Measurement 143 (2019) 58–68

Contents lists available at ScienceDirect

Measurement
journal homepage: www.elsevier.com/locate/measurement

A review of Fault Tolerant Control Systems: Advancements and

applications
Arslan Ahmed Amin a,b,⇑, Khalid Mahmood Hasan a
a
Department of Electrical Engineering, University of Engineering and Technology, Lahore, G.T. Road, Lahore 54890, Punjab, Pakistan
b
Department of Electrical Engineering, FAST National University of Computer and Emerging Sciences Chiniot Faisalabad Campus, Chiniot, Punjab, Pakistan

a r t i c l e i n f o a b s t r a c t

Article history: In this paper, a comprehensive state-of-the-art review of Fault Tolerant Control Systems (FTCS) is pre-
Received 20 January 2019 sented with the latest advances and applications. The overall aim of an FTCS is to accommodate faults
Received in revised form 1 March 2019 in the system components during operation and maintain stability with little or acceptable degradation
Accepted 28 April 2019
in the performance levels. Such systems are of great importance for safety and mission-critical applica-
Available online 8 May 2019
tions where human lives are involved and service continuity is of extreme importance. In this paper, var-
ious types of faults in the sensors and actuators have been described. Types and classifications of Fault
Keywords:
Tolerant Control (FTC) including active, passive and hybrid approaches with the latest design techniques
Active Fault Tolerant Control
FTC advanced techniques
are presented. Finally, a review of the stability and reliability analysis of FTCS is presented with research
Controller reconfiguration gaps. The contribution of the study is to benefit new and existing researchers in FTCS domain with the
Passive Fault Tolerant Control latest trends and applications for future research directions.
Lyapunov stability Ó 2019 Elsevier Ltd. All rights reserved.
FTC reliability

Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
1.1. What is FTC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
1.2. Types of FTC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
2. Active Fault Tolerant Control System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
2.1. Architecture of AFTCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
2.2. Mathematical analysis of AFTCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
2.3. Latest techniques used for AFTCS design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3. Passive fault Tolerant control system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.1. Architecture of PFTCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
3.2. Mathematical analysis of PFTCS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.3. Latest techniques used for PFTCS design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
4. Hybrid fault Tolerant control system (HFTCS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
5. Hardware redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
6. Stability and reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
7. Latest applications of fault Tolerant control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
8. Conclusions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Funding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Declaration of Competing Interest . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67

⇑ Corresponding author at: Department of Electrical Engineering, University of

Engineering and Technology, Lahore, G.T. Road, Lahore 54890, Punjab, Pakistan.
E-mail address: arslan_engineer61@yahoo.com (A.A. Amin).

https://doi.org/10.1016/j.measurement.2019.04.083
0263-2241/Ó 2019 Elsevier Ltd. All rights reserved.
 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68
1. Introduction
1.1. What is FTC
Fault in a system is defined as the deviation of a parameter from
the acceptable value and failure is defined as the inability of a sys-
tem to carry out its intended operation under specified conditions.
Clearly, failure is much more drastic condition than just a mere
fault. Fault tolerance is defined as the ability of a system to continue
its operation regardless of faults. Faults are inevitable in every real
system and affect the system’s stability and performance level. FTC
can be described as an integral part of every safety critical system
such as airplanes and nuclear facilities. Extensive details and appli-
cations of FTC are presented in the references [1–3].
It is observed that operation during faulty conditions will
degrade the performance of the overall system but degradation
up to a certain level can be acceptable as long as reliability is guar-
anteed. Such systems are termed as Fault Tolerant Control Systems
and are getting intensive research attention for improved perfor-
mance and stability. FTC strategies are now being implemented
in production critical systems such as oil and gas and fertilizers
where production loss cannot be accepted and system continual
performance is mandatory. The study on the distributed control
systems is presented in this regard as being the base of many
industrial manufacturing systems [4].
Most of the industrial processes are inherent of the nonlinear
type with time delays. Many of such systems are described as non-
linear Multi-Input Multi-Output (MIMO) systems. Such systems
are addressed from many years and various control structures have
been designed for such systems having capabilities to handle
uncertainties, disturbances, and delays. FTC for such nonlinear sys-
tems is addressed in [5–7]. Process control domain is also mostly of
nonlinear nature [8] and FTC for these are discussed in [9–11] more
specifically related to safety issues of modern systems.
1.2. Types of FTC
Fault-Tolerant Control Systems are classified into two main cat-
egories: active FTCS (AFTCS) and passive FTCS (PFTCS) [12]. The
AFTCS consists of the following subsystems: Fault Detection and Iso-
lation (FDI) module, a reconfiguration mechanism and a reconfig-
urable controller. FDI module provides information online to the
Fig. 1. Structure of Active Fault Tolerant Control.
59
controller about the fault and AFTCS reacts by reconfiguring the con-
troller based on the information. FDI plays a vital role in active FTC to
detect and isolate the faulty components after which controller
reconfiguration is performed for adaptability to new conditions.
Due to the immediate actions taken by the controller for reconfigu-
ration, it is termed as ‘active’. The active FTC (AFTC) has the ability to
deal with many types of faults and results in optimal performance,
however, it is sensitive to the result obtained from FDI i.e., it can give
a wrong decision with excessive noise. Design becomes more diffi-
cult for nonlinear systems with uncertainties [13,14].
In comparison with AFTCS, PFTCS does not require an FDI unit
and is less computationally complex. It is fast enough to act
promptly to any abnormal condition but is able to accommodate
only a limited number of faults defined at the design stage and
works offline [15]. Hybrid of both of these techniques is also being
implemented and discussed in detail in Section 4.
Our contribution in this paper is an organized discussion on FTC
and it’s all kinds with the latest applications and developments.
The significance of the paper is the presentation of the thorough
and organized state of the art of FTCS for the benefit of new and
existing researchers for future research directions. Further con-
tents of the paper are organized as follows: Section 2 describes
the architecture, mathematical analysis and latest techniques of
AFTCS, Section 3 describes details of PFTCS and Section 4 explains
hybrid of both of these schemes. Hardware redundancy is dis-
cussed in Section 5. Stability and reliability analysis techniques
are mentioned in Section 6. The conclusion is presented in the last
section with future directions.
2. Active Fault Tolerant Control System
2.1. Architecture of AFTCS
The architecture of ATFC is shown in Fig. 1. The main function is
performed by the FDI unit which is termed as Fault Detection and
Isolation Unit. It is generally implemented as an observer-based
mechanism to generate its own internal output which will then
be compared with the actual plant values. Any deviation in sensor
or actuator out of some specified bound will be declared as a faulty
condition. Technically, if the error between actual and estimated
values goes to zero asymptotically or exponentially, the control
declares no fault. If the error signal goes out of bound, an error is
60 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68

