Automatica 99 (2019) 308–316

Contents lists available at ScienceDirect

Automatica
journal homepage: www.elsevier.com/locate/automatica

Brief paper

Performance-based fault detection and fault-tolerant control for

automatic control systems✩
Linlin Li a , Hao Luo b, *, Steven X. Ding c , Ying Yang d , Kaixiang Peng a
a
School of Automation and Electrical Engineering, University of Science and Technology Beijing, Beijing 100083, PR China
b
School of Astronautics, Harbin Institute of Technology, Harbin, PR China
c
Institute for Automatic Control and Complex Systems, University of Duisburg–Essen, 47057, Duisburg, Germany
d
College of Engineering, Peking University, Beijing 100871, PR China

article info a b s t r a c t
Article history: The main focus of this paper is on the analysis and design scheme of performance-based fault detection
Received 18 December 2017 and fault-tolerant control for automatic control systems with incipient (slowly developing) multiplicative
Received in revised form 12 May 2018 faults. To this end, the realization form of the multiplicative faults is first studied with the aid of the
Accepted 17 September 2018
coprime factorization techniques. Then, the fault-tolerant margin is proposed in the closed-loop setup
aiming at characterizing the fault-induced performance degradation. By embedding the fault-tolerant
margin as a performance indicator, a performance-based fault detection approach is developed. Based on
Keywords:
Performance-based fault detection the fault detection and the well-known controller parameterization form, a control performance-based
Fault-tolerant control fault-tolerant control strategy is investigated. A case study on three-tank system is given in the end to
Fault-tolerant margin illustrate the proposed approaches.
Multiplicative faults © 2018 Elsevier Ltd. All rights reserved.

1. Introduction Polycarpou, & Parisini, 2002). It is well known that multiplicative

With enhancing requirements of reliability as well as safety in
industrial processes, fault detection (FD) and fault-tolerant con-
trol (FTC) have received considerable attention in both research
and industrial application domains (Blanke, Kinnaert, Lunze, &
Staroswiecki, 2006; Chiang, Russell, & Braatz, 2001; Ding, 2013;
Isermann, 2006), and a great number of FD and FTC methods
have been developed (Hwang, Kim, Kim, & Seah, 2010; Li, Chadli,
Ding, Qiu, & Yang, 2018; Li, Ding, Qiu, Peng, & Yang, 2017; Mer-
cere & Bako, 2011; Naderi & Khorasani, 2017; Yan & Edwards,
2007; Zhou & Ren, 2001). In recent years, industrial automatic
control systems have continuously increasing demands for system
performance, efficiency and reliability. The existing FD methods,
however, generally do not take into account the system perfor-
mance changes/degradation caused by the faults. In particular,
few research efforts have been made to the detection and per-
formance analysis issues for incipient multiplicative faults (Zhang,
✩ This work has been supported by Beijing Natural Science Foundation under
grant 4174096, the National Natural Science Foundation of China under grants
61603033, 61873024, 61633001 and 61703121. The material in this paper was
not presented at any conference. This paper was recommended for publication in
revised form by Associate Editor Xenofon Koutsoukos under the direction of Editor
Torsten Söderström.
*
Corresponding author.
E-mail addresses: linlin.li@ustb.edu.cn (L. Li), hao.luo@hit.edu.cn (H. Luo),
steven.ding@uni-due.de (S.X. Ding), yy@pku.edu.cn (Y. Yang),
kaixiang@ustb.edu.cn (K. Peng).
faults can cause considerable changes in the system dynamic even
instability. On the other hand, the detection of incipient faults
is, due to slowly developing in the faults, a challenging issue.
Motivated by these observations, we are devoted, in the first part
of our work, to investigate a performance-based FD approach by
evaluating the fault-induced performance degradation with incip-
ient multiplicative faults. In comparison with the existing data-
driven fault estimation approaches (Naderi & Khorasani, 2017;
Wan, Keviczky, Verhaegen, & Gustafasson, 2016), the FD approach
is more focused on detecting and estimating the degradation in
system performance, instead of specific types of additive faults.
It can be observed that most of the FTC schemes are model-
based, in which (i) the controller is designed as a priori to be robust
against potential faults, or (ii) the controller parameters or algo-
rithms are online adapted or even the controller is re-configured,
as the faults are detected and estimated (Liu & Shi, 2013; Zhang
& Jiang, 2008; Zhang, Parisini, & Polycarpou, 2004). To the best of
our knowledge, the major attention of the existing studies on FTC
approaches are mainly dedicated to some specific types of faults,
while few research efforts have been made to address FTC issues
for general type of multiplicative faults. This motivates the second
part of our work, in which an FTC strategy is proposed such that
the required system performance is recovered in the presence of
multiplicative faults.
The main objectives of this work are to study the following prac-
tical issues, which have been rarely addressed in the research do-
main: (i) detect and estimate the ‘‘change’’ in control performance

https://doi.org/10.1016/j.automatica.2018.10.047
0005-1098/© 2018 Elsevier Ltd. All rights reserved.
 L. Li et al. / Automatica 99 (2019) 308–316 309

These eight RH∞ transfer matrices satisfy the so-called Bezout

identity
[ ][ ] [ ][ ]
Xo Yo Mo −Ŷo Mo −Ŷo Xo Yo
=
−N̂o M̂o No X̂o No X̂o −N̂o M̂o
= I. (3)

The eight transfer matrices given above can also be realized using
Fig. 1. Schematic description of the feedback control loop under consideration.
state space representations given in Ding (2013) and Zhou (1998)
as

