2002 PATH Conference

Fault Tolerant Longitudinal Control
of Transit Buses: Fault Diagnostics
and Management
Prof. Karl Hedrick
Adam Howell
Bongsob Song


Dept. of Mechanical Engineering
University of California, Berkeley
TO 4206
2002 PATH Conference
Overview
• Fault Tolerant Control (FTC) Architecture
• Integrated Fault Diagnostics and Sensor Fusion
–Physical Redundancy and the PDAF
–Example: Range and Range Rate Sensors
• Integrated Longitudinal Controller and Fault Classification
–Passive Fault Tolerance and Fault Classification
–Example: Parametric and Actuator Faults
• Conclusions & Future Work
2002 PATH Conference
Fault Tolerant Control (FTC) Architecture
• Fault Management System
– Decides on control reconfiguration
strategy using information about
vehicle status
• Fault Detection and Diagnostics
–Detects and identifies faults in
vehicle sensors, actuators, and
components
• Sensor Processing and Fusion
–Filters, validates, and combines
redundant sensor measurements
• Longitudinal Controller
–Choose pedal and brake
commands to achieve control
objectives of current mode
–Different modes of operation based
on desired maneuver and vehicle
status
Fault Management
Longitudinal Controller
Fused estimates
Database (Hardware Drivers)
Lower-level Controller
Throttle Brake
Sensor
Processing and
Fusion
Commanded pedal
position or brake signal
Synthetic acceleration,
Controller Mode
Fault Detection and
Diagnostics
Raw sensor
measurements
Filtered
measurements
Isolated fault
a_des, v_des, d_des, and
Vehicle ID
Controller Reconfiguration
Normal
Robust
Controller
Fault
Handling
Controller
Controller
Mode
Fault_status
Performance_status
Performance
Status
Reconfiguration
Command
Desired engine torque
Maneuver Planning (Upper Layer)
Coordination Layer
Maneuver
Maneuver Status
Maneuver Mode (Vehicle ID)
Lead Follow
Fused
estimates
Fault
estimates
2002 PATH Conference
Integrated Fault Diagnostics and Sensor Fusion
• Fault diagnostics and sensor fusion have different but related
goals
–Fault diagnostics: Detect and identify faults in sensors,
actuators, and system components
–Sensor fusion: Combine multiple redundant or complementary
sensor measurements to provide better quality estimate
• However, the means of achieving these goals is very similar;
Comparison of current sensor measurements and actuator
commands to expected behavior based on past values and/or
mathematical model of system
• Both fault diagnostics and sensor fusion can provide improved
performance and reliability for automated vehicle control, and is
therefore advantageous to integrate these capabilities for
efficiency and additional performance

2002 PATH Conference
Physical Redundancy
• Definition: multiple physical devices (either sensors and/or
actuators) providing redundant capabilities
• Transit buses used for Demo 2003 have several
subsystems with inherent physical redundancy:
–Vehicle Speed: 4 wheel speed sensors, engine speed
sensor, and DGPS
–Brake System: 2 Brake pressure sensors (at least), and
commanded brake pressure from pedal/driver
–Range and Range Rate Sensors: Eaton Vorad Radar,
Denso Lidar, plus two “pseudo” sensors
• Pseudo sensors rely on high-speed wireless
communication to provide local sensor measurements to
following vehicles in order to estimate relative states, i.e.
range and range rate
2002 PATH Conference
Physical Redundancy (cont.)
• Sensor measurements passed via wireless
communication
–DGPS position and velocity
–Vehicle speed based on wheel speed sensors
–Distance traveled based on magnet counting
DGPS Wireless
Magnetometers Wheel Speeds
Radar
Lidar
DGPS Wireless
Magnetometers Wheel Speeds
2002 PATH Conference
Probabilistic Data Association Filter (PDAF)
• Nonparametric PDAF has been used extensively in sensor fusion to combine multiple measurements
from a single sensor such that the output estimate has minimum estimation error variance (*)
• In the case of multiple sensors, the PDAF can be structured as a sequential Kalman Filter which
weights the correction for each sensor based on each sensor measurements validity
• For our case, the PDAF can be simplified by assuming that each sensor returns only one measurement
at each time step
• The simplified PDAF can be broken down into 3 basic computational stages at each time step
–Prediction of fused estimate and estimation error covariance based on dynamic system model (in
our case, a linear kinematic vehicle model)