generated. After detecting an error, the next step is to isolate the Float failure: This fault means that the actuator has become free
faulty component and estimate the possible value. This is termed and has no control over system performance.
as control law reconfiguration in which erratic value will be Runaway or Handover: This fault means that the actuator has
replaced by estimated value to maintain the stability of the system reached its maximum or minimum limit.
and avoid a shutdown. An alarm may be annunciated to warn the Loss of Effectiveness: Actuator becomes ineffective due to struc-
operator about the system faulty state to carry out necessary tural damage to the control surface.
actions to repair or replace the faulty components[16–18]. Broadly, actuator faults can be categorized as the additive and
Fault detection, isolation, controller reconfiguration stapes can multiplicative type and can be represented mathematically as:
be based on excessive computations and thus may take lots of Additive Fault:
time, thereby, making the response of the system quite slow.
uf ¼ u þ f u ð4Þ
Therefore, a major disadvantage of AFTCS could be its slow
response. But since it can cover a wide range of faults and maintain f
where u denotes actuator output, u denotes actuator input and f u is
stability, it is a very advantages control system [19]. actuator fault value.
Multiplicative Fault:
2.2. Mathematical analysis of AFTCS
uf ¼ ð1  qu Þu ð5Þ
Mathematical analysis of control system provides true insight where qy denotes fault gain and 0  qy  1.
into the function of a control system and its limitations about sta- Additive and Multiplicative Fault Combined:
bility. Therefore, it is very important to be able to mathematically
analyze faults and its various types both in sensors and actuators uf ¼ ð1  qu Þu þ f u ð6Þ
as these two components are the most vulnerable to faults. Math-
Consider the following non-linear system:
ematical analysis of the AFTCS is briefly discussed to give the read-
ers a basic idea of how advanced controllers work. Since the main x_ ðt Þ ¼ Axðt Þ þ Buðt Þ þ g ðx; u; t Þ ð7Þ
function of the FTC is to deal with faults, it is important to under-
stand the types and nature of faults in sensors and actuators. Any yðtÞ ¼ Cxðt Þ ð8Þ
fault in the sensor or actuator will create disturbance in the system x 2 Rn is state v ecotr; u 2 Rp is input v ector and y 2 Rm is output
and control objective will not be achieved unless some action is v ector: A, B and C are known system matrices of appropriate
taken to cope with the faults. dimensions. ‘n’ is the number of states, ‘p’ is the number of inputs
Mathematical modeling of faults and observer design for sensor and ‘m’ is the number of outputs.
and actuator faults are studied in ([20–22]) and briefly described
g ðx; u; t Þ is a nonlinear function vector on Rn . Also,
below.
Sensor faults can be classified as follows: zðt Þ ¼ Cxðt Þ ð9Þ
Bias: bias can be described as an offset in the sensor output. where zðt Þ is a clean output fictitious variable.
Mathematically, it can be written as Y ¼ X þ b where X is the true Faults in the sensor can be combined to give a single equation as
output and b is offset in the sensor value. It can be caused by follows:
improper calibration or physical deterioration in the sensor.
Drift: It is also a statistical deviation in the sensor output, linear yðtÞ ¼ ð1  qðt ÞÞzðtÞ þ f ðt Þ ð10Þ
as well as non-linear.
yi ðt Þ ¼ zi ðtÞ þ f i ðx; t Þ ¼ C i xi ðt Þ þ f i ðx; tÞ ð11Þ
Scaling (or Gain): A multiplicative type error in the scaling of
the sensor value and represented as slope as YðtÞ ¼ aðtÞX here g ðx; u; t Þ is assumed to be globally Lipschitz i.e.,
aðtÞ is the time varying scaling factor and its range is: 0  aðtÞ  1 k g ðx1 ; u; t Þ  g ðx2 ; u; t Þ k 6 k kx1  x2 k8u; t ð12Þ
Noise: Noise is random variations in the sensor values possibly
due to ambient, hardware or wire conditions. where k is Lipschitz constant.
Hard Fault: It is defined as a stuck value from a sensor. Mathe- Fig. 3 shows the basic scheme of the observer. The basic func-
matically, YðtÞ ¼ C where Cis a constant value. C = 0 means complete tion of the observer is to produce an estimated value of the plant
loss of sensor and any other value shows the sensor output is stuck. output as per the defined model of the system. Observer design
More broadly, sensor faults are classified as multiplicative and is the most vital part of the FDI scheme. Plant actual output from
additive types. Detailed mathematical fault equations of these the sensor is compared with this estimated values and residual is
are described below: calculated. The controller is designed such that error must
Additive Fault: approach zero asymptotically or exponentially for the stability of
the control system like Lyapunov second method. If the error goes
yf ¼ y þ f y ð1Þ
abruptly out of bound, error is declared in the system. This is math-
f
where y denotes actual faulty output, y denotes system output and ematically shown in the next section.
f y is sensor fault value. A general form of the observer is designed as follows: [23]
Multiplicative Fault:

 x_ ¼ Ax þ Bu ð13Þ
yf ¼ 1  qy y ð2Þ
y ¼ Cx ð14Þ
where qy denotes fault gain and 0  qy  1.
_
 
The combined equation for additive and multiplicative faults x ¼ A x þBu ð15Þ
would be as follows:  

 y¼Cx ð16Þ
y ¼ 1  qy yðt Þ þ f y
f
ð3Þ 
where x is the estimated state value. Subtracting (12) from (14)
and (13) from (15), we get
Fault in the actuator are of following types:

 
 
Lock failure: This fault means the actuator is locked or jammed _
x  x_ ¼ A x x ð17Þ
or stuck.
 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68 61

 
 
 

  
y y ¼ C x x ð18Þ V_ ¼ eTx RA þ R L C þ AT R þ C T LT R ex þ 2eTx R g x; u; t  g ð x; u;t Þ

 

x x ¼ ex is defined as the error between the estimated and 6 eTx RA þ R L C þ AT R þ C T LT R ex þ 1=l eTx R2 ex
actual state of the system. From fig (2), the observer equation
  2
þl k g x; u;t  g ð x; u; tÞ k
can be written as follows:

 
 
_
 
6 eTx RA þ R L C þ AT R þ C T LT R ex þ 1=l eTx R2 ex þ l k2 k ex k2
x ¼ A x þBu þ L y y ð19Þ

 
where L is state feedback gain matrix. Subtracting (12) from (16), ¼ eTx RA þ R L C þ AT R þ C T LT R þ l k2 I þ 1=l R2 ex
we get

 
 
  ð30Þ
_
x  x_ ¼ A x x þ L y y ð20Þ Substituting the Eq. (28) into the above equation to get:
Putting (13) and (15) into (17), we get


 
  V_ 6 eTx RA þ XC þ AT R þ C T X T þ l k2 I þ 1=l R2 ex ð31Þ
_
x  x_ ¼ ð A  LC Þ x x ð21Þ
If the following inequality holds, ex converges asymptotically to
e_ x ¼ ð A  LC Þex ð22Þ zero.

  RA þ XC þ AT R þ C T X T þ l k2 I þ 1=lR2 < 0 ð32Þ

y y ¼ Cex ð23Þ By applying the Schur complement, the Eq. (32) becomes equiv-
alent to (27) which completes the proof.
For a stable system, the error vector ex will decay to zero and we Similarly, the following theorem can be obtained.
can get the value of L for the observer.
As described in [20], the equation for the observer design for a Theorem 1:. The error ex ðt Þ approaches to zero exponentially with
nonlinear system would be as follows: rate K=2 if there exist matrices R, X and scalars l, ksuch that

  
  R ¼ RT > 0andl; k > 0 to satisfy following:
_
 
xðt Þ ¼ A x ðtÞ þ Bu þ g x; u; t þ L C x y ð24Þ " #
RA þ AT R þ XC þ C T X T þ lk2 I þ kR R
Let ex ðtÞ be the error vector <0 ð33Þ
R lI

ex ðtÞ ¼
b x ðt Þ  xðt Þ ð25Þ where

Using the approach for linear system observer design as for Eq. L ¼ R1 X ð34Þ
(20), we can obtain the error equation for a nonlinear system
Similar to the proof of Lemma 1, from (33) and (31), it can be
observer from Eqs. (7) and (24):

obtained that
 

  
e_ x ¼ A  L C ex ðtÞ þ g x; u; t  g ðx; u; tÞ ð26Þ V_ ðtÞ  keTx Rex ¼ kV ðtÞ ð35Þ
For the system to be stable, the error e_ x must approach to zero Hence, we get
asymptotically. The second lyapunov stability criterion for nonlin-
ear systems can be used to determine this condition in which a lya- V ðtÞ  eTx V ð0Þ ð36Þ
punov function is defined and its derivative is taken. If the From (29) we get
derivative is proved to be negative, the system would be declared
as stable showing the energy dissipation [24]. Moreover, for sim- kmin ðRÞk ex ðt Þ k2 6 ekt kmax ðRÞk ex ð0Þ k2 ð37Þ
plification of various complex matrix operations, the Schur com- where kmin andkmax are minimum and maximum Eigen values of
plement will also be used [25]. The important steps have been matrix R respectively. Hence, we obtain the following norm of the
summarized below [20]. error vector:
The following lemma 1 gives sufficient condition to determine pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
stability for (26). k e x ðt Þ k 6 kmax ðRÞ=kmin ðRÞ ex ð0Þ ekt=2 ð38Þ
The residual equation can be obtained from Eq. (24) and (7):
Lemma 1:. The error ex ðtÞ approaches to zero asymptotically if there

exists a matrix R, X and scalar l such that R ¼ RT > 0andl > 0 to rðt Þ¼k
^ C x ðt Þ  yðt Þ k
satisfy following linear matrix inequality (LMI):
From equation (25) and (38), we obtain
" # pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi
RA þ AT R þ XC þ C T X T þ lk2 I R r ðt Þ 6 kmax ðRÞ=kmin ðRÞ k C kex ð0Þ ekt=2 ð39Þ
<0 ð27Þ
R lI
Note that k ex ð0Þ k is unknown generally, so the threshold in
And the observer gain matrix can be selected as follows: (39) is unavailable. However, since it can be shown that:

L ¼ R1 X ð28Þ k C kex ð0Þk  krð0Þ

To prove it, consider the following Lyapunov function to prove
its derivative to be zero as explained earlier:
V ðt Þ ¼ eTx Rex ðtÞ ð29Þ
Now we will check V_ ðxÞ < 08x 2 D  f0g condition along the
trajectory for asymptotic stability. ex is a column vector, therefore,
the overall multiplication of matrices eTx Rex ðtÞ will result in a scalar
after performing all multiplication operations as described below:
Hence, the following criteria would be obtained for fault detec-
tion for sensor fault
( pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi kt
6 kmax ðRÞ=kmin ðRÞ k r ð0Þ ke 2 ; there is no fault
r ðt Þ pffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi kt
ð40Þ
> kmax ðRÞ=kmin ðRÞ k rð0Þ k e 2 ; there is a fault
Same process technique can be used to detect and isolate faults
in actuators. After fault detection, isolation, and estimation, the
control law is designed to perform controller reconfiguration step.
62 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68
2.3. Latest techniques used for AFTCS design
Latest approaches for the FDI design in AFTCS are discussed in
this section for both linear and nonlinear systems. In fact, most
of the practical and industrial processes are of a nonlinear nature.
One popular approach for fault estimation is the use of Kalman
Filter(KF). Preliminary knowledge of the working of KF is described
in great detail in [26–28]. KF provides state estimation of the sys-
tem in two steps of time update and measurement update, which
is then used for comparison or in a residual generation to decide
the faulty state of the system. KF designed for nonlinear applica-
tions is known as the extended KF (EKF). EKFs are extensively used
for FDI applications such as in [29] Extended Multiple Model Adap-
tive Estimator (EMMAE) is built for the multi–inputmultioutput
(MIMO) system for sensor faults. The technique is built for use in
the industrial applications and demonstrated by an application
on the boiler system. In [30] adaptive form of EKF is built for flight
parameter sensors of an aircraft. In [31] it is used in FDI design of
stochastic nonlinear and non-stationary dynamic systems and
applied to a perfectly stirred chemical reactor.
Further, in [32] generalized observer and a dedicated observer
schemes are implemented using a Kalman filter bank. In [33] FDI
is implemented for unreliable measurements and correlated noise
using unscented KF (UKF) for nonlinear systems. In [34] a fault
detection and location (FDL) system is built using a matrix of
hybrid Kalman filters for the coexistence of faults and health
degradation for the nonlinear aero-engine model. In [35] an effi-
cient multiple-model (MM) approach with hybrid Kalman filters
(MHKFs) is presented for a nonlinear and piecewise linear (PWL)
models of the system using a Bayesian approach.
Linear parameter varying method is being extensively utilized
in FTC. In [36] a nonlinear wind turbine system is modeled with
LPV and fault reconstruction approach is proposed. In [37] a robust
adaptive polytopic observer system is proposed for LPV systems
with time delay. Linear matrix inequalities (LMI) solution approach
is shown in papers [38–40]. In [38] observer is designed for dis-
crete time LPV systems for actuator fault estimation. In [39] FDI
unit is built for asynchronous machine using convex polytopic rep-
resentation. In [40] robust FDI is built for uncertain LPV systems
solving with LMIs.
Artificial neural networks (ANN) are also used in fault diagnosis
especially for nonlinear systems due to their useful features of self-
learning, self-organization and nonlinear systems modeling capa-
bilities. Logic can be defined in ANNs for inputs and outputs and
mapping can be performed to retrieve outputs for unseen inputs.
Due to parallel calculations, fast dynamic response of the system
Fig. 2. Basic observer design philosophy.
is obtained through ANNs. In [41] a backstepping approach based
on adaptive neural network-based is presented for underwater
vehicles with thruster fault. In [42] backstepping FTC design is pro-
posed for MIMO Nonlinear Systems with adaptive neural network
control. In [43] an adaptive NN-based approach is proposed for
nonlinear time-varying systems with time delay and Unmodeled
dynamics. In [44] NN-based AFTCS is described using the average
dwell time method for a class of switched nonlinear systems with
its application to RCL circuit.
Fuzzy logic (FL) is a qualitative model based technique and is
also being used for fault diagnosis. FL controllers can handle com-
plex non-linear, multi-variable and time-varying system dynamics.
Instead of 0 and 1, FLs employ linguistic terms to apply to real-
world scenarios. Thus, FLs have the capability to deal with systems
having no precise mathematical representation and can approxi-
mate nonlinear functions. The adaptive fuzzy control system is
implemented in various ways for nonlinear systems. In [45] it is
designed with actuator faults considering bias and gain faults. In
[46] observer-based adaptive fuzzy FTC is designed for stochastic
nonstrict-feedback systems. In [47] it is designed for uncertain
switched stochastic systems with time-varying output constraints.
In [48] Fuzzy-approximation method is proposed for pure-
feedback systems with unknown control directions and sensor fail-
ures. In [49] Takagi-Sugeno (T-S) fuzzy system is used for single-
parameter-learning (SPL) approach for identification and approxi-
mation of the uncertain nonlinear dynamics.
3. Passive fault Tolerant control system
3.1. Architecture of PFTCS
As compared to AFTCS, the architecture of PFTCS is quite simple
and is shown in Fig. 2. There is no FDI unit and no controller recon-
figuration is performed. Rather, the controller works in offline
mode in both normal and abnormal conditions with predefined
parameters that mask the faulty readings from the components.
The main advantages of passive FTC techniques can be described
as follows: Fault detection and controller reconfiguration process
is not implemented and the system works with the same parame-
ters in normal and fault conditions. Due to the elimination of FDI
and controller reconfiguration process, the time response of the
system becomes very fast as compared to AFTCS. However, the
detection of various types of faults becomes very difficult for one
passive FTC system since it is designed to work in the offline mode.
Hence, its functionality would be limited and can be jeopardized
with complex and various kinds of simultaneous faults [3,15,50].
 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68 63

3.2. Mathematical analysis of PFTCS tains the constant (MsgnðsÞ) plus proportional (ks) rate reaching
law as reported in [55].
Sliding Mode Control (SMC) is one of the most popular PFTCS 1
technique due to its advantages of robustness to external distur- u ¼ g ðx; x_ Þ ½ks  MsgnðsÞ ð49Þ
bances, system parameter variations and model uncertainties Where k and M are positive numbers and sgn is the signum
[51–53]. SMC controller design is mathematically described in function. The function g ðx; x_ Þ must be invertible for Eqs. (48) and
[54] and is mentioned below: (49).
Consider second order single input single output (SISO) nonlin- The overall control input will become:
ear affine system: h i
1
u ¼ g ðx; x_ Þ €x1  f ðx; x_ Þ  ke_  ks  MsgnðsÞ
d
ð50Þ
€xðtÞ ¼ f ðx; x_ Þ þ g ðx; x_ Þu þ df ð41Þ
x 2 Rn is the state vector, u 2 Rp is the control input vector and Substituting this input equation to (46), we get
y 2 Rm is the output vector. A, B and C are known system matrices s_ ¼ ks  MsgnðsÞ þ df ð51Þ
of appropriate dimensions. g ðx; x_ Þ is a nonlinear function vector on
Rn and df represents uncertainties and disturbances within For conventional SMC, the necessary condition would be
bounds jdf j < D. The system is continuous time but time index is 1 d 2
omitted for simplicity. Let the state variables be x1 ¼ x and s < 0; orss_ < 0 ð52Þ
2 dt
x2 ¼ x_ 1 , we have
To reduce the chattering phenomenon, we introduce a bound-

x_ 1 ¼ x2 ary layer and expression becomes
ð42Þ
x_ 2 ¼ f ðx; x_ Þ þ g ðx; x_ Þu þ df ss_ < gjsj ð53Þ
Let the desired trajectory be xd1 ,
then the error between actual Multiplying (51) with s, we get
x1 and the desired trajectory xd1 be written as:
ss_ ¼ ks2  MsgnðsÞs þ df s ¼ ks2  Mjsj þ df s ð54Þ
e ¼ x1  xd1 ð43Þ
With the proper choice of k and M, (53) can be satisfied.
Taking time derivative The chattering effect can be eliminated by using a discontinu-
ous saturation function sat ðsÞ instead of sgn function. The satura-
e_ ¼ x_ 1  x_ 1 ¼ x2  xd2
d
ð44Þ tion function satðsÞ is defined as follows:
The switching surface ‘‘s” is conventionally defined for the sec- 
sgnðsÞ if jsj > us
ond order systems as a combination of the error variables e and e_ sat ðsÞ ¼ ð55Þ
s=us if jsj < us
s ¼ e_ þ ke ð45Þ
whereus is the boundary layer around sliding surface s.
where k sets the dynamics in the switching plane (s ¼ 0Þ.
The control input u should be chosen so that trajectories
approach the switching surface and then stay on it for all future 3.3. Latest techniques used for PFTCS design
time instants.
The time derivative of s would become Robust control is an important characteristic of PFTCS. A litera-
ture review of the robust control is being described for more elab-
s_ ¼ f ðx; x_ Þ þ g ðx; x_ Þu þ df  €x1 þ ke_
d
ð46Þ oration. In [56] engineering applications with robust control are
The control input is expressed as the sum of two terms, as described; in [57] design and implementation of robust control
reported in [55]. laws are discussed and robust control for nonlinear applications
is discussed in survey paper [58].
u ¼ ueq þ u ð47Þ In [59] PFTCS is designed for actuator failures with polytope for-
The first one ueq is called as the equivalent control and is chosen mation of the system by calculating maximum physical values and
using the nominal plant parameters (df ¼ 0), so as to make s_ ¼ 0 peak gains. In [60] it is designed for a class of MIMO nonlinear sys-
when s ¼ 0. It is written as: tems with uncertainties. In [61] PFTCS deals with the outage, loss

