 (T2)
C2
P2
D2
Pr3
Task 3 (T3)
C3
P3
D3
Pr1
From Table 2.4, task 3 has the smallest slack time (ts3); therefore, it has the highest priority Pr1. Thereafter, task 1 has the next highest priority and the last task has the lowest priority Pr3.
C1
ts1
D1
P1 ts2
C2
C1 D2
P'1 t's2 D'2
C2
P2 D ts3 3
C3
P'2 t's3
C3
P3
D'1
t's1
D'3
P'3
∆t
Time
Figure 2.11. Time graph related to Table 2.4
According to Figure 2.11, there are two scenarios for these three tasks. First, task 1 has slack time ts1, task 2 has slack time ts2, and task 3 has slack time ts3, which gives the highest priority to task 3. The second scenario presents a different priority conformation according to slack time modifications. Table 2.5. New priority order after at reorganization Consumption Time (C)
Periodic Time (P)
Deadline (D)
Priority
Task 1 (T1)
C1
P’1
D’1
Pr3
Task 2 (T2)
C2
P’2
D’2
Pr1
Task 3 (T3)
C3
P’3
D’3
Pr2
For the case of deadline modification, as displayed in Figure 2.11 priorities are modified as shown in Table 2.5 where task 2 has the smallest slack time (ts2);
2. Real-Time Systems
27
therefore; it has the highest priority Pr1, task 3 has the next highest priority, and the last task has the lowest priority Pr3. For real-time purposes, it is best to use static schedulers because of its deterministic behavior. Recently, quasi-dynamic scheduling algorithms have been defined to give certain flexibility to the static communication approach. An example of this sort of algorithm is the planning scheduler (Almeida et al., 1999). The planning scheduler is a pseudo-dynamic scheduler, in the sense that it presents some dynamic properties but is not fully dynamic. The underlying idea is to use the present knowledge about the system (in particular, the variable set) to plan the system activity for a certain time window in the future. Such a time window is fixed, and independent of the periods of the variables, and it is called a plan. The scheduler must, then, be invoked once in each plan to build a static schedule that will describe the bus allocation for the next plan. The potential benefit of the planning scheduler in terms of run-time overhead is revealed by the following reasoning. Within a fixed time window of duration Pi, such as the period of variable i among a set of N variables, there are at most S transactions S=
N
⎛⎡ w ⎤
⎞
i =1
⎝⎢
⎠
∑ ⎜⎜ ⎢ P ⎥ + 1⎟⎟ i
⎥
When idle time is manipulated to give an opportunity to sporadic tasks, preemptable tasks are to be expected. To perform task re-allocation, the macro-cycle of N tasks is divided into smaller windows called elementary cycles (ECs) that are divided into basic units that are multiples of consumption times of every task. The only condition for an elementary cycle is that it has the same period as the fastest task. As this partition is proposed, the group of tasks conformed by N elements is re-organized according to these time restrictions, taking into account periodic time sizes to define priorities of execution. If there is one who cannot fit in any EC, it is said that this group of tasks cannot be scheduled. Some other strategies for scheduling needs can be defined in a more ad hoc manner from the basis of the case study; for instance, some scheduling algorithms for control systems have been defined, like Hong et al. (2002) and Hong (1995), where the approach is ad hoc to the analyzed structure and referred to as the bandwidth-scheduling algorithm. This algorithm proposes a timing analysis of each node time consumption (sensor, controller, and actuator), considering data transmission time and the related time delays. Having established certain time boundaries and the timing analysis of consumption time from every considered element, a review of the proposed algorithm is given. This algorithm consists of ordering elements such as sensors and actuators according to their inherent loop, for instance, sensors, controllers and actuators. Thereafter, this reordering is based on the earliest deadline, first considering the critique and the non-critique zone from each node. Each scenario has a correspondent control law that considers some time delay conditions like communication time delays from sensor nodes, time consumption from several control nodes, and those considered as sporadic time delays due to non-
28
Reconfigurable Distributed Control
real-time messages. Therefore, each modification established by the bandwidth scheduling algorithm has a proper repercussion for the dynamic modeling of the system and, the respective controller. In this case, time delays are bound and used to define the control structure. This is reviewed in Chapter 4. The scheduling algorithm allows us to define the time delay boundary necessary for the control law performance definition. Alternatively, other ad hoc scheduling algorithms have been proposed based on fuzzy logic (Monfared and Steiner, 2000). In this case, a study of the stochastic behavior of the process system is developed. A review of the stochastic nature from different scenarios allows for the use of the adaptive scheduling approach, although it carries the respective uncertainty. This can be tackled by the use of a more restrictive adaptive approach; however, what is recommended by Monfared and Steiner, (2000) is the use of fuzzy logic based on the utilization of several membership functions to represent a Poisson conditional probability function to adapt the best component configuration in terms of the manufacturing control system structure. Other strategies focusing on hard and soft real-time communication using CANbus have been proposed by Livani et al. (1998), where the aim is to divide the message identifier from every CAN word into possible variants called hard real time and soft real time, respectively. Messages are prioritized according to this classification. The accommodation of messages is according to high priority messages (hard real-time messages) as determined by the EDF algorithm. There are four main basic assumptions to be take into account: • • •
Each real-time message has a reserved time slot. The reserved time slot of each message is as long as the worst-case transmission time of the message. The priority of a hard real-time message depends on its transmission laxity.
An interesting approach to tradeoff analysis of real-time control including scheduler analysis is proposed by Seto et al. (2001), in which a review of optimal control based on the performance index is defined as
( ) ( )( ) max u
min J u
[ ( ((t f ),t f ))+ ∫0t f L (x( t ) ,u ( t ) ,t )dt ] (2.
u = max min s x
where J(u) is the performance index. S(.) and L(.) are the weight functions depending on systems states and control input. tf is the final time over the considered interval. u(t) are the control inputs. x(t ) are the state functions that are dependent on
x = f (x(t ), u (t ), t ) and having as control input the next function with a related boundary:
(2.8)
2. Real-Time Systems
c(x(t ), u (t )) ≤ 0
29
(2.9)
This function is minimized based on the system dynamics and schedulability performance. As a result of this optimization, determination of the optimal frequencies for task schedules is performed by solving this nonlinear constrained optimization problem. For instance, Gill et al. (2001) have proposed an approximation for scheduling service based on real-time CORBA middleware. This middleware strategy allows clients to invoke operation without concern for OS/hardware platform, types of communication protocols, types of language implementations, networks, and buses (Vinoski, 1997). Specifically, the strategy pursued by Gill et al., is a scheduling service that has already implemented the most common scheduling algorithms from the static and the dynamic. For instance, this service based on a defined framework has already implemented RM, EDF, maximum urgency first (MUF), and maximum laxity first (MLF), where an abstract implementation is followed based on three main goals: • • •
Tasks dispatchments are organized by a critical operation that is organized by a static priority in which noncritical operations are dispatched by dynamic scheduling; Any scheduling strategy must guarantee scheduling of critical operations; The adaptive scheduling approach allows for flexibility to adapt varying application requirements and platform requirements.
It also defines systems requirements by following several steps, which are defined as: • • • • • • •
Any application that gives information used by the TAO scheduling service (implemented as object) to define an IDL interface; Time configuration is performed either off-line or on-line as the application demands; Scheduling service assigns static and dynamic priority; Priorities assigned to each task and the respective subdivision allow for dispatching priority; Schedulability is evaluated based on priority assignment and the selected scheduling algorithm; Several queues that are necessary to dispatch the already ordered priorities (per node) are created per node; Dispatching modules define the thread priorities assignment according to previous analysis.
Following this idea of real time using the middleware structure as resource manager, Brandt and Nutt, (2002) have implemented flexible real-time processing by developing a dynamic quality of service manager (DQM) as a mechanism to operate on the collective quality of service level specifications. It analyzes the collective optimization of processes to determine its allocation strategy. Once the allocation is determined, it defines the level that each application should operate to optimize global performance based on the soft real-time strategy, which an eventual mis-
30
Reconfigurable Distributed Control
deadline is feasible. This approximation to real time using middleware presents a competitive task allocation approach, although dynamic management resources still comprise the hard real-time behavior for safety-critical purposes. Another approach related to real-time middleware is presented by Sanz et al. (2001), where an integrated strategy for several functional components like operational control is proposed, such as complex loops, sensors and actuators, monitoring, planning, and execution. This integration is proposed from the perspective of cooperative functional components encapsulated through agents using real-time CORBA. Furthermore, this author has explored the use of “intelligent” strategies for planning the behavior of a complex network control system as presented in Sanz and Zalewski (2003), where design patterns are reviewed to define the most suitable strategies for control law design, task allocation, and exploit design knowledge. Furthermore, the use of middleware strategies to define suitable scheduling algorithms has been explored by the use of CORBA (Sanz et al., 2001). For instance, the RM algorithm assigns priorities to tasks based on their periods: the shorter the period the higher the priority. The rate of a task is the inverse of its period. The rate monotonic algorithm behaves as in the following example in the presence of three tasks. Example: Suppose we have three tasks with the characteristics described in Table 2.6. Table 2.6. Three tasks for rate monotonic example
Name of Tasks T1 T2 T3
Consumption Time (C) A B C
Period Time (T) aT bT cT
Here T1 has the smallest period aT and the smallest consumption time a. The related ordering of this table is presented in Figure 2.12.
aT
bT
cT
Time A
B
C Figure 2.12. Related order from rate monotonic algorithm
Alternatively, we have a case with periodic tasks with submultiples of bigger periods as shown in Table 2.7, where 2aT = bT .
2. Real-Time Systems
31
Table 2.7. Another set of tasks for rate monotonic example
Name of Tasks T1 T2 T3 T4
Consumption Time (C) A B C D
Period Time (T) aT bT cT dT
This group of tasks is organized following the basic principle of this scheduling algorithm with the next distribution (Figure 2.13). c1T b1T a1T T1 T2
T3
T4
a2T T2
T1
b2T a4T
a3T T3
T4
Figure 2.13. Task distribution from Table 2.7 according to rate monotonic
There are two main issues in this algorithm. First, it has a common resource, processor performance, and second, its organization allows for a priority analysis in terms of the capacity to allocate every task following its respective time restriction. This analysis is referred to as schedulability analysis (Liu and Layland, 1973), where the basic condition is that the total percentage consumed by the consumed time (ci) from every task with respect to its period (Ti) should be less than or equal to one. This condition is expressed as follows:
U=
N
ci
∑T i =1
≤1
(2.10)
i
where N is the total number of tasks and U is the total percentage of consumption time. If this condition holds true, it is possible to reorganize this group of tasks as stated before. There are various conditions to be reviewed for this algorithm. For instance, there is time variation with respect to time deadlines and consumption times in which tasks can be derived into this condition. Devillers and Goossens, (2000) present a review of these variations in which the feasibility problem based on the utilization factor may be possible. On the other hand, The EDF algorithm assigns priorities to individual jobs in the tasks according to their absolute deadlines. The EDF algorithm performs organization based on the proximity of the deadline with respect to the current consumption time left from each task. It holds the scheduling analysis as the rate monotonic algorithm. As an example, Table 2.8 is presented.
32
Reconfigurable Distributed Control
Table 2.8. Task distribution for EDF algorithm Name of Tasks
Consumption Time (C)
Period Time (T)
T1
A
aT
T2
B
bT
T3
C
cT
In Figure 2.14, the current time evaluation is denoted as ct which is the time when it is decided which task is going to be executed following EDF considerations.
aleft
at
T1
Time
bleft
T2
bt Time
cleft
T3
ct Time
ct Figure 2.14. Task distribution for EDF example
At ct, the time left for task T1 with respect to its deadline is calculated as follows: a d = a T − a left
(2.11)
This procedure is performed for the rest of the tasks: b d = b T − bleft c d = c T − cleft
(2.12)
Having produced ad, bd, and cd, a comparison is performed: ab < bd bd < cd
(2.13)
2. Real-Time Systems
33
The smallest value from this comparison is the winner; therefore, it has the capacity to use the common resource (Figure 2.15) until Equation 2.13 is modified.
a
b
c Time
Figure 2.15. Task assignment to common resource according to EDF
The rest of the tasks are organized following the same criteria of deadline evaluation as shown in Figure 2.15. If any task modifies either its consumption time or its deadline condition (Equation 2.13) tasks rearrange priorities and task execution is modified according to new conditions. The alternative approach for the dynamic scheduling strategy is the LST algorithm. In the LST algorithm, at any time t, the slack of a job (ts) with deadline at d is equal to d-t minus the time required to complete the remaining portion of the job (∆t) as shown in Equation 2.14 and Figure 2.16. t s = d − t − ∆t
(2.14)
c
t
d
At
Time
Current Time Figure 2.16. Current execution task according to LST
As an example of this dynamic algorithm, Table 2.9 is proposed. Table 2.9. Task distribution for related example Name of Tasks
Consumption Time (C)
Period Time (T)
T1
a
aT
T2
b
bT
T3
c
cT
Based on Figure 2.17, the monitored system is performed by current time t as follows:
34
Reconfigurable Distributed Control
t sa = a T − ∆t a − t t sb = b T − ∆t b − t
(2.15)
t sc = c − ∆t c − t T
Ata
aT
a Atb
Time
bT
b Atc
cT
Time
c Time
Current Time Figure 2.17. Time evaluation according to LST
where tsa, tsb, and tsc are the respective slack time of each task priority; in this example, the task that becomes the common resource is a because tsa is the smallest value and it has the biggest priority. This algorithm has the particularity that it behaves like the EDF algorithm according to certain conditions. Another dynamic scheduling algorithm is the MUF algorithm. This algorithm organizes a group of tasks following next procedure; it follows the EDF procedure by combining a heuristic priority designation of tasks when both techniques agreed to a certain priority assignment and then the selected task is performed. It takes into account deadline proximity like the EDF algorithm, and the priority assignment is based on exogenous demands from the case study. As example of this algorithm in Table 2.10 is proposed. Table 2.10. Task distribution for MUF algorithm priorities Name of Tasks
Consumption Time (C)
Period Time (T)
T1
a
aT
T2
B
bT
T3
C
cT
Task organization is presented in Figure 2.18.
2. Real-Time Systems
35
aT a Time
bT b cT
Time
c Time
b
a
c Time
Figure 2.18. Task original organization from Table 2.10
If we check out the result of this reordering (last part of Figure 2.18), it has been performed with an obvious strategy because exogenous priority has won according to Table 2.10. As a concluding remark from this section, different scheduling algorithms have been presented as well other strategies such as ad hoc scheduling algorithm responses and task organization, which provided an overview of the key advantages and disadvantages of different algorithms. One procedure that can be followed to define a feasible approach is presented in Section 2.4. This review gives an idea of how the scheduling approach can be followed taking into account performance or middleware strategies. Basically, the protocol makes use of the dual-phase elementary cycle concept to combine time- and event-triggered communication with temporal isolation. Moreover, the time-triggered traffic is scheduled on-line and centrally in a particular node called master. This feature facilitates the on-line admission control of dynamic requests for periodic communication because the respective requirements are held centrally in just one local table.
2.4 Distributed Real-Time Systems Various factors should be taken into account to define a scheduling algorithm for distributed systems. Issues like synchronization arise as fundamentals; for this reason other characteristics are listed next: • • • •
Synchronization; Communication cost; Load balancing; Task assignment and task precedence.
Time synchronization was reviewed in Section 2.3, which defined the most common algorithms like time stamping, passing time synchronization, and sliding linear
36
Reconfigurable Distributed Control
regression as determined by Johannessen (2004). Techniques like passing time synchronization have as a main characteristic the use of an inherent protocol with time managing, such as the network time protocol. Cervin et al. (2003) have studied the issue of synchronization where synchronization clocks by subnet organizations are commonly recommended although they have a high timing cost that affect performance by inherent time delays. From this group of possible strategies arises the issue of performance evaluation to determine a suitable approach for certain cases of study; for instance, Lönn (1999) presents a review of different performance evaluation techniques as well as some results with respect to a specific configuration such as fault tolerance average. This approximation presents the best results in average skew and mean time between faults. This strategy (Kopetz and Oschenreiter, 1987) is classified as a converge clock; it consists of the average of all n-clocks except the n fastest clock and the m slowest clock. Maximum skew is presented in Equation 2.16. ∂ max = (ε + 2 ρR )
n − 2m n − 3m
(2.16)
where ε is the reading error of a remote clock, R is the resynchronization interval, ρ is the maximum drift between two clocks, and n and m are ∂ from the result of this equation. Clocks are corrected in terms of the ∂ max error. On the other hand, communication cost is defined as the rate between the size of the data to be transmitted and the frequency of transmission. This cost can be defined as a percentage between these two values, although it is based on the characteristics of the case study. For instance, some distributed systems can be loosely connected; therefore they transmit with a very low frequency but with high loaded data in terms of information, such as that reviewed by Coulouris et al. (1994). Load balancing is performed when there are various processes and their respective processors; therefore, accommodation is performed by several algorithms that take into account performance measures from both processes and processors. The load balancing algorithm is an ad hoc approach to the case study, in which the key factor is how to define performance in terms of the analyzed variables. There are restrictions related to computational activities in which several processes cannot be executed in an arbitrary order but must take into account the precedence relations defined when the design stage took place (Buttazzo, 2004). These relations are described through an a-cyclic graph, where tasks are represented by nodes and precedence relations by arrows (Figure 2.19).
2. Real-Time Systems
37
T1
Tp12 T2
Tp14 T3
T4
Tp25 T5
T6
Tp47 T7
Figure 2.19. Task precedence example
In Figure 2.19, {T1, T2, …, T7} are the nodes and {TP14, TP12, …, TP47} are the related precedence tasks. Task precedence is defined by the case study, and it becomes a requirement for the scheduling algorithm. There are other implementations like that proposed by Altisen et al. (2002), where a compromise between the scheduling algorithm and the control synthesis paradigm is proposed. As the scope of this work is related to the distributed system, the use of those pieces allow us to cover the main picture of real-time distributed systems, which is to define how time delays can be modeled up to certain conditions like consumption time, which is defined by total time spent from a group of tasks organized by a particular scheduler algorithm. Therefore, an important issue is related to time synchronization between processors; this is performed by various means as shown throughout this chapter. After this review of different algorithms, the proposal of a specific strategy is defined in terms of the needs of the case study in Chapter 5.
2.5 Conclusions As a concluding remark for this chapter, this was a brief overview of real-time systems and various components such as fault tolerance clock synchronization and scheduling algorithms. We have been reviewed new paradigms in that respect, like the use of middleware in real time and the future directions of this strategy.
3 Smart Peripheral Elements
3.1 Overview The main characteristics of this sort of peripheral elements are constituted by communication capabilities, fault diagnosis, and a certain degree of autonomy. This idea has been explored in terms of smart networks (Reza, 1994). Different research groups have explored an interesting review of this sort of configured element. One key holistic definition of this technology has been provided by Masten (1997). What is expected from this strategy is to define autonomous elements that detect faults to take fault tolerance actions like structural reconfiguration as a previous step for control reconfiguration. This chapter focuses on several strategies to enhance fault detection and localization capabilities to peripheral elements under the prevalence of smart elements.
3.2 Peripheral Autonomy Peripheral autonomy is defined by the capability to produce results even in fault conditions. Fault diagnosis is a mature defined area where several approaches to detect, isolate, and diagnosis a fault have been defined (Patton et al., 2000). For instance, the knowledge-based approach using neural networks is a feasible option as presented by Chiang et al. (2001). Other approaches like signal analysis are feasible as has been presented by Campbell and Nikoulhah (2004) and Gertler (1998). As mentioned earlier, stability-based approaches such as robust estimation have been studied by Mangoubi and Edelanager (2000) and Chen and Patton, (1999), where uncertainty becomes an issue during fault presence. A complete survey of recently developed algorithms is presented by Venkatasubramanian et al. (2003a, 2003b, and 2003c), which looks at all kind of classic strategies from modelbased to model-free techniques. The strategy for peripheral autonomy introduces smart sensor networks that assign new challenges such as multivariate pattern recognition and cooperative networking as presented by Agre and Clare (1999), Reza (1994), and Akbaryan and
39
40
Reconfigurable Distributed Control
Bishnoi (2001). Studies for sensor networks have been reviewed at different perspectives such as fault diagnosis and real time. As the information obtained from this configuration allows for the use of data fusion, fault tolerance, structural reconfiguration, control reconfiguration, and other techniques for keeping performance up to certain levels, one of the most important features in here is how to evaluate sensor network configuration and the afterward technique, like those already mentioned. In this respect, different views are reviewed from a local to a global point of view. The first view is discussed here by defining a heuristic measure referred to as the confidence value. Meanwhile, the global view is revised in Chapter 4 as part of the global evaluation from the impact of peripheral autonomy into system performance. As peripheral autonomy is one main advantage of using a smart peripheral element and certainly is the main reason for using it as a central aspect for the kind of elements in this book, it is necessary to define how to accomplish autonomy in terms of fault detection. Section 3.3 focuses on this goal.
3.3 Typical Smart Elements A “smart” element is defined as a device that can communicate, self-diagnose, and make decisions (Masten, 1997). Based on this definition, a “smart” element (SE) can be visualised as shown in Figure 3.1. The main goal of the device is to obtain as much information as possible to produce self-calibration and compensation based on structural analysis (Blanke et al., 2003). Additionally, this information must be processed and packaged in a standard way to be transmitted over the communication network supported by the distributed system. output
input Sensor/Actuator Transducer
Transducer
Module Evaluation
Module Behavior
Figure 3.1. “Smart” model
For the purpose of this work, “smart” elements consider just two kinds of peripheral devices: sensors and actuators.
