fault tolerant control
play

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- - PowerPoint PPT Presentation

Jan 13, 2023 •338 likes •639 views

FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS09, Gdask Canonical Control Engineering Problem Disturbance Controlled output Set-point Filter Controller Plant Sensor Noise This problem is

  1. FAULT-TOLERANT CONTROL Is it possible? JAN MACIEJOWSKI Fault- tolerant control. DPS’09, Gdańsk

  2. Canonical Control Engineering Problem Disturbance Controlled output Set-point Filter Controller Plant Sensor Noise • This problem is essentially solved • For processes as well as single loops • Demand now: Added value 2

  3. Added value: ‘Higher - level’ functionality  Plant-wide control  Coordinated control of multiple processes within single plant  Enterprise-wide control  Control of entire supply chain of an enterprise  Asset management, safety  Condition-monitoring, diagnostics  Autonomy  Fault-tolerant control  Hybrid systems: discrete + continuous variables, logic + ODE’s, … 3

  4. Drivers for fault-tolerant control: Safety  Safety-critical system  Needs safe back-up  Physical duplication/triplication is expensive  Fault-tolerant control is an alternative  ABS: For service brakes on a vehicle equipped with one or more antilock systems, in the event of any single functional failure in any such system, the service brake system shall continue to operate and shall stop the vehicle as specified in S7.8.3(a) or S7.8.3(b). (a) Stopping distance for 100 km/h test speed: ≤ 85 m (279 ft). (b) Stopping distance for reduced test speed: S ≤ 0.10V + 0.0075V 2 4

  5. Drivers for fault-tolerant control: Automotive safety  Anti-Lock Braking (ABS) systems  Anti-collision braking  Automatic steering  Automatic lane-changing and overtaking  Can expect similar fault-tolerant requirements in each case  Note: ‘any single failure’ – not specified which one 5

  6. Drivers for fault-tolerant control: UAV safety Unmanned Air Vehicles (UAVs)  Many non-military uses – eg traffic monitoring  Operation over densely-inhabited areas?  Pilots handle many minor problems  But if there is no pilot?  Fault-tolerant control is enabler of safe autonomous operation 6

  7. Drivers for fault-tolerant control: Economic  Cost of lost production/operation due to fault  Oil exploration: $1M per day  Cost of unnecessary energy consumption  Illegality of excessive pollutant production  Maintain operation until scheduled maintenance 7

  8. Drivers for fault-tolerant control: Economic  Space exploration  Not human safety, but very expensive – cannot fail !  Outer solar system, Mars, etc (eg ESA Aurora programme)  Emphasis on autonomous operation including fault-tolerant control 8

  9. Successful fault-tolerant control: Process control Hydrocracker distillation columns  DMC predictive controller (c.1990)  Controller operated previously dormant valve  Usual valve fouled, not effective  An example of predictive control’s inherent Daisy-chaining capability 9

  10. Successful fault-tolerant control: Paper-making Sensor failure  Brightness sensor obscured by congealed pulp  State observer used for sensor fusion  State estimate remained sufficiently good to allow continued production (inferential control)  Inherent robustness of feedback 10

  11. Successful fault-tolerant control: Automotive - ABS Wheel speed sensor failure Avoid rear wheels sliding while front has traction 11

  12. ABS sensor failure – fault-tolerant strategy  Avoid rear wheels sliding while front has traction  If front sensor fails: keep ABS active on rear, lock front.  If one rear sensor fails: use surviving rear sensor only, apply ABS action on both rear wheels.  If both rear sensors fail: lock front wheels, disable ABS on rear wheels.  Specific, simple action in the face of a specific fault  Depends on very fast failure detection 12

  13. ABS sensor – fault detection  Failure detection algorithms:  Loss of signal from sensor?  Compare wheel deceleration with brake fluid pressure at each wheel: Large deceleration & High pressure → wheel locked Large deceleration & Low pressure → sensor failure  Noise-free signals. Logic-based fault detection. Very fast – milliseconds 13

  14. Successful fault-tolerant control: Aircraft  DC-10, Sioux City, 1989  Loss of all hydraulics and rear engine (no.2)  Only controls: engines 1,3  Landing at 240 knots, descent 600 m/min (normally 140kt, 100 m/min)  185 survivors, out of 296. 14

  15. Consequences of Sioux City incident  National Transportation Safety Board investigation:  Reconstruction in flight simulators  Training for similar event ‘not practical’  Landing under these conditions ‘a highly random event’  At least one academic study of ‘propulsion - only control’ ( H∞ model-matching , Jonckheere et al, 1999) 15

  16. Successful fault-tolerant control: Aircraft  Airbus 300, 2003  Total loss of hydraulics  Crew learnt to fly it in 10 minutes  Landed successfully  Captain had studied Sioux City incident  NTSB too pessimistic? 16