 of effectiveness and stuck faults due to parameter uncertainty, dis-
1
ueq ¼ g ðx; x_ Þ €xd1  f ðx; x_ Þ  ke_ ð48Þ turbance and actuator faults. In [62] it is designed for an induction
motor with a nonlinear block control (NBC) transformation. [63]
The second term u is selected to deal with the uncertainties in Robust Adaptive PFTCS based on backstepping approach is
the system and to introduce a reaching law. The second term con- designed for strict-feedback nonlinear systems subjected to

Fig. 3. Structure of Passive Fault Tolerant Control.

64 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68

Table 1
Comparison between AFTCS and PFTCS.

System’s Property AFTCS PFTCS

Architecture Complex Simple
Time Response Slow Fast
Fault Detection Online/Real Time Offline
Computations Large Relatively Small
Fault Detection and Isolation (FDI) Essential Not Required
Controller Reconfiguration Required Not Required
Noise Effect Can be corrupted by noise and the wrong decision can be made Robust to Noise
Time delay Possible due to noise No Time Delay
Faults nature Various Fixed predefined faults are accommodated
Control Structure Variable Fixed

actuator faults and external disturbances without utilizing neural
networks.
As discussed earlier, Sliding Mode Control (SMC) is the most
widely used approach for PFTCS design. It is a type of Variable
Structure Control (VSC) which basically combines the individual
features of different control structures and provides superior per-
formance as compared to individual control structures. Chattering
is caused by SMC due to switching, therefore, to remove the chat-
tering problem Super twisting algorithm is used. In [64] SMC based
FTC is proposed for quadrotor UAV in which two controllers in cas-
cade form are designed, first one to deal with the uncertainties and
disturbances to tolerate actuator faults and the second cascaded
SMC to control inner and outer velocities of the quadrotor. In
[65] higher order sliding mode based control (HOSM) scheme is
proposed for the air path of a diesel engine. In [66] air-to-fuel ratio
(AFR) control based on Smooth Super-Twisting Algorithm (SSTA)
for a gasoline engine is presented. In [67], PFTCS based on SMC is
designed for sensor faults for a multi-rotor aircraft without fault
detection and controller reconfiguration Fig. 3.
A brief comparison of AFTC and PFTC is mentioned in Table 1
regarding important system properties and their response against
each property.
passive decentralized unconditionally stabilizing (DUS) control
for the sensor faults. In [75] it is proposed for a flight control sys-
tem for partial actuator failures. In [76] Neural Network-Based
hybrid FTC Scheme is proposed for a class of nonlinear systems
with unknown actuator faults with simulation results. In [77] it
is proposed for uncertain nonlinear networked control systems
(NCS) under discrete event-triggered communication scheme
(DETCS) with numerical simulation results. In [70] it is proposed
considering actuator saturation and L1 disturbances to compen-
sate for the loss of actuators’ effectiveness in pre and post-fault
diagnosis intervals.
5. Hardware redundancy
Hardware redundancy is an important aspect in the design of
FTCS as described in [78]. Redundancy was originally developed
to cover hardware components faults. Generally, sensors and actu-
ators are concerned with field devices while the control system is
placed in a separate environment. So, hardware redundancy con-
cept would deal with the control system side apart from field
devices. Early computing systems used redundant structures with
the voting of parallel independent channels to abolish the effects of