3. Smart Peripheral Elements
41
These devices play the role of independent elements for the distributed system (Figure 3.2). Together with the controller they must perform their tasks within the restrictions on time dictated by the scheduler. However, in the presence of abnormal conditions, the overall system must be robust to deal with any delay caused by either the fault or the accommodation procedure. In this work, to measure the impact in terms of time degradation of these procedures, a simulated distributed system is used. This system is explained in Chapter 5.
"Smart" Sensor
External Fault Tolerance Module Plant
"Smart" Sensor
Controller
Fault Tolerance Module
"Smart" Actuator
Figure 3.2. Network concept
Figure 3.2 shows different approaches to “smart” sensors combined with local fault tolerance strategies. A “smart” sensor may rely on an external module for fault tolerance, or it may have a built-in fault tolerance. Similarly, actuators may adopt either of these approaches. Technological progress in microelectronics and digital communications has enabled the emergence of “smart” or “intelligent” elements (devices with internal processing capability). Conceptually, these devices can be divided into the transducer and the transmitter parts, which are integrated into one unit. Moreover, the decentralization of intelligence within the system and the capability of digital communications makes it possible for “smart” elements to yield measurements of better quality (Ferree, 1991) due to better signal processing, improved diagnostics, and control of the local hardware. “Smart” sensors and actuators are developed to fit the specific requirements of the application. However, consistent characteristics have been defined by Masten (1997) for smart sensors and actuators. This standard defines a “smart” element as a device that has the capabilities of self-diagnosis, communication, and compensation on-line. In particular, “intelligent” sensors offer many advantages over their counterparts, e.g., the capability to obtain more information, produce better measurements, reduce
42
Reconfigurable Distributed Control
dependency, and increase flexibility of data processing for real time. However, standards need to be developed to deal with the increased information available to allow sensors to be easily integrated into systems. The adoption of the Fieldbus standard for digital communications allows the sensor to be treated as a richer information source (Yang et al., 1997a). Nowadays, modular design concepts are beginning to generate specifications for distributed control. In particular, systems are appearing where low-level sensor data is processed at the sensing site and a central control manages information rather than raw data (Olbrich et al., 1996a). In addition, process control is becoming more demanding, catalyzing demands for improved measurement accuracy, tighter control of tolerances, and further increases in automation (Olbrich et al., 1996b). The degree of automation and reliability that is likely to be required in each module will almost certainly demand high sensitivities, self-calibration, and compensation of nonlinearities, low-operation, digital, preprocessed outputs, self-checking, and diagnostic modes. These features can all be built into “smart” sensors. Likewise, low-cost microelectronics allows integration of increased functionality into distributed components such as actuators. This has led to the rise of mechatronics as an interesting new research field. Here, electronic control is applied to mechanical systems using microcomputers (Auslander, 1996). Using a microprocessor, it is possible to program an actuator to perform several additional functions resulting in many benefits (Masten, 1997): • • • •
Automatic actuator calibration; Lower cost installation; Preventive maintenance reduction; On-site data collection.
The high capabilities of microelectronics allow new features to be integrated together for fault detection and isolation. “Smart” elements are becoming more widespread (Isermann, 1994). The most common actuators transform electrical inputs into mechanical outputs, such as position, force, angle, or torque. For actuators, the classification and evaluation can be concentrated into one of three major groups: • • •
Electromechanical actuators; Fluid power actuators; Alternative actuator concepts.
In the future, further development of actuators (Raab and Isermann, 1990) will be determined by the following general requirements: • • • •
Greater reliability and availability; Higher precision of positioning; Faster positioning without overshoot; Simpler and cheaper manufacturing.
Here, the different modules of the information flow of a “low-degree intelligent actuator” (Isermann and Raab, 1993) are given. They comprise the following particular requirements:
3. Smart Peripheral Elements
• • • • •
43
Control at different levels; Self-tuning/adaptive (nonlinear) control; Optimization of the dynamic performance; Supervision and fault diagnosis; Knowledge base.
Analytical knowledge: • •
Parameter and state estimation (actuator models); Controller design methods.
Heuristic knowledge: • • • • •
Normal features (storage of learned behavior); Inference mechanism; Decisions for (adaptive) control; Decisions for fault diagnosis; Communication.
Internal: connecting of modules, messages. External: with other actuators and the automation system. Hence, the “intelligent” actuator adapts its internal controller to the nonlinear behavior (adaptation) and stores its controller parameters dependent on the position and load (learning), supervises all relevant elements, and performs a fault diagnosis (supervision) to request for maintenance. If a failure occurs, it can be configured to fail-safe (decisions on actions) (Isermann and Raab, 1993). Focusing on “smart” actuators, Koenig et al. (1997) proposed a fault detection and isolation (FDI) algorithm based on the idea of hierarchical detection observers (Janseen and Frank, 1984) to enable detection and isolation of a large variety of faults for a system under real-time computation constraints. An example of FDI applied to induction motors is presented by (Beilharz and Filbert, 1997) using a parameter estimation technique. The novelty of this approach is in the calculation of the parameters based on the supplied signals with different frequencies. Moreover, Lapeyre et al. (1997) proposed an on-line parameter estimation based on the modified version of the extended Kalman filter (Ljung, 1979). A similar approach for FDI is proposed by Oehler et al. (1997) using extended Kalman filters to make the parameter estimation possible. Furthermore, Benchaib and Rachid (1997) propose a particular type of observer called the selftuning sliding mode observer (Kubota et al., 1993) to detect faults in a specific type of induction motor. Mediavilla and Pastora-Vega (1997) propose parity equations for multiplicative faults as described by Gertler and Kunwer (1995) focused on an industrial actuator benchmark designed by Blanke et al. (1994).
44
Reconfigurable Distributed Control
3.4 Smart Elements Designs To design a peripheral element based on the concept of fault diagnosis, it is necessary to define the monitored element in terms of structural analysis to determine which kind of faults are detectable. As this available information is present, a suitable FDI strategy can be defined in terms of available faults. Structural analysis allows system modeling for monitorability in a petri nets fashion. First, fault dynamics of monitored elements are defined, secondly structural analysis is defined as petri nets, finally FDI is pursued. Additionally, the use of neural networks or fuzzy logic can be challenged ion order to determine behavior of system during the presence of faults.
3.5 Fault Diagnosis Approximations As the basic issue in smart element design is the fault diagnosis procedure, it is necessary to give a review of those available strategies in this respect. Fault detection and isolation is divided into two main groups: qualitative and quantitative approximations. Both contain several algorithms presented in Table 3.1. Table 3.1. Most common strategies for fault detection and isolation Qualitative Methods
Quantitative Methods
Statistical Methods (PCA)
Parameter Estimation
Neural Networks
Unknown Input Observers
Fuzzy Logic
Parity Equations
Causal Models
Kalman Filters
PCA = principal component analysis Each algorithm presents certain advantages and disadvantages to the characteristics of the process that will be discussed. To give a fair comparison of these algorithms, a brief review of them is performed. 3.5.1 Parameter Estimation Parameter estimation is based on static model identification, in which the basic representation is given by y (t ) = a1u1 (t ) + ... + a N u N (t )
(3.1)
where two vectors are conformed, a regression vector U = [u1 (t )...u N (t )] and a
parameter vector θ = [a1 ,..., a N ], providing the next representation y(t ) = U T θ
(3.2)
3. Smart Peripheral Elements
45
Now this output can be predicted based on an estimation of a parameter vector as follows: yˆ = U T θˆ
(3.3)
Therefore, the related performance index is defined as J=
N
∑ [yˆ (t − i ) − y (t − i )]
2
(3.4)
i =0
where N is the number of elements. Using this performance index J and its derivative, we can define the optimum of the θˆ value. From this evaluation, θˆ is defined as T
∑(
) ∑(
)
N ⎡N T ⎤ T ⎤ ⎡ θˆ = ⎢ u (t − i )u (t − i ) ⎥ ⎢ u (t − i )y (t − i ) ⎥ ⎦ ⎦ ⎣ i =0 ⎣ i =0
(3.5)
Or, in other words,
[
]
T θˆ = U T U U T y
(3.6)
For the case of nonlinear dynamic models, parameter estimation can be defined in terms of classic models referred to as moving average (MA) and autoregressive moving average (ARMA). There are different approaches from the number of input output variables such as the single-input single-output system, multiple-input singleoutput system, and multiple-input multiple-output system. In any case, two kinds of faults can be detected: additive and multiplicative. In the case of additive faults, these are considered as exogenous effects into peripheral elements such as sensors or actuators. The mathematical representation of this effect is x(k + 1) = Ax(k ) + B(u (k ) + ∆u (k )) y(k ) + ∆y (k ) ≅ Cx(k )
(3.7)
where ∆y and ∆u are the related variations known as additive faults and x and y are the states and output, respectively. A, B, and C are well known dimensions and matrices. In the case of multiplicative faults, these are presented into the monitored element; therefore, the representative matrix would suffer modifications like the following: x(k + 1) = (A + ∆A)x(k ) + B(u (k )) y (k ) = Cx(k )
(3.8)
46
Reconfigurable Distributed Control
where ∆A represents the inherent variations of the system referred to as multiplicative faults. From this fault representation, these are reviewed based on residual generation, which are categorized into two types: structural and directional (Gertler, 1998). Structural residuals are designed so that each variable corresponds to a specific subset of faults as shown in Figure 3.3, where r1, r2, and r3 are residuals produced by any model-based technique like a typical observer-based technique. Fault1, fault2, and fault3 are faults related to residual coordination when they act over the monitored system. r1
Fa ul t2
Fault 1
r2 Fault 2 r3
Figure 3.3. Structural fault decomposition
Directional residuals are designed to respond to a particular fault as shown in Figure 3.4. In this case, faults respond to a particular behavior of three residuals, which give a resultant response considering a direction of certain behavior. This sort of strategy tends to be useful if fault response is well known to define certain replay boundaries. r1 Fault 2
Fault 1 Fault 3 r2
r3
Figure 3.4. Directional fault decomposition
3.5.2 Observer-Based Techniques Another common strategy for detection is the state space fault detection. This strategy is based on
3. Smart Peripheral Elements
x(k + 1) = Ax(k ) + Bu (k ) y (k ) = Cx(k )
47
(3.9)
This procedure is based on state observers that are used to reconstruct the unmeasurable state variables xˆ (k + 1) = Axˆ (k ) + Bu (k ) + He(k ) e(k ) = y (k ) − Cxˆ (k )
(3.10)
where H is the gain observer matrix and e is the error. Now the state estimation error follows: ~ x (k ) = x(k ) − xˆ (k ) ~ x (k + 1) = [A − HC ]~ x (k )
(3.11)
x is the state vector where H is the gain matrix related to the state observer and ~ error. There are two possible approaches. First, the observer can be sensitive to fault presence by the proper model of H matrix. Second, the other approach is the complete the opposite, in which observer does not respond to the fault. Then the residual becomes the necessary monitored variable to detect faults. 3.5.3 Parity Equations Another common methodology involves parity equations. This is based on a description of the model using a linear process representation through a transfer function HP =
y B = u A
(3.12)
where B and A are algebraic structures that represent the monitored element. This process can be represented through a similar structure called the process model Hm =
y m Bm = u m Am
(3.13)
Now if fu is a fault added to the input and fy is a fault added at the output, the process can be represented as follows: y = H Pu + H P fu + f y where the related error is given by
(3.14)
48
Reconfigurable Distributed Control
e = y − ym = H p fu + f y
(3.15)
The typical configuration is shown in Figure 3.5. fu
fy
u
y
Hp
Bm
Am e
Figure 3.5. Basic configuration of parity equations
The error allows for detection becuase there is a difference either at input or at output of the monitored element. 3.5.4 Principal Components Analysis Another strategy is based on statistical modeling like principal component analysis (PCA). The PCA technique is a linear technique of multivariate analysis that aims to reach a linear and a orthonormal special transformation as y = Wx
(3.16)
where
x = [x1
x2
x3 ... x n ]
T
is a standardized input vector, y = [y1
y2
y3
... y m ]
are the principal components, and W = [w11
w12
w13 ... wmn ]∈ R mxn
is the transformation matrix whose components are called principal vectors or directors (Misra et al., 2002; Jolliffe, 2002). The aim of this technique is to minimize the error when x(t ) i is approximated using k (∠n ) components of y : Xˆ =
k
∑w
T i
y i . This approach produces an error
i =1
E = x − xˆ i . This orthonormal transformation W is obtained by the eigenvectors of
3. Smart Peripheral Elements
49
the correlation matrix of x(t) and the error as a function of their eigenvalues (Moya et al., 2001). This projection matrix as in orthogonal projection is performed as shown in two dimensions (Figure 3.6). Here, the x vector is composed of two dimensions that are projected to vector y, where the difference between these two vectors is referred to as the r vector. x2 x 8
r
6 y
4 2 0
2
4
6
8
10
x1
Figure 3.6. Orthogonal projection of a two-dimensional vector
The aim of PCA is to reduce dimensions in terms of orthonormal projection. From this approximation, fault isolation is pursued because classification comes is a goal. Moreover, for fault detection in the new sample x(t), a deviation in x from the normal correlation would change the projections onto the subspaces (Misra et al., 2002). Consequently, the magnitude of xˆ would increase over the values obtained with normal data. A common technique to evaluate deviations (therefore, fault presence) in this sort of approach is called the square prediction error (SPE). This is a statistic that measures the lack of fit of a model to data. The SPE statistic indicates the residual between the projection into its components retained in the model (Misra et al., 2002). This technique has been widely used in combination with fault detection in chemical processes such as that presented by Patton et al. (2000). 3.5.5 Neural Network Approach Several approaches for classification can be pursued for fault localization such as clustering-based techniques like fuzzy C means, fuzzy K means (Höppner et al., 2000), or linear vector quantification. These techniques present interesting characteristics for self-diagnosis. One of the most important is that related to multidimensional classification. In fact, self-organizing maps (SOM network) fulfill this characteristic. The purpose of Kohonen self-organizing feature maps is to capture the topology and probability distribution of input data (Kohonen, 1989; Hassoum, 1995) (Figure 3.7). First, a topology of the self-organizing map is defined as a rectangular grid (Nelles, 2001) (Figure 3.8). Different types of grid may be used such as a triangular grid, and a finite element grid. The selected grid presents a homogenous response suitable for noise cancellation. The neighbourhood function with respect to a rectangular grid is defined based on bidimensional Gaussian functions such as
50
Reconfigurable Distributed Control
Output Vector
1
2
W 11
3
4
n
W12 W54 W53 W52
W13 W14 W1n
W5n
W51
1
2
3
4
5
Input Vector, Neurons Array
Figure 3.7. Topology network
(
) (
2 ⎛ i win − i1 + i2win − i2 h(i1, i2 ) = exp⎜ − 0.5 * 1 ⎜ σ2 ⎝
) ⎞⎟ 2
(3.17)
⎟ ⎠
where i1 and i2 are the index of each neuron. ı is the standard deviation from each Gaussian distribution. This distribution determines how the neurons next to the winner neuron are modified. Each neuron has a weight vector ( cil ) that represents how this is modified by an input update. This bidimensional function allows for the weight matrix to be updated in a global way rather than just to update the weight vector related to the winner neuron. The use of multidimensional data characterization allows for early local fault localization and its propagation as a general fault presence. Similar to other types of nonsupervised neural networks such as ART2-A (Frank et al., 1998), the input vector performs an inner product with each weight vector. Having calculated every product, these are compared with each other to determine the largest value. This value is declared the winner. The related bidimensional index based on Figure 3.8 is calculated to determine how the weight matrix is modified. Index 2 i2
(4,1)
(4,2)
(4,3) (4,4)
(4,5)
(3,1)
(3,2)
(3,3) (3,4)
(3,5)
(2,1)
(1,1)
(2,2)
(1,2)
(2,3)
(1,3)
(2,4)
(2,5)
(1,4)
(1,5) Index 1 i1
Figure 3.8. Index grid
3. Smart Peripheral Elements
51
The process of updating the weight matrix is based upon Equation 3.18.
(
c new = c old + η * h(i 1 , i 2 ) * u − c old j j j
)
(3.18)
where Ș represents a constant value and h(i1,i2) is the Gaussian representation that permits the modification of neighbor neurons. Finally, u represents the current input vector. A vigilance parameter named ρ is used to determine the winner from a comparison between current input and every weight vector. This whole process allows on-line classification of data based on a defined time window by the inherent geometry of the behavior of the system. The use of this technique in fault diagnosis has presented several advantages as shown by Jämsä-Jounela et al. (2003). In this case, fault diagnosis is performed using SOM in conjunction with heuristics rules. On the other hand, Xu and Zhao (2002) present a novel approach using wavelet networks and regional SOM where every sampled signal is decomposed to extract several features by the use of statistical analysis; thereafter, off-line feature clusters are performed for the first time. Finally, on-line feature clusters are performed by the previous signal decomposition. Other strategies for fault detection are based on classic neural networks techniques such as radial basis functions (RBF) and multilayer perceptrons (MLP) like that presented in Figure 3.9.
u1
y1
u2
y2 wij
w' ij ym
un
Fig 3.9. Typical RBF configuration
For the case of RBF, this is constituted by
y = ∑ wi f ( u − c i M
i =0
)
(3.19)
where wi is the related weight, ci is the bias level, and f functions are local onedimensional. Guassian functions (Nelles, 2001). In this case, weight updating is performed by using a classic backpropagation algorithm (Werbos, 1990).
52
Reconfigurable Distributed Control
Now, for the case of multilayer perceptrons the structure of the network is defined as y=
⎛
M
N
∑ w f ⎜⎜ ∑ w u i
i =1
⎝
' ij
j =1
j
⎞ ⎟ ⎟ ⎠
(3.20)
using the well-known backpropagation algorithm as the training method but considering different layers of necessary adapting weights. In this case, there are two kinds of functions, one for each layer representing the behavior of the respective neurons. For the last two networks, the learning stage (based on backpropagation) is performed off-line which results in the supervised neural network approach. Having reviewed these classic neural networks strategies used for fault detection, one important issue is how to evaluate an element through this technique. Figure 3.10 presents the most common configuration strategy, bearing in mind that the offline stage has already been performed to train the network. u
System
Neural Network
Selected Patterns
Figure 3.10. Classical configuration for the neural network, which is used for FDI purposes
A combination of different neural networks has been pursued such as Yang et al. (2004), where ART and SOM networks are combined by using the structure of the first neural network and the learning strategy from the second neural network. From this combination, the resultant neural network becomes suitable for unknown fault conditions. Furthermore, a review of classification accuracy based on the modification of a similarity coefficient is pursued, which provides a comparison methodology for this sort of technique. Similar strategies have been proposed, like connecting these two neural networks. The main approach proposed is an integration of two neural networks and a bank of unknown input observers as part of the fault localization approach, which is presented in Figure 3.11. This process performs the monitoring procedure of the case study in three main stages, sampling of input and output data as well as producing residuals based on unknown input observers UIO bank and neural network supervision. The sampled information is processed by a nonsupervised neural network that will be classified as a pattern. The winning weight vector related to the winning pattern is classified by the second nonsupervised neural network.
3. Smart Peripheral Elements
53
Element
Output Sampled Data Vector Unsupervised Network
Input Sampled Data Vector
Normalization Procedure
SOM Netwok
Current selected Pattern
Static Classifier
ART2 Network
Current Selected Cluster
Fuzzy Evaluation Module
Data from Analytical Redundancy Approach (Bank of Unknown Input Observers)
Figure 3.11. Pursued topology for intelligent fault localization
The idea of using two consecutive neural networks is to avoid misclassification during the presence of unknown scenarios. This goal pursues the use of a selforganizing map (SOM) and adaptive resonance theory algorithms. The SOM categorizes the behavior of a monitored system. The results of this categorization are evaluated by the second neural network (ART2A network) to avoid glitches between similar categories mis-selected due to unknown scenarios. The pursued strategy is based on integration of an analytical redundancy approach and a fault classification technique. This fault classification approach is composed of two similar techniques to avoid any glitch either during transitions or during appearance of unknown scenarios. These transitions are related to several operating points from the monitored element. The data used are divided into three areas: input, output, and residual data from analytical redundancy. These data are used in two stages: first, off-line to train both neural networks, and second, on-line stage for testing this approach. The training matrix consists of input, output, and residual data and is normalized between 0 and 1. In terms of scenarios, this matrix is divided into three areas as presented in Figure 3.12. This input matrix is composed of three different kinds of variables: input, output, and residuals. Each variable has M samples. Finally, the whole group of variables is integrated by three scenarios. Scenario I Scenario II Scenario III
Input Matrix
Input
M Samples
Output
M Samples
Residuals
M Samples
N Vectors
N Vectors
N Vectors
Figure 3.12. Input matrix composition
54
Reconfigurable Distributed Control
During the training stage, each sample time window is composed of M samples, which is directly related to a ∆t time window as shown in Figure 3.13. In this case, the frequency of the fault has a bottom boundary as shown in Equation 3.21, where frqfault represents the frequency of the monitored fault and ∆t, the previously mentioned sampled time window. M Samples Inputs Outputs Residuals Time ∆t
Figure 3.13. Input matrix composed of ∆t time window
frq fault ≥
4 ∆t
(3.21)
One quarter of ∆t has been chosen because sampled fault information is enough to be distinguished between different patterns. Therefore, the frequency of the fault can be larger than this quarter of ∆t; alternatively, the top limit in terms of fault sampling is unlimited, although for the approach proposed here, it would be useless to classify a fault much faster than the ∆t sampling window because at the time that the current approach produces an output current, the fault can be in another stage. This top bound is still open for further research and in principle is based on the relation between the frequency of the case study and the ∆t time window. A formal explanation of how process monitoring is affected by the sampling time window is reviewed by Campbell and Nikoukhah (2004). During on-line stage sampling, time is reduced to one sample evaluated every time as depicted in Figure 3.14.