– Validation of sensor i „s measurement(s) using g-sigma gating based on predicted measurement
and measurement covariance
• If sensor measurement valid, use in Kalman filter to correct fused estimate and estimation error
covariance




* For more detailed information, see (Bar-Shalom and Fortmann, 1988) and (Houles and Bar-Shalom, 1989)
) ( ) ( ) (
) ( ) ( ) (
) ( ) ( ) 1 (
4 4 4
1 1 1
k v k x C k y
k v k x C k y
k w k Ax k x
+ =
+ =
+ = +
 Q A k AP k k P
k k x A k k x
T
+ ÷ = ÷
÷ ÷ = ÷
) 1 ( ) 1 | (
) 1 | 1 ( ˆ ) 1 | ( ˆ
) ( ) ( ) ( ) (
) ( ) ( ) (
) 1 | ( ) (
) 1 | ( ˆ ) (
1
1
1 1
1 1 1
1 1 1
1 1
k v k S k v k V
k z k y k v
R C k k P C k S
k k x C k z
T
T
÷
=
÷ =
+ ÷ =
÷ =
( )
) ( ) ( ) ( ) ( ) 1 ( ) 1 | ( ) ) ( )( 1 ( ) 1 | ( ) (
) ( ) 1 | ( ) (
) ( ) ( ) 1 | ( ˆ ) 1 | ( ˆ ) | ( ˆ
, ) (
1 1 1 1 0 0 1
1
1
1 1 1 1 0 1
2
k W k v k v k W k k P C k W I k k P k P
k S C k k P k W
k v k W k k x k k x k k x
g k V if
T T
T
| | | |
| |
÷ + ÷ ÷ ÷ + ÷ =
÷ =
+ ÷ + ÷ =
<
÷
2002 PATH Conference
Probabilistic Data Association Filter (PDAF) (cont.)
• If sensor measurement invalid, don‟t use in Kalman filter


–Repeat previous stage for each sensor i with


• Fault diagnostics can be easily added to the PDAF, by monitoring and
thresholding the Mahalanobis distance V(k) computed in the validation stage
• In fact, this construction provides several benefits:
–Multiple fault detection and isolation are possible
–Inherent fault management in terms of eliminating the “bad” sensors and
measurements from the fusion process automatically
–Faults and external disturbances (i.e. dropouts) can potentially be distinguished
by correllating invalid measurements with known disturbance conditions
) 1 | ( ) (
) 1 | ( ˆ ) | ( ˆ
, ) (
1
1 1
2
÷ =
÷ =
>
k k P k P
k k x k k x
g k V if
) ( ) 1 | (
) | ( ˆ ) 1 | ( ˆ
1
1
k P k k P
k k x k k x
i
i
÷
÷
= ÷
= ÷
2002 PATH Conference
Example: Range and Range Rate Sensors
• Level of Modeling
–Detailed sensor models based on manufacturers specs and experimental
data
–Communication system modeled as constant delay (fairly good
assumption since using token-ring procotol)
–Lead vehicle modeled as double integrator with bounded acceleration,
while following vehicle has ideal spacing dynamics using fused estimate
in feedback
• Simulation Conditions
–Two car platoon with lead vehicle following sinusoidal desired acceleration
(a
des
= 0.5sin(0.1t))
–Second vehicle follows at 40m spacing, with incorrect initial condition
–Faults occur in following vehicle‟s Denso Lidar (3m bias in range) after 30
seconds, and magnetometer (miss 4 markers) after 35 seconds
2002 PATH Conference
Relativ e States
Prev ious Velocity
Current Velocity
Prev ious Position
current Position
Vehi cl e Model
radar
To Workspace8
mag
To Workspace7
dgps
To Workspace2
l i dar
To Workspace1
Fault
Radar Faul t
Magnetometer Faul t
Prev Velocity
Current Velocity
Prev Position
Current Position
Relativ e State
Magnet+Comm Pseudo-Sensor
Fault
Li dar Faul t
Prev Velocity
Current Velocity
Prev Position
Current Position
Relativ e States
Li dar
Measurements Fused Estimate
Integrate FDI
and Sensor Fusi on
Prev Velocity
Current Velocity
Prev Position
Current Position
Relativ e States
Eaton
VORAD
Prev Velocity
Current Velocity
Prev Position
Current Position
Relativ e States
DGPS+Comm Pseudo-Sensor
Current Velocity
Current Position
Fault
DGPS Faul t
2
2
2
2
8 2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
Simulation Model in Matlab/Simulink
2002 PATH Conference
Sensor Measurements
0 5 10 15 20 25 30 35 40 45 50
-1
-0.5
0
0.5
1
1.5
2
2.5
3
R
a
n
g
e