Mo (z) = (AF , B, F , I ) , No (z) = (AF , B, C + DF , D)

caused by incipient multiplicative faults; (ii) develop FTC strategy X̂o (z) = (AF , L, C + DF , I ) , Ŷo (z) = (AF , −L, F , 0)
to recover the required performance. To be specific, the represen-
tation form for multiplicative faults is first studied in the coprime M̂o (z) = (AL , −L, C , I ) , N̂o (z) = (AL , B − LD, C , D)
factorization framework. Then, the fault-tolerant margin (FTM) is Xo (z) = (AL , −B + LD, F , I ) , Yo (z) = (AL , −L, F , 0)
proposed to evaluate the control performance degradation in the
where F , L are gain matrices such that AF = A + BF and AL = A − LC
presence of multiplicative faults. The relation between the FTM and
are stable.
the dynamics of the so-called observer-based residual generator
It is evident that the LCF of the plant can be interpreted as a
is established. Based on it, an on-line estimation algorithm for the
residual generator
FTM is developed, which is further implemented in a performance-
based fault detection (PFD) approach. Since model uncertainties ∀ u, d = 0, r(z) = M̂o (z)y(z) − N̂o (z)u(z) = 0 (4)
are inevitable for industrial processes, a threshold setting scheme
is proposed to avoid false alarms. In light of the observer-based where r denotes the residual signal. Eq. (4) is also called stable
realization of controller parameterization (Ding, 2014) and PFD ap- kernel representation (SKR) of system (1).
proach, a control performance-based fault-tolerant control (PFTC) According to Youla parameterization (Vinnicombe, 2000; Zhou,
strategy is investigated. 1998), all stabilization controllers for plant (1) can be parametrized
The paper is organized as follows. In Section 2, the needed pre- by
liminaries and problem formulation are given. The realization form K (z) = −U(z)V −1 (z) = −V̂ −1 (z ) Û(z)
of multiplicative fault is studied in Section 3. In Section 4, a PFD and [ ] [ ]
PFTC strategy is investigated. The implementation methodologies V̂ Û = Xo − Q N̂o Yo + Q M̂o
are developed in Section 5. To illustrate the proposed approaches, U = Ŷo + Mo Q , V = X̂o − No Q (5)
a case study is included in Section 6.
where Q (z) ∈ RH∞ is the so-called parameterization matrix and
Notations: The notations adopted throughout this paper are Xo , Yo , X̂o , Ŷo are RH∞ -transfer matrices satisfying Bezout identity
fairly standard. RH∞ represents the set of all real rational transfer (3) for given M̂o , N̂o , Mo , No .
functions of stable systems. ∥G(z)∥∞ represents the H∞ -norm of
transfer function G(z). ∥ω∥2 represents L2 -norm of ω(k). σmax (A)
2.2. Problem formulation
denotes the maximal singular value of matrix A.
In order to deal with model uncertainty, the nominal model (1)
2. Preliminaries and problem formulation is extended to

2.1. Process description y(z) = G∆ (z)u(z) + d(z). (6)

Suppose that G∆ (z) = −1

M̂∆ (z)N̂∆ (z) with M̂∆ ∈ RH∞ m×m
, N̂∆ ∈
Consider the standard feedback control loop presented in Fig. 1 m×p
RH∞ . Let
with G(z) as the plant model, K (z) as the feedback controller,
∆N̂ ∆M̂ = N̂∆ − N̂o
[ ] [ ]
d ∈ Rm denoting the additive stochastic or deterministic perturba- M̂∆ − M̂o (7)
tions, and v ∈ Rp representing the reference signal or the output
where ∆M̂ , ∆N̂ ∈ RH∞ represent the model uncertainties, which
of a feed-forward controller driven by the reference signal.
are also called (left)
 coprime factor uncertainties (Vinnicombe,
Let G(z) be LTI systems of the form
2000), and satisfy −∆N̂ ∆M̂ ∞ ≤ δ∆ with δ∆ as a positive


y(z) = G(z)u(z) + d, y ∈ Rm , u ∈ Rp (1) constant.

Without loss of generality, the process in the presence of incip-
with minimal state space realization G = (A, B, C , D) , A ∈ ient multiplicative faults can be represented as
Rn×n , B ∈ Rn×p , C ∈ Rm×n , D ∈ Rm×p . Left and right coprime
factorizations (LCF and RCF) of G(z) are respectively given by y(z) = Gf (z)u(z) + d(z) = M̂ −1 (z)N̂(z)u(z) + d(z) (8)

G(z) = M̂o−1 (z)N̂o (z) = No (z)Mo−1 (z) (2)

where Gf (z) denotes the faulty plant model with M̂ ∈ RH∞ m×m
, N̂ ∈
m×p
RH∞ . It is evident that by defining
where(M̂o , N̂o ,)Mo , No belong to RH∞ with appropriate dimen-
∆N̂o ∆M̂o = N̂ − N̂o
[ ] [ ]
sions, M̂o , N̂o and (Mo , No ) are left and right coprime pairs over M̂ − M̂o (9)

RH∞ , i.e. there exist X̂o , Ŷo , Xo , Yo ∈ RH∞ of appropriate dimen- the faulty plant (8) can be described by
sions so that ( )−1 ( )
[ ] [ ] Gf = M̂o + ∆M̂o N̂o + ∆N̂o (10)
] Ŷo ] Mo
= Im×m , Xo = Ip×p .
[ [
N̂o M̂o Yo
X̂o No where ∆M̂ , ∆N̂ are included in ∆M̂o , ∆N̂o .
310 L. Li et al. / Automatica 99 (2019) 308–316
[ ]
Indeed, the SKR −N̂ M̂ for the faulty plant (8) is not unique. 4. Performance-based FD and FTC strategy