Proposed Results
Evaluation Module
Sampling Data
Proposed Results
Evaluation Module
Sampling Data
Time
Figure 3.14. Sampling time during on-line performance
3. Smart Peripheral Elements
55
Having explained how the sampling time window plays a key role in fault monitoring, a brief description of neural networks integration is reviewed. Both neural networks are trained in cascade as shown in Figure 3.15. Current Vector from Input Matrix
Input Matrix
SOM
ART2
Selected Pattern with respect to Input Vector
Figure 3.15. Integration of both neural networks
Both neural networks have a weight matrix, which is initialized at 0.11 as a constant number from each node. Three patterns are declared before the training stage in each neural network. The second stage is related to actual on-line process information by the use of the already trained neural network. The assumptions made in this proposal are the characteristics of the observed faults as well as of the fault-free scenarios. Furthermore, it is necessary to have access to several sources of information from the monitored system. Formal knowledge of system behavior during fault scenarios is crucial for UIO design because these are defined in terms of system response during the presence of certain unknown input. After UIO design, the input vector comprises three different sectors: the first is the input sampled data vector, the second sector is the current output by the sampled data vector and the third sector is integrated with the residual vector. Having conformed to the input vector, both neural networks are trained during the off-line stage. During the next section, a revision of each algorithm is given. On the other hand, to tackle the time variance classification, several solutions can be implemented. These can be time window overlapping or an increment related to the sampled input vector. Although this last approach has as a main disadvantage the scale in terms of the length of input vector and overparameterization of represented clusters. Alternatively, methodologies have been reviewed by BenítezPérez et al. (2000) and Benítez-Pérez et al. (1997). As time variant faults are the focus of this approach, several strategies can be implemented such as the SOMs (Linkens and Nie, 1993); however, the computational cost tends to be expensive. Nevertheless, this algorithm can overcome this erratic response of the case study when the fault scenario is presented by a more robust pattern classification strategy based on a global weight matrix updating procedure. Another approach pursued here, it is based on two overlapped neural networks in terms of the sampled time window. Different parameters need to be established such as the time window size (ts*) in terms of the case study frequency response and neural network parameters (vigilance and learning values) to define the most suitable localization scenario. To produce a fault localization module; referred to as
56
Reconfigurable Distributed Control
the decision-making module (DMM) capable of coping with time variant systems, a group of neural networks is proposed. Figure 3.16 shows this schematic approach.
Current Time Window
Decision-Maker Module (DMM)
Based on DMM, Confidence Value is Made
Already Classified Cluster
Figure 3.16. Schematic diagram of decision−maker module
The decision-making module (Figure 3.16) defines the degree of effect from the current pattern into monitored system dynamics. Thereafter, the confidence value (CV) is produced as a percentage of measure. The structure of DMM uses three ART2 networks connected as shown in Figure 3.17. First Time Window
Second Time Window
ART2 Network
ART2 Network
Winning Weight Vector Classified Pattern Winning Weight Vector
Input vector
Input Vector
Classified Pattern
ART2 Network
Winning Vector Classified Pattern
Figure 3.17. ART2 networks
The first two networks work with two equal-size consecutive time windows overlapped by 50%. Both networks are independent in terms of classified patterns. The third ART2 network compares the winning weights vectors from both networks to determine the situation of the current scenario. As in a similar manner, the ARTMAP network performs pattern classification (Tontini G. and De Queiroz, 1996). However, it differs from ARTMAP because the construction of the map performed by the last element (map field) does not give any robust certainty for time variant behavior because it does not conserve past information during classification of fault and fault-free scenarios. Figure 3.18 presents how these time windows (ts1 first time window, ts2 second time window) are overlapped to cover time variance. It is important to define the sampling period from first and second neural networks in terms of the dynamics of the case study. In fact, the sampling time from the first network (ts1) is 50% overlapping of the second sampled vector from the second neural network. Figure 3.18 shows the nominal size of each time window used to classify a scenario
3. Smart Peripheral Elements
57
regardless of the time behavior of the case study (Benítez-Pérez and RendónAcevedo, 2001). Sample data for First ART2-A Network
ts1
ts1
ts2
ts1
ts2
ts1
ts2
ts1
ts2
ts1
ts2
ts1
ts2
ts1
ts2
Sample data for Second ART2-A Network Figure 3.18. Time behavior related to dynamic signal response
The maximum possible sampling time value, from the dynamics case study, is based on ts* <=
td 4
(3.22)
where t d is defined as the inherent period from the case study and ts* represents either ts1 or ts2. In this case, if ts* is equal to 10 ms, ts1 and ts2 are equal to 10 ms. To get a good resolution in terms of fault location, ts* should be smaller than or equal to one quarter of the case study inherent period. This result defines the top boundary of the sampling time in terms of the case study. For instance, if ts* is bigger than the value shown in Equation 3.22, it is not possible to guarantee pattern recognition of a time-variant case study. Although sampling time is bounded from this known limit, as an inherent period of the case study, it does not present any restriction as bottom bound. This means that the sampling period can be sampled main case study inherent periods. For the case of fault presence, its time response should be similar to that bounded and presented with respect to the fault-free scenario. This means that fault scenarios with very fast dynamics and classified as new scenarios are dependent on the resolution of ts* with respect to t d and the case study fault response in terms of frequency response.
58
Reconfigurable Distributed Control
Having defined how the sampling period from both neural networks is pursued, it is desirable to focus on how time-variant fault localization is performed. As it is known, the first two neural networks classify fairly similar behavior due to sampling time overlapping. In fact, both neural networks present similar learning values. The third neural network is the actual part of the DMM, which localizes any unknown behavior from the case study. As previously mentioned, three variables must be defined, Ș, ȡ, and ts*. The novelty of this work is based on the overlapping time windows to define the consistency of time-variant faults. First, the sampled observer event is performed as shown in Figure 3.19.
t
/4
ts1
v1 v2
v 1'
d
v 2'
v '' 1
2t
ts2
d
/4 3t
ts1
ts2
v 2''
d
/4
ts1
4t
ts2
d
/4 5t
ts1
d
ts2
/4 6t d /4 7t /4 8t /4 9t /4 10t /4 11t /4 12t /4 d d d d d d
ts1
ts2
Figure 3.19. Sampling example from the current approach ,
,
In Figure 3.19, v1 , v2 , v1 , v2 , and so on are the sampled vectors for ART1 ,
,,
,
,,
( v1 v1 , v1 ) and ART2 ( v2 , v2 , v2 ), respectively. The shade area from both vectors is the overlapped part from the sampling procedure. As this approximation is taken, the conformation of third weight matrix (with respect to third ART2) is presented in Figure 3.20.
Common Areas
W3
v1 v2 v1' v1" v2, v2"
Common Areas Common Areas Common Areas
Figure 3.20. Sampling example related to weight matrix from third ART2A network
3. Smart Peripheral Elements
59
Where common areas are continuous vectors, for fault-free scenarios, the selection of two similar weight vectors is expected. Now, when a fault appears, this approach behaves in terms of the sampling structure as a filter in that it would take 1.5 sampling cycles to declare the presence of an abnormal behavior even in the conditions of the early stages (Figure 3.21). Starting Time of Fault Scenario
td /4
v1 v2 v'
1
ts1 v '2
v'''1 '
v''2
2t d/4
ts2
ts1
3t d /4
ts2
ts1
4t d /4
ts2
ts1
5t d/4
ts2
ts1
Injected Fault (Drift)
6t d /4
7t d /4
8t d /4
9t d /4 10t d /4 11t d /4 12t d /4
ts2
Figure 3.21. Current campling approach during fault scenario
In this case, the fault presence is first captured for ART1, and then ART2 detects the presence of the fault. Thereafter, the third ART network processes the selected weight vectors where the on-line classification is performed due to the new information presence. For this case presented in Figure 3.21, one winning vector will arise because the fault is monotonically increased. Classified patterns from third network are the representative values of the current scenario, either fault or fault free, with the only restriction top bound sampling period. The third neural network first classifies the winning vector from the first neural network; afterwards, it classifies the second neural network winning vector. This last classification is the representative of the current scenario. If there is a fault, this selected pattern represents the fault. The third ART2 network has the advantage of producing a weight matrix with the most representative patterns of a certain scenario. The related winning vector is processed by a Mamdami fuzzy logic system to generate a CV. The final inference machine that produces the CV is presented in Table 3.2. This machine has been built under the heuristic knowledge of the designer. The number of components is constant; each component has been normalized between 0 and 1. The number of components is a direct representation of the number of elements sampled by the first two neural networks.
60
Reconfigurable Distributed Control
Table 3.2. Fuzzy logic table related to CV Component 1
Component 2
Component 3
Component 4
Result
High
High
High
Low
100%
Med
Med
Med
Low
80%
Low
High
High
Low
50%
Low
Med
Med
High
40%
Low
Low
Low
High
10%
The universe of discourse for each component has been divided by three similar boundaries, high, middle, and low. The final result is related to the correspondent value of the already known behavior of the monitored system. Different patterns have been defined with respect to a nominal value (Figure 3.22). During on-line performance, if a new pattern appears, this is declared as 0% because it represents an abnormal situation in that it has not been defined previously, which provides a safe response for this new scenario. This approach has the capability of classification of known and unknown scenarios with just a top sampling boundary. However, the fuzzy logic approach requires further work to overcome an oscillated response due to the current injected fault. Confidence Value (CV)
100% 70% 50% 20%
0% New Cluster
Cluster 4
Cluster 3
Cluster 2
cluster 1
Classified Cluster
Figure 3.22. Relation between patterns and CV
3.5.6 Logic as Fault Diagnosis Strategy Other techniques based on logic such as graphs techniques, predicate logic techniques, and fuzzy logic-based techniques are suitable for fault diagnosis because they can separate the behavior of the current system by classifying a real-time system response through residual evaluation like structural analysis where residual combinations give a particular fault signature as presented by Frank et al. (1998), which provides faults several characteristics depending on residual responses. Another kind of logic is fuzzy logic, where residuals again are evaluated through the fuzzy system to declare certain fault behavior. A classic application is shown in Figure 3.23.
3. Smart Peripheral Elements
61
Component 1
Low Medium
High
Low Medium
High
Low Medium
High
Component 2
Component n
Figure 3.23. Classic fuzzy logic structure
In Figure 3.23, different components play several roles, like characterizing signals into membership functions, which are labeled in this particular case as Low, Medium, and High. In this case, the level of approximation is related to the use of these membership functions to define the behavior of the observed signals. Moreover, the use of the inference machine related to fuzzy logic provides the representation from the response of this kind of technique. Similar strategies like structural analysis present the advantage of fault evaluation to characterize system behavior under fault conditions. A good review of this strategy is presented in Blanke et al. (2003). 3.5.7 Heuristic Confidence Value Definition Having defined the use of different neural networks as an approach to classify unknown scenarios, it is important to introduce a heuristic measure as a result of this evaluation. This heuristic measure defines how a current scenario has been degraded. This measure is based on a fuzzy logic module that evaluates the winning weight vector related to the classified pattern in the second neural network. The use of fuzzy logic presents the most suitable mechanism to evaluate those already classified patterns. However, the information used to define the fuzzy module should be rich enough to avoid any nondesirable response. To reproduce this information into fuzzy knowledge, it is necessary to follow the typical procedure of normalization, fuzzification, inference machine performance, and defuzzification. To incorporate further knowledge, it is necessary to use off-line learning techniques. Different techniques are available such as clustering or genetic algorithms (Mitra and Pal, 1999).
62
Reconfigurable Distributed Control
The use of the Mamdami-based approach (Driankov et al., 1993) is pursued because of knowledge representation and low computational cost. This module produces a percentage of measure that represents the response of the peripheral element with respect to the current scenario (either fault-free or fault scenario), which is referred to as CV. This measure classifies the behavior of the peripheral element under the presence of a fault. CV shows the degradation of the element with respect to the output, input, and parameters. This module performs the evaluation of the selected pattern to produce a percentage representation of current behavior. As mentioned before, the procedure in which fuzzy logic acquires the knowledge is the key issue. Different methodologies can be followed. For instance, the use of heuristic knowledge is the most straightforward approach. Alternative strategies such as genetic algorithms or mountain-clustering are suitable for defining the most accurate knowledge for specific scenarios. Here, the followed approach is based on heuristic knowledge. CV has a continuous range from zero (catastrophic situation) to one (fault-free scenario). Its graphical representation is depicted in Figure 3.22. The inference machine that produces CV is presented in Table 3.2. This machine has been built under the heuristic knowledge of the designer. Ten patterns have been defined with respect to a nominal value from the input vector. During on-line performance, if a new pattern appears, this is declared as 0% because it represents an abnormal situation in that it has not been defined previously. The number of components is constant; each component has been normalized between 0 and 1. This range has been divided by three similar boundaries, high, middle, and low using triangular membership functions overlapped by 50% (Figure 3.23). The final result is related to the correspondent value of the already known behavior of the monitored system. This module is connected in cascade mode to the neural network, and the input of this fuzzy evaluation module is referred to each component of the winning weight vector from the current selected pattern. This means that each component of the winning weight vector has an unvalued relation to each component from the fuzzy module (Figure 3.24). Winning weight vector from ART2-A network
wwin1 . . . .
wwin2
Input vector to fuzzy evaluation module
Component 1 . . . . Component 2
Figure 3.24. Relation between weight vector and fuzzy module
3. Smart Peripheral Elements
63
3.6 Conclusions This chapter has presented an overview of several techniques for fault diagnosis to enhance autonomy among peripheral elements like actuators and sensors. It has been shown that unlike one particular well-defined and mature strategy, the combination of various issues strengthen the capabilities for fault detection, as shown at the combination of two neural networks. Performance measures are necessary to develop to determine wether any strategy is feasible for fault diagnosis. One particular strategy based on structural analysis permits us to determine fault appearance through elements monitoring according to related constraints inherent in system performance. As this particular information is available through either structural analysis or confidence value, at last both techniques will only report those observed faults where nonmeasurable faults (hidden faults) are still an open research field.
4 Reconfigurable Control
4.1 Network Control The network control area has been defined as the study of control laws that consider a distributed system. The necessary components of the control law and a distributed system have been accomplished to define network control area. Several strategies for control design are based on hybrid strategies as Malmborg (1998) has explored in his PhD. thesis. For instance, Lian et al. (2002) propose a design analysis for distributed control systems based on timing components. These are presented as stochastic time delays for certain probabilities that are defined through the behavior of the distributed systems. Lian et al. (2002) focused its research on time delay components to provide an optimal working range of the workload. It looked at data analysis as well as time spent during transmission and reception of information, taking into account preprocessing, information pretransmission queuing, electrical transmission (in short distances, this measure is neglected), post-transmission queuing, and post-processing information. Preprocessing and post-processing information are related to the type of protocol used for computer transmission. On the other hand, pretransmission queuing is related to the databus. For instance, the transmission time (ttrans) is defined as
t pre + t elect + t pt = t trans
(4.1)
where ttrans is defined as dependent on the preprocessing information time (tpre) and post-processing information time (tpt) and electric transmission telect. These variables are dependent on the type of protocol; however, the data to be transmitted play a key role in this computation time, like the length of transmitted information and the frequency of transmitted information. As these types of measures are related to the case study, Lian et al. (2002) propose to define several histograms of transmitted packages based on a particular databus like Device Net (CAN-based databus). Having defined the available time delays as well as the source of these variation, two criteria are established, the integral of the absolute value of the error (IAE) and
65
66
Reconfigurable Distributed Control
the integral of the time multiplied by the absolute value of the error (ITAE), which are defined as
IAE
= ∫t o f e dt
ITAE
= ∫t o f e tdt
t
t
(4.2)
(4.3)
where the error (e) is the difference between the actual and the reference trajectories within the tf time window. From the Lian et al. (2002) proposal, a useful measure is defined according to error presence because time delays seem to be related to communication performance. However, consumption time related to structural and control reconfiguration is still an open issue. This idea leads us to one key point in reconfigurable control, which is related to efficiency and how this can be evaluated. In fact, measuring performance for this kind of transition becomes more important than the reconfiguration algorithm. Getting back into the idea of networked control, other strategies like trading computation have been explored by Yook et al. (2002), where communication tends to be reduced by state estimators. Walsh et al. (2002) propose a review of stability analysis for network control systems based on bounded time delays as Quevedo et al. (2004) have reviewed as design issue. In fact, software tools to simulate certain characteristics of the network into control performance have been proposed by Cervin et al. (2003) where time delays from communication performance and jitter presence are modeled and simulated based on computer system performance and a specific communication protocol. The networked control system can be analyzed under the perspective of different networks and jitter conditions, because these are simulated and planned through petri-net graphs. Time delays are to be incorporated as delays at the input to the plant with certain variation, as reviewed later in this section. Jitter plays a key role in dynamics of the system because it modifies the performance of the sampled system. An extensive review of this representation is given by Lincoln and Cervin (2002). This tool (referred to as True Time) designed under MATLAB by the Lund group allows a practical analysis of control and communication systems with a clear advantage for the system designer from a holistic perspective, although it is not clear how ad hoc scheduling algorithms can be incorporated into this implementation. Several measures are given as support information to determine system performance even if the last task is still a task delivered to the user. Furthermore, strategies like modeling frameworks have been defined as support tools for design and analysis of distributed real-time control systems frameworks like that proposed by Browne (1996), where it depicts most of the key issues embedded into control design in a distributed environment in characteristics like task precedence, load balancing, predetermined scheduling approach, and some others. This framework allows for the idea of rapid prototyping from a continuous dynamic model implemented in MATLAB into a distributed configuration that
4. Reconfigurable Control
67
considers computer-specific characteristics and the related databus. Other frameworks, like that proposed by Törngren and Redell (2000), give the advantage of graphical approximation because dynamic models are defined through a kind of petri net approximation called the timing and triggering diagram, which is based on timing analysis. Interprocess communication plays a key role in this implementation because it is the basis for graphical representation and the subsequent scheduling policy and synchronization. In a similar fashion as the previously mentioned approaches, this framework is based on CANbus. The use of any kind of framework facilitates proper implementation of dynamic systems into a heterogeneous distributed environment that provides an order to several diverse characteristics like processor capabilities, type of workload from communication media, and time delay tolerance in dynamic models. As the problem becomes a multivariable challenge to produce a suitable configuration for an ad hoc situation, it has been tackled from the perspective of multivariable optimization by the use of several evolutionary algorithms, specifically genetic algorithms, which are studied by Willis, et al. (1996). In that respect, network control can be approximated as an optimization issue from the perspective of certain tools such as a framework, where several formal characteristics need to be covered like the stability probe. Network control states a rigorous time delay analysis for stability purposes like that proposed by Park et al. (2002), where a scheduling method is proposed as well as the revision of the related control law. As networked control presents a common communication media with bounded time delays related to the utilization of this common resource, an interesting review of time delays for synchronous and asynchronous multirate systems has been reviewed by Wittenmark et al. (1998) and Nilsson (1998). Wittenmark et al. (1998) present a way to model time delays related to transmission time the defining several situations such as synchronous, partially synchronous, and asynchronous. In these three cases, time delays are studied in terms of their probability results according to a specific condition based on typical representation of transmission time as shown in Figure 4.1, where variations take place on the transitions from one node to another (marked as fieldbus).
Sender/ Sensor Time Fieldbus Time Controller Time Fieldbus Time Receiver/Actuator Time
Time Spent by Communication Media
Figure 4.1. Typical representation of network control system
68
Reconfigurable Distributed Control
Furthermore, classic approaches to computer communication modeling based on stochastic approximations have been defined by Ray and Halevi (1988) and Liou and Ray (1991). Halevi and Ray (1988) as well as Arzen et al. (1999) present a formalization on the interaction between communication and control systems engineering. As mentioned, the time delay definition states as transmission time delays from two specific terminals called sensors and controller nodes. For all cases, communication is considered fault free and periodic. The only primary source of the delays is the behavior of the communication media. As these assumptions are stated, time delays are divided into two coarse communication actions, sensor-controller (tsc) and controller-actuator (tca), as shown in Figure 4.2 and Equation 4.4, where intercommunication and inherent queuing behavior are considered part of the same time delays, although this is not always possible as shown by Arzen et al. (1999).
Sender/ Sensor
ts Time
tqc tc
Controller
Time
tqa tqs ta
Receiver/Actuator
Time
Time Spent by Queuing Inter-Communication Figure 4.2. Communication graph on network controller
Based on Figure 4.2; time delays are measured as follows:
t sc = t s + t qs t ca = t c + t qc + t qa
(4.4)
As these two kind of delays are bounded to the condition that no messages are lost, the worst-case scenario is that one sensor measure is delayed two periods, which is referred to as Tj, as presented in Figure 4.3.