4. Hybrid fault Tolerant control system (HFTCS)

Having studied both the pros and cons of both AFTCS and PFTCS,
a hybrid of both can be designed having advantageous properties
of both systems. For example, the time delay in AFTCS can be a
serious issue in safety-critical systems where minute time delay
can cause disasters. One solution is to use PFTCS with AFTCS, PFTCS
to respond quickly to faults while AFTC to optimize system
performance. Hence, hybrid FTCS can provide both desirable prop-
erties of stability to unexpected fast disturbances and optimal per-
formance. A hybrid approach is presented in [68] using multiple
controllers in which the proposed system does not suffer from
the incorrect decision effect from FDI and ensures stability. Param-
eters uncertainties are also considered and graceful performance Fig. 4. Concept of dual redundancy in a component.
degradation is established. The hybrid approach proposed in [69]
hybrid of FDI and DSU (decentralized stabilization unit) is pro-
posed to guarantee stability in the event of sensor faults and vir-
tual sensor outputs are reconstructed. In [70] unified approach is
presented to cope loss of effectiveness of actuator. Pre and post-
fault diagnosis are handled by PFTCS and AFTCS respectively. FDI
unit does not affect the stability and optimization of system gains
are carried out to handle actuator saturation and disturbance
effects.
The hybrid scheme has been found in various papers. In [71] a
survey of active, passive and hybrid FTC approached is presented.
In [72] it is proposed for aerospace vehicles which are based on
the multiple models. In [73] it is proposed and demonstrated by
controlling a McDonnell F-4C airplane through simulation. In
[74] it is proposed by combining FDI with the newly developed Fig. 5. Structure of triple modular redundancy.
 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68
faults or failed components. These also employed information code
error detection and diagnostic techniques for the location of faulty
components and replace these through automatic changeovers. In
a modern complex system, fault tolerance is needed in components
other than hardware such as software and embedded components.
Redundancy can be categorized into two types: direct and ana-
lytical. In the direct redundancy, actual physical hardware redun-
dancy is carried out. For example, the use of two or three sensors
instead of one to measure the same quantity is called double and
triple redundancy whereas in normal operation, only one sensor
is sufficient for control purposes. These extra hardware compo-
nents make the system reliable in case of failure of the main ele-
ment. A voting system decides which channels are working
correctly and which are faulty. This hardware redundancy concept
is also extended to the actuators.
The concept of dual redundancy in components is shown in
Fig. 4. The reliability of the overall system increases with the dual
redundancy because the system will fail only when both of the
components fail. The system will continue its performance in case
of a fault in any one component at a time (Fig. 5).
Let reliabilities of individual components are denoted
byR1 andR2 and overall reliability of the dual redundant system is
denoted by RDR . Mathematically, we can write
RDR ¼ 1  ðbothcompoentsfailÞ
If R1 ¼ R2 ¼ R
RDR ¼ 1  ð1  RÞ2
RDR ¼ 2R  R2
If R ¼0.9, RDR ¼ 0:99
In redundant modular systems, faulty modules are discon-
nected and isolated from the system and new modules are inserted
in a highly tight control environment. If a fault arises in a model, it
is detected instantly and replaced with a healthy module.
Triple Modular Redundancy (TMR) design is one of the high-
reliability hardware architecture in hardware redundancy domain.
Three parallel channels work to produce results and voting among
them is carried out to generate the final output. 2 out of 3 voting
process results free of error performance and no single point of fail-
ure. The three channels are identical and independent each per-
forming its own action parallel to one another. If a fault arises in
any channel, it is detected by the voter mechanism and the final
output is generated from the rest two channels. Meanwhile, the
operator is alerted of the faulty situation by annunciations and
alarms. Limitation of the TMR system is that it can only mask
one module fault. A failure in either of the remaining modules
would cause the voter to produce an erroneous result. However,
it has been determined that the dependability of a TMR system
can be improved by removing failed modules from the system.
Let reliabilities of individual components are denoted
byR1 ; R2 andR3 and overall reliability of TMR is denoted by RTMR . Math-
ematically, reliability function of TMR can be determined as follows:
RTMR ¼ R1 R2 R3 þ ð1  R1 ÞR2 R3 þ R1 ð1  R2 ÞR3 þ R1 R2 ð1  R3 Þ
¼ R1 R2 R3 þ R2 R3  R1 R2 R3 þ R1 R3 R1 R2 R3 þ R1 R2 R1 R2 R3
¼ R1 R2 þ R2 R3 þ R1 R3  2R1 R2 R3
If R1 ¼ R2 ¼ R3 ¼ R
2 2 2 3
RTMR ¼ R þ R þ R  2R
RTMR ¼ 3R2  2R3
If R ¼0.9, RTMR ¼ 0:972
65
In [79] TMR scheme has been presented for VLSI voter system in
which a mid-value or median is detected among four sensors. In
[80] FTC is implemented on digital systems using TMR. In [81]
FTC voter circuit is implemented with TMR on CMOS circuit at
the Nanoelectronics level with simulation results. In [82] Imple-
mentation of TMR is demonstrated on operating systems. How-
ever, there is a limitation of TMR that the reliability of each
channel must be greater than 0.5 and faulty modules must be
replaced immediately after the occurrence of a fault in the channel.
Moreover, if two channels become faulty simultaneously, the sys-
tem shuts down and cannot produce output [78,83].
In the analytical redundancy, an observer based on the mathe-
matical model of the system is used to provide an estimate of the
signals of interest instead of having multiple sensors that measure
the same signal. Sensor value is compared with the estimated
value to generate residual. Any abnormal increase in residual
would indicate a fault in the sensor. This algorithm runs in the con-
trol computer and no actual additional hardware is used. This fea-
ture is desirable in many systems especially in unmanned air
vehicles (UAVs) and aircraft to reduce extra hardware, cost, and
weight [84]. In paper [85] robust analytical redundancy for nonlin-
ear systems is described that is insensitive to state and unknown
parameters. In [86] Analytic redundancy-based fault diagnosis
technique (ARFDT) is implemented for maintenance systems and
ð56Þ
sequential probability ratio test is used in fault isolation. The
method compensates sensor outputs in case of outages and is
implemented on aircraft system sensors.
ð57Þ
6. Stability and reliability
ð58Þ
Stability is the most important aspect of FTC especially in air-
craft where human lives are involved and in critical production
facilities such as nuclear power plants. The Lyapunov method is
the most popular method in determining the stability of control
systems. For linear time-invariant systems, Lyapunov first method
is used which states that the Eigen values must lie in a left half
complex plane. For nonlinear systems, the Lyapunov second
method is mostly used in which a Lyapunov function is defined.
The Lyapunov function must be positive definite and satisfy the
Lyapunov equation. Its derivate must also be negative definite
showing energy dissipation with the passage of time indicating
asymptotic stability of the systems [24]. Lyapunov Second criterion
can be written mathematically as:
X
n X
n
V ðxÞ ¼ xT Px ¼ pij xi xj ; P ¼ PT ð63Þ
i¼1 j¼1
V ðxÞ is the Lyapunov function and P is the system matrix:
P > 0ðpositive definiteÞ if and only if ki ðP Þ > 0 8i
Q is a positive definite matrix.
if P > 0; Q > 0 then the system x_
ð59Þ ¼ Ax is ðglobally asymptoticallyÞ stable; i:e:; Rki < 0
kmin ðQ Þ T
V_ ðxÞ ¼ xT Qx  kmin ðQ ÞxT x   x Px ¼ aV ðxÞ ð64Þ
kmax ðPÞ
ð60Þ
kmin ðQ Þ
a¼ >0 ð65Þ
kmax ðPÞ
ð61Þ
V ðxÞ > 0; V_ ðxÞ < 08x 2 D  f0g ð66Þ
ð62Þ
Above Eq. (51) is the main condition in the controller design
which establishes the stability criterion of the system.
66 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68
Fig. 6. Bathtub curve for failure rate of a component.
In [87] Lyapunov stability and asymptotic stability for second
order systems is explained. In [88] concepts and connections
between Lyapunov stability and passivity for nonlinear descriptor
systems are described. In [24] controllability and stability of nonlin-
ear systems are explained with Lyapunov functions and feedback.
Reliability can be defined in terms of dependability and avail-
ability of the system under specified time and conditions. Reliabil-
ity depends on the failure rate of the system components,
operating time, and environmental conditions in which the system