For different SKRs, the representation for the fault-induced varia- 4.1. Performance-based fault detection
tion (9) is different. It is the first objective of this paper to study
the representation form for multiplicative faults in the coprime
Note that the closed-loop dynamics for the feedback control
factorization framework. The main focus of our subsequent study system presented in Fig. 1 in the presence of multiplicative faults
is on the analysis of the performance degradation caused by in- can be described by
cipient multiplicative fault ∆M̂o , ∆N̂o , and based on it, establishing ]−1 [ ]
v
[ ] [
a performance-based FD and FTC strategy. For our purpose, we u I −K
=
first introduce an indicator, the so-called fault-tolerant margin, y −Gf I d
to characterize the performance change in the system dynamics ]−1 [
V̂ v
[ ]
V̂ Û
caused by ∆M̂o , ∆N̂o . Notice that the model uncertainties ∆M̂ , ∆N̂ = . (16)
would influent the stability indicator like multiplicative faults. To −N̂ M̂ M̂d
ensure the robustness against the model uncertainties and avoid Considering that
false alarms, a threshold setting scheme is proposed, which can [ ]−1 ([ ] [ ])−1
also be applied to distinguish the faults and uncertainties in the V̂ Û V̂ Û 0 0
= + −∆ (17)
performance-based context. Next, the fault-tolerant margin is es- −N̂ M̂ −N̂o M̂o N̂o ∆M̂o
timated in the observer-based residual generation context, which [ ]( [ ][ ])−1
Mo −U 0 0 Mo −U
is further implemented for FD purpose. Moreover, a performance- = I+ (18)
based FTC strategy is proposed, and associated with it, the design No V −∆N̂o ∆M̂o No V
methodologies are investigated. it follows from small gain theorem (Zhou, 1998) that the closed-
In summary, it is assumed that in our subsequent work loop system is stable if
( )  [ ]
] Mo −U 
• the SKR −N̂o (z), M̂o (z) of G(z) is known;  −∆N̂ ∆M̂o < 1.
[
 (19)
o No V 
• the reference signal v satisfies the persistently excitation

∞
condition; It is clear that fault ∆N̂o , ∆M̂o affects the system stability. For the
• the measurements u(k) and y(k) are available. purpose of FD and FTC, we introduce
 [ ]
] Mo −U 
 −∆N̂o ∆M̂o
[
b(K ) =   (20)
3. The representation form for multiplicative faults No V 
∞
as a stability indicator, which can be applied to characterize the
Recall that SKR for a plant is not unique. Following (9), the fault-induced performance degradation in the system dynamics.
representation form for
[ the fault-induced
] [ variation
] (9) is also not Indeed, if b(K ) is closed to 1, it indicates that the system is ap-
unique. Suppose that −N̂ M̂ and −N̂1 M̂1 are two different proaching the stability margin. From the perspective of FD and FTC,
realizations
[ ] of the SKR for the faulty plant. Notice that for any SKR we call b(K ) fault-tolerant margin.
−N̂1 M̂1 , there exists R(z) ∈ RH∞ (Ding, 2013) such that In practice, the process is generally in dangerous situation when
b(K ) is approaching 1. Let bth < 1 be the maximum tolerance
M̂ , R (z) ∈ RH∞ .
−1
[ ] [ ]
−N̂1 M̂1 = R −N̂ (11) bound of the process, then the stability performance of the process
can be monitored by applying the following decision logic
In this sense, the multiplicative fault can be readily described by
b(K ) < bth H⇒ stable
{
[
−∆N̂o ∆M̂o
] [ ] (21)
= −RN̂ + N̂o RM̂ − M̂o (12) b(K ) ≥ bth H⇒ performance anomaly.
where R(z) can be any transfer matrix that belongs to RH∞ . It (20)–(21) build a performance-based fault detection (PFD) system.
follows from Georgiou and Smith (1990) that the feedback control
loop is stable if and only if Remark 1. To avoid the false alarms caused by model uncertainties
[ ]
]  −Ŷo − Mo Q  ∆N̂ , ∆M̂ , the tolerance bound bth is chosen as bth ≥ bth,0 with bth,0
 −∆N̂ ∆M̂o ∞   < 1.
[
  (13) denoting the maximal value of b(K ) in the fault-free case as
o
X̂o − No Q ∞ [ ]
 Mo −U 
Indeed, the different realization forms for the SKR should not bth,0 =  sup  ∥b(K )∥∞ = δ∆   .
No V 
−∆N̂ ∆M̂ ∞ ≤δ∆

∞
influent the stability of the process, although with different SKRs,
 

 −∆N̂ ∆M̂  can be different. Notice that

[ ]
o o ∞ For detection purpose, we are devoted to developing a scheme
 −∆N̂ ∆M̂o ∞
[ ]
for estimating (21) on-line. To this end, the following residual
o
generator is adopted
−M̂ ∞ .
[ ] [ ]
≥ inf  N̂o −M̂o − R N̂
R∈RH∞
r = −N̂o u + M̂o y (22)
Thus, along the line of Georgiou and Smith (1990), the influence
of the uncertainty/fault on the system stability should be uniquely which can be constructed using the available model-based or data-
represented in terms of driven methods (Ding, 2013; Dong & Verhaegen, 2012; Qin, 2006;
Yin, Wang, & Gao, 2016). In light of (10) and (16), it is straightfor-
−∆N̂o ∆M̂o = N̂o −M̂o − R∗ N̂
[ ] [ ] [ ]
−M̂ (14) ward that the dynamics of the residual generator is governed by

where r =∆N̂o u − ∆M̂o y + M̂d (23)