  17. Successful fault-tolerant control: Aircraft  Israeli Air Force F-15, 1983  Wing lost in mid-air collision  Flew at very high speed and very high roll angle to get vertical lift vector  Some vectored thrust at tail  No significant ‘learning time’  Landed successfully 17

  18. B-747, Schiphol, 1992  Lost both engines on one side while climbing at 1500m  Pilot flew plane for 10 minutes, then lost control  Many studies of this incident. Recent: GARTEUR Action Group and Springer book 18

  19. B-747, Schiphol, 1992 – good example to study • High-fidelity model of failed aircraft from flight data • Only on-board data used • It was possible to fly the aircraft – so fault-tolerant control possible • Several minutes available – millisecond response not necessary • Partial control recovery would have been a success – cargo aircraft • Many control surfaces damaged or inoperative • Reduced lift from one wing • Rudder hard-over to counteract yaw torque 19

  20. B-747, Schiphol, 1992 – the Cambridge solution Fault detection Fault-tolerant & isolation controller (FDI) Pilot Reference Damaged MPC commands model (reconfiguration) plane 1 Hz Feedback 10 Hz to pilot 20

  21. B-747, Schiphol, 1992 – the Cambridge solution 21

  22. B-747, Schiphol, 1992 – the Cambridge solution  We cheated! Our assumptions:  We have a new model – instantly. (Instant FDI)  We kept the speed high even at landing.  We allowed individual control of each surface.  But – in mitigation:  Main problem was inoperative control surfaces. Instant status feedback is available from surfaces.  High speed was maintained in DC-10, Airbus 300 and F-15 incidents. High speed allowed one linear model to be sufficient.  Modern aircraft allow individual control of each surface. 22

  23. Fault-tolerant control of aircraft: current status  Control reallocation – on military aircraft?  Flight control system computes forces and torques  Control allocation module maps these to available surfaces  Very fast FDI needed – open-loop unstable aircraft  Only anecdotal reports.  Barron Associates claim:  First to fly a fault-tolerant controller (on F-16)  To have implemented several fault-tolerant controllers  Only on test flights – none is in regular use. 23

  24. Fault-tolerant control: Spacecraft Re-usable launch vehicle X38  Control reconfiguration not enough.  Need guidance adaptation and trajectory re-planning.  Control: dynamic inversion to find forces and torques. Control re-allocation via LP optimisation.  Trajectory re-planning: SQP.  Execution speeds not reported. 24

  25. Fault-tolerant control: Spacecraft Spacecraft rendezvous – thruster failure with MPC – Daisy-chaining 25

  26. Critique of Fault-Tolerant Control as academic subject  Linear models  Of limited use for major faults, as on the aircraft.  Maybe OK for gradual faults, eg ageing bearings – but is fault-tolerant control required in such cases?  Actuator and sensor faults represented by additive disturbances  No good for ‘hard - over’ faults – the most common kind.  I think u=Mv+d is more reasonable model ( M=I, d=0 normally).  Objective: recover no-fault performance  Crazy if a major fault has occurred.  Major difference between adaptive and fault-tolerant control?  Fault detection and Identification (FDI)  Frequently assumes no noise, perfect model. Hence no delay. 26

  27. Fault-Tolerant Control – What is possible?  Anticipated faults  One engine on aircraft, ABS speed sensor, etc  Reduced thrust from gas-jet on spacecraft, etc  We have examples of successful FTC for these.  Unanticipated faults  Combinatorially many possibilities  We know it can be done – pilots can do it!  We can probably devise FTC systems to work in particular scenarios 27

  28. Fault-Tolerant Control – goals for research  In Control research we aim for guaranteed properties  Stability, Robust performance, Invariant feasiblity, etc  Can we hope to get these for unanticipated faults?  At least we hope for some genericity of our solutions  Can we get beyond individual ‘fixes’?  We lack theory for:  Performance relaxation in presence of faults  Defining ‘sufficiently good’ control performance  How good a model do we need / can we get?  How much data do we need for FDI and re-modelling?  How are these questions related to each other? 28

Recommend

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the

EDA421/DIT171 - Parallel and Distributed Real-Time Systems, Chalmers/GU, 2011/2012 Lecture #14 Updated May 2, 2012 Fault-tolerant techniques Fault-tolerant techniques What causes component faults? What are the effects if the

374 views • 9 slides
Ground Control to Major Faults: Towards Fault Tolerant and Adaptive SDN Control Network Liron

Ground Control to Major Faults: Towards Fault Tolerant and Adaptive SDN Control Network Liron

Ground Control to Major Faults: Towards Fault Tolerant and Adaptive SDN Control Network Liron Schiff (Tel Aviv University) Stefan Schmid (TU Berlin, Germany & Aalborg University, Denmark) Marco Canini (Universit catholique de Louvain)