is being used. Reliability of a system or component is the probabil-
ity of performing its required function under the stated operating
environment for a specified duration of time. An important param-
eter in the reliability study is a failure rate. The failure rate can be
defined as the expected number of failures per unit time. It is gen-
erally represented as k. For example, if a component fails after
1000 h, its failure rate would be k ¼ 10001
or 1  103 failures/h.
Failure rates of components usually follow a bathtub curve dis-
tribution as shown in Fig. 6. This is a widely used tool in the relia-
bility study and is named according to its shape. In this curve, the
lifetime of a component is shown in three phases: early life, con-
stant failure and wear out period. In early life, the component
experiences a greater number of faults due to imperfections and
anomalies in the manufacturing process. After continual learning,
constant failure rate period starts in which the component seldom
experiences failure. After this useful period, wear out period starts
in which component experiences several failures due to wear and
tear by excessive usage.
Failure rate (k) will be constant during the useful period or mid-
section of the curve and its reliability function would be exponen-
tial as mentioned below:
Rðt Þ ¼ ekt
It is also known as the exponential failure law for calculating
time-varying reliability function.
One of the main quantitative measure for determining the reli-
ability of the system is the mean time to failure (MTTF). MTTF
shows the mean lifetime of an item. It is the average time during
which item will be expected to last in operation. There is a model-
ing assumption of MTTF that the failed item has infinite repair time
or simply stating the item cannot be repaired. MTTF is computed
by the following formula:
Z In this paper, a comprehensive state of the art review of fault
1
MTTF ¼ Rðt Þdt
0 advances and applications. An FTCS aims to accommodate faults in
MTTF can also be calculated by taking the reciprocal of failure
rate (k) as follows:
1 and actuators has been described with respect to FTC strategies.
MTTF ¼
k Types and classifications of FTC are described with the latest
MTTF is calculated for the unrepairable systems such that com-
ponents can’t be repaired [89–91].
Mean Time to Repair (MTTR) is a basic measure to determine
the maintainability of repairable items. It represents the average
time required to repair a failed component or device. These param-
eters are explained well covering the state of the art with limita-
tions and application example to the nuclear power plant is
mentioned in [92].
In [93] reliability modeling of FTC is described using semi Mar-
kov process model and reliability function computation. In [94]
reliability enhancement of multilevel modular converters is men-
tioned by using FTC techniques in bulk power transmission exam-
ple and increased reliability is shown both in normal as well as in
faulty conditions. Markov chains have been used to investigate
reliability by solving differential equations. In [95] reliability study
is carried out by dividing the system lifetime into different phases
and identifying key components that can cause system failure.
Importance analysis of these key components and subcomponents
are carried out to design automatic control schemes and optimiza-
tion of these schemes are carried out to obtain overall greater sys-
tem reliability and lifetime.
7. Latest applications of fault Tolerant control
The FTC has become a vital control design element in non-
process as well as for process conditions. FTCS has become an
essential part of unmanned air vehicles (UAVs) to maintain system
stability with acceptable performance in case of actuator and sen-
sor faults [96,97]. In [98] multilevel reconfiguration for actuator
and sensors is described based on LPV framework for NASA aircraft.
NASA has used FTC in modern drone control system design [99].
Triconix has used TMR in safety instrumented or emergency shut-
down (ESD) systems due to its high integrity in critical process
applications that require a significant degree of safety and avail-
ability [100]. The system also contains intrinsically safe barriers
as per requirement of hazardous environment safety that contains
a low level of energy to prevent spark in case of short-circuiting in
the field. Moreover, an additional feature to communicate with a
Distributed Control System (DCS) has also been incorporated. Gen-
eral Electric (GE) has designed a MarkVIeS system for SIL-3 safety
system applications based on TMR [101,102]. These systems are
utilized in the turbine protection and control as well as process
safety applications. These systems provide high performance in
extreme harsh systems. Rockwell Automation has designed Pro-
cess Safety & Critical Control system named as GuardLogix 1756
utilizing TMR for Safety Integrity Level (SIL)-3 applications [103].
Siemens has designed S7-400F/FH for fail-safe automation plants
ð67Þ with increased safety features [104]. The system can be used for
SIL-3 applications and has a modular design. As TMR has the lim-
itation of working with two healthy channels, further research
direction for more reliability enhancement of TMR would be to
enable the system working on a single channel tolerating simulta-
neous faults in the other two channels.
8. Conclusions
ð68Þ tolerant control systems (FTCS) is presented consisting of the latest
the system components during operation and maintain stability
with little or acceptable degradation in the performance levels.
Mathematical modeling of various types of faults in the sensors
ð69Þ
 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68
design techniques. Finally, a review of the stability and reliability
analysis of FTCS is presented.
Future research areas in FTC are mentioned below for further
exploration by researchers.
 FTC scheme implementation for process plants
 Fault isolation for multiple actuator faults
 Computational time reduction for AFTCS
 Improving PFTCS capabilities for optimum performance
 Integration of AFTCS and PFTCS
 Integration of FTC and sophisticated hardware redundancy
algorithms like TMR
 Cost optimization due to complexity and hardware additions
 Physical size reduction
 Graceful performance degradation
 Industrial applications critical to safety and production
Funding
The author(s) received no financial support for the research,
authorship, and/or publication of this article.
Declaration of Competing Interest
The author(s) declare no conflict of interest in preparing this
paper.
References
[1] J. Jiang, Fault-tolerant Control Systems—An Introductory Overview, Acta
Autom. Sin. 31 (2005) 161–174.
[2] M.S. Mahmoud, Y. Xia, Fault-tolerant control systems, in: Anal. Synth. Fault-
Toler. Control Syst., Wiley-Blackwell, 2013, pp. 135–173, doi:10.1002/
9781118700365.ch4.
[3] P.M. Frank, Trends in fault-tolerant control of engineering systems, IFAC Proc.
37 (2004) 377–384, https://doi.org/10.1016/S1474-6670(17)31053-4.
[4] M.S. Mahmoud, Y. Xia, Industrial fault-tolerant architectures, in: Anal. Synth.
Fault-Toler. Control Syst, Wiley-Blackwell, 2013, pp. 307–319.
[5] M. Benosman, A survey of some recent results on nonlinear fault tolerant
control, Math. Probl. Eng. (2010), https://doi.org/10.1155/2010/586169.
[6] M.S. Mahmoud, Y. Xia, Fault-tolerant nonlinear control systems, in: Anal.
Synth. Fault-Toler. Control Syst., Wiley-Blackwell, 2013, pp. 175–218, https://
doi.org/10.1002/9781118700365.ch5.
[7] J.-Y. Shin, C.M. Belcastro, Performance analysis on fault tolerant control
system, IEEE Trans. Control Syst. Technol. 14 (2006) 920–925, https://doi.org/
10.1109/TCST.2006.876911.
[8] T.A. Hughes, Introduction to Process Control. Meas. Control Basics Fifth Ed. 5
edition, Research Triangle Park, NC: International Society of Automation; 2015.
[9] A. Fekih, Fault tolerant control design for complex systems: Current advances
and open research problems. 2015 IEEE Int. Conf. Ind. Technol. ICIT, 2015, p.
1007–12. doi:10.1109/ICIT.2015.7125229.
[10] Blanke M, Staroswiecki M, Wu NE. Concepts and methods in fault-tolerant
control. Proc. 2001 Am. Control Conf. Cat No01CH37148, vol. 4, 2001, p.
2606–20 vol.4. doi:10.1109/ACC.2001.946264.
[11] X. Yu, J. Jiang, A survey of fault-tolerant controllers based on safety-related
issues, Annu. Rev. Control 39 (2015) 46–57, https://doi.org/10.1016/j.
arcontrol.2015.03.004.
[12] J. Jiang, X. Yu, Fault-tolerant control systems: A comparative study between
active and passive approaches, Annu. Rev. Control 36 (2012) 60–72, https://
doi.org/10.1016/j.arcontrol.2012.03.005.
[13] Y. Zhang, J. Jiang, Bibliographical review on reconfigurable fault-tolerant
control systems, Annu. Rev. Control 32 (2008) 229–252, https://doi.org/