]−1 [
v̄
[ ]
−M̂ ∞ .
∗
[ ] [ ]
R = arg inf  N̂o −M̂o − R N̂ (15) V̂ Û
= ∆N̂o −∆M̂o
[ ]
R∈RH∞ + M̂d (24)
−N̂ M̂ M̂d
 L. Li et al. / Automatica 99 (2019) 308–316 311

where v̄ = V̂ v . In the sequel, an equivalent form of (24) is pre- Algorithm 1 Towards the estimation of J(K )
sented first, which plays an essential role in the subsequent studies.
Considering (17) and Bezout identity (3), it turns out 1: Online collecting the measurement data r(k), v̄ (k)
2: Constructing the Hankel matrices
]−1
] −1
[ ( [ ] )
V̂ Û −U [ ⎡ ⎤
= I+ −∆N̂o ∆M̂o r(k − l) ··· r(k − l + N)
−N̂ M̂ V .. ..
Rk,l,N = ⎣ ..
.
⎢ ⎥
[ ] . . ⎦
Mo −U
× . r(k) ··· r(k + N)
No V
v̄ (k − l) v̄ (k − l + N)
⎡ ⎤
···
Moreover, since .. ..
V̄k,l,N ..
=⎣ .
⎢ ⎥
( [ ]
] −1
) . . ⎦
−U [ v̄ (k) v̄ (k + N)
−∆N̂o ∆M̂o −∆N̂o ∆M̂o
[ ]
I+ ···
V
(
] −U −1 [
[ ]) 3: Recursively computing the maximal singular value
I + −∆N̂o ∆M̂o −∆N̂o ∆M̂o
[ ]
= ( )−1 )
V J(K ) =σmax Rk,l,N V̄kT,l,N V̄k,l,N V̄kT,l,N .
(
(31)
we have

r = P∆ v̄ + d̄ (25)
( [ ])−1
] −U detection delay. From application perspective, it is of great signif-
P∆ = − I + −∆N̂o ∆M̂o
[
V icance to choose a proper N to achieve a proper tradeoff between
[ ]
] Mo the estimation performance and the computation efforts.
× −∆N̂o ∆M̂o
[
No Next, we consider the more general case for d̄ ̸ = 0. Since d̄ is
( [ ])−1 ( unmeasurable, for the real-time estimation  of ∥P∆ ∥∞ , Algorithm
] −U )
I + −∆N̂o ∆M̂o M̂o + ∆M̂o d. 1 is still applied. In this case, J(K ) = P̄∆ ∞ is calculated as an
[
d̄ =
V
estimation of ∥P∆ ∥∞ with r = P̄∆ v̄ , which will in turn result in a
For our purpose, the relation between (20) and P∆ is studied in the deviation from the real value. In what follows, we characterize the
following theorem. deviation subject to the perturbation d̄. Note that
∥r ∥2 = P̄∆ v̄ 2 = P∆ v̄ + d̄2
   
Theorem 1. For b(K ) < 1, it holds that
which implies
b(K )
∥P∆ ∥∞ ≤ √ . (26) ∥P∆ v̄∥2 − d̄2 ≤ P̄∆ v̄ 2 ≤ ∥P∆ v̄∥2 + d̄2 .
     
1 − b2 (K )
To prove the above theorem, we need the following lemma that As a result, for any v̄ ̸ = 0, the following inequality holds
P̄∆ v̄ 
     
is given in Georgiou and Smith (1990). ∥P∆ v̄∥2 d̄ ∥P∆ v̄∥2 d̄
2 2 2
− ≤ ≤ +
∥v̄∥2 ∥v̄∥2 ∥v̄∥2 ∥v̄∥2 ∥v̄∥2
Lemma 2. Let ∆1 , ∆2 ∈ H∞ and
[ ] which means the error of the estimated and the real ∥P∆ ∥∞ is
 ∆1 
 ∆2  < γ < 1
  (27) bounded by
∞
 
d̄
Then |J(K ) − ∥P∆ ∥∞ | ≤ RP2R , RP2R := 2
. (32)
∥v̄∥2
γ
∆1 (I + ∆2 )−1  < √ .
 
∞
(28) It is evident that the accuracy and reliability of the estimations
1 − γ2 depend on the size of the perturbation-to-reference ratio RP2R . For
the case of a small RP2R , Algorithm 1 delivers a reliable estimation
Proof of Theorem 1. Along the line of the proof given in Georgiou
of ∥P∆ ∥∞ with adequate degree of accuracy.
and Smith (1990), it is straightforward that
For detection purpose, we choose J(K ) as the evaluation func-
 ∆1 ∆2  ∞ ≤ γ < 1
[
tion for the fault-tolerant margin. Notice that bth is the maximum
]
tolerance bound of the process, the tolerant bound for J(K ) can be
then correspondingly set as
γ bth
(I + ∆2 )−1 ∆1  .
 
∞
≤ √ (29) Jth = √ . (33)
1 − γ2
1 − b2th
As a result, it is evident that b(K ) < 1 leads to (26).
Concerning that v̄ and r are available as the system and the It is important to point out that
residual generator (23) are in operation, it is evident that when
d̄ = 0 J(K ) ≥ Jth H⇒ b(K ) ≥ bth . (34)
Since J(K ) can be estimated online, the anomaly performance can
J(K ) = ∥P∆ ∥∞ (30)
be detected by applying the following detection logic
can be online computed. Along the line of Zhou (1998), the estima- J(K ) < Jth H⇒ stable
{
tion algorithm for J(K ) is summarized in Algorithm 1. Here, l and (35)
J(K ) ≥ Jth H⇒ performance anomaly.
N denote sufficiently large positive integers. Generally speaking,
to achieve the best estimation performance, a large N is necessary, (31), (33) and (35) also build a performance-based fault detection
which will in turn, results in enormous computation efforts and system.
312 L. Li et al. / Automatica 99 (2019) 308–316