R
a
t
e

(
m
/
s
)
0 5 10 15 20 25 30 35 40 45 50
0
5
10
15
20
25
30
35
40
45
Time (sec)
R
a
n
g
e

(
m
)
Denso Lidar
Eaton Vorad
DGPS + Comm
Magnetometer + Comm
True State
2002 PATH Conference
Sensor Fusion
0 5 10 15 20 25 30 35 40 45 50
-2
-1.5
-1
-0.5
0
0.5
1
1.5
R
a
n
g
e

R
a
t
e

(
m
/
s
)
0 5 10 15 20 25 30 35 40 45 50
33
34
35
36
37
38
39
40
41
R
a
n
g
e

(
m
)
Time (sec)
fused
true
0 5 10 15 20 25 30 35 40 45 50
-0.5
-0.4
-0.3
-0.2
-0.1
0
0.1
0.2
0.3
0.4
0.5
E
r
r
o
r

i n

R
a
n
g
e

R
a
t
e

(
m
/
s
)
0 5 10 15 20 25 30 35 40 45 50
-0.4
-0.2
0
0.2
0.4
0.6
E
r
r
o
r

i n

R
a
n
g
e

(
m
)
Time (sec)
2002 PATH Conference
Fault Detection and Identification
0 5 10 15 20 25 30 35 40 45 50
0
2
4
6
8
10
12
Symptoms
M
a
g
n
e
t
o
m
e
t
e
r

+

C
o
m
m
0 5 10 15 20 25 30 35 40 45 50
0
2
4
6
8
10
12
E
a
t
o
n

V
o
r
a
d
0 5 10 15 20 25 30 35 40 45 50
0
2
4
6
8
10
12
D
e
n
s
o

L
i
d
a
r
0 5 10 15 20 25 30 35 40 45 50
0
2
4
6
8
10
12
D
G
P
S

+

C
o
m
m
Time (sec)
2002 PATH Conference
Integrated Longitudinal Controller and Fault
Classification
• Controller‟s goal to provide good regulation/tracking despite
uncertainties and disturbances, including some types of faults
• Benefits of integrated controller and fault classification
–Design robust controller to provide fault-tolerant performance in a
limited way, i.e., include fault-insensitivity in the controller at the
design stage
–Maximize controller‟s robustness to faults using knowledge of
controller performance, modeling uncertainty, and fault effects
–Better to avoid frequent switching between the reconfigurable
controllers when faults have small impact on closed-loop performance
• Prerequisites for the integrated method
–Control model including the modeling uncertainty
–Controller design
–Fault characteristics

2002 PATH Conference
0
20
40
60
80
100
50
100
150
200
250
300
0
200
400
600
800
1000
1200
Throttle (%)
Engine Speed (rad/s)
E
n
g
i
n
e