4. Reconfigurable Control
69
Lost Queue ts
Sender/ Sensor
Time
Tj+1
Tj tc
Controller
tc Time
tqa tqs ta
Receiver/Actuator
Time
Time Spent by Queuing Inter-Communication
Figure 4.3. Communication graph on network controller considering periodic time
The variation presented in Equation 4.4 modifies the state space representation (Equation 4.5) from the plant model according to Equation 4.6, as follows: x = Ax + Bu
(4.5)
y = Cx
x ((k + 1 )T ) = exp (At )x (kt ) +
∫
Ts
0
exp (A (T − IJ ))Bu (IJ )d IJ
(4.6)
where k is the incremental sampling interval. Variations take place at Ts period, and the time transformation of the B matrix, takes into account that Equation 4.6 is the discrete representation of Equation 4.5 and considers that time delays affect the plant from its input. As discrete transformation is played, every sampling interval T of every variation needs to be taken into account during this interval. Therefore, variations take place by modifying
∫ exp (A (T T
0
−τ
))Bu (τ )d τ
(4.7)
where the time variable changes the discrete representation, although the dynamic A matrix is still constant. A common representation is x(k + 1) = As x(k ) +
l
∑ B u (k − i ) k i
i =0
(4.8)
70
Reconfigurable Distributed Control
where As is exp(At) and u (k − i ) = u (t ) t
k
B i = ∫ ki − 1 exp ( A (T − IJ ))Bd IJ t t
(4.9)
i
k =T where t lk = 0 and t −1 In this case, the limit l is the maximum number of variations performed during a sampling interval T to the extent that the state space representation can be defined as follows:
As = exp(AT ) and B D =
(4.10)
l
∑B
k
where Bi = B
k i
i =0
∫
k ti − 1 k ti
exp(A(T − IJ ))dIJ . In this case, the whole range
of a sampling interval is considered between (0,T). The final representation is next:
x(kT + 1) = As X (kT ) + B D u (kT )
(4.11)
y (kT ) = Cx(kT )
From this approximation, the control law is stated as z k +1 = Fz k − Go k
(4.12)
u k = Hz k − Jo k
where z ∈ ℜ q , ok is the last measure for available matrices before uk is processed by the plant, and the matrices F, G, H, and J are dimensionally correct as presented by Ray and Halevi (1988). Additionally, o k = y j − p ( j ) and p(j) is a finite amount of delays from p(k)=1,2,…,l, where l is the maximum delay and k k ⎛ ⎞ x k +1 = ⎜ As − B0 JȖ0 C ⎟ xk ⎝ ⎠ k
− B0 J
p
∑Ȗ i =1
k i
k
y k −i + B0 HȘk +
l
∑B u j
j =1
(4.13)
k
k− j
k ⎧ I if i = p(k) where Ȗi = ⎨ ⎩0 if i ≠ p(k), η k +1 is the online correction vector, and J is a dimensional correct matrix.
4. Reconfigurable Control
71
From this definition of state vector, this can be augmented as follows: X k +1 = φ k X k
[
(4.14)
]
y kT−1 .... .. y kT− p η kT
where X k = x kT
⎡ As ⎢ C φk = ⎢ ⎢ . ⎢ ⎣⎢ 0
...
0
...
0
...
.
u kT and the φ k matrix is expressed as
⎡ B0k J ⎤ Blk ⎤ ⎢ 0 ⎥ ⎥ ⎥ ⎢ 0⎥ ⎢ . ⎥ k − γ 0 C γ 1k . ⎥ ⎢ . ⎥ ⎥ ⎥ ⎢ 0 ⎦⎥ ⎢ . ⎥ ⎢⎣ 0 ⎥⎦
[
... I m
.... 0
]
4.15)
where the plant output can be defined as follows: ⎛ y k −1 = CAs−1 ⎜⎜ x k − ⎝
l
∑B i =0
k −1 i k − i −1
u
⎞ ⎟⎟ ⎠
(4.16)
Therefore, as time delays are defined from peripheral elements as defined before, B kj , it is necessary to decompose time delays as a result of time variations from scheduling approaches. One key aspect of network control is how scheduling algorithms have an effect on control law; a precise study of certain basic scheduling issues are reviewed by Árzén et al. (1999). The main issue is how a scheduling algorithm modifies communication time delays and thereafter how control is performed. Several measures from scheduling algorithms can be pursued, such as schedulability analysis. As the scheduler allows a certain configuration related to time delays, it can be set up where the effects on control law can be visualized, for instance, according to a very simple example shown in Table 4.1. Table 4.1. Data used for databus examples Elements
C (ms)
T (ms)
Communication Time Delay (ms)
Communication Deadline (ms)
S1
1.0
4.4
0.1
0.11
S2
0.9
4.5
0.1
0.11
S3
1.1
4.5
0.1
0.11
C1
0.7
4.6
0.1
0.11
A1
0.8
4.5
0.1
0.11
A2
0.8
4.5
0.1
0.11
72
Reconfigurable Distributed Control
Figure 4.4 considers the inherent control time delay. Therefore, when EDF is applied to communication media by taking into account the last two columns from Table 4.1, the resultant distribution is shown in Table 4.2 with the related time graph in Figure 4.5. S1 S2 S3 C
A1 A2
4.5 4.6 4.5
Figure 4.4. Time diagram with respect to Table 4.1 Table 4.2. Priority designation according to EDF Elements
Execution Time (ms)
Priority
s1
1
P1
s2
0.9
P2
s3
1.1
P3
p1 S1 S2
p2
S3
p3
C
A1 A2
4.5 4.6 4.5
Figure 4.5. Time diagram related to Table 4.2
4. Reconfigurable Control
73
These communication time delays have a direct effect on the control system as follows: x (k + 1 ) = As x (k ) ⎛ ⎜ + B⎜ ⎜ ⎝
l
k ti − 1
⎞ ⎟
k ti
⎟ ⎠
∑ ∫ exp (A(T − IJ ))dIJ ⎟u (k ) i =1
(4.17)
y (k ) = Cx (k ) where l = 3 means that there are time delays related to communication. One important assumption in this example is related to the nonvariance on consumption time from every node and no dynamic modification. For more complex cases such as multirate sampling control loops, it is necessary to take into account the time parameters available for each task (consumption time, period, communication time delay, and communication deadline). In this case, the scheduling algorithm organizes tasks and the related communication procedures with only the restriction of inherent control organization. There is another consideration called task consumption time that can be performed with no apparent restriction; nevertheless, this is fixed by communication performance and its respective priorities. As an example of multirate networked control, Table 4.3 is proposed, taking into account the related time graph in Figure 4.6. Table 4.3. Data used for multivariable example Elements
Consumption Time
Period (ms)
Communication Time Delay
s1
c s1
T1
τ s1c
s2
cs 2
T2
τ s 2c
s3
c s3
T3
τ s3c
c1
c c1
Tc1
τ c1 A1 , τ c1 A2 ,τ c1s1
A1 s1
c A1 + c s1
T A1
τ s1c 2
A2
c s1
T A2
C2
cc 2
Tc 2
A3
c A3
T A3
τ c 2 A3
74
Reconfigurable Distributed Control
cs1
T1
S1
S1
T2
S2
S2
cs 2
T3
S3
cs 3 C
T1 c A1 + cs1
cc1
S3
Tc1
C
τ s1c 2
τ s1c A1
τ s2c τ s3c
τ c1A1 τ c1A2
S1
TA1
A2
TA2
cA2
A1
A2
TC2
C2
cc 2
S1
C2
A3
A3
c A3
TA3
τ c 2 A3
Figure 4.6. Time graph related to Table 4.3
If a local failure occurs and the fault accommodation module is implemented outside, the affected fault stage modifies the communication performance as shown in Figure 4.7 and Table 4.4. In this case, new nodes appear and an extra sporadic time delay is added to the control system. Therefore, two strategies need to be taken into account such as the modification of the scheduling algorithm and the related control law modeling. Table 4.4. Data used for the multivariable example considering the FM element Elements
Consumption Time
Period
Communication Time Delay
s1
c s1
T1
τ s1c
s2
cs 2
T2
τ s 2c
s3
c s3
T3
τ s3c
FM
c FM
c1
c c1
Tc1
τ c1 A1 , τ c1 A2 ,τ c1s1
A1 s1
c A1 + c s1
T A1
τ s1c 2
A2
c s1
T A2
C2
cc 2
Tc 2
A3
c A3
T A3
τ FM
τ c 2 A3
4. Reconfigurable Control
T1
75
cs1
S1
S1
T2
S2
S2
cs 2
T3
S3
S3
cs3
C
Tc1 A1
FM
τ s1c
S1
TA1
A2
TA2
C
τ s2c τ s3c
cA1 + cs1
cc1 A 1 τ FM
τc1A1
C2
S1
A2
τc1A2 cA2
cc2 C2
τ c2A3
A3
TA3
A3
cA3
Figure 4.7. Time graph related to Table 4.4
Now communication time delays are τ sc and τ ca , which are expressed as loop 1.
τ sc = τ sM*c τ cA = τ cM1* and loop 2
τ sc 2 = τ s1c 2 τ c 2 A = τ s 2 A3 as well as for time delay related to fault scenario
τ sc = τ sM*c + τ FM τ cA = τ cM1* A where τ *M is the maximum value between elements. In this case, the plant model is expressed as
76
Reconfigurable Distributed Control
x(k + 1) = As x(k ) ⎛ N tik−1 ⎞ ⎜ ⎟ exp(A(T − IJ ))dIJ ⎟u (k ) + B⎜ ⎜ i =1 k ⎟ ti ⎝ ⎠
∑∫
(4.18)
y (k ) = cx(k ) where time delays are still 3 but sensor delays are bigger because a nondynamic element has appeared that does not have proper representation in the B matrix (in this case, a faulty element is not eliminated only masked). Now, considering this modification, the relation is expressed as follows because the control law can be defined as a linear structure and denoted by Ac, Bc, Hc, and Dc:
x c (k + 1) = Ac x(k ) + Bc u c (k ) y c (k ) = H c x c (k ) + Dc y (k )
where Bc =
(4.19)
l
∑B
k ci
are the xc control states, the control output is yc, and Ac, Bc, Hc,
i =0
and Dc are the correct dimensional matrices; moreover, k
Bci = B
k t i −1 k ti
∫
exp(A(T − IJ ))dIJ
[
(4.20)
]
by defining z k = x Tp (k ) x cT (k ) and is reviewed by Ray and Halevi (1988). This equation is defined by T
z k +1 = ∆z k
(4.21)
⎡( A + B P D c ) B P H C ⎤ ∆=⎢ s BC C AC ⎥⎦ ⎣
(4.22)
where
For the case of a multicontrol loop, as stated by Hong et al. (2002), time delays on plant dynamics are expressed as in continuous form x p = Ap x p (t ) + B p u p (t ) j
j
j
y p = C p x p (t ) j
j
j
j
j
(4.23)
4. Reconfigurable Control
77
where super index j is defined for the related control loops with respect to plant dynamics. For the controller, this is expressed as: x c = Ac xc (t ) + Bc u c (t ) j
j
j
j
j
(4.24)
j j j j j j ⎞ ⎛ ⎞ ⎛ y c = C c xc ⎜ t − IJ c ⎟ + Dc u ⎜ t − IJ c ⎟ ⎠ ⎝ ⎠ ⎝
where the controller computing time is τ cj . Now, communication time delays are two, τ sc time delay from sensor to controller and τ ca time delay from controller to actuator. In this case, it is assumed that time delay decomposition is obeyed based on τ sc and τ ca . These two time delays are bounded, considering maximum and minimum values. The communication delays in plant and control inputs are stated as
( ) (t − τ )
u cj (t ) = y pj t − τ scj u (t ) = y j p
j c
(4.25)
j ca
and reorganizing Equations 4.23 to 4.25, the augmenting representation is presented as using integrated representation ⎡ x j (t )⎤ z j = ⎢ pj ⎥ ⎣ x c (t )⎦
⎡ j j A z = ⎢ p ⎢ ⎣0
(4.26)
⎤ ⎡ 0 0 ⎥ j z (t ) + ⎢ j j j ⎥ ⎢⎣ Bc C p Ac ⎦
j j j ⎛ ⎞ ⎡ * z ⎜ t − IJ sc − IJ ca − IJ c ⎟ + ⎢0 ⎝ ⎠ ⎣⎢0 j
j j j j 0⎤ j ⎛ ⎞ ⎡⎢ B p Dc C p z t IJ + − ⎥ ⎜ sc ⎟ 0 ⎥⎦ ⎝ ⎠ ⎢⎣ 0
⎤ 0⎥ 0 ⎥⎦
(4.27)
j j ⎤ B p Cc ⎥ z j ⎛ t − IJ j − IJ j ⎞ ⎜ ca c ⎟ ⎠ 0 ⎦⎥ ⎝
where τ scj , τ caj , and τ cj are the defined time delays, and in this case, time delays are considered as variations on output response from plant and controller. As it is possible to restructure Equation 4.27 to define the stability of network control, the next configuration is as follows: ⎡A j Fj =⎢ p ⎣0 ⎡ 0 F1 j = ⎢ j j ⎣ Bc C p
0⎤ ⎥ Acj ⎦ 0⎤ ⎡B j D j C j F2j = ⎢ p c p ⎥ 0⎦ 0 ⎣
0⎤ ⎥ 0⎦
78
Reconfigurable Distributed Control
⎡0 B pj C cj ⎤ F3 j = ⎢ ⎥ 0 ⎦ ⎣0 Therefore, the state vector is modified for these time delays where the system is 3 ⎛ ⎞ Fi j ⎟⎟ . Then, because a single control loop asymptotically stable based on ⎜⎜ F j + i =1 ⎝ ⎠ is stable, based on Equation 4.28, it is possible to define stability for every loop
∑
σ
τ <
3
δ∑ i =1
where
⎛ F i j ⎜⎜ F ⎝
j
+
3
∑ i =1
(4.28)
⎞ F i ⎟⎟ ⎠ j
τ is the maximum value from all possible time delays at all loops. σ =
λ min (Q ) 2λ max (P )
⎡ λ (P )⎤ δ = ⎢ max ⎥ ⎣ λmn (P ) ⎦
1/ 2
where Ȝmax (P ) and Ȝmin (Q ) are the maximum and minimum eigenvalues of P and Q matrices; respectively. The proposed Lyapunov Equation ⎛ j ⎜⎜ F + ⎝
3
∑ i =1
T
⎛ ⎞ Fi j ⎟⎟ P + P⎜⎜ F j + ⎝ ⎠
3
∑F
i
i =1
j
⎞ ⎟⎟ = −Q ⎠
(4.29)
where P, Q are positive definite symmetric matrices and λ min , λ max are eigenvalues of the matrix and where V (x ) =
1 jT x (t )Px j (t ) 2
j j 1 jT 1 jT V (x ) = z (t )Pz (t ) + z (t )Pz (t ) 2 2 jT j 1 ≤ − z (t )Qz (t ) 2 3 3 jT j j j j j 0 ⎡ ⎤ + z (t )P ∑ Fi ∫ j ⎢ F z (t + ș ) + ∑ Fi z ⎛⎜ t − IJ i + ș ⎞⎟⎥ dș − IJi ⎣ i =1 i =1 ⎠⎦ ⎝
(4.30)
(4.31)
4. Reconfigurable Control
79
There are three types of time delays called τ 1j , τ 2j , and τ 3j because stability becomes the main issue for communication delays that consider random behavior. An interesting work is presented by Krtrolica et al. (1994), in which a revision of differential conditions is pursued. Now τ 1j , τ 2j , and τ 3j are the related time delays from the three possible kinds of communication among considered elements (sensor, controller, and actuators). In the case of the last example, there are two consecutive loops that are independent, although the second control law is affected by the delay and presented in the first loop. This is going to be expressed as time delay modification from sensor to controller as τ sc . In this case, stability can be separated for each loop.
4.2 Other Control Structures for Network Control Systems Having defined the main control structure, different approaches can be pursued such as stochastic control, robust control, MPC control, and intelligent control, bearing in mind stability during time delay presence. The next step is a revision from the use of these controllers. For instance, stochastic control (Nilsson, 1998) is based on x(t + 1) = Ax(t ) + BP u (t )
(4.32)
y(t ) = Cx(t )
In this case, the network delays are stochastically independent ( τ sc and τ ca ); then stochastic control based on linear quadratic gain control (LQG) minimizes the cost function as J N = Ex TN Q N x N + E
T
⎡ xk ⎤ ⎡ xk ⎤ ⎥ Q ⎢u ⎥ k⎦ k =0 ⎣ k⎦
N −1
∑ ⎢⎣u
(4.33)
Q12 ⎤ ⎡Q where Q = ⎢ 11 ⎥ and E is the expectation matrix, Q is a positive semi⎣Q21 Q22 ⎦ definitive matrix, xk is the state vector, and uk is the input vector. The related control law minimizing Equation 4.33 is given by ⎛ k u (k ) = − L k ⎜ IJ sc ⎝ where
⎞⎡ xk ⎤ ⎟⎢ ⎥ ⎠ ⎣u k −1 ⎦
(4.34)
τ sck is the time delay related to communication between sensor and controller.