Remark 2. It is worth mentioning that the residual generator 5.1. PFTC phase I
adopted in this paper is standard. In spite of this, the advantages
of the proposed approach over the existing FD methods lie in (i) The core of the PFTC phase I lies in minimizing b(K ) by tuning
detecting/estimating the control performance degradation caused Q (z). Considering that
by multiplicative faults by using the available data in the real- [ ]
time manner, and (ii) delivering an indicator to show whether the Mo −U
−∆N̂o ∆M̂o = ∆ ∆
[ ] [ ]
¯1 ¯2 (38)
system is approaching the stability margin. To our best knowledge, −No V
very limited attention has been paid on the detection and esti-
mation issues of the control performance change in the research where
[ ] [ ]
domain, which are, however, of practical application interests. Mo ] −U
¯ 1 = −∆N̂
∆ ∆M̂o ¯ 2 = −∆N̂
,∆ ∆M̂o
[ ] [
o −No o V
4.2. Performance-based fault-tolerant control the main attention thus will be focused on solving the following
issue
It is evident that the controller adopted has considerable in-  [ ]
] −Ŷo − Mo Q 
 −∆N̂o ∆M̂o
fluence on the size of J(K ), and in turn on the fault-tolerant mar-  .
∗
[
Q = arg inf 
gin. Once a fault leads to performance anomaly, a fault-tolerant Q ∈RH∞ X̂o − No Q ∞
control scheme shall be applied to accommodate the performance
To achieve
[ this, the identification scheme for the fault-induced
degradation. Recall that based on the following observer-based
variation −∆N̂o ∆M̂o is developed. It follows directly from (14)
]
realization of all the stabilizing controllers (5)
that the main focus of the identification
( ) scheme is on the data-
x̂(k + 1) = Ax̂(k) + Bu(k) + Lr(k) driven realization of the SKR −N̂ , M̂ for the faulty plant.
r(k) = y(k) − C x̂(k) − Du(k) In what follows, we are devoted to a recursive data-driven
u(z) = F x̂(z) + Q (z)r(z) (36) realization of SKR using input/output (I/O) data. For this purpose,
with x̂(k) representing the state estimation, an observer-based the following notations are introduced first, which are essential
fault-tolerant control architecture is proposed in Ding (2014). Two in the subspace identification methods (Huang & Kadali, 2008;
parameters are available in this fault-tolerant control architecture Overschee & Moor, 1996; Qin, 2006)
for different functionalities w(k)
⎡ ⎤
..
wl (k) = ⎣ ⎦ , Wk,l = wl (k) wl (k + N − 1)
[ ]
• F , L, as high-priority parameter, are used to ensure the pro- ···
⎢ ⎥
.
cess stability w(k + l)
• Q (z), as low-priority parameter, is generally implemented
for robustness and fault tolerance purpose. where l and N denote sufficiently large positive integers, and w can
be any signal. Let
If a fault alarm is released by (35), the low-priority parameter [ ] [ ]
ul (k + N − lp − 1) U
Q (z) can be first plugged in/activated to recover the performance zp = , Zp = k−lp −1,lp
degradation without re-configuring the operational controller. For yl (k + N − lp − 1) Yk−lp −1,lp
instance, the fault-tolerant margin can be optimized by setting
with lp being a sufficiently large integer. For the data-driven real-
Q (z) as
 ization of the SKR, Algorithm 2 proposed in Ding (2014) is recalled.
[ ]
] Mo −Ŷo − Mo Q  It is easy to see that Kd,l is a data-driven realization of the SKR,
−∆N̂o ∆M̂o
∗
[
Q = arg inf  
Q ∈RH∞  No X̂o − No Q  which satisfies
∞ [ ]
Uk,l
However, it is not always in the situation that all the degradation Kd,l = 0. (39)
caused by the fault can be recovered by tuning/plugging in the Yk,l
lower priority parameter. That is to say, once For the purpose of on-line update of Kd,l , a recursive form of LQ
b(K ∗ ) ≥ bth or J(K ∗ ) ≥ Jth decomposition can be applied. Once new measurement data is
( )( )−1 available, we have
K ∗ = − Ŷo + Mo Q ∗ X̂o − No Q ∗ (37) ⏐
Zp ⏐ zp
[ ]
Φnew = Uk,l ⏐ ul (k + N) = [ Φ | φ ] = Lnew Qnew . (40)
⏐
it is necessary to reconfigure the operational controller (the high
priority controller) to maintain the performance of the process. Yk,l ⏐ yl (k + N)
Considering in this light, we propose the following performance- Recall that with Givens-transformation (Golub & Loan, 2012), Lnew
based fault-tolerant control (PFTC) strategy:

• if J(K ) ≥ Jth , the controller Q ∗ (z) is first implemented to
accommodate the performance degradation. We label this
scheme as PFTC phase I.
• if J(K ∗ ) ≥ Jth , the operational controller is re-constructed to
resume the stability performance. We rate this scheme as
PFTC phase II.
5. Design and implementation methodologies for PFTC
can be recursively updated by
[ Lnew | 0] = ε Lf ⏐ φ Qgiv ens
[ ⏐ ]
(41)
where ε > 0 is a forgetting factor to weigh the past information,
and Qgiv ens is a Givens matrix. Associated with it, the data-driven
realization Kd,l can be iteratively updated. It follows from Ding
(2014) that by choosing a parity vector [βl αl ] as one row of Kd,l ,
the state-space representation of the identified SKR is given by

xz (k + 1) = Az xz (k) + Bz u(k) + Lz y(k)

In this section, we are going to address the above two PFTC
phases in the data-driven fashion. r0 (k) = Gy(k) − Cz xz (k) − Dz u(k) (42)
 L. Li et al. / Automatica 99 (2019) 308–316 313

Algorithm 2 Towards data-driven realization of SKR

1: Collect the I/O data of the system and build Uk,l , Yk,l , Zp .
2: Do LQ-decomposition
Zp Lf ,11 0 0 Qf ,1
[ ] [ ][ ]
Φ= Uk,l = Lf ,21 Lf ,22 0 Qf ,2 .
Yk,l Lf ,31 Lf ,32 Lf ,33 Qf ,3
3: Do SVD of
][ ]
Σ1 V1T
[ ] [
Lf ,21 Lf ,22 0
.
[ ]
= U1 U2
Lf ,31 Lf ,32 0 Σ2 (≈ 0) V2T

4: Set Kd,l = U2T .