T
o
r
q
u
e

(
N
m
)
Control Model
• Longitudinal Vehicle Dynamics

• Engine model for 280HP CNG
Cummins engine

• Pneumatic brake with EBS

bf
T
a m
wf
÷
af
R
trf
F
rf
F
g m
wf
g m
c
a m
c
÷
ar
R
af
R
a
F
90
d
T
br
T
a m
wr
÷
ar
R
trr
F
u
rr
F
g m
wr
m
eq
a r g b g e
f
J
mg F F h R T R T
v
1
) sin (
A +
+ + ÷ ÷
=
u

{ }
m e e map
e
e
f T T T
2
) , (
1
A + ÷ = o e
t

¹
´
¦ > ÷
=
otherwise 0
if ) (
o b o b b
b
P P P P K
T
| |
| |
¦
¦
¹
¦
¦
´
¦
A + ÷
A + ÷
=
emptying for ) (
1
filling for ) (
1
3
3
m w
be
m w
bf
w
f P t
f P t
P
|
t
|
t

2002 PATH Conference
• Currently all hardware
installation for the bus is not
completed yet, so we assume
there are similarities between a
bus and a truck
• Truck model
– Diesel engine model (N14
435HP Cummins)

– Engine retarder
• Polynomial curve fitting
– Transmission
• Through j1939 bus
– No brake model
• Retrofitting EBS brake system
• Tested at Crow‟s Landing
{ }
m e f e map
e
e
f T m T T
2
) , (
1
A + ÷ = 

e
t
Truck Model Validation
Engine Retarder - Low
Engine Retarder - High
2002 PATH Conference
Dynamic Surface Control Design
• Applied to passenger vehicles -
Gerdes(1996), Hedrick and Yip
(2000)
• Implemented successfully on
the California PATH passenger
vehicles in DEMO‟97 (San
Diego, CA)
• Developed analysis and design
methodology to provide stability
and robustness to modeling
uncertainty – Song (2002)
• Can extend the method to the
faulty system?
Low-pass
Filter
Nonlinear
System
Uncertainty
MSS
(S
1i
, S
2i
)
DSC
P
f
S
f
A
f
m
y
{ }
wdes edes d
P T x , = { }
w e
P T x , =
{ }
des des d
u | o , =
u
x
f A
×
des
v



2002 PATH Conference
Fault Characteristics
• Actuator fault
– Partial failure of airbrake system
due to wrong adjustment of
slack adjuster and wear
– The brake failure contribute to
nearly one-third of all the
accidents involving commercial
vehicles


• Parametric fault
– Change of effective radius due
to tire pressure drop
– h = (1 ÷ f
P
) h
1 ) ( 0 where
otherwise 0
if ) )( 1 (
s s
¹
´
¦ > ÷ ÷
=
t f
P P P P f K
T
A
o b o b A b
b
2002 PATH Conference
• Switched error dynamics in a matrix form
(Song et al. 2002)



Passive Fault Tolerance of DSC
• Extensibility to the faulty system
– Convex optimization problems to check the quadratic stability numerically can
be formulated as long as a magnitude of the fault is known
• Passive fault tolerant approach
– Fault tolerant for a certain class of faults due to robustness of DSC
– i.e. no difference between the class of faults and uncertainty in the
viewpoint of the controller
| |
| |
T
i fi m i f
T
i i i i
i r i f i w i A P i i
f f f f w
S S z
b e i r B w B z f f A z
1 2 1 ,
2 2 1
, , ,
where
, for ) , (