Therefore,
80
Reconfigurable Distributed Control
22 ⎞ ⎛ k ⎞ ⎛ L k ⎜ IJ sc ⎟ = ⎜ Q 22 + S k + 1 ⎟ ⎝ ⎠ ⎠ ⎝
−1
21 ⎡ T ⎢⎣ Q 12 + S k + 1
23 ⎤ S k +1 ⎥ ⎦
(4.35) ⎡ T⎛ k k ⎞ ⎛ k ⎞ ⎛ k k ⎞ k ⎤ S k + 1 ⎜ IJ sc ⎟ = E ⎢ G ⎜ IJ sc , IJ ca ⎟ S k + 1 G ⎜ IJ sc , IJ ca ⎟ IJ ca ⎥ k ⎠ IJ ca ⎣ ⎝ ⎝ ⎠ ⎝ ⎠ ⎦ where ⎡ k ⎛ k ⎞ ij G⎜ IJ sc , IJ ca ⎟ = ⎢ ⎝ ⎠ ⎢0 ⎣⎢
k ⎤ ⎞ ⎛ k ī 1 ⎜ IJ sc , IJ ca ⎟⎥ ⎠⎥ ⎝ 0 ⎦⎥
k ⎞ ⎛ k ī 0 ⎜ IJ sc , IJ ca ⎟ ⎠ ⎝ I
(4.36) ⎡Q SN = ⎢ N ⎣0
0⎤ ⎥ 0⎦
and
φ = e AT k k T − IJ sc − IJ ca
⎛ k ī 0 ⎜ IJ sc , ⎝
k ⎞ IJ ca ⎟ = ⎠
∫
k ī 1 ⎛⎜ IJ sc , ⎝
k IJ ca ⎞⎟ = ⎠
∫
0
T
k k T − IJ sc − IJ ca
As
e
dsB As
e
dsB
In this case, the expectation of the time delay would modify E and Γ0 , Γ1 because k τ ca
these two are primarily modified by statistical treatment of the system. For the case of τ sc and τ ca , both suffer a variation according to a statistical measure. Following the idea of several controllers used for networked control, fuzzy logic is another approach to be pursued. Strategies like that proposed by Lee et al. (2003) follow the use of expert systems, in which communication time delays are bounded and known beforehand. Alternatively, the use of clustering techniques following the next procedure presents a feasible approach. A cluster procedure such as FCM or the Gustafson Kessel algorithm (Höpnner et al., 2000) can provide those required centers to define a Sugeno fuzzy logic system as shown in Figure 4.8 and
4. Reconfigurable Control
81
B2
B1
A1
A2
Figure 4.8. Multivariable configuration for fuzzy logic approach
if
A1 and
B1 ,
then
if
A2 and
B2 ,
then
if
A1 and
B2 ,
then
if
A2 and
B1 ,
then
c
c
c
c
x(k + 1) = A1 x(k ) + B1 u (k )
(4.37)
x(k + 1) = A2 x(k ) + B2 u (k ) c
c
x(k + 1) = A3 x(k ) + B3 u (k ) c
c
x(k + 1) = A4 x(k ) + B4 u (k )
where A1, B1, A2 and B2 are the related membership functions generated from already mentioned clusters. B1c , B2c , B3c and B4c , A1c , A2c , A3c , and A4c are the correspondent dynamics of this particular scenario. x(k+1) is the related state vector. The subsequent parts from fuzzy logic representation (Equation 4.37) are ad hoc linear controllers for each possible time delay scenarios. These controllers are defined using the state space representation of the plant communication time delays according to the clusters centers of gravity technique. In this case, each particular control law can be defined for Equations 4.19 to 4.23. The relation to stability is defined as
R j : ifx 1 (k )isA j1 andx 2 isB j2 then
x (k + 1 ) = A j x (k ) + B j u (k ) (4.38) c
c
As v j (k ) =
n
∏ w (k ) ji
i =1
w ji = Aij (x i (k ))
(4.39)
82
Reconfigurable Distributed Control
then
∑ v (k )(A x(k ) + B u (k )) 4
x(k + 1) =
c j
j
c j
j =1
4
∑ i =1
(4.40)
vi (k )
and from the stability point of view, the Lyapunov proposal is V (X (k )) = x(k ) px(k )
(4.41)
∆V (x(k )) = v(x(k + 1)) − v(x(k )) < 0
(4.42)
T
where ⎞ ⎛ 4 ⎞ ⎟ ⎜⎛ T v 2j (k )x(k ) ATj PA j − P x(k ) ⎟ + ⎟ ⎜ ⎜⎜ ⎟ ⎟ ⎜ ⎝ j =1 ⎠ ⎟ ⎜ ⎟ ⎜ 1 ⎟ ⎜ 4 ⎟ v j (k )v i (k ) ⎜⎜ ⎟ i =1 ⎜ ⎛ ⎞⎞⎟ ⎛ AiT PA j + ⎜+ ⎜ ⎟⎟⎟ v (k )v j (k )x T ⎜ ⎜⎜ ⎜ 1≤i ≤ j ≤ r i ⎜ + AT PA − 2 x ⎟ ⎟ ⎟⎟ j i ⎠⎠⎠ ⎝ ⎝ ⎝
∑(
∆v =
4
∑∑ j =1
(
) )
(4.43)
∑
and for AT PA + B T PB − 2 P < 0
(4.44)
Other controllers can be defined for such a task. However, communication time delays are bounded to certain common issues like fault tolerance regardless of the type of protocol; multirate communications and sporadic behavior are the main reasons for new control performance definitions, specifically, on-line modification. In that respect, on-line reconfiguration becomes a challenge for control analysis and design. The next section is a review of several proposals in this direction. Another common strategy is General Predictive Control (GPC) (Camacho and Bordons, 1999, Clarke et al., 1987a, 1987b, 1989); the objective of this strategy is to compute the future control sequence following the optimal I-step ahead prediction. y(t+i|t) are driven close to y(t+i) for a predicted horizon. The way to approach this condition is to follow an objective function J that depends on present and future control signals and uncertainties. This strategy defines the observed system as the next linear representation
4. Reconfigurable Control
83
−1 −1 −2 ⎛ ⎞ ⎛ ⎞ −d ⎜ b + b z + ⎟ ⎜ 1 + a1 z + a2 z + ⎟ 0 1 ( ) = u (t − 1) y t z ⎜ ⎜ ⎟ − na −2 − nb ⎟ ⎜ + b z + ... + b z ⎟ ⎜ + ... + a z ⎟ na nb ⎝ ⎠ ⎝ 2 ⎠
(4.45) −1 −2 − nc ⎞ ⎛ + ⎜ 1 + c1 z + c2 z + ... + cnc z ⎟e(t ) ⎠ ⎝
where
[a1
.... a na ] are the components related to system output and
[b0 .... bnb ] are the components related to system input. Finally, [c1 ... c nz ] are the components related to system error. The proposed objective function is J (N 2 , N 0 ) =
N2
∑ į( j )(yˆ (t + j/t )− w(t + j ))
2
j = N1
(4.46)
+
N2
∑ Ȝ( j )(ǻu(t + j − 1))
2
j = N1
where N2 and N0 are the minimum and maximum costing horizons, δ ( j ) and λ ( j ) are weighting sequences, and w(t+j) is the future trajectory to be followed. From this objective function, it is necessary to optimize the future control response u(t), u(t+1), and so on, where the plant response y(t+j) is closed to w(t+j). From this approximation, the following diophantine Equation is proposed to solve this optimization:
( )( )
( )
~ 1 = E j z −1 ∆ z −1 + z − j F j z −1
( )
(4.47)
( )
~ with ∆ z −1 = ∆A z −1 and the polynomials Ej and Fj are defined with degrees j-1 and na, respectively. Following the representation of the system (Equation 4.45) and Equation 4.47, the next Equation is
⎛ −1 ⎞ ⎛ −1 ⎞ ⎛ −1 ⎞ ⎛ −1 ⎞ A ⎜ z ⎟ E j ⎜ z ⎟ y (t + j ) = E j ⎜ z ⎟ B ⎜ z ⎟ ǻu (t + j − d + 1 ) ⎠ ⎠ ⎝ ⎝ ⎠ ⎠ ⎝ ⎝ (4.48)
⎛ −1 ⎞ + E j ⎜ z ⎟ e (t + j ) ⎠ ⎝
84
Reconfigurable Distributed Control
where
( )
A z −1 = 1 + a1 z −1 + a 2 z −2 + ... + a na z − na
( )
B z −1 = b0 + b1 z −1 + b2 z − 2 + ... + bnb z − nb From this system representation, it can be rewritten as ⎛ −1 ⎞ ⎛ −1 ⎞ ⎛ −1 ⎞ y (t + j ) = F j ⎜ z ⎟ y (t ) + E j ⎜ z ⎟ B⎜ z ⎟ ǻu (t + j − d − 1) ⎝ ⎠ ⎝ ⎠ ⎝ ⎠ (4.49) ⎛ ⎞ + E j ⎜ z ⎟e(t + j ) ⎝ ⎠ −1
and the predictor yˆ (t + j / t ) = G
(z )∆ u (t + −1
j
( )
j − d − 1 ) + F j z − 1 y (t )
(4.50)
where
( )
( )( )
G j z −1 = E j z −1 B z −1
From this definition, it is necessary to define Ej and Fj. This approach is pursued by solving
( )
( )
y = Gu + F z −1 y (t ) + G ' z −1 ∆u (t − 1) ⎡ yˆ (t + d + 1 / t ) ⎤ ⎥ ⎢ ˆ( y t + d + 2 / t )⎥ y=⎢ ⎥ ⎢ ⎥ ⎢ ⎣ yˆ (t + d + N / t )⎦ ∆u (t ) ⎤ ⎡ ⎢ ∆u (t + 1) ⎥ ⎥ u=⎢ ⎥ ⎢ ⎥ ⎢ ⎣∆u (t + N − 1)⎦
(4.51)
4. Reconfigurable Control
⎡ g0 ⎢ g G=⎢ 1 ⎢ ⎢ ⎣ g N −1
0 g0 g N −2
85
0⎤ 0 ⎥⎥ ⎥ ⎥ g0 ⎦
⎡ ⎞ ⎛ ⎛ −1 ⎞ ⎜ G d +1 ⎜ z ⎟ − g 0 ⎟ z ⎢ ⎝ ⎠ ⎠ ⎝ ⎢ −1 −1 ⎞ 2 ⎛ ⎢ ⎛ ⎞ −1 ⎛ ⎞ ⎜ Gd +2 ⎜ z ⎟ − g0 − g1z ⎟ z G' ⎜ z ⎟ = ⎢ ⎝ ⎠ ⎠ ⎝ ⎝ ⎠ ⎢ ⎢ −1 − (N − 1) ⎛ −1 ⎞ ⎢ ⎛⎜ G z ⎟ − g 0 − g 1 z − − g (N − 1 ) z ⎜ d N + ⎢⎝ ⎝ ⎠ ⎣
⎤ ⎥ ⎥ ⎥ ⎥ ⎥ ⎥ N ⎞ ⎥ z ⎟ ⎥ ⎠ ⎦
⎡ ⎛ −1 ⎞ ⎤ ⎢ Fd +1 ⎜ z ⎟ ⎥ ⎝ ⎠⎥ ⎢ −1 ⎛ −1 ⎞ ⎢ Fd + 2 ⎛⎜ z ⎞⎟ ⎥ F⎜ z ⎟ = ⎢ ⎝ ⎠⎥ ⎝ ⎠ ⎢ ⎥ ⎢ ⎛ −1 ⎞⎥ ⎢ Fd + N ⎜ z ⎟⎥ ⎝ ⎠⎦ ⎣
Taking into account −1
F j (z ) = f j,0 + f j,1 z
−1
+ ... + f j,na z
− na
−1 − ( j −1) ⎛ −1 ⎞ E j ⎜ z ⎟ = e j,0 + e j,1 z + ... + e j, j −1 z ⎝ ⎠
fj+1 can be calculated recursively by
⎛ ~⎛ z −1 ⎞ ⎞ f B⎛ z −1 ⎞ ǻu(t − d + j ) f j +1 = z⎜ 1 − A ⎜ ⎟⎟ j + ⎜ ⎟ ⎝ ⎠ ⎝ ⎠⎠ ⎝ where
J= and
T 1 T u Hu + b u + f 0 2
(4.52)
86
Reconfigurable Distributed Control
(
H = 2 G T G + λI
)
b T = 2( f − W ) G T
f0 =
(f
−W ) ( f −W ) T
From this iteration, control is given by
(
u = − H −1b = G T G + λI
)
−1
G T (W − f )
From this control approach, to be used by network control systems, time delays are integrated from a and b vectors expressed as system representation in Equation 4.48.
4.3 Reconfiguration Issues There are two main issues in terms of reconfiguration: distributed system reconfiguration and control reconfiguration. The first issue is related to a structural reconfiguration in which computer network reconfiguration takes place through process migration or fault silent nodes. The second issue takes place when control law is modified in its structure to keep a certain performance. Various approaches for reconfigurations have been pursued, like dynamic configuration over a network control system (Alves et al., 2002). Others groups have proposed control law reconfiguration based on certain robust issues (Kanev and Verhaegen, 2002). Other research groups have pursued their strategy based on fault tolerance control, like Blanke et al. (2003). As reconfiguration is a multidisciplinary issue that goes beyond the scope of this book, the next section is focused on two main areas: fault tolerance control and reconfigurable control.
4.4 Fault Tolerant Control Nowadays fault tolerant control is studied to increase performance and structural safety in the system. Several approximations have been reviewed such as the use of smart actuators (Lee et al., 2000) to produce enough information to pursue a classic fault tolerance strategy. Other approaches like sensor failure detection have reviewed by Merrill (1985), who proposed several configurations and the respective evaluation. An interesting approach (Yang and Hicks, 2002) for fault tolerance is based on a jumping set of transitions where a permitted control strategy is defined following a global analysis (Yang and Blanke, 2000) between liner switched analysts. Other interesting approach has been presented by Blanke et al. (1993) and Blanke et al. (2003), where fault tolerant control is divided in two main areas: when fault accommodation is pursued and when reconfiguration is required. The first
4. Reconfigurable Control
87
approach is defined when a fault appears in one peripheral element, which is accommodated by a certain strategy. Thereafter the control strategy still achieves the original objectives defined by the healthy system. In this case, if the faulty plant is still observable and controllable, control parameters can be adapted to fault conditions referred to as the fault accommodation strategy. Alternatively, system reconfiguration is pursued by switching off faulty peripheral elements and modifying the control structure and the related control objectives due to the absence of certain parts of the system. There is a third possible strategy based on supervision where the hierarchical control structure is pursued. In this case, the decision-maker strategy is used to switch from one control to another. Specifically, consider the second strategy referred to as control reconfiguration and defined by the use of the structure of the plant
x = Ax(t ) + ∑ Bi u i (t )
(4.53)
i∈I
where Bi are all possible fault and healthy structures during system performance. The strategy focused on fault tolerant control is based on the well-known control design model matching. In this case, the plant model is given by considering state feedback control K x (t ) = (A + BK )x(t ) y (t ) = cx(t )
(4.54)
When a fault occurs, the faulty plant is modified as presented
x (t ) = A f x(t ) + B f u (t ) y = C f x(t )
(4.55)
where Af, Bf, and Cf have proper dimensions; moreover, Bf and Cf have lost one column or row, respectively, due to fault appearance either in sensors or in actuators. Now that this new configuration is proposed, a new state feedback controller u = − K f x needs to be found such that
(
)
x = A f − B f x f x(t ) y (t ) = C f x(t )
(4.56)
which behaves like a nominal loop following the next relation:
A − BK = A f − B f K f
(4.57)
88
Reconfigurable Distributed Control
where the sensor fault is only matrix C changes to Cf by losing a row related to faulty sensors, where the rest of the matrices are giving the same next closed loop condition
(
)
x = A − BK f C f x (t ) y f (t ) = C f x (t )
(4.58)
where the new controller is u = −K f y f
(4.59)
It is possible to define Kf only if the measurement information is obtained by the output vector during faults conditions. Because this approximation holds true, then the controller can be defined as u = − KLy
(4.60)
where L matrix satisfies next relation C = LC f
(4.61)
In the case of an actuator fault, system performance tends to be defined following a similar procedure. The stability issue keeps the controller by having one important condition where the A matrix needs to be observable and controllable even in fault conditions. Another strategy that is more related to fault accommodation is based on the use of virtual elements, where an observer is used to estimate the signal of the faulty element. In this case, the control matrix becomes related to the observer gain matrix and the switch matrix, like the L matrix. This approximation of fault tolerant control opens the strategy of fault accommodation and reconfiguration when one particular peripheral element goes into this condition. Moreover, fault tolerant control allows the use of peripheral fault diagnosis procedures by the use of structural analysis. As this approximation of fault diagnosis and accommodation allows system performance to maintain certain confidence, it is necessary now to accomplish reconfigurable control and to take into account distributed system behavior as well as fault appearance.
4.5 Reconfigurable Control Strategies Control reconfiguration is an idea that has been widely explored by several research groups. For instance, Rauch (1995) presents an overall review of several strategies for control reconfiguration. There are two main approaches according to autonomous reconfigurable control as presented by Rauch, adaptive control and gain scheduler using neural control approximation. This strategy is referred to as the
4. Reconfigurable Control
89
multiple model. The main case for control reconfiguration is based on fault accommodation. From the first approach, control reconfiguration needs to use a continually adapting nonlinear model. The initial model is based on initial information with respect to a priori fault and fault-free scenarios. On the other hand, from the second approach, the procedure is based on fault recognition in order to take the respective control configuration. To update current models, Rauch (1995) proposes the use of neural networks and fuzzy logic, where several approximations can be followed such as differential neural networks, radial basis functions, and others. The main strategy for fault diagnosis and control reconfiguration from a general perspective is presented as feedback as shown in Figure 4.9.
Control Switching
Control
Fault Localization
Fault Models
Plant
Figure 4.9. General strategy of control reconfiguration
In this case, several issues arise, such as the stability foundation which considers model switching, fault model characterization, and decision-maker design. It must be taken into account that possible control laws have been defined off-line from previous knowledge of system performance. Moreover, fault models need to be specified on a global scale considering the plant response to the presence of such a fault. The fault localization module plays an interesting role due to its function as decision maker when a fault appears and as signal conditioner to the control decision maker which is responsible for the selection of the right control law and the next stability relation. The multiple model approach is based on a probability approximation in which a vicinity between models is fixed. The key advantage of this approach is that at least one model should be correct from this vicinity definition. This approach presents a hierarchical strategy for control reconfiguration in which supervisory action is performed by knowledge-based algorithms such as neural networks. Thereafter classic control laws and fault detection strategies are defined. Then bottom-level multiple models for local action as well as signal preprocessing take place. This structural configuration performs certain drawbacks focused on inherent time delays due to structure performance as well as static structure, in which modifications and improvements become hard to implement. Following this hierarchical strategy for reconfigurable control, Wills et al. (2001) propose a complex structure composed by three levels (Figure 4.10): low, mid, and high levels based on a hierarchical supervision strategy in which the model global process verifies the current performance of each level.
90
Reconfigurable Distributed Control
Modeling Global Process
High-Level Prognostics & Diagnositics
Sensing System
Mid-Level Control Reconfigurable Approach
Plant
Low-Level Control Local Control Laws
Figure 4.10. Global structure for control reconfiguration
Other approaches have been pursued as an integral review of fault diagnosis and switching control laws like that followed by Ballé et al. (1998). This contribution proposes the use of several predictive controllers to be chosen during the reconfiguration procedure. Reconfiguration takes place when a local fault appears on sensors; an interesting fault diagnosis procedure is proposed in this respect based on a group of fuzzy neural networks, in which parameter estimation is used to modify on-line fuzzy neural network structures. One issue that arises from this fault diagnosis approximation is the sensitivity of the residual during different fault conditions. A review of this topic is given in Chapter 3. Therefore, control reconfiguration can be implemented following different approaches such as: • • •
Decision-maker procedure based on local fault diagnosis monitoring; Decision-maker procedure based on communication time delays; Gain scheduler based on local fault diagnosis evaluation and related communication time delays.
In any case, control reconfiguration should take into account two effects: fault presence and communication time delay modifications. Therefore, variation control on the reconfiguration procedure can be divided into three steps (Figure 4.11) where control reconfiguration becomes a flat approach rather than a hierarchical supervision. Fault Evaluation
Decision-Maker Evaluation
Control Law Selection
Figure 4.11. Control reconfiguration procedure
From the decision-maker module, the sensitivity measure needs to be taken into account to define a suitable approach because this condition is a useful evaluation method is like fuzzy logic and others proposed by Yu and Pineda (2001), where by
4. Reconfigurable Control
91
using the error between two control nodes e, it is possible to define the switch from one to another by T
δ = αe 2 + β ∫ e 2 dt
(4.62)
0
where α and β are settled for the convenience of this case study. Having defined decision-maker procedures and the related evaluation methodology, it is necessary to define control performance during fault presence and multiple communication time delays as shown in Figure 4.12.
Fault Appearance
Control Performance
Communication Time Delay
Figure 4.12. Control systems modified by two different stages
From this configuration, Table 4.5 is presented to define the effects of faults and the proposed strategies. Table 4.5. Control reconfiguration strategy based on decision-maker procedure Fault Communication Control Control Control Safety Accommodation Variation Law 1 Law II Law III Reconfiguration Strategy Local Yes Fault 1
Yes
Yes
No
No
No
Local Yes Fault 1I
No
No
No
No
Yes
Local Yes Fault 1II
Yes
No
No
Yes
No
Local Yes Fault 1V
No
No
Yes
No
No
Local Yes Fault V
No
No
No
No
Yes
92
Reconfigurable Distributed Control
From Table 4.5, there are various issues that need to be defined like fault accommodation strategy to define how variations are modified to give as results which controllers can be used and how to define safety configuration. Fault accommodation can be pursued for those strategies mentioned in Chapter 1 like voting algorithms. In this case, the time graph is determined as shown in Figure 4.13. Process I Time Process II Time Process III Time
Voting Algorithm
Time
Figure 4.13. Voting algorithm time graph
Another fault accommodation issue can be pursued in which the main characteristic is the sporadic behavior of the fault. As mentioned in Chapter 1, these sort of strategies are referred to as hierarchical and are dependendable to fault presence and the related fault diagnosis method. In this case, two scenarios are possible. Fault and fault-free scenarios are considered in Figure 4.14, where the decision-maker procedure performs a decision by discharging the faulty sensors.
Sensor I Time Sensor II Time Sensor III Time
Decision Maker
Control Algorithm
Time
Control Time Algorithm
Figure 4.14. Decision-maker module presence due to fault appearance
4. Reconfigurable Control
93
As the reader may realize, the appearance of fault accommodation pursues certain communication time delays. This issue can be overcome by the use of the static scheduling approach and the definition of already known time delays. However, quasi-dynamic scheduling algorithms (Chapter 2) present the advantage of on-line system reconfiguration in an already defined time window, which offers the structural on-line reconfiguration as a feasible solution for fault presence. The drawback to this approach is the related time delays. These can be bounded by the scheduler algorithm like the time trigger protocol. Alternatively, strategies like adaptive algorithms have been reviewed by Bodson et al. (1997), Chandler (1995), and Nikolakopoulos and Tzes (2002), who proposed a reconfigurable adaptive control using suitable jump systems based on lattice filters as shown in Figure 4.15. r(t) +
Internal Model Control
-
u(t)
y(t)
System
System Identification + Estimated Model
-
Figure 4.15. Reconfigurable control strategy using sampling linear systems
An alternative strategy is based on reconfigurable LQR control proposed by Kanev and Verhaegen (2002). This proposal states as the source of reconfiguration the presence of local faults within sensors and actuators. As these are considered detectable model-based systems, the tend to be modified as presented f
x k + 1 = Ax y k = Cx
f k
⎛ + B⎜ I − ı ⎝
a
a ⎞ ⎟u k + B ı u ⎠
(4.63)
f k
where the actuator faults are represented by σ a . On the other hand, sensor faults are presented by σ s , and the model-based system is expressed as follows:
x k +1 = Ax k + Bu k
y kf = y k + σ s ( y − y k )
(4.64)
because reconfiguration is pursued as a holistic view of fault accommodation and time delays presence. It is necessary to redefine both approaches from network control and fault tolerant control. Time delays can be defined through scheduler
94
Reconfigurable Distributed Control
algorithms and then modeled by definition of different control loops considering specific time delays. It is feasible to define suitable control strategies under different scenarios by considering several time delays. Having pursued this goal, next is to integrate the loss of certain measures due to local faults; in that respect, fault tolerant control (Mahmoud et al., 2003) presents several advantages such as virtual sensors or actuators; however, the use of decisionmaker strategies following the automata procedure presents some of the most suitable results as shown in Chapter 5. In that respect, different control structures are defined that considers fault and fault-free scenarios and involved time delays. In this case, the decision-maker procedure based on Table 4.5 and Equation 4.62, where reconfiguration takes a crucial part in switching fault strategies. Formal representation opens up an area to organize system behavior in conditions of fault and fault-free scenarios. The use of automata allows this representation, where fault events are taken into account. Figure 4.16 presents this general representation of reconfiguration under fault conditions. Fault Detection = 0
Fault Detection /= 0 Fault-Free Scenario
Fault Tolerance Strategy
Fault Scenario (Control Selection)
Fault Detection /= 0
Fault Detection /= 0
Figure 4.16. Classical automata for control selection
4.6 Concluding Remarks In this chapter, different control strategies for network control under fault presence have been presented, which provide a broad overview of several possible strategies that are feasible to follow at specific conditions such as the previous knowledge of the dynamics of the plant as well as the dynamics of the communication system. In this case, the use of scheduling algorithms is pursued to define communication time delays under the presence of certain conditions, such as faults or structural reconfiguration as a consequence of this malfunction. This strategy is the combination of several others to build an automata to represent system modification.
5 Case Study
5.1 Introduction This chapter presents a review of reconfigurable control strategies used on two examples: one related to process control (the use of three conveyor belts) and another related to autonomous systems based on an aircraft model. These two examples illustrate the use of local health monitoring to allow control reconfiguration as soon as a fault has been detected. Several issues can be highlighted such as the decision-maker strategy and control tunning methodology under hazardous circumstances. Particulary, the second example presents a simulation of a small aircraft with certain characteristics under the fault situation in which system response is still feasible even in high-risk cases that are permitted for safety requirements. As this is a simulation, it is possible to implement, although this work does not intend to state that reconfigurable control for this type of case study can be followed in the aircraft research area; further work needs to be performed to validate this proposal. This chapter is a revision of reconfigurable control used for these two cases of study depict a common and understandable procedure for finding a suitable approach under fault conditions and undesirable variations such as time delay appearance.
5.2 Case Studies 5.2.1 Conveyor Belt Model This first case study has been explored by different research groups such as Gudmundsson (1999). It comprises 3 conveyors belts, 4 actuators, and 12 sensors. It has 16 computing elements that considers the controller and the bus controller. Figure 5.1 shows a diagram of this implementation. The procedure of the example is next; conveyor belt 1 detects a box on it as soon as this is presented, and it modifies its speed up to a certain level to transport it in a faster way than the box.