Fig. 2. Performance-based FTC strategy.

where xz (k) represents the state for SKR, and
0 0 ··· 0 βl (1, 1 : p)
⎡ ⎤ ⎡ ⎤
⎢1 0 ··· 0⎥ βl (1, p + 1 : 2p) Once J(K ∗ ) ≥ Jth , based on the recursive SKR, the residual
, Bz = ⎢
⎢ ⎥
⎣ ..
Az = ⎢ .. .. ⎥ .. .. generator (47) is first constructed which delivers the state estima-
⎥
. . .
⎦ . ⎣ ⎦
. tion xz (k) and residual signal r(k) for fault-tolerant purpose. Let us
0 ··· 1 0 βl (1, (n − 1)p + 1 : np) rewrite (47) as
Cz = 0 · · · 0 1 , Dz = βl (1, np + 1 : (n + 1)p)
[ ]
]T xz (k + 1) = Af xz (k) + Bf u(k) + Lf r(k)
Lz = − αl,0 αl,1 · · · αl,l−1 , G = αl,l .
[
(43) r(k) = y(k) − Cf xz (k) − Df u(k) (47)
Let where
r(k) = y(k) − Cf xz (k) − Df u(k) Af = Az + Lf Cf , Bf = Bz + Lf Df
Cf = G−1 Cz , Df = G−1 Dz . (44) Cf = G−1 Cz , Df = G−1 Dz , Lf = Lz . (48)
The transfer function for SKR can be given by As a result, the feedback controller can be given by

M̂ = (Az , Lz , −Cf , I), N̂ = (Az , Bz , Cf , Df ). (45) u(z) = Ff xz (z) + v (z) (49)

With the SKR (45) at hand, once J(K ) ≥ Jth , the fault-induced vari- where Ff is the parameter to be determined. In this section, the
ation is estimated by dealing with the model matching problem design of the controller Ff xz (z) is realized such that the following
(MMP) given in (14) and (15) online. As a result, we have performance index is minimized
1 ( T
[ ]
] −Ŷo − Mo Q
xz (k)Wf xz (k) + uT (k)Rf u(k)
)
∆
¯ 2 = R∗ −N̂ − I = Π1 − Π2 Q V = lim (50)
[
M̂ N →∞ N
X̂o − No Q
where Wf ≥ 0, Rf > 0. It follows from the separation principle
which means in turn
that the estimation and control issues can be handled indepen-
Q ∗ = arg inf ∥Π1 − Π2 Q ∥∞ (46) dently. From the control perspective, the controller gain Ff can be
Q ∈RH∞ determined by dealing with the linear quadratic regulation (LQR)
Π1 = R∗ (N̂f Ŷo + M̂f X̂o ) − I , Π2 = R∗ (N̂f Mo + M̂f No ). problem as
)−1
P = ATf PAf − ATf PBf BTf PBf + Rf BTf PAf + Wf
(
It yields that the fault-tolerant margin can be optimized by tun-
ing Q in handling MMP problem (46). To sum up, we propose )−1 T
Ff = − BTf PBf + Rf Bf PAf .
(
(51)
Algorithm 3 to show PFTC phase I.
The needed computations for PFTC phase II are summarized in Al-
Algorithm 3 Towards PFTC phase I gorithm 4. In summary, the schematic of the overall PFTC strategy
is shown in Fig. 2.
1: If J(K ) ≥ Jth , compute M̂(z), N̂(z) according to (45) based on the
recursive SKR Algorithm 4 Towards PFTC phase II
2: Solve R∗ (z) according to (15)
3: Solve Q ∗ (z) according to (46) 1: If J(K ∗ ) ≥ Jth , construct the residual generator (47) based on
4: Implement Q ∗ (z)r(z). the recursive SKR
2: Calculate Ff according to (51)
3: Replace the operational controller by the observer-based feed-
back controller Ff xz (k).
5.2. PFTC phase II

We are now in a position to present an algorithm for PFTC phase 6. A case study on three-tank system
II using process data. The task considered here is concentrated on
constructing an observer-based feedback controller to recover the In this section, a case study on the laboratory setup of three-
stability performance. tank system (Ding, 2014), a typical nonlinear chemical process as
314 L. Li et al. / Automatica 99 (2019) 308–316

Fig. 3. The schematic of three-tank system.

shown in Fig. 3, is presented. In this study, the water level of tank

1 is measurable and pump 1 continuously pumps water to tank 1 Fig. 4. Detection performance of fault I for PFD approach.

with incoming mass flow rate Q1 . To show the effectiveness of the

proposed approach, the following linear model is first obtained

0.8968 −0.0003 0.0841 0.0318

[ ] [ ]
A0 = −0.0077 0.8349 0.0770 , B0 = 0
0.0896 0.08678 0.8178 0
0 , D0 = 0
[ ]
C0 = 1 0

which is achieved by a linearization of the nonlinear model at the

operating point h1 = 15 cm, h2 = 10 cm with a sampling time
T = 5 s.
The residual generator and controller implemented in this
study are given by (5) and (22) with Q = 0 and
]T
L = 0.256 0.079 0.038 , F = 1.955 3.718 −6.941 .
[ [ ]

The reference signal is set to be v = 15 +w1 with w1 as white noise.