10.1016/j.arcontrol.2008.03.008.
[14] I. Hwang, S. Kim, Y. Kim, C.E. Seah, A survey of fault detection, isolation, and
reconfiguration methods, IEEE Trans. Control Syst. Technol. 18 (2010) 636–
653, https://doi.org/10.1109/TCST.2009.2026285.
[15] M. Benosman, Passive fault tolerant control, Robust Control Theory Appl
(2011), https://doi.org/10.5772/14334.
[16] Z. Gao, C. Cecati, S.X. Ding, A survey of fault diagnosis and fault-tolerant
techniques—part I: fault diagnosis with model-based and signal-based
approaches, IEEE Trans. Ind. Electron. 62 (2015) 3757–3767, https://doi.org/
10.1109/TIE.2015.2417501.
[17] M. Pawlak, Active fault tolerant control system for the measurement circuit in
a drum boiler feed-water control system, Meas Control 51 (2018) 4–15,
https://doi.org/10.1177/0020294018754714.
[18] A.A. Amin, K. Mahmood-ul-Hasan, Robust active fault-tolerant control for
internal combustion gas engine for air–fuel ratio control with statistical
67
regression-based observer model, Meas. Control (2019), https://doi.org/
10.1177/0020294018823031.
[19] J. Lunze, J.H. Richter, Reconfigurable fault-tolerant control: a tutorial
introduction, Eur. J. Control. 14 (2008) 359–386, https://doi.org/10.3166/
ejc.14.359-386.
[20] Youqing Wang, S. Donghua Zhou, Joe Qin, Hong Wang, Active fault-tolerant
control for a class of nonlinear systems with sensor faults, Int. J. Control
Autom. Syst. 6 (2008) 339–350.
[21] F. Yang, H. Zhang, B. Jiang, X. Liu, Adaptive reconfigurable control of systems
with time-varying delay against unknown actuator faults, Int. J. Adapt Control
Signal Process. 28 (2014) 1206–1226, https://doi.org/10.1002/acs.2439.
[22] H. Alwi, C. Edwards, C.P. Tan, Fault Tolerant Control and Fault Detection and
Isolation. Fault Detect. Fault-Toler. Control Using Sliding Modes, Springer-
Verlag, London, 2011, pp. 7–27.
[23] Norman S. Nise, Design via State Space, in: Control Syst. Eng., 6th ed., Wiley-
Blackwell, 2012, pp. 663–710.
[24] F. Clarke, Lyapunov functions and feedback in nonlinear control, in: Optim.
Control Stab. Nonsmooth Anal., Springer, Berlin, Heidelberg, 2004, pp. 267–
282, doi:10.1007/978-3-540-39983-4_17.
[25] T. Ando, Schur complements and matrix inequalities: operator-theoretic
approach, in: F. Zhang (Ed.), Schur Complement Its Appl., Springer US, Boston,
MA, 2005, pp. 137–162, doi:10.1007/0-387-24273-2_6.
[26] Y. Pei, S. Biswas, D.S. Fussell, K. Pingali, An elementary introduction to Kalman
filtering. ArXiv171004055 Cs, 2017.
[27] G. Welch, G. Bishop, An Introduction to the Kalman Filter, 2006.
[28] X. Liu, A. Goldsmith, Kalman filtering with partial observation losses. 2004
43rd IEEE Conf. Decis. Control CDC IEEE Cat No04CH37601, vol. 4, 2004, p.
4180-4186 Vol.4. doi:10.1109/CDC.2004.1429408.
[29] A.M. Bardawily, M. Abdel-Geliel, M. Tamazin, A.A.A. Nasser, Sensors fault
estimation, isolation and detection using MIMO extended Kalman filter for
industrial applications. 2017 10th Int. Conf. Electr. Electron. Eng. ELECO,
2017, p. 944–8.
[30] L. Van Eykeren, Q.P. Chu, J.A. Mulder, Sensor fault detection and isolation
using adaptive extended kalman filter*, IFAC Proc. 45 (2012) 1155–1160,
https://doi.org/10.3182/20120829-3-MX-2028.00195.
[31] Y. Chetouani, Using the kalman filtering for the fault detection and isolation
(FDI) in the nonlinear dynamic processes, Int. J. Chem. React. Eng. 6 (2008),
https://doi.org/10.2202/1542-6580.1411.
[32] D.H. Trinh, H. Chafouk, Fault detection and isolation using Kalman filter bank
for a wind turbine generator. 2011 19th Mediterr. Conf. Control Autom. MED,
2011, p. 144–9. doi:10.1109/MED.2011.5983155.
[33] H. Chen, L. Yan, Y. Xia, M. Fu, B. Xiao, G. Hu, et al. UKF based fault detection
and state estimation for nonlinear systems with correlated noise. 2017 36th
Chin. Control Conf. CCC, 2017, p. 5294–9. doi:10.23919/ChiCC.2017.8028193.
[34] Y. Yuan, X. Liu, S. Ding, B. Pan, Fault detection and location system for
diagnosis of multiple faults in aeroengines, IEEE Access 5 (2017) 17671–
17677, https://doi.org/10.1109/ACCESS.2017.2744639.
[35] B. Pourbabaee, N. Meskin, K. Khorasani, Sensor fault detection, isolation, and
identification using multiple-model-based hybrid kalman filter for gas
turbine engines, IEEE Trans. Control Syst. Technol. 24 (2016) 1184–1200,
https://doi.org/10.1109/TCST.2015.2480003.
[36] H. Shao, Z. Gao, X. Liu, K. Busawon, Parameter-varying modelling and fault
reconstruction for wind turbine systems, Renew Energy 116 (2018) 145–152,
https://doi.org/10.1016/j.renene.2017.08.083.
[37] H. Hamdi, M. Rodrigues, C. Mechmeche, Braiek N. Benhadj, Observer-based
fault diagnosis for time-delay LPV descriptor systems, IFAC-Pap 51 (2018)
1179–1184, https://doi.org/10.1016/j.ifacol.2018.09.702.
[38] Z. Wang, M. Rodrigues, D. Theilliol, Y. Shen, Actuator fault estimation
observer design for discrete-time linear parameter-varying descriptor
systems, Int. J. Adapt Control Signal Process. 29 (2015) 242–258, https://
doi.org/10.1002/acs.2469.
[39] C. Mechmeche, S. Rihane, H. Dallagi, S. Nejim, Fault detection and isolation for
linear parameter varying system application to asynchronous machine, in:
2018 Int. Conf. Adv. Syst. Electr. Technol. ICASET, Hammamet, IEEE, 2018, pp.
327–334, doi:10.1109/ASET.2018.8379877.
[40] D. Henry, A. Zolghadri. Robust fault diagnosis in uncertain linear parameter-
varying systems. 2004 IEEE Int. Conf. Syst. Man Cybern. IEEE Cat No04CH37583,
vol. 6, 2004, p. 5165–70 vol.6. doi:10.1109/ICSMC.2004.1401014.
[41] Y. Wang, M. Zhang, P.A. Wilson, X. Liu, Adaptive neural network-based
backstepping fault tolerant control for underwater vehicles with thruster
fault, Ocean Eng. 110 (2015) 15–24, https://doi.org/10.1016/j.
oceaneng.2015.09.035.
[42] H. Gao, Y. Song, C. Wen, Backstepping design of adaptive neural fault-tolerant
control for MIMO nonlinear systems, IEEE Trans. Neural Netw. Learn Syst. 28
(2017) 2605–2613, https://doi.org/10.1109/TNNLS.2016.2599009.
[43] S. Yin, H. Yang, H. Gao, J. Qiu, O. Kaynak, An adaptive NN-based approach for
fault-tolerant control of nonlinear time-varying delay systems with
unmodeled dynamics, IEEE Trans. Neural Netw. Learn Syst. 28 (2017)
1902–1913, https://doi.org/10.1109/TNNLS.2016.2558195.
[44] L. Tang, D. Ma, J. Zhao, Neural networks-based active fault-tolerant control for
a class of switched nonlinear systems with its application to RCL circuit, IEEE
Trans. Syst. Man. Cybern. Syst. (2018) 1–13, https://doi.org/10.1109/
TSMC.2018.2847283.
[45] Y. Li, S. Tong, Fault diagnosis and fuzzy fault-tolerant control design of
nonlinear systems with actuator faults. 2016 35th Chin. Control Conf. CCC,
2016, p. 6512–6514. doi:10.1109/ChiCC.2016.7554381.
68 A.A. Amin, K.M. Hasan / Measurement 143 (2019) 58–68
[46] H. Ma, Q. Zhou, L. Bai, H. Liang, Observer-based adaptive fuzzy fault-tolerant
control for stochastic nonstrict-feedback nonlinear systems with input
quantization, IEEE Trans. Syst. Man. Cybern. Syst. (2018) 1–12, https://doi.
org/10.1109/TSMC.2018.2833872.
[47] Y. Liu, H. Ma, H. Ma, Adaptive fuzzy fault-tolerant control for uncertain
nonlinear switched stochastic systems with time-varying output constraints,
IEEE Trans. Fuzzy Syst. 26 (2018) 2487–2498, https://doi.org/10.1109/
TFUZZ.2018.2814596.
[48] X. Liu, D. Zhai, T. Li, Q. Zhang, Fuzzy-approximation adaptive fault-tolerant
control for nonlinear pure-feedback systems with unknown control
directions and sensor failures, Fuzzy Sets Syst. 356 (2019) 28–43, https://
doi.org/10.1016/j.fss.2018.03.017.
[49] S. Gao, H. Dong, B. Ning, X. Yao, Single-parameter-learning-based fuzzy fault-
tolerant output feedback dynamic surface control of constrained-input
nonlinear systems, Inf. Sci. 385–386 (2017) 378–394, https://doi.org/
10.1016/j.ins.2017.01.014.
[50] J. Eich, B. Sattler, Fault Tolerant Control System Design Using Robust Control
Techniques, IFAC Proc. 13 (1997) 1237–1242, https://doi.org/10.1016/S1474-
6670(17)42566-3.
[51] S.K. Spurgeon, Sliding mode observers: a survey, Int. J. Syst. Sci. 39 (2008)
751–764, https://doi.org/10.1080/00207720701847638.
[52] Merheb AR, Noura H, Bateman F. Passive fault tolerant control of quadrotor
UAV using regular and cascaded Sliding Mode Control. 2013 Conf. Control
Fault-Toler. Syst. SysTol, 2013, p. 330–335. doi:10.1109/
SysTol.2013.6693910.
[53] P.K. Nandam, P.C. Sen, Industrial applications of sliding mode control, in:
Proc. IEEEIAS Int. Conf. Ind. Autom. Control, 1995, p. 275–280. doi:10.1109/
IACC.1995.465829.
[54] H. Noura, D. Theilliol, J.-C. Ponsart, A. Chamseddine, Actuator and sensor
fault-tolerant control design, in: Fault-Toler. Control Syst. Des. Pract. Appl.,
Springer-Verlag, London, 2009, pp. 7–40.
[55] G.K. Singh, K.E. Hole, Guaranteed performance in reaching mode of sliding
mode controlled systems, Sadhana 29 (2004) 129–141.
[56] T. Li, B. Zhang, Z. Feng, B. Zheng, Robust control with engineering