95
96
Reconfigurable Distributed Control
Conveyor belt 1 Conveyor belt 2 MC
MC
s1 1 MC
MC
s12 MC
s1 3
s2 1
MC
MC
s1 4
MC
Conveyor belt 3 s22
MC
s2 3
MC
MC
MC
s2 4
Controller
s3 MC
MC
1
MC
s3 2
MC
s3 3 s34
Bus Controller
Figure 5.1. Conveyor belt example
When this box arrives to conveyor belt 2, its speed is modified up to another level to transport this box in a faster manner. Similar behavior is presented at conveyor belt 3. The sensor vector is used to detect the current position of box in any of these conveyor belts. Furthermore, actuator 4 has the task of pushing the current box when it arrives at this position. For the case of multiple boxes in this example, the aim is that the boxes never crashed between each other. From this explanation, Table 5.1 shows the modification of speeds. This case study is peculiar in that each conveyor belt has two different speeds as shown in Table 5.1. Table 5.1. Speed selection Conveyor belt 1
Conveyor belt 2
Conveyor belt 3
Sensors S = Low
Low Speed
Low Speed
Low Speed
Sensors S *1 = High
High Speed HS
Low Speed
Low Speed
1 *
1
Sensors S * = Low
Low Speed
Low Speed
Low Speed
Sensors S *2 = High
Low Speed
High Speed HS 2
Low Speed
3
Low Speed
Low Speed
Low Speed
3
Low Speed
Low Speed
High Speed HS 3
2
Sensors S* = Low Sensors S* = High
These speeds are dependent on the sensor situation. This sensor situation is depicted as low and high, which is a semaphore for determining the presence of an object. The second peculiarity is related to the difference between HS as follows: HS 1 < HS 3 < HS 2
5. Case Study
97
where the middle conveyor belt is the fastest, then third conveyor belt, and so on. As the reader may realize, there are four motors, three for the conveyor belts and the fourth is to pull any object presented at its region. Based on this case study, the dynamic response of the three actuators is shown in Figure 5.2. Different speed-ups are shown assuming that a box is presented during a certain time. For instance, the first conveyor belt presents a faster speed-up during the first 3000 seconds, in comparison with the low speed-up during 3000 to 6000 seconds. This speed-up is shown as a change of slope of the current graphic. Similar behavior is presented for both coveyor belts as 2 and 3 are modified, because Hs2 is bigger than Hs3.
Actuator 1
1
0.5
0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time
Actuator 2
1
0.5
0
0
1000
2000
3000
4000 time
Actuator 3
1
0.5
0
0
1000
2000
3000
4000 time
Figure 5.2. Actuator response
When the conveyor belts are not selected, these present either no-movement or a very slow speed. Having defined the speed-up of the three conveyors belts, the response of the three actuators for displacement is presented in Figure 5.3. In here, three actuators have an increment on speed-up when the current boxes are in their respective belts. On the other hand, the response of each controller is presented in Figure 5.4. Displament of Conveyor Belt 1
30 20 10 0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time
Displament of Conveyor Belt 2
40 30 20 10 0
0
1000
2000
3000
4000
Displament of Conveyor Belt 3
time 30 20 10 0
0
1000
2000
3000
4000 time
Figure 5.3. Related displacement when a box is present in each conveyor belt
98
Reconfigurable Distributed Control
Local Control 1
1.5 1 0.5 0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time
Local Control 2
1.5 1 0.5 0
0
1000
2000
3000
4000 time
Local Control 3
1.5 1 0.5 0
0
1000
2000
3000
4000 time
Figure 5.4. Related response of local controllers
Finally, the response of the fourth actuator during the presence of the box at the last part on the third box is shown in Figure 5.5. 1.2
1
Fourth Actuator
0.8
0.6
0.4
0.2
0 7000
7200
7400
7600
7800
8000
8200
8400
8600
8800
9000
time
Figure 5.5. Fourth actuator response
Having presented the response of the case study during the normal condition, the next step is to determine the system response during faulty conditions and the respective time delay appearance. In that respect, several scenarios can be checked such as fault and fault-free scenarios, there are two possible approaches: First, every scenario is considered, modeled, and separated. Second, a pseudo-dynamic scheduler is used in order to reconfigure the system. The last approach presents the advantage of flexibility in terms of the number of possibilities with respect to fault scenarios. Reconfiguration becomes a dynamical technique within this condition. The main disadvantage is the time boundary with respect to consumption and communication times. In this case, system behavior needs to be bounded before on-line execution, which is achieved based on the time graph definition and pre-evaluation of the feasibility of current modifications. Considering the first approach (individual modeling), there is one type of local fault to be considered, which is that one of the sensors is faulty with no
5. Case Study
99
consideration of the type of fault. It is assumed that the fault is detectable and measurable. In this case, the fault tolerance strategy is based on the use of consecutive sensors to mask the fault. As this approach uses the fault masking procedure based on lateral agreement (between similar sensors), extra communication is necessary to be performed. Therefore, this approach provides two different time graphs, one for each scenario (fault and fault free), as shown in Figures 5.6 and 5.7, respectively. ts
tcmsc p1
p1 S1
S1
tc
tcm
S10
p10
S10
p10
C
C
A1
A1
ta time
tss tcc taa
Figure 5.6. Fault-free scenario ts
tcmsc tcmfsc
p1
p1 S1
S1
sf tc
tcm
S10
S10
p10
p10
C
C
A1
A1
ta time tss tcc taa
Figure 5.7. Fault scenario considering fault masking
100
Reconfigurable Distributed Control
Both scenarios are local with respect to one belt. The other two belts do not present faulty conditions. As these two scenarios are bounded, the respective consumption times are shown in Equations 5.1 and 5.2 (Figures 5.6 and 5.7, respectively) based on Table 5.1, where variable information is presented. sc tt = t s *10 + t cm + t c + t cm + t a
(5.1)
where: t s is the consumed time by sensors sc t cm is the consumed time by communication between sensor and control t c is the consumed time by control node t cm is the consumed time by communication between controller and actuator t a is the consumed time by actuator
sc + t cmfsc + t c + t cm + t a tt = t s *10 + t cm
(5.2)
where: sc t cm is the assumed time by communication between sensor and control fsc t cm is the time consumed for the fault sensor to send messages to its neighbor and produce agreement t c is the consumed time by control node t cm is the consumed time by communication between controller and actuator t a is the consumed time by actuator From this time boundary, including both scenarios, it is feasible to implement some control strategies. A remarkable issue is related to a particular sensor fault related to any of three belts. Considering this configuration, three cases are possible:
• • •
One local fault; Two local faults, one per belt; Three local faults, one per belt.
Based on these three possible configurations, there is a worst-case scenario related to three local faults that has an impact on the global control strategy. The other two configurations present a minor degradation for the global control strategy. Despite this performance degradation, the system keeps normal functionality due to the inherent fault tolerance strategy and the local controllers. Taking into account these three possible configurations, the local and global time delays are described in Table 5.2.
5. Case Study 101
Table 5.2. Time delays related to local and global effects Configuration 1 One Local Fault
Local Time Delays
110 ms
Global Time Delays
110 ms
Configuration 2 Two Local Fault
Local Time Delays
110 ms
Global Time Delays
220 ms
Configuration 3 Three Local Fault
Local Time Delays
110 ms
Global Time Delays
400 ms
As the time delays have been bounded, the plant model is defined based on Figure 5.8. J1
θ1
x
Ω1
τ1
J1
θ2
a
θ3
a
J1 x
a
Ω2
τ2
x
Ω3
τ3 Figure 5.8. Plant model
In Figure 5.8, x is the linear displacement θ* is the angular displacement Ω* is the angular velocity F is the lineal force J* is the lineal inercy k is the parameter τ* is the torque a is the radius v is the lineal velocity In this case, the plant presents two cases with or without a box per belt. As the second case is trivial, the first case is expressed per belt considering the mass of the box (referred to as m). The first conveyor belt is expressed as ⎡ x1 ⎤ ⎡ J / m ⎢ ⎥=⎢ ⎣θ 1 ⎦ ⎣ y = x 1
0 ⎤ ⎡θ 1 ⎤ ⎡1 / m ⎤ − τ1 J 1 ⎥⎦ ⎢⎣ x 1 ⎥⎦ ⎢⎣ 0 ⎥⎦
(5.3)
102
Reconfigurable Distributed Control
The second conveyor belt is expressed as ⎡ x2 ⎤ ⎡ J / m ⎢θ ⎥ = ⎢ ⎣ 21 ⎦ ⎣ y 2 = x 2
0 ⎤ ⎡θ 2 ⎤ ⎡1 / m ⎤ τ2 − J 2 ⎥⎦ ⎢⎣ x 2 ⎥⎦ ⎢⎣ 0 ⎥⎦
(5.4)
and the third conveyor belt is
⎡ x3 ⎤ ⎡ J / m ⎢θ ⎥ = ⎢ ⎣ 3⎦ ⎣ y 3 = x 3
0 ⎤ ⎡θ 3 ⎤ ⎡1 / m ⎤ − τ J 3 ⎥⎦ ⎢⎣ x3 ⎥⎦ ⎢⎣ 0 ⎥⎦ 3
(5.5)
From these considerations, discrete plants are defined next by considering the presence of the box x (k + 1 ) = Ax (k ) +
l
∑
k
B i u (k − i )
i=0 k ti − 1 exp(A k ti
k Bi =
∫
(T
(5.6)
− IJ ) )Bd IJ
where l=1 because the maximum number of sensors with delays is just one. Therefore, the A matrix is expressed as 0 ⎤ ⎡exp( J / m) A* = ⎢ ⎥ 0 exp( J * )⎦ ⎣
(5.7)
and k
B0 =
k B1 =
k t1 exp(J/m k t0
(T
k t2 exp(J/m k t1
(T
∫ ∫
− IJ )) *
1 u( IJ(IJ) m
(5.8) − IJ )) *
1 u( IJ(IJ) m
where T is the inherent sampling period, and t 0k , t1k , and t 2k are the related delays of the plant. For the case of local control laws, these are expressed next as
5. Case Study 103
x c (k + 1) = Ac x c (k ) + Bc u c (k )
(5.9)
y c (k ) = C c x c (k − τ c ) − Dc u c (k − τ c )
giving the delays as a result of decomposition from sensor and actuators, which are expressed as τ sc and τ ca , respectively. The augmenting representation is given next: u c (k ) = y p (k − τ sc )
(5.10)
u p (k ) = y c (k − τ ca )
where states are augmented as ⎡ x (k )⎤ z=⎢ p ⎥ ⎣ x c (k )⎦
(5.11)
and expressed as ⎡A z (k + 1) = ⎢ p ⎣0 ⎡B D C +⎢ p c p 0 ⎣ ⎡0 +⎢ ⎣0
⎡ 0 0⎤ ⎥ z (k ) + ⎢ B C Ac ⎦ ⎣⎢ c p
0⎤ z (k − IJ sc ) 0 ⎥⎥ ⎦
0⎤ z (k − IJ sc − IJ ca − IJ c ) 0 ⎥⎦
(5.12)
B p Cc ⎤ ⎥ z (k − IJ ca − IJ c ) 0 ⎦
After the stability expression expression in Equation 4.30, the local control laws on a numerical basis are given next: ⎡1 0 ⎤ Ac = ⎢ ⎥ ⎣0 1⎦ Bc = [2 0] Dc = 1
C c = [1 0] The only considered delays are τ sc equal to 110 ms. Having shown local control laws structures, the global control law, taking into account the first and second cases on a fault-free basis, is shown in Figure 5.9, where reconfiguration is expressed for the formal event manager. In this case, two states are possible with several events, which are managed by the sensor vector for each belt (first, second, and third belts) and expressed as S11≤i ≤ N , S12≤i ≤ N , and S13≤i ≤ N , respectively.
104
Reconfigurable Distributed Control
First Conveyor Belt 1 1≤i ≤ N
S
2 1≤i ≤ N
=0
S
S11≤i≤ N ≠ 0
Case I
Case II
S11≤i≤ N = 0
Third Conveyor Belt
Second Conveyor Belt =0
S13≤i≤ N = 0
S12≤i ≤ N ≠ 0
Case I
S13≤i≤ N ≠ 0
Case I Case II
S12≤i≤ N = 0 S11≤i≤ N = 0
2 1≤i ≤ N
S S12≤i ≤ N ≠ 0
S11≤i≤ N ≠ 0
S13≤i≤ N = 0
Case II
=0 S13≤i≤ N ≠ 0
Figure 5.9. Fault-free scenario in terms of global structure
The switching effect is neglected in this fault-free scenario. For the case of a fault scenario, a new case appears for global control, as shown in Figure 5.10 where a new state appears that is related to the action pursued when a fault is presented. The necessary event for reaching such a state is S11≤i ≤ N ≠ 0 , and the fault’s last event is composed of local information given by each local sensor with a relation to the health condition measures explained in Chapter 3. First Conveyor Belt 1 1≤i≤N
S
S
Third Conveyor Belt
S12≤i≤N = 0
S13≤i≤N =0
=0
Case I
1 1≤i≤N
Second Conveyor Belt
S11≤i≤N ≠ 0
Case I S12≤i≤N = 0
Case II
=0
S12≤i≤N ≠ 0
Case I
Case II
Faults
No Faults
Case III
S11≤i≤N ≠ 0
Case II
S12≤i≤N = 0
2
S11≤i≤N ≠ 0
S13≤i≤N = 0
Faults
S11≤i≤N = 0
S11≤i≤N ≠ 0
S13≤i≤N ≠ 0
S1≤i≤N ≠ 0 No Faults
S11≤i≤N ≠0
S13≤i≤N ≠ 0
Faults
Case III
No Faults
Case III
Figure 5.10. Local fault scenario for the global structure
In this scenario (fault scenario), there is another case that is called as Case III. In this condition, the third case considers a modification of local control laws to cope with sensor faults. How the system responds to these control strategies is presented in the following graphics taking into account fault-free, one local fault, two local faults, and three local faults, respectively (Figures 5.11, 5.12, 5.13, and 5.14).
5. Case Study 105
Local Control 1
1.5 1 0.5 0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time Local Control 2
1.5 1 0.5 0
0
1000
2000
3000
4000
Fourth Actuator
time 1
0.5
0 7000
7200
7400
7600
7800
8000
8200
8400
8600
8800
9000
time
Figure 5.11. Fault-free scenario
Local Control 1
1.5 1 0.5 0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time
Local Control 2
1.5 1 0.5 0
0
1000
2000
3000
4000
Fourth Actuator
time 1
0.5
0 7000
7200
7400
7600
7800
8000 time
8200
8400
8600
8800
9000
Figure 5.12. First local fault appearance and related global effects
106
Reconfigurable Distributed Control
Local Control 1
1.5 1 0.5 0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time Local Control 2
1.5 1 0.5 0
0
1000
2000
3000
4000
Fourth Actuator
time 1
0.5
0 7000
7200
7400
7600
7800
8000
8200
8400
8600
8800
9000
time
Figure 5.13. Second local fault appearance and related global effects
Local Control 1
1.5 1 0.5 0
0
1000
2000
3000
4000
5000
6000
7000
8000
9000
5000
6000
7000
8000
9000
time Local Control 2
1.5 1 0.5 0
0
1000
2000
3000
4000
Fourth Actuator
time 1
0.5
0 7000
7200
7400
7600
7800
8000
8200
8400
8600
8800
9000
time
Figure 5.14. Third local fault appearance and related global effects
This last example presents two different global control cases in which control reconfiguration is based on the decision-maker module, which is simple because it is
5. Case Study 107
dependent on the fault presence and on the related time delays. Therefore, switching from one control model to another is just based on Table 5.3, where local values are defined for fault presence measures. Table 5.3. Decision-maker module based on local faults strategies Confidence Value (value > Threshold) 1 1≤ i ≤ N
and S
≠0
Local Fault Condition Fault Scenario
This reconfiguration approach becomes feasible due to the knowledge of fault presence and the consequence of time delays. Its consumption time is neglected, and it is considered part of control performance. It is obvious that fault presence is measurable; if this local fault localization approach cannot detect faults, this strategy becomes useless. Alternatively, the second approach in relation to local time delay management refers to the use of a quasi-dynamic scheduler to propose dynamic reconfiguration based on current system behavior rather than on predefined scenarios. In this case, fault and fault-free scenarios are the same as in the first approach; however, in this case, these belong to the scheduler strategy that is performed online. The selected scheduler strategy is performed on-line. The selected scheduler algorithm is a modification of earliest deadline first (EDF) to define fixed nonpreemptive tasks like controllers and actuators. For both tasks, time behavior is defined by their necessities. Taking into account these assumptions, the scheduler performs task reorganization based on their consumption times and fault presence. In this case, the followed algorithm is EDF modification. First nonpreemptive tasks are considered {c1 … cp}, where p ≤ n and n is the total number of tasks. These nonpreemptive tasks are periodic as {p1 … pp}; the rest of the tasks are considered faulty elements, masking elements, and neighbor elements {cp+1 … cn}. From this last group of tasks, there is one condition related to one inherent communication among faulty elements, fault masking modules, and neighbor elements. Figure 5.15 presents this configuration. As this algorithm is used, system performance is modified following the configuration shown in Figure 5.15, where fixed time windows are defined to carry structure reconfiguration if necessary. The time window spent ( ∆t ) for reconfiguration needs to obtain the sensor fault’s response evaluation and time performance evaluation from the same elements; with this information, the EDF modification is performed to determine system configuration. Furthermore, during this time window, local and global control law strategies are chosen based on current time and sensor demands; here, control laws may be defined in a similar fashion to that exposed before. However, the decision-maker module becomes basic in order to define a precise current global control law. The strategy followed is based on the Yu and Pineda (2001) algorithm. Time delays are encapsulated and sc t scf = t cm + t FMM + ∆t
(5.13)
108
Reconfigurable Distributed Control
where t scf is the time delay as a result of the EDF algorithm. Local control laws are expressed in the same form as expressed before, with the only modification that of time delay, which is t scf ; at this moment, reconfigurable control is expressed following the same form as the global control law event structure.
D1 ,...Di ,..., Dl
ts
tcmsc tFMM
S1
∆t si f tc
Sl
tcm
FMM C
A1
ta time Figure 5.15. Time graph strategy for EDF assumption and related time delays
5.2.2 Aircraft Model This case study is based on an aircraft model developed by the Bass company. This model has been named the Aerodata Model in Research Environment ADMIRE (ADMIRE, 2003) (Figure 5.16), which is a nonlinear, six degree-of-freedom model of a small fighter aircraft with a delta-canard configuration. The control surfaces consist of fully movable nose-wings, four leading edge flaps, and four elevons (combined flaps, elevators, and ailerons). There is also a conventional rudder for lateral stability. Reference data (geometry), mass, and inertia data are defined in (ADMIRE, 2003).
5. Case Study 109
Gravity Centre
Six Gravity Coefficients
Figure 5.16. Graphic model of ADMIRE
The model describes a small generic fighter aircraft with one engine with low wing loading. The model is implemented as several c-mex-files to fit into the Simulink environment. It is based on the Generic Aerodata Model (GAM) developed by Saab AB, Sweden. The control system has been tuned at 30 design points as shown in Figure 5.17. Between the design points, the control system characteristics are given by linear interpolation. 7000
6000
8
11
14 17 20 23 26
29
10
13 16 19 22 25
28
Altitude [m]
5000
4000
30
3000
3
5
7
2
4
6
2000
1000
1
0 0
0.1
0.2
0.3
0.4
0.5
9
0.6
0.7
0.8
12 15 18 21 24
0.9
1
1.1
Mach [..]
Figure 5.17. Control system design points
27
1.2
1.3
1.4
110
Reconfigurable Distributed Control
The altitudes are 20 m, 3000 m, and 6000 m. The Mach numbers are 0.2200, 0.3500, 0.4500, 0.5500, 0.8000, 0.9000, 0.9500, 1.0000, 1.0500, 1.1000, and 1.2000. As a result of the choice of configuration, the aerodata model contains several nonlinear effects, such as Mach number and transonic, dynamic effects at high angles of attack. The aerodata model basically consists of aerodata tables and Fortran routines for adding the different aerodynamic contributions into complete force, moment, and hinge moment coefficients. Outputs from the aerodata model are nondimensional force, moment and hinge moment coefficients in the aerodata reference point. Forces and moments in the aircraft center of gravity need to be calculated separately. The reference point is the fixed point (coordinates) on the model to which all aerodata are referred (measured). This point normally differs from the aircraft, and thus the results from the aerodata routine have to be transformed accordingly before being used in a simulation model. The maximum allowable deflection for control surfaces are: • • • • •
Canards −55 −> +25 deg. Elevons −30 −> +30 deg. Rudder −25 −> +25 deg. Lead.edge.flap −10 −> +30 deg. Airbrakes max 55 deg.
The body fixed frame is located on the aircraft´s center of gravity. The signs of all control surface deflections, with one exception, follow the right-hand rule 1. The exception signwise is the leading edge flap. The airbrakes deflect into the free stream, maximum setting angle. The geometry reference data used to convert force and moment coefficients into forces and moments are given in a file named ad_coeff.const that is included in the aerodata model. The aircraft is defined in a mainframe where all x- and z-coordinates are positive. Aerodata is defined in another frame, where the aerodynamic forces and moments are also determined. For the generic aerodata model, the reference point x is determined to be 25% of the Mean Aerodynamic Cord (MAC), which is calculated in the usual manner. In practice, though, no absolute coordinates are needed because transformation of forces and moments is established by the user to determine the position of a/c center of gravity (c.g), and thus get the proper deviation to correctly transform aerodata. Hinge moments are calculated in a straightforward manner, using the correct reference area and chord for each control surface. The engine model contains data in two 2-dimensional tables describing the engine thrust. The two tables contain the available thrust from the engine, one with activated afterburner and the other without it. The engine model is scaled so that the ratio between the static thrust and the maximum takeoff weight of the aircraft correlates to the value of similar modern aircraft. The available control actuators in the ADMIRE model are: • • •
Left canard ( į lc); Right canard ( į rc); Left outer elevon ( į loe);
5. Case Study 111
• • • • • • • •
Left inner elevon ( į lie); Right inner elevon ( į rie); Right outer elevon ( į roe); Leading edge flap ( į le); Rudder ( į r); Landing gear ( į ldg); Horizontal thrust vectoring ( į th); Vertical thrust vectoring ( į tv).