In this study, we set l = 3, lp = 60, N = 4000. bth is set to be 0.75
which yields Jth = 1.1339. The forgetting factor for recursive SKR
is set as ε = 0.99. The measurable signal is injected with noise.
Fig. 5. FD performance with PFTC phase I and II. (For interpretation of the references
For demonstration purpose, a fault (fault I) is first simulated to color in this figure legend, the reader is referred to the web version of this article.)
from the τ1 = 7100th sample which leads to the change in system
matrix as
which leads to performance anomaly as shown in Fig. 5. By apply-
A = A0 + ∆1 (k), ∆1 (k) = µ1 (k)∆
˜1 (52)
ing Algorithm 4 with Wf = I , Rf = I, we have
⎨0, k ≤ τ1
⎧
0 0 0
[ ]
k − τ1
⎪
0 0 0.7347 −0.0067 −0.188
[ ] [ ] [ ]
˜ 1 = 0.112
∆ 0 0 , µ1 (k) = , τ1 < k ≤ 7600
0 0 0.054 ⎩ 500
⎪ Af = 1 0 −2.4783 , Bf = 0.0150 , Lf = 0.635
1, k ≥ 7600. 0 1 2.7491 −0.0081 −0.704
−3.90 , Df = 0, Ff = 10 · 2.268 2.596 2.973
3
[ ] [ ]
With Algorithm 1, the estimation of FTM and the associated PFD Cf = 0 0
performance is shown in Fig. 4 without taking FTC actions. It can
With the fault-tolerant controller (49), the PFTC performance can
be seen that this fault leads to performance degradation. For FTC
be significantly improved (see the red line in Fig. 5). It is obvi-
purpose, Algorithm 3 is applied once J is beyond the safety range
ous that the proposed PFTC strategy can promise effective fault-
[0, Jth ]. By applying PFTC phase I, the control performance can be
recovered (see the green line in Fig. 5). tolerant performance.
Next, the following fault (fault II) is simulated from the τ2 = For comparison, the widely adopted L2 norm-based FD ap-
20000th sample as proach is applied. With the residual generator (22) and (25), the
L2 norm-based FD approach returns the evaluation functionand
A = A0 + ∆1 (k) + ∆2 (k), ∆2 (k) = µ2 (k)∆ threshold as J2 = ∥r̄ ∥2 , Jth,2 = Jth ∥v̄∥2 + d̄2 . In this study, d̄2
 