A A + A =
=
= + + =
ç
Extended
Perturbation
Linear Error
Dynamics
P
f
r
f
w
z
A
f
d
u
u
2002 PATH Conference
Fault Classification & Handling
FDD
DSC
Isolatable
fault
Detectable
fault
Tolerable
fault
Specific
Warning
Severity
Indication
Intolerable
fault
Reconfig-
uration
Emergency
Handling
• Controller reconfiguration
– Intolerable sensor or
parametric faults, which
cannot be handled by Sensor
fusion using hardware
redundancy
• State estimation based
controller
• Parameter identification (or
estimation) based controller
– Intolerable actuator faults
• Optimal trajectory
reconfiguration using actuator
capability information
• Emergency Handling
– Performed by the fault
management system and
coordination layer (or higher
layer)
• Performance status
– Quadratic function level
– Actuator capability
• Fault classification
– Fault severity indication
– Isolatability on FDD
2002 PATH Conference
Simulation Results: No Fault
• Include parametric uncertainties and unmodeled dynamics
• Assume normal distribution for the parametric uncertainties
– ±0.2(degree) road grade disturbance
– 10% parametric uncertainty on effective radius
– 20% parametric uncertainty on C
a
– 30% parametric uncertainty on K
b

0 5 10 15 20 25 30 35 40
16
18
20
22
24
V
e
l
o
c
i
t
y

(
m
/
s
)
v
v
des
0 5 10 15 20 25 30 35 40
-0.1
-0.05
0
0.05
0.1
V
e
l
o
c
i
t
y

E
r
r
o
r

(
m
/
s
)
Time (second)
0 5 10 15 20 25 30 35 40
0
50
100
P
e
d
a
l

P
o
s
i
t
i
o
n

(
%
)
0 5 10 15 20 25 30 35 40
0
500
1000
1500
T
b

(
N
m
)
Actual
Desired
0 5 10 15 20 25 30 35 40
0
0.5
1
Time (second)

V
(
z
)
2002 PATH Conference
Simulation Results: Fault Classification
• Tolerant faults
• Intolerable faults
0 5 10 15 20 25 30 35 40
-0.1
-0.05
0
0.05
0.1
V
e
l
o
c
i
t
y

E
r
r
o
r

(
m
/
s
)
0 10 20 30 40
0.3
0.4
0.5
0.6
0.7
E
f
f
e
c
t
i
v
e

r
a
d
i
u
s

(
m
)
30% Parametric Fault
0 10 20 30 40
0
5
10
15
B
r
a
k
e

C
o
e
f
f
i
c
i
e
n
t

(
K
b
)
40% Actuator Fault
0 10 20 30 40
0
0.5
1
Time (sec)
Q
u
a
d
r
a
t
i
c

F
u
n
c
t
i
o
n

L
e
v
e
l

V
(
z
)
0 10 20 30 40
0
500
1000
1500
T
b

(
N
m
)
Time (sec)
Actual
Desired
0 5 10 15 20 25 30 35 40
-0.1
0
0.1
0.2
V
e
l
o
c
i
t
y

E
r
r
o
r

(
m
/
s
)
0 10 20 30 40
0.2
0.3
0.4
0.5
0.6
E
f
f
e
c
t
i
v
e

r
a
d
i
u
s

(
m
)
50% Parametric Fault
0 10 20 30 40
0
5
10
15
B
r
a
k
e

C
o
e
f
f
i
c
i
e
n
t

(
K
b
)
60% Actuator Fault
0 10 20 30 40
0
0.5
1
Time (sec)
Q
u
a
d
r
a
t
i
c

F
u
n
c
t
i
o
n

L
e
v
e
l

V
(
z
)
0 10 20 30 40
0
500
1000
1500
2000
T
b

(
N
m
)
Time (sec)
Actual
Desired
2002 PATH Conference
Conclusions & Future Work
• Integrated sensor fusion and FDD
– Transit buses have considerable amount physical redundancy that
can be leveraged for improved reliability and accuracy
– For range and range rate sensors, PDAF is an effective framework
for integrated design of diagnostics and sensor fusion
• Integrated longitudinal control and fault classification
– Fault classification Indicates the fault severity in the viewpoint of the
closed loop system
– Integrated design allows us to maximize controller‟s robustness to
faults in the presence of uncertainties
• A great deal of work before the Demo 2003, but in the
near term:
– Tests for model validation of 40 ft CNG bus as well as sensor
processing are scheduled in November at Crow‟s Landing

Sign up to vote on this title
UsefulNot useful