applications, Math Probl. Eng. (2014), https://doi.org/10.1155/2014/567672.
[57] Petkov P, Kralev J, Slavov T. Design And Implementation Of Robust Control
Laws. Proc - 29th Eur Conf Model Simul ECMS 2015 2015:6–18. doi:10.7148/
2015-0006.
[58] J. Wang, Robust and nonlinear control literature survey (No. 19), Int. J. Robust
Nonlinear Control (2010), https://doi.org/10.1002/rnc.1619.
[59] X. Yu, Y. Zhang, Design of passive fault-tolerant flight controller against
actuator failures, Chin. J. Aeronaut. 28 (2015) 180–190, https://doi.org/
10.1016/j.cja.2014.12.006.
[60] A. Nasiri, S.K. Nguang, A. Swain, D. Almakhles, Passive actuator fault tolerant
control for a class of MIMO nonlinear systems with uncertainties, Int. J.
Control (2017) 1–12, https://doi.org/10.1080/00207179.2017.1367102.
[61] X.J. Li, G.H. Yang, Robust adaptive fault-tolerant control for uncertain linear
systems with actuator failures, IET Control Theory Appl. 6 (2012) 1544–1551,
https://doi.org/10.1049/iet-cta.2011.0599.
[62] H. Tohidi, K. Erenturk, S. Shoja-Majidabad, Passive fault tolerant control of
induction motors using NBC, J. Control Eng. Appl. Inform. 19 (2017), 49–58–
58.
[63] J.X. Zhang, G.H. Yang, Robust adaptive fault-tolerant control for a class of
unknown nonlinear systems, IEEE Trans. Ind. Electron. 64 (2017) 585–594,
https://doi.org/10.1109/TIE.2016.2595481.
[64] Merheb AR, Noura H, Bateman F. Passive fault tolerant control of quadrotor
UAV using regular and cascaded Sliding Mode Control. 2013 Conf. Control
Fault-Toler. Syst. SysTol, 2013, p. 330–5. doi:10.1109/SysTol.2013.6693910.
[65] Murtaza G, Butt YA, Bhatti AI. Higher order sliding mode based control
scheme for air path of diesel engine. 2016 Int. Conf. Emerg. Technol. ICET,
2016, p. 1–6. doi:10.1109/ICET.2016.7813217.
[66] R. Anjum, I. Khan, A. Yar, A.I. Bhatti, Air-to-fuel ratio control of gasoline
engines using smooth sliding mode algorithm, in: 2017 13th Int. Conf. Emerg.
Technol. ICET, 2017, p. 1–6. doi:10.1109/ICET.2017.8281731.
[67] Fu C, Tian Y, Peng C, Gong X, Zhang L, Guo X. Sensor faults tolerance control
for a novel multi-rotor aircraft based on sliding mode control. Proc Inst Mech
Eng Part G J Aerosp Eng 2017:0954410017731590. doi:10.1177/
0954410017731590.
[68] M. Maki, J. Jiang, K. Hagino, A stability guaranteed active fault-tolerant
control system against actuator failures, Int. J. Robust Nonlinear Control 14
(12) (2004) 1061–1077, https://doi.org/10.1002/rnc.932.
[69] S.W. Su, J. Bao, P.L. Lee, A hybrid active–passive fault-tolerant control
approach. Asia-Pac J Chem Eng n.d.;1:54–62. doi:10.1002/apj.7.
[70] M. Khatibi, M. Haeri, A unified framework for passive–active fault-tolerant
control systems considering actuator saturation and L1 disturbances, Int. J.
Control (2017) 1–11, https://doi.org/10.1080/00207179.2017.1365172.
[71] Z. Gao, C. Cecati, S.X. Ding, A survey of fault diagnosis and fault-tolerant
techniques—part II: Fault diagnosis with knowledge-based and hybrid/active
approaches, IEEE Trans. Ind. Electron. 62 (2015) 3768–3774, https://doi.org/
10.1109/TIE.2015.2419013.
[72] J.D. Boskovic, R.K. Mehra, Hybrid fault-tolerant control of aerospace vehicles,
in: Proc. 2001 IEEE Int. Conf. Control Appl. CCA01 Cat No01CH37204, 2001, p.
441–6. doi:10.1109/CCA.2001.973905.
[73] M. Maki, J. Jiang, K. Hagino, A stability guaranteed active fault-tolerant
control system against actuator failures, Int. J. Robust Nonlinear Control 14
(2004) 1061–1077, https://doi.org/10.1002/rnc.932.
[74] S.W. Su, J. Bao, P.L. Lee, A hybrid active–passive fault-tolerant control
approach, Asia-Pac. J. Chem. Eng. (2006).
[75] X. Yu, J. Jiang, Hybrid fault-tolerant flight control system design against
partial actuator failures, IEEE Trans. Control Syst. Technol. 20 (2012) 871–
886, https://doi.org/10.1109/TCST.2011.2159606.
[76] Q. Shen, B. Jiang, P. Shi, Neural Network-Based Fault Tolerant Control
Scheme Against Un-modeled Fault, in: Q. Shen, B. Jiang, P. Shi (Eds.), Fault
Diagn. Fault-Toler. Control Based Adapt. Control Approach, Cham, Springer
International Publishing, 2017, pp. 163–190, doi:10.1007/978-3-319-52530-
3_7.
[77] J. Wang, X. Yao, W. Li, Hybrid Active-Passive Robust Fault-Tolerant Control of
Event-Triggered Nonlinear NCS, Open Electr. Electron Eng. J. 11 (2017),
https://doi.org/10.2174/1874129001711010068.
[78] E. Dubrova, Hardware Redundancy. Fault-Toler. Des., Springer-Verlag, New
York, 2013, pp. 47–69.
[79] M.D. Krstic, M.K. Stojcev, G.L. Djordjevic, I.D. Andrejic, A mid-value select
voter, Microelectron Reliab. 45 (2005) 733–738, https://doi.org/10.1016/j.
microrel.2004.07.006.
[80] R. Sß inca, C. Szász, Fault-tolerant digital systems development using triple
modular redundancy, Int. Rev. Appl. Sci. Eng. 8 (2017) 3–7, https://doi.org/
10.1556/1848.2017.8.1.2.
[81] M.H. Rahman, S. Rafique, M.S. Alam, A fault tolerant voter circuit for triple
modular redundant system, J. Electr. Electron Eng. 5 (2017) 156–166, https://
doi.org/10.11648/j.jeee.20170505.11.
[82] S. Hudson, R.S. Shyama Sundar, S. Koppu, Fault control using triple modular
redundancy (TMR), in: S.S. Rautaray, H. Das, J. Nayak, P.K. Pattnaik (Eds.),
Prog. Comput. Anal. Netw., Springer Singapore, 2018, pp. 471–480.
[83] A.A. Amin, K. Mahmood-Ul-Hasan, Advanced fault tolerant air-fuel ratio control
of internal combustion gas engine for sensor and actuator faults, IEEE Access 7
(2019) 17634–17643, https://doi.org/10.1109/ACCESS.2019.2894796.
[84] A.D. Pouliezos, G.S. Stavrakakis, Analytical redundancy methods, in: Real
Time Fault Monit. Ind. Process., Springer Netherlands, Dordrecht, 1994, pp.
93–178, doi:10.1007/978-94-015-8300-8_2.
[85] A. Shumsky, Robust Analytical Redundancy Relations for Fault Diagnosis In
Nonlinear Systems. Asian J Control n.d.;4:159–70. doi:10.1111/j.1934-
6093.2002.tb00342.x.
[86] C. Chi, W. Zhang, X. Liu, Application of analytic redundancy-based fault
diagnosis of sensors to onboard maintenance system, Chin. J. Aeronaut. 25
(2012) 236–242, https://doi.org/10.1016/S1000-9361(11)60383-X.
[87] D.S. Bernstein, S.P. Bhat, Lyapunov stability, semistability, and asymptotic
stability of matrix second-order systems, J. Mech. Des. 117 (1995) 145–153,
https://doi.org/10.1115/1.2836448.
[88] C. Yang, J. Sun, Q. Zhang, X. Ma, Lyapunov stability and strong passivity
analysis for nonlinear descriptor systems, IEEE Trans. Circuits Syst. Regul.
Pap. 60 (2013) 1003–1012, https://doi.org/10.1109/TCSI.2012.2215396.
[89] E. Dubrova, Dependability evaluation techniques, in: Fault-Toler. Des.,
Springer-Verlag, New York, 2013, pp. 19–42.
[90] Peebles PZ. Probability. Probab. Random Var. Random Signal Princ. 4th Ed. 4th
Edition edition, TMH; 2002.
[91] V. Kumar, L. Singh, A.K. Tripathi, Reliability analysis of safety-critical and
control systems: a state-of-the-art review, IET Softw. 12 (2017) 1–18, https://
doi.org/10.1049/iet-sen.2017.0053.
[92] V. Kumar, L. Singh, A.K. Tripathi, Reliability analysis of safety-critical and
control systems: a state-of-the-art review, IET Softw. 12 (2018) 1–18, https://
doi.org/10.1049/iet-sen.2017.0053.
[93] H. Li, Q. Zhao, Reliability Modeling of Fault Tolerant Control Systems. Proc.
44th IEEE Conf. Decis. Control, 2005, p. 2397–402. doi:10.1109/
CDC.2005.1582521.
[94] M. Abdelsalam, H. Diab, S. Tennakoon, A. Griffiths, Reliability enhancement of
modular multilevel converter by applying fault tolerant control. 2016 51st
Int. Univ. Power Eng. Conf. UPEC, 2016, p. 1–5. doi:10.1109/
UPEC.2016.8114008.
[95] D.U.I. Hongyan, Reliability optimization of automatic control systems based
on importance measures: a framework, Int. J. Perform. Eng. 12 (2015) 297–
300.
[96] Unmanned Aircraft. NASA n.d. https://www.nasa.gov/subject/9566/
unmanned-aircraft/.
[97] Gipson L. Unmanned Aircraft Systems Integration in the National Airspace
System (UAS in the NAS). NASA n.d. http://www.nasa.gov/aeroresearch/
programs/iasp/uas.
[98] Péni T, Vanek B, Szabó Z, Bokor J. Supervisory fault tolerant control of the
NASA AirStar aircraft. 2014 Am. Control Conf., 2014, p. 666–71. doi:10.1109/
ACC.2014.6859264.
[99] Stepanyan V. Identification and Reconfigurable Control of Impaired Multi-
Rotor Drones, San Diego, CA, United States: 2016
[100] Triconex Safety System | Schneider Electric Solutions n.d. https://schneider-
electric.pepperl-fuchs.com/se/en/733.htm.
[101] MarkVIeS. GE Autom 2014. http://www.geautomation.com/products/mark-
vies-safety-management-system.
[102] GE Mark VIeS Safety Management Solution - ISA n.d. https://www.isa.org/
templates/news-detail.aspx?id=136202.
[103] Trusted Triple Modular Redundant (TMR) Controller | Rockwell Automation
n.d. https://www.rockwellautomation.com/global/products/safety-
instrumented-systems/overview.page?
[104] S7-400/S7-400H/S7-400F/FH n.d. https://mall.industry.siemens.com/mall/
en/WW/Catalog/Products/5000014 (accessed December 8, 2018).