˜2

⎨0, k ≤ τ2 is set as 10. The corresponding FD performance with the moving

⎧
0 0 0
[ ]
k − τ2 window as [k − 2000, k] is shown in Fig. 6. From Fig. 6, the fault I
⎪
∆
˜2 = 0 0 0 , µ2 (k) = , τ2 < k ≤ 20500
0 0 0.25 ⎩ 500
⎪ in (52) cannot be detected in a real-time manner. It is obvious that,
1, k ≥ 20500 with Algorithm 1, the fault detectability can be improved.
 L. Li et al. / Automatica 99 (2019) 308–316
Fig. 6. Detection performance of fault I for norm-based FD approach.
7. Conclusions
In this paper, we have studied performance-based FD and FTC
for automatic control systems in presence of incipient multiplica-
tive faults. To be specific, the FTM has been introduced to evaluate
the fault-induced performance degradation. By establishing the
relation between the FTM and the dynamics of residual generator,
an on-line estimation algorithm for the FTM has been investigated
by using process data. Then by embedding FTM as a performance
indicator, a PFD approach has been proposed. Based on the PFD
and the controller parameterization form, a control performance-
based FTC strategy and the associated design approaches have been
developed. The future work is dedicated to PFD and PFTC design for
nonlinear systems.
Acknowledgments
The authors would like to thank the reviewers for their valuable
and constructive comments.
References
Blanke, M., Kinnaert, M., Lunze, J., & Staroswiecki, M. (2006). Diagnosis and Fault-
Tolerant Control (2nd ed.). Springer.
Chiang, L. H., Russell, E. L., & Braatz, R. D. (2001). Fault Detection and Diagnosis in
Industrial Systems. London: Springer.
Ding, S. X. (2013). Model-Based Fault Diagnosis Techniques - Design Schemes, Algo-
rithms and Tools (2nd ed.). London: Springer-Verlag.
Ding, S. X. (2014). Data-Driven Design of Fault Diagnosis and Fault-Tolerant Control
Systems. London: Springer-Verlag.
Dong, J., & Verhaegen, M. (2012). Identification of fault estimation filter from I/O
data for systems with stable inversion. IEEE Trans. Autom. Control, 57, 1347–
1362.
Georgiou, T. T., & Smith, M. C. (1990). Optimal robustness in the gap metric. IEEE
Trans. Autom. Control, 35, 673–686.
Golub, G. H., & Loan, C. F. V. (2012). Matrix Computations. JHU Press.
Huang, B., & Kadali, R. (2008). Dynamic Modelling, Predictive Control and Performance
Monitoring, a Data-Driven Subspace Approach. London: Springer-Verlag.
Hwang, I., Kim, S., Kim, Y., & Seah, C. (2010). A survey of fault detection, isolation,
and reconfiguration methods. IEEE Trans. Control Syst. Tech., 18, 636–653.
Isermann, R. (2006). Fault Diagnosis Systems: An Introduction from Fault Detection to
Fault Tolerance. Springer-Verlag.
Li, L., Chadli, M., Ding, S. X., Qiu, J., & Yang, Y. (2018). Diagnositic observer design for
t-s fuzzy systems: Application to real-time weighted fault detection approach.
IEEE Trans. Fuzzy Syst., 26, 805–816.
315
Li, L., Ding, S. X., Qiu, J., Peng, K., & Yang, Y. (2017). An optimal fault detection
approach for piecewise affine systems via diagnostic observers. Automatica, 85,
256–263.
Liu, M., & Shi, (2013). Sensor fault estimation and tolerant control for ito stochastic
systems with a descriptor sliding mode approach. Automatica, 49, 1242–1250.
Mercere, G., & Bako, L. (2011). Parameterization and identification of multivariable
state-space systems: A canonical approach. Automatica, 47, 1547–1555.
Naderi, E., & Khorasani, K. (2017). A data-driven approach to actuator and sen-
sor fault detection, isolation and estimation in discrete-time linear systems.
Automatica, 85, 165–178.
Overschee, P. V., & Moor, B. D. (1996). Subspace Identification for Linear Systems. USA:
Kluwer Academic Publishers.
Qin, S. J. (2006). An overview of subspace identification. Computers and Chemical
Engineering, 30, 1502–1513.
Vinnicombe, G. (2000). Uncertainty and Feedback: Hinf Loop-Shaping and the V-Gap
Metric. World Scientific.
Wan, Y., Keviczky, T., Verhaegen, M., & Gustafasson, F. (2016). Data-driven robust
receding horizon fault estimation. Automatica, 71, 210–221.
Yan, X. G., & Edwards, C. (2007). Nonlinear robust fault reconstruction and estima-
tion using a sliding mode observer. Automatica, 43, 1605–1614.
Yin, S., Wang, G., & Gao, H. (2016). Data-driven process monitoring based on
modified orthogonal projections to latent structures. IEEE Trans. Control Syst.
Technol., 24, 1480–1487.
Zhang, Y., & Jiang, J. (2008). Bibliographical review on reconfigurable fault-tolerant
control systems. Annual Review in Control, 32, 229–252.
Zhang, X., Parisini, T., & Polycarpou, M. M. (2004). Adaptive fault tolerant control of
nonlinear uncertain systems: An information based diagnostic approach. IEEE
Trans. Autom. Control, 49, 1259–1274.
Zhang, X. D., Polycarpou, M. M., & Parisini, T. (2002). A robust detection and isolation
scheme for abrupt and incipient faults in nonlinear systems. IEEE Trans. Autom.
Control, 47, 576–593.
Zhou, K. (1998). Essential of Robust Control. Englewood Cliffs, NJ: Prentice-Hall.
Zhou, K., & Ren, Z. (2001). A new controller architecture for high performance,
robust, and fault-tolerant control. IEEE Trans. Autom. Control, 46, 1613–1618.
Linlin Li received her B.E. degree from Xi’an Jiaotong Uni-
versity, China, in 2008 and her M.E. degree from Peking
University, China, in 2011. In 2015, she received her Ph.D.
degree in the Institute for Automatic Control and Complex
Systems (AKS), University of Duisburg–Essen, Germany.
She is now an associate professor at the School of Automa-
tion and Electrical Engineering, University of Science and
Technology Beijing, China. Her research interests include
fault diagnosis and fault tolerant control, fuzzy control and
estimation for nonlinear systems.
Hao Luo received his B.E. degree in electrical engineering
from Xi’An Jiaotong University, China, in 2007, M.Sc. de-
gree in electrical engineering and information technology
from University of Duisburg–Essen, Germany, in 2012, and
the Ph.D. degree at the Institute for Automatic Control and
Complex Systems (AKS) at the University of Duisburg–
Essen, Germany, in 2016.
He is currently an associate professor in School of
Astronautics, Harbin Institute of Technology. His research
interests include model-based and data-driven fault di-
agnosis, fault-tolerant systems and their plug-and-play
application on industrial systems.
Steven X. Ding received Ph.D. degree in electrical engi-
neering from the Gerhard-Mercator University of Duis-
burg, Germany, in 1992. From 1992 to 1994, he was a R&D
engineer at Rheinmetall GmbH. From 1995 to 2001, he
was a professor of control engineering at the University
of Applied Science Lausitz in Senftenberg, Germany, and
served as vice president of this university during 1998–
2000. He is currently a full professor of control engineering
and the head of the Institute for Automatic Control and
Complex Systems (AKS) at the University of Duisburg–
Essen, Germany. His research interests are model-based
and data-driven fault diagnosis, fault tolerant systems, real-time control, and their
application in industry with a focus on automotive systems and chemical processes.
316 L. Li et al. / Automatica 99 (2019) 308–316
Ying Yang received her Ph.D. degree in Control Theory
from Peking University, China in 2002. From January 2003
to November 2004, she worked as a Postdoctoral Re-
searcher at Peking University.From 2005 to 2014, she was
an associate professor at the Department of Mechanics
and Engineering Science, College of Engineering, Peking
University. Since 2014, she is a full professor at the same
department. Her research interests include robust and op-
timal control, nonlinear systems control, numerical anal-
ysis, fault detection and fault tolerant systems.
Kaixiang Peng received his B.E. degree in automation
and M.E. and Ph.D. degree from the Research Institute of
Automatic Control, University of Science and Technology,
Beijing, China, in 1995, 2002 and 2007, respectively. He is
a Professor in the School of Automation and Electrical En-
gineering, University of Science and Technology, Beijing,
China. His research interests are fault diagnosis, prognosis,
and maintenance of complex industrial processes, mod-
eling and control for complex industrial processes, and
control system design for the rolling process.