The leading edge flap, landing gear and thrust vectoring are not used in the Flight Control System (FCS). The sign of the actuator deflections follows the “right-handrule”, except for the leading edge flap that has a positive deflection down (Figure 5.18). Roll-axis
δlc
δrc δle
Yaw-axis, canard- wing
δr δloe ,
Pitch-axis, delta-wing
δlie δroe ,
δrie
Yaw-axis, delta-wing
Figure 5.18. Definition of the control surface deflections
From this example, control definition becomes a difficult achievement due to the inherent nonlinear behavior of the case study. Two different control laws are designed, fuzzy control and current control law. To define the communication network performance, the use of the true-time network is pursued. This strategy achieves network simulation based on message transactions that are based on the real-time toolbox from MATLAB. Extended information from this tool is available at (True Time, 2003); the true time main characteristics are shown next. In the true time model, computer and network blocks are introduced in Figure 5.19.
112
Reconfigurable Distributed Control
Figure 5.19. Basic model of true time
These blocks are event driven, and the scheduling algorithm is managed by the user independently of each computer block. True time simulation blocks are basically two blocks. These have been developed by the Department of Automatic Control, Lund Institute of Technology, Sweden. Each kernel represents the interface between the actual dynamical model and the network simulation. Here, continuous simulation and digital conversion take place to transmit information through the network. This tool provides the necessary interruptions to simulate delay propagation as well as synchronization within the network. Final configuration based on the true time and the ADMIRE models is presented in Figures 5.20, 5.21, and 5.22, where the actual model is modified to integrate network simulation. Figure 5.20 integrates the CAN network with three elements, sensors, actuators, and controllers (Figures 5.21 and 5.22).
Figure 5.20. Network control integrated to ADMIRE model
5. Case Study 113
Figure 5.21. Control strategy after network integration
Figure 5.22. Sensor interface of network integration
On the other hand, the network control module is modified to add several control laws and the related switching module as shown in Figure 5.23.
Figure 5.23. Multiple control selection for current network control
A time graph with relation to communication performance is shown in Figure 5.24, where CANbus behavior is followed because it is a reliable and fast protocol studied by different groups over aircraft implementations.
114
Reconfigurable Distributed Control
Sensor Block
Control Block
Actuator Block Time
Figure 5.24. General time graph of network control
As this configuration is pursued, the proposed scheduler is EDF, where reconfiguration takes place when communication modifies system performance due to fault presence. In that respect, the chosen elements for the fault endeavor are sensors and actuators. The fault tolerance strategy is masking faults based on primitive and safety voting algorithms such as majority voters. This strategy allows the appearance of new elements during fault scenarios as shown in Figure 5.25.
Sensor Block
Reconfiguration Block
Control Block
Actuator Block Time
Figure 5.25. General time graph of network control during local fault scenario
As both scenarios are stated, time variables are defined based on consumption, communication, and several other time delays as presented in Table 5.4. Table 5.4. Time delay figures from several scenarios Sensor Consumption Time
30 ms
Sensor Controller Consumption Time Delays
20 ms
Controller–Actuator Communication Time Delays
20 ms
Actuator Consumption Time Delay
30 ms
Reconfiguration Time Delay
20–40 ms
Fault Tolerance Time Delay
30 ms
5. Case Study 115
The problem is bounded in terms of time delays for both possible scenarios and one operating point (0.6 match and 6000 meters altitude); the next step is to define those suitable control laws for related scenarios. In this case, the fault-free scenario is defined by the use of current control law designed for the dynamics of the time system. The second scenario is defined in terms of fuzzy logic control law, which is trained based on the most suitable system response over fault and time delay conditions; fuzzy logic control (FLC) is presented next. if var1 is x1 and var2 is x2 and var3 is x3 and var4 is x4 and var5 is x5 and var6 is x6 then X1=AX1+BU if var1 is x1' and var2 is x2' and var3 is x3' and var4 is x4' and var5 is x5' and var6 is x6' then X1=A'X1+B'U
Figure 5.26. Fuzzy logic approach
FLC is feasible by the use of fuzzy clustering to define possible control variations such as several time delays and local faults. The system response for both cases under different time delays is presented next where several variables are reported (Table 5.5). Table 5.5. Variable names involved in case study Name of the Variables
Variables
Body Fixed Velocity in x axis
u (m/s)
Body Fixed Velocity in y axis
v (m/s)
Body Fixed Velocity in z axis
w (m/s)
Body Fixed Roll Rate
p (deg/s)
Body Fixed Pitch Rate
q (deg/s)
Body Fixed yaw Rate
r (deg/s)
Aircraft velocity
Vt (m/s)
Angle of Attack
alpha (deg)
Angle of sideslipe
beta (deg)
Climb angle
gamma (deg) cannard deflection (deg) Elevon deflection
For the fault-free scenario, system response is shown in Figures 5.27, 5.28, 5.29, and 5.30, where time delays from the sensor vector are 30 ms for processing time delays and 20 ms for communication time delays.
Reconfigurable Distributed Control
u [m/s]
ADMIRE − simulation data from RTW generated program.
189.6
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0.1
v [m/s]
0.05 0 −0.05 −0.1
w [m/s]
10.5
10
9.5
time [s]
Figure 5.27. Velocity response during fault-free scenario ADMIRE − simulation data from RTW generated program.
0.6 0.4 p [deg/s]
0.2 0 −0.2
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
1 q [deg/s]
0.5 0
−0.5 −1 0.2 0.1 r [deg/s]
116
0 −0.1 −0.2
time [s]
Figure 5.28. Different fixed roll positions considering the fault-free scenario
5. Case Study 117
ADMIRE − simulation data from RTW generated program. 189.88
Vt [m/s]
189.87 189.86 189.85 189.84
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
alpha [deg]
3.2 3.1 3 2.9
beta [deg]
0.01 0 −0.01 −0.02 −0.03
time [s]
Figure 5.29. Several angles considering the fault-free scenario ADMIRE − simulation data from RTW generated program.
gamma [deg]
0.1 0.05 0 −0.05
canard deflection (deg)
−0.1
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0.4 0.2 0 −0.2 −0.4
Elevon deflection
0.5 0 −0.5 −1
time [s]
Figure 5.30. Elevon deflection during the fault-free scenario
Taking into account the fault-free scenario with different time delays, system response is shown in Figures 5.31, 5.32, 5.33, and 5.34. In this case, time delays suffer an increase in the sensor vector and the control mode. These delays are up to
118
Reconfigurable Distributed Control
25 ms between communication nodes and 40 ms in consumption time within the sensor vector.
ADMIRE − simulation data from RTW generated program.
u [m/s]
189.6
189.4 0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0.6 0.4
v [m/s]
0.2 0 −0.2 11.5
w [m/s]
11 10.5 10 9.5
time [s]
Figure 5.31. Velocity response for the second fault-free scenario ADMIRE − simulation data from RTW generated program.
p [deg/s]
4 2 0 −2
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
4
q [deg/s]
2 0 −2 −4
r [deg/s]
1 0.5 0 −0.5
time [s]
Figure 5.32. Different fixed roll positions for the second fault-free scenario
5. Case Study 119
ADMIRE − simulation data from RTW generated program.
Vt [m/s]
190
189.8
189.6
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
4
alpha [deg]
3.5 3 2.5 0.15
beta [deg]
0.1 0.05 0 −0.05
time [s]
Figure 5.33. Several angles considering the fault-free scenario
gamma [deg]
0.6 0.4 0.2 0
canard deflection (deg)
−0.2
0
1
2
3
4
5
6
7
8
9
10
0.5 Right Left 0
−0.5
0
1
2
3
4
5
6
7
8
9
10
Elevon deflection
5 Outer right Inner right Inner left Outer left
0
−5
0
1
2
3
4
5
6
7
8
9
10
time [s]
Figure 5.34. Elevon deflection for the second fault-free scenario
Figures 5.35–5.38 consider the fault scenario on the sensor related to the v signal and the related sensors, with the time delay system taking into account system
120
Reconfigurable Distributed Control
reconfiguration between nominal control and fuzzy logic control response. The time delays of 40 ms for the fault sensor and 30 ms for the EDF take into account the communication time of the sensor vector, fault tolerance modules, control node, and respective communication time delays.
u [m/s]
189.65 189.6 189.55 189.5 189.45
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0.3 0.2
v [m/s]
0.1 0 −0.1
w [m/s]
11 10.5 10 9.5
time [s]
Figure 5.35. Velocity response for the first fault scenario ADMIRE − simulation data from RTW generated program.
p [deg/s]
2 1 0 −1
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
1
q [deg/s]
0.5 0
−0.5 −1 0.6 0.4
r [deg/s]
0.2 0 −0.2
time [s]
Figure 5.36. Different fixed roll positions for the first fault scenario
5. Case Study 121
189.95 ADMIRE − simulation data from RTW generated program. 189.9
Vt [m/s]
189.85 189.8 189.75
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
alpha [deg]
3.2 3.1 3 2.9
beta [deg]
0.04 0.02 0 −0.02 −0.04
time [s]
Figure 5.37. Several angles considering the first fault scenario
0.3
canard deflection (deg)gamma [deg]
0.2 0.1 0 −0.1
0
1
2
3
4
5
6
7
8
9
10
0.1 Right Left
0 −0.1 −0.2 −0.3
0
1
2
3
4
5
6
7
8
9
10
Elevon deflection
0.5 Outer right Inner right Inner left Outer left
0 −0.5 −1
0
1
2
3
4
5
6
7
8
9
10
time [s]
Figure 5.38. Elevon deflection for the first fault scenario.
Consider a fault scenario that involves one local fault in one sensor that is redundant. In this case, the w response with the time delay system taking into account system reconfiguration between nominal control and fuzzy logic control
122
Reconfigurable Distributed Control
response is shown in Figures 5.39–5.42. Time delays of 50 ms and EDF of 60 ms take into account a communication time of 20 ms.
u [m/s]
189.65 189.6 189.55 189.5 189.45
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0.2
v [m/s]
0.1 0 −0.1 −0.2 11
w [m/s]
10.5 10 9.5
time [s]
Figure 5.39. Velocity response for the second fault scenario ADMIRE − simulation data from RTW generated program.
p [deg/s]
2 1 0 −1
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
1
q [deg/s]
0.5 0
−0.5 −1 0.6 0.4
r [deg/s]
0.2 0 −0.2
time [s]
Figure 5.40. Different fixed roll positions for the second fault scenario
5. Case Study 123
189.95 ADMIRE − simulation data from RTW generated program. 189.9
Vt [m/s]
189.85 189.8 189.75
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
alpha [deg]
3.2 3.1 3 2.9
beta [deg]
0.04 0.02 0 −0.02 −0.04
time [s]
Figure 5.41. Several angles considering the second fault scenario
0.3
canard deflection (deg) gamma [deg]
0.2 0.1 0 −0.1
0
1
2
3
4
5
6
7
8
9
10
0.1 Right Left
0 −0.1 −0.2 −0.3
0
1
2
3
4
5
6
7
8
9
10
Elevon deflection
0.5 Outer right Inner right Inner left Outer left
0 −0.5 −1
0
1
2
3
4
5
6
7
8
9
10
time [s]
Figure 5.42. Elevon deflection for the second fault scenario.
Figures 5.43–5.46 consider a fault scenario with a time delay system taking into account system reconfiguration between nominal control and fuzzy logic control response. Time delays of 60 ms on sensor vector and EDF take into account a communication time of 40 ms.
Reconfigurable Distributed Control
ADMIRE − simulation data from RTW generated program. 189.6
u [m/s]
189.59 189.58 189.57 189.56
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
v [m/s]
0.03 0.02 0.01 0
w [m/s]
10.6 10.4 10.2 10
time [s]
Figure 5.43. Velocity response for the third fault scenario ADMIRE − simulation data from RTW generated program.
0.6 0.4 p [deg/s]
0.2 0 −0.2
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
q [deg/s]
0.5
0
−0.5 0.02 0.01 r [deg/s]
124
0 −0.01 −0.02
time [s]
Figure 5.44. Different fixed roll positions for the third fault scenario
5. Case Study 125
ADMIRE − simulation data from RTW generated program.
Vt [m/s]
189.86
189.855
0
1
2
3
4
5
6
7
8
9
10
0 −3 x 10
1
2
3
4
5
6
7
8
9
10
0
1
2
3
4
5
6
7
8
9
10
alpha [deg]
3.15 3.1 3.05 3
beta [deg]
8 6 4 2 0
time [s]
Figure 5.45. Several angles considering the third fault scenario
gamma [deg]
0.03 0.02 0.01 0
canard deflection (deg)
−0.01
0
1
2
3
4
5
6
7
8
9
10
0.05 Right Left 0
−0.05
0
1
2
3
4
5
6
7
8
9
10
Elevon deflection
0 Outer right Inner right Inner left Outer left
−0.5
−1
0
1
2
3
4
5
6
7
8
time [s]
Figure 5.46. Elevon deflection for the third fault scenario.
9
10
126
Reconfigurable Distributed Control
5.3 Conclusions From these approximations, it is possible to discern that reconfigurable control has two main issues from a structural and a dynamic point of view. The approach pursued in these examples is related to a reconfiguration based on the decisionmaker strategy because certain conditions are reached. Other approximations are feasible for modification of control parameters by fault detection; strategies like general predictive control allow us to pursue this goal, although other strategies like adaptive control in principle allow us to modify internal parameters. However, it becomes nonpractical because fault scenarios eliminate the local elements that degrade the model of the plant. Both examples presented in this work allow the development of reconfigurable control as a combination of several techniques, like fault diagnosis, network control, intelligent control, and structural analysis. The use of these techniques opens an area in which dynamical models are not enough if structural information is not available; in that respect, formal models such as finite state machines provide us with an opportunity to overcome this integration.
References
Admire, http://www.ffa.se/admire, 2003. Agre J., and Clare, L.; “An Integrated Architecture for Cooperative Sensing Networks”; IEEE Computer, 1999. Akbaryan F., and Bishnoi P.; “Fault Diagnosis of Multivariate Systems Using Pattern Recognition and Multisensor Data Analysis Technique”; Computers and Chemical Engineering, Vol. 25, pp. 1313-1339, 2001. Almeida L., Pedreiras P., and Fonseca J. A.; “The FTT-CAN Protocol: Why and How”; IEEE Transactions on Industrial Electronics, Vol. 49, No. 6, pp. 1189-1201, 2002. Almeida, L., Pasadas, R., and Fonseca, J.A.; “Using a Planning Scheduler to Improve the Flexibility of Real-Time Fieldbus Networks”; Control Engineering Practice, Vol. 7, pp. 101-108, 1999. Altisen, K., Gossler, G., and Sifakis, J.; “Scheduler Modeling Based on the Controller Paradigm”; Real-Time Systems, Vol. 23, No. 1-2, pp. 55-84, 2002. Alves, R., and García, M.A.; “Communications in Distributed Control Environment with Dynamic Configuration”; IFAC 15th Triennial World Congress, Spain, 2002. ARINC, S., 629-2; “ARINC Multitransmitter Databus Part 1: Technical Description”; Published by Aeronautical Radio Inc., USA, 1991. Arzen, K., Bernhardsson, B., Eker, J., Cervin, A., Persson, P., Nilsson, K., and Sha, L.; “Integrated Control and Scheduling”; Department of Automatic Control Lund Institute of Technology, ISSN 0280-5316, August 1999. Auslander, D.M.; “What is Mechatronics?”; IEEE/ASME Transactions Mechatronics, Vol. 1, No. 1, pp. 54-66, 1996. Avionics, Communications; “Principles of Avionics Databuses”; Editorial Staff of Avionics Communications, USA, 1995. Ballé, P., Fischer, M., Füssel, D., Nelles, O., and Isermann, R.; “Integrated Control Diagnosis and Reconfiguration of a Heat Exchanger”; IEEE Control Systems Magazine, Vol. 18, No. 3, 1998. Beilharz, J., and Filbert, D.; “Using the Functionality of PWM Inverters for Fault Diagnosis of Induction Motors”; IFAC Symposium on Fault Detection,
127
128
References
Supervision and Safety for Technical Processes SAFEPROCESS’97, Vol. 1, pp. 246-251, 1997. Benchaib, A.H., and Rachid, A.; “Sliding Mode Flux Observer for an Induction Motor with Rotor Resistance Adaptation”; IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS’97, Hull, UK, Vol. 1, pp. 258-263, 1997. Benítez-Pérez, H.; “Smart Distributed Systems”; PhD. Thesis, Department of Automatic Control and System Engineering, University of Sheffield, UK, 1999. Benítez-Pérez, H., Hargrave, S., Thompson, H., and Fleming, P.; “Application of Parameters Estimation Techniques to a Smart Fuel Metering Unit”; IFAC Symposium on Fault Detection Supervision and Safety for Technical Processes, SAFEPROCESS, pp. 1092-1097, 2000. Benítez-Pérez, H., and Rendon-Acevedo, P.; “Fuzzy Classification of Faults in a Non-linear Actuators”; 4th IFAC Workshop on Online Fault Detection and Supervision in the Chemical Process Industries, pp. 317-321, 2001. Benítez-Pérez, H., Thompson, H., and Fleming, P.; “Implementation of a Smart Sensor using Analytical Redundancy Techniques”; IFAC Symposium on Fault Detection Supervision and Safety for Technical Processes, SAFEPROCESS, Vol. 1, pp. 498-503, 1997. Benítez-Pérez, H., and García-Nocetti, F.; “Reconfigurable Distributed Control using Smart Peripheral Elements”, Control Engineering Practice, Vol. 11, pp. 975-988, 2003. Blanke, M., Kinnaert, M., Lunze, J., and Staroswiecki, M.; “Diagnosis and Fault Tolerant Control”; Springer, 2003. Blanke, M., Nielsen, S., and Jorgensen, R.; “Fault Accommodation in Feedback Control Systems”; Lecture Notes in Computer Science, Hybrid Systems, Sringer-Verlag, No. 376, pp. 393-425, 1993. Blanke, M., Nielsen, S., Jorgensen, R., and Patton, R.J.; “Fault Detection and Accommodation for a Diesel Engine Actuator - a Benchmark”; IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes, SAFEPROCESS’94, Finland, pp. 498-506, 1994. Bodson, M., and Groszkiewicz J.E.; “Multivariable Adaptive Algorithms for Reconfigurable Flight Control”; IEEE Transactions on Control Systems Technology, Vol. 5, No. 2, 217-229, 1997. Brandt, S., and Nutt, G.; “Flexible Soft Real-Time Processing in Middleware”; RealTime Systems, Kluwer Academic Publishers, No. 22, pp. 77-118, 2002. Brasileiro, F.V., Ezhilchelvan, P.D., Shrivastava, S.K., Speirs, N.A., and Tao, S.; “Implementing Fail-silent Nodes for Distributed Systems”; IEEE Transactions on Computers, Vol. 45, No. 11, pp. 1226-1238, 1996. Browne, A.; “Automating the Development of Real-time Control Systems Software”; PhD. Thesis, Department of Automatic Control and Systems Engineering, University of Sheffield, UK, 1996. Buttazzo, G.; “Hard Real-Time Computing Systems”; Kluwer Academic Publishers, 2004. Camacho, E., and Bordons, C.; “Model Predictive Control”; Springer-Verlag, 1999.
References
129
Campbell S., and Nikoukhah, R.; “Auxiliary Signal Design for Failure Detection”; Princeton Series in Applied Mathematics, 2004. Caughey, S. J., and Shrivastava, S.K.; “Architectural Support for Mobile Objects in Large Scale Distributed Systems”; Proc. 4th IEEE Int. Workshop on Object-Orientation in Operating Systems (IWOOS), pp. 38-47, Lund, Sweden, 1995. Cervin, A., Henriksson, D., Lincoln, B., Eker, J., and Arzén, K.; “How Does Control Timing Affect Performance?”; IEEE Control Systems Magazine, Vol. 23, pp. 16-30, 2003. Chandler, P., “System Identification for Adaptive and Reconfigurable Control”; Journal of Guidance, Control and Dynamics, Vol. 18, No. 3, pp. 516-524, 1995. Chen, J., and Patton, R.; “Robust Model-Based Fault Diagnosis for Dynamic Systems”; Kluwer Academic Press, 1999. Cheng A.; “Real-Time Systems: Scheduling, Analysis and Verification”; WileyInterscience, 2002. Chiang, L., Russell, E., and Braatz, R.; “Fault Detection and Diagnosis in Industrial Systems”; Springer-Verlag, Great Britain, 2001. Clarke, D., Mohtadi, C., and Tuffs P.; “Generalized Predictive Control Part I. The Basic Algorithm”; Automatica, Vol. 23, No. 2, pp. 137-148, 1987a. Clarke, D., Mohtadi, C., and Tuffs P.; “Generalized Predictive Control Part II. Extensions and Interpretations”; Automatica, Vol. 23, No. 2, pp. 149-160, 1987b. Clarke, D., Mohtadi, C., and Tuffs P.; “Properties of Generalized Predictive Control”; Automatica, Vol. 25, No. 6, pp. 859-875, 1989. Coulouris, G., Dollimore, J., and Kindberg, T.; “Distributed Systems”; Addison Wesley, 1994. Devillers, R., and Goossens, J.; “Liu and Layland´s Schedulability Test Revisited”; Information Processing Letters, Vol. 73, pp. 157-161, 2000. Driankov, D., Hellendoorn, H., and Reinfrank, M.; “An Introduction to Fuzzy Control”; Springer-Verlag, 1993. Ferree, S.R.; “Sensors−Simple to Smart to System”; International Journal of Instrumentation and Control (INTECH), Vol. 38, No. 11, pp. 24-25, 1991. Flexicon, http://www.control.lth.se/FLEXCON/, 2003. Frank, T., Kraiss, K.F., and Kuhlen, T; “Comparative Analysis of Fuzzy ART and ART-2A Network Clustering Performance”; IEEE Transactions on Neural Networks, Vol. 9, No. 3, May 1998. Freer, J.; “Computer Communication Networks”; Addison-Wesley, 1989. Gertler, J. and Kunwer, M.; “Optimal Residual Decoupling for Robust Fault Diagnosis”; International Journal of Control, Vol. 62, No. 2, pp. 395421, 1995. Gertler, J.; “Fault Detection and Diagnosis in Engineering Systems”; Marcel Dekker, 1998. Gill, C., Levine, D., and Schmidt, D.; “The Design and Performance of a Real-Time CORBA Scheduling Service”; Real-Time Systems, Kluwer Academic Publishers, No. 21, pp. 117-154, 2001.
130
References
Gudmundsson, D., and Goldberg, K.; “Tuning Robotic Part Feeder Parameters to Maximize Throughput”; Assembly Automation Publisher: MCB University Press, Vol. 19, No. 3, pp. 216-221, 1999. Halevi, Y., and Ray, A.; “Integrated Communication and Control Systems; Part IAnalysis”; Journal of Dynamic Systems, Measurement and Control, Vol. 110, pp. 367-373, 1988. Hassoum, H.; “Fundamentals of Artificial Neural Networks”; Massachusetts Institute of Technology, 1995. Hong, P., Kim, Y., Kim, D., and Kwon, W.; “A Scheduling Method for NetworkBased Control Systems”; IEEE Transactions on Control Systems Technology, Vol. 10, No. 3, pp. 318-330, 2002. Hong, S.H.; “Scheduling Algorithm of Data Sampling Times in the Integrated Communication and Control Systems”; IEEE Transactions Control Systems Technology, Vol. 3, pp. 225-231, 1995. Höppner, F., Klawonn, F., Kruse, R., and Funkler, T.; “Fuzzy Cluster Analysis”; John Wiley and Sons, 2000. IEEE, TAC; “Special Issue on Networked Control Systems”; IEEE Transactions on Automatic Control, Vol. 49, No. 9, 2004. Isermann, R., and Raab, U.; “Intelligent actuators-ways to autonomous actuating systems”; Automatica, Vol. 29, No. 5, pp. 1315-1332, 1993. Jämsä-Jounela, S., Vermasvouri, M., Endén, P., and Haavisto, S.; “A Process Monitoring System-Based on the Kohonen Self-Organizing Maps”; Control Engineering Practice, Vol. 11, pp. 83-92, 2003. Janseen, K., and Frank, P.M.; “Component Failure Detection Via State Estimation”; Pre-prints IFAC 9th World Congress, Budapest, Hungary, Vol. 1, pp. 147152, 1984. Jitterbug, http://www.control.lth.se/~lincoln/jitterbug/, 2003. Johannessen, S.; “Time Synchronization in a Local Area Network”; IEEE Control Systems Magazine, Vol. 24, No. 2, pp. 61-69, 2004. Johnson, B.; “Design and Analysis of Fault Tolerant Digital Systems”; Addison Wesley, 1989. Jolliffe, I.T.; “Principal Component Analysis”; Springer-Verlag, 2002. Kanev, S., and Verhaegen, M.; “Reconfigurable Robust Fault-Tolerant Control and State Estimation”; IFAC 15th Trienial World Congress, 2002. Klir, G., and Yuan, B.; “Fuzzy Sets and Fuzzy Logic”; Prentice-Hall, 1995. Koenig, D., Nowakowski, S. and Cecchin, T.; “An Original Approach for Actuator and Component Fault Detection and Isolation”; IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS’97, Hull, UK, Vol. 1, pp. 95-105, 1997. Kohonen, T.; “Self-Organization and Associative Memory”; Springer-Verlag, Berlin, Germany, 1989. Kopetz, H., and Oschenreiter, W.; “Clock Synchronization in Distributed Real-Time Systems”; IEEE Transactions Computers, Vol. 36, No. 8, pp. 930-940, 1987. Kopetz, H.; “A Solution to an Automotive Control System Benchmark”; Proceedings Real-Time Systems Symposium IEEE, Computer Society Press, California, USA, Vol. x+299; pp. 154-158, 1994.
References
131
Kopetz, H.; “Real-Time Systems”; Kluwer Academic Publishers, 1997. Koppenhoefer, S., and Decotignie, J.; “Formal Verification for Distributed RealTime Control Periodic Producer/Consumer”; IEEE Conference on Engineering of Complex Computer Systems, pp. 230-238, 1996. Krishna C., and Shin K.; “Real-Time Systems”; Mc Graw Hill, 1997. Krtolica, R., Ozgüner, Ü, Chan, H., Göktas, H., Winkelman, J., and Liubakka, M.; “Stability Linear Feedback Systems with Random Communications Delays”; International Journal of Control, Vol. 59, No. 4, pp. 925-953, 1994. Krueger, C.W.; “Software Reuse”; ACM Computing Survey, Vol. 24, No. 2, pp. 131183, June 1992. Kubota, H., Matsuse, K., and Nakano, T.; “DSP-Based Speed Adaptive Flux Observer of Induction Motor”; IEEE Transactions on Industrial Applications, Vol. 29, No. 2, pp. 344-348, 1993. Lapeyre, F., Habmelouk, N., Zolghadri, A., and Monsion, M.; “Fault Detection in Induction Motors via Parameter Estimation Techniques”; IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS’97, Hull, UK, Vol. 1, pp. 270-275, 1997. Lawrenz, W.; “CAN Systems Engineering from Theory to Practical Applications”; Springer-Verlag, 1997. Lee, D., Thompson, H.A., and Bennett, S.; “PID Control for a Distributed System with a Smart Actuator”; Digital Control: Past, Present and Future of PID Control (PID'00). Proceedings Volume from the IFAC Workshop, pp. 499-504, 2000. Lee, K., Lee, S., and Lee, M.; “Remote Fuzzy Logic Control of Networked Control System via Profibus-DP”; IEEE Transactions on Industrial Electronics, Vol. 50, No. 4, pp. 784-792, 2003. Lian, F., Moyne J., and Tilbury, D.; “Network Design for Distributed Control Systems”; IEEE Transactions on Control Systems Technology, Vol. 10, No. 2, pp. 297-307, 2002. Lincoln, B., and Cervin, A.; “Jitterbug: A Tool for Analysis of Real-Time Control Performance”; 41th IEEE Conference on Decision and Control, Vol. 2, pp. 1319-1324, 2002. Linkens, M., and Nie, J.; “Learning Control using Fuzzified Self Organizing Radial Basis Functions Networks”; IEEE Transactions on Fuzzy Systems, No. 4, pp. 280-287, 1993. Liou, L., and Ray A.; “A Stochastic Regulator for Integrated Communication and Control Systems: Part I- Formulation of Control Law”; Journal of Dynamic Systems, Measurement, and Control, Vol. 113, pp. 604-611, 1991. Liu, C. L., and Layland, J.W.; “Scheduling Algorithms for Multiprogramming in a Hard Real-Time Environment”; Journal of Association of Computing Machinery, Vol. 20, pp. 46-61, 1973. Liu, J.; “Real-Time Systems”; Prentice Hall, 2000. Livani, M.A., and Kaiser, J.; “EDF Consensus on CAN Bus Access for Dynamic Real-time Applications”; Lecture Notes in Computer Science, Springer
132
References
Verlag, Berlin, Edited by Frantisek Plasil and Keith G. Jeffery, Vol. 1388, pp. 1088-1097, 1998. Livani, M.A., Kaiser, J., and Jia, W.J.; “Scheduling Hard and Soft Real-Time Communication in the Controller Area Network (CAN)”; IFAC Workshop on Real-Time Programming, pp. 13-18, 1998. Ljung, L.; “Asymptotic Behavior of the Extended Kalman Filter as a Parameter Estimator for Linear Systems”; IEEE Transactions in Automatic Control, Vol. AC-24, No. 1, pp. 36-50, 1979. Lönn H.; “Synchronization and Communication Results in Safety Critical RealTime Systems”; PhD. Thesis, Department of Computer Engineering, Chalmers, University of Technology, Sweden, 1999. Mahmoud, M., Jiang, J., and Zhang, Y.; “Active Fault Tolerance Control Strategies”; Lectures Notes in Control and Information Science, Springer, 2003. Malmborg J.; “Analysis and Design of Hybrid Control Systems”; PhD. Thesis, Department of Automatic Control, Lund Institute of Technology, Sweden, 1998. Mangoubi, R.S., and Edelanager, M.; “Model-Based Fault Detection: The Optimal Past, The Robust Present and a Few Thoughts on the Future”; 4th IFAC Symposium SAFEPROCESS, Vol. 1, pp. 65-76, 2000. Masten, M.; “Electronics: The Intelligence on Intelligent Control”; IFAC Symposium on Intelligent Component and Instrument for Control Applications, pp. 1-11, 1997. Mediavilla, M., and Pastora-Vega, L.; “Isolation of Multiplicative Faults in the Industrial Actuator Benchmark”; IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS’97, Hull, UK, Vol. 2, pp. 855-860, 1997. Merrill, W.C.; “Sensor Failure Detection for Jet Engines Using Analytical Redundancy”; Journal of Dynamic Systems, Measurement and Control, Vol. 8, No. 6, pp. 673-682, 1985. Misra, M., Yue, H., Qin, S., and Ling, C.; “Multivariable Process Monitoring and Fault Diagnosis by Multi-Case PCA”; Computers and Chemical Engineering, Vol. 26, pp. 1281-1293, 2002. Mitra, S., and Pal, K.; “Neuro-Fuzzy Pattern Recognition”; Wiley Series, 1999. Monfared, M.A.S., and Steiner, S.J.; “Fuzzy Adaptive Scheduling and Control Systems”; Fuzzy Sets and Systems, No. 115, pp. 231.246, 2000. Moya, E., Sainz, G., Grande, B., Fuente, M., and Peran, J.; “Neural PCA Based Fault Diagnosis”; Proceeding of the European Control Conference, pp. 809-813, 2001. Nara, K, Mishima, Y., and Satoh, T.; “Network Reconfiguration for Loss Minimization and Load Balancing”; IEEE Power Engineering Society General Meeting, Vol. 4, pp. 2413-2418, 2003. Nelles, O.; “Non-Linear Systems Identification”; Springer-Verlag, 2001. Nikolakopoulos, G., and Tzes, A.; “Reconfigurable Internal Model Control Based on Adaptive Lattice Filtering”; Mathematics and Computers in Simulation, Vol. 20, pp. 303-314, 2002.
References
133
Nilsson, J.; “Real-Time Control Systems with Delays”; PhD. Thesise, Department of Automatic Control, Lund Institute of Technology, Sweden, 1998. Oehler, R., Schoenhoff, A., and Schreiber, M.; “On-Line Model-Based Fault Detection and Diagnosis for a Smart Aircraft Actuator”; IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS’97, Hull, UK, Vol. 2, pp. 591-596, 1997. Olbrich, T., and Richardson, A.; “Integrated Test Support for Intelligent Sensors”; IEE Colloquium on Intelligent Systems at the University of Leicester, Reference number 1996/261, pp. 1/1-1/7, UK, 1996a. Olbrich, T., Bradley, P.A., and Richardson, A.M.; “BIST for Microsystems as a Contributor to System Quality and Engineering”; Special Issue on Quality Effort in Europe, Vol. 8, No. 4, pp. 601-613, 1996b. Park, B., Kargupta, H., Johnson, E., Sanseverino, E., Hershberger, D., Silvestre, L.; “Distributed Collaborative Data Analysis from Heterogeneous Sites Using a Scalable Evolutionary Technique”; Applied Intelligence, Vol. 16, No. 1, pp. 19-42, 2002. Patton, R., Frank, P., and Clark, R.; “Issues of Fault Diagnosis for Dynamic Systems”; Springer, 2000. Quevedo, D., Goodwin, C., and Welsh, J.; “Design Issues Arising in a Networked Control System Architecture”; Proceedings of the 2004 IEEE International Conference on Control Applications, Vol. 1, pp. 450-455, 2004. Raab, U., and Isermann, R.; “Lower Power Actuator Principles”; VDI/VDE-Tagung, Actuator 90, Bremen, 1990. Rauch, H.; “Autonomous Control Reconfiguration”; IEEE Control Systems Magazine, pp. 34-47, 1995. Ray, A., and Halevi, Y.; “Integrated Communication and Control Systems: Part IIDesign Considerations”; Journal of Dynamic Systems, Measurement and Control, Vol. 110, pp. 374-381, 1988. Reza, S.; “Smart Networks for Control”; IEEE, 1994. Sanz, R., Alonso, M., Lopez, I., and García, C.; “Enhancing Control Architectures using CORBA”; Proceedings of the 2001 IEEE International Symposium on Intelligent Control, pp. 189-194, 2001. Sanz, R., and Zalewski J.; “Pattern Based Control Systems Engineering”; IEEE Control Systems Magazine, Vol. 23, No. 3, pp. 43-60, 2003. Schneider, F.; “Implementing Fault Tolerance Services Using the State Machine Approach: A Tutorial”; ACM Computing Services, Vol. 22, No. 4, pp. 299-319, Dec. 1990. Seto, D., Lehoczky, J.P., Sha, L., and Shin, K. G.; “Trade-Off Analysis of RealTime Control Performance and Schedulability”; Real-Time Systems, Kluwer Academic Publishers, No. 21, pp. 199-217, 2001. Sloman, M., and Kramer, J.; “Distributed Systems and Computer Networks”; Prentice-Hall, 1987. Tanenbaum, S.; “Computer Networks”; Prenice Hall, 2003. Tindell, K., and Clark, J.; “Holistic Schedulability Analysis for Distributed Hard Real-Time Systems”; Microprocessing and Microprogramming, Vol. 40, pp. 117-134, 1994.
134
References
Tontini, G., and De Queiroz, A.; “RBF Fuzzy ARTMAP: A New Fuzzy Neural Network for Robust Online Learning and Identification of Patterns”; IEEE International Conference on Systems Man and Cybernetics, Information Intelligence and Systems, Vol. 2, pp. 1364-1369, 1996. Törngren, M., and Redell, O.; “A Modelling Framework to Support the Design and Analysis of Distributed Real-Time Control Systems”; Microprocessors and Microsystems, Vol. 24, pp. 81-93, 2000. Törngren, M.; “Fundamentals of Implementing Real-Time Control Applications in Distributed Computer Systems”; Real-Time Systems, Kluwer Academic Publishers, Vol. 14, No. 3, pp. 219-250, 1998. True Time, http://www.control.lth.se/~dan/truetime/, 2003. Venkatasubramanian, V., Rengaswamy, R., Kavuri, S., and Yin, K.; “A Review of Process Fault Detection and Diagnosis. Part I: Quantitative Model-based Methods”; Computers and Chemical Engineering, Vol. 27, pp. 293-311, 2003a. Venkatasubramanian, V., Rengaswamy, R., Kavuri, S., and Yin, K.; “A Review of Process Fault Detection and Diagnosis. Part II: Qualitative Models and Search Strategies”; Computers and Chemical Engineering, Vol. 27, pp. 313-326, 2003b. Venkatasubramanian, V., Rengaswamy, R., Kavuri, S., and Yin, K.; “A Review of Process Fault Detection and Diagnosis. Part III: Process History Based Methods”; Computers and Chemical Engineering, Vol. 27, pp. 327-346, 2003c. Vinoski, S.; “CORBA: Integrating Diverse Applications within Distributed Heterogeneous Environments”; IEEE Communication Magazine, Vol. 35, pp. 46-55, 1997. Walsh, G.C., Ye, H., and Bushnell, L.G.; “Stability Analysis of Networked Control Systems”; IEEE Transactions on Control Systems Technology, Vol. 10, No. 3, pp. 438-446, 2002. Werbos, P.; “Backpropagation Through Time: What it Does and How to Do It”; Proceedings of the IEEE, Vol. 78, pp. 1550-1560, 1990. Willis, H., Tram, H., Engel, M., and Finley, L.; “Selecting and Applying Distribution Optimization Methods”; IEEE Computer Applications in Power, Vol. 9, No. 1, pp. 12-17, 1996. Wills, L., Kannan, S., Sander, S., Guler, M., Heck, B., Prasad, J., Schrage, D., and Vachtsevanous, G.; “An Open Plataform for Reconfigurable Control”; IEEE Control Systems Magazine, Vol. 21, No. 3, pp. 49-64, 2001. Wittenmark, B., Badtiam, B., and Nilsson, J.; “Analysis of Time Delays in Synchronous and Asynchronous Control Loops”; Proceedings of the 37th IEEE Conference on Decision & Control, WA10, pp. 283-288, 1998. Xu, Z., and Zhao, Q.; “Design of Fault Detection and Isolation Via Wavelet Analysis and Neural Networks”; Proceedings of the IEEE International Symposium on Intelligent Control, pp. 467-472, 2002. Yang, B., Han, T., and Kim, Y.; “Integration of ART-Kohonen Neural and Case Based Reasoning for Intelligent Fault Diagnosis”; Expert Systems with Applications, Vol. 26, pp. 387-395, 2004.
References
135
Yang, C.Y., and Clarke, D.W.; “A Self-Validating Thermocouple”; IEEE Transactions on Control Systems Technology, Vol. 5, No. 2, pp. 239-253, 1997. Yang, Z., and Blanke, M.; “A Unified Approach for Controllability Analysis of Hybrid Control Systems”; Proceedings of IFAC CSD2000, pp. 158-163, 2000. Yang, Z., and Hicks D.; “Reconfigurability of Fault-Tolerant Hybrid Control Systems”; 15th IFAC Triennial World Congress, 2002. Yook, J.K., Tilbury, D.M., and Soparkar, N.R.; “Trading Computation for Bandwidth: Reducing Communication in Distributed Control Systems using State Estimators”; IEEE Transactions on Control Systems Technology, Vol. 10, No. 4, pp. 503-518, 2002. Yu, W., and Pineda, J.; “Chemical Process Modeling with Multiple Neural Networks”; European Control Conference, Porto, Portugal, pp. 37353740, 2001.
Index
A
D
ADMIRE............................. 112, 127 Analytical Redundancy ................. 53 ARINC 429 ..................................... 8 ARINC 629 ................................. 4, 8 ART2……………………….50, 53, 56, 58, 59 ARTMAP.............................. 56, 134 AUTOMATA........................... vi, 94
Decision Maker……………….v, 87, 89, 90, 91, 92, 94, 95, 106, 107, 126 Decision-Making Module.............. 56
C
F
CANbus………………4, 11, 12, 28, 67, 113 Cluster………………..49, 51, 55, 61, 62, 80, 81, 115 Common Resource…………...16, 25, 31, 33, 34, 67 Confidence Value................ v, 40, 63 CORBA……………….29, 30, 129, 133, 134 CSMA/CA ...................................... 4 CSMA/CD ...................................... 4
Fault Detection…………...vi, 39, 40, 42, 46, 49, 51, 52, 63, 89, 126, 130, 134 Fault Diagnosis………………...v, vi, vii, 39, 40, 43, 44, 51, 60, 63, 88, 89, 90, 92, 126, 127, 129 Fault Tolerance………….…..v, vi, 4, 6, 7, 15, 16, 19, 21, 24, 36, 37, 39, 40, 41, 82, 86, 99, 100, 120, 133 Fieldbus ........................... 42, 67, 127 Finite State Machine........................ v Fuzzy Control...................vi, vii, 111
E Earliest Deadline First ............. 25, 31
137
138
Index
H
R
Hierarchical Control...................... 87
IAE ................................................ 65
Rate Monotonic ................ .25, 30, 31 Real Time……………..….15, 16, 19, 22, 23, 27, 28, 29, 37, 40, 60, 111 Reconfigurable Control………..v, vi, vii, 66, 86, 88, 89, 95, 108, 126
J
S
Jitter .................................. 22, 24, 66
safety………………………...…v, vi, 10, 12, 17, 30, 86, 92, 95, 114 Scheduler…………………...…v, 25, 27, 28, 37, 41, 71, 90, 93, 98, 107, 114 Self-Diagnose………………...vi, 40, 49 Simulink ................................. vi, 109 Smart Element……………….vi, vii, 39, 44 Square Prediction Error ................. 49 Stability Analysis ..................... vi, 66
I
L Least Slack Time........................... 25 Load Balancing…………....…..5, 15, 24, 36, 66, 132 Logical Remote Unit....................... 8 Lyapunov ................................ 78, 82
M MATLAB.............................. 66, 111 Maximum Laxity First .................. 29 Model Predictive Control............... vi MPC.............................................. 79
N Network Control…………..….vi, vii, 30, 66, 67, 71, 77, 86, 93, 94, 113, 126 Neural Networks……………..39, 44, 50, 51, 52, 53, 55, 56, 58, 59, 61, 63, 89, 90
O Open Systems Interconnection... vi, 1
T TAO............................................... 29 TCP/IP........................... ………..4, 5 Time Delays……………………v, vi, vii, 1, 12, 15, 22, 25, 27, 36, 37, 65, 66, 67, 68, 69, 71, 73, 75, 76, 77, 78, 79, 80, 81, 82, 86, 89, 90, 91, 93, 94, 95, 100, 101, 107, 114, 115, 117, 119, 121, 123 True Time………………….66, 111, 112, 134
V Voting Algorithms…………...16, 17, 18, 92, 114