524 views • 28 slides
Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

1 Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and Validation Reflective Design and Validation Marc-Olivier Killijian Dependable Computing and Fault Tolerance Research Group Toulouse - France 2

865 views • 50 slides
Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault

4/1/2014 Overview Introduction and basic concept ECE 753: FAULT-TOLERANT Fault model and fault coverage COMPUTING Checkpointing and backward error recovery (rollback) Kewal K.Saluja General principles General principles

259 views • 3 slides
Flipper: Fault-Tolerant Distributed Network Management and Control Subhrendu Chattopadhyay ,

Flipper: Fault-Tolerant Distributed Network Management and Control Subhrendu Chattopadhyay ,

Introduction SDN Flipper Properties of Flipper Simulation Results Emulation Results Conclusion Flipper: Fault-Tolerant Distributed Network Management and Control Subhrendu Chattopadhyay , Niladri Sett, Sukumar Nandi, and Sandip Chakraborty

334 views • 30 slides
Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent

Fault-Tolerant Data Collection in Fault-Tolerant Data Collection in Heterogeneous Intelligent Monitoring Networks Networks Heterogeneous Intelligent Monitoring Jing Deng Department of Computer Science University of North Carolina at

335 views • 18 slides
A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09,

A Fault-Tolerant Alternative to Lockstep Triple Modular Redundancy Andrew L. Baldwin, BS 09, MS 12 W. Robert Daasch, Professor Integrated Circuits Design and Test Laboratory Problem Statement In a fault tolerant system containing

478 views • 35 slides
Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction

1/21/2014 Overview ECE 753: FAULT-TOLERANT Fault Modeling COMPUTING References Introduction Kewal K.Saluja Kewal K Saluja Fault models at different levels (HW) Department of Electrical and Computer Engineering Error

304 views • 5 slides
Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING

3/25/2014 Overview Introduction ECE 753: FAULT-TOLERANT Watchdog techniques COMPUTING Timers, watchdog processors, error model, control flow checking, memory access and assertion Kewal K.Saluja checking Re-execution for

209 views • 5 slides
4/22/2009 Designing highly available systems Incorporate elements of fault-tolerant design

4/22/2009 Designing highly available systems Incorporate elements of fault-tolerant design

4/22/2009 Designing highly available systems Incorporate elements of fault-tolerant design Replication, TMR Distributed Systems Fully fault tolerant system will offer non-stop availability Clusters You cant achieve this! Problem:

458 views • 11 slides
Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural

Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural

Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural Abstraction Tolerant Architectural Abstraction Fault Patrick H. S. Brito - Unicamp, Brazil Rogrio de Lemos - University of Kent, UK Eliane

381 views • 21 slides
REVIEW OF FAULT TOLERANT TECHNIQUES FOR DIFFERENT TYPES OF GRAPHS BY- HATEM NASSRAT TARAK

REVIEW OF FAULT TOLERANT TECHNIQUES FOR DIFFERENT TYPES OF GRAPHS BY- HATEM NASSRAT TARAK

REVIEW OF FAULT TOLERANT TECHNIQUES FOR DIFFERENT TYPES OF GRAPHS BY- HATEM NASSRAT TARAK SHINGNE Outline General view of Fault Tolerance Ft-Design approaches Trees Meshes & Hypercubes conclusion Introduction Fault

584 views • 44 slides
Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element

Idealised Fault Tolerant Idealised Fault Tolerant Architectural Element Architectural Element Rog rio rio de Lemos de Lemos Rog University of Kent, UK University of Kent, UK Motivation architectural fault tolerance; iFTE

350 views • 16 slides
Fault-Tolerant Distributed Optimization Lili Su, Arun Padakandla, Qiong Hu, Seyyed A. Fatemi,

Fault-Tolerant Distributed Optimization Lili Su, Arun Padakandla, Qiong Hu, Seyyed A. Fatemi,

Fault-Tolerant Distributed Optimization Lili Su, Arun Padakandla, Qiong Hu, Seyyed A. Fatemi, Rehana Mahfuz, Vidyasagar Sadhu CSOI-Data Science Workshop May 27th, 2016 Lili Su et al. (SOI-DSWKSP) Fault-tolerant distributed optimization May

854 views • 6 slides
Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi Distributed Systems Fault tolerance A system or a component fails due to a fault Fault tolerance means that the system continues to provide its

428 views • 40 slides
Fault Tolerant Communication in 3D Integrated Systems Vladimir Pasca , Lorena Anghel, Mounir

Fault Tolerant Communication in 3D Integrated Systems Vladimir Pasca , Lorena Anghel, Mounir

Fault Tolerant Communication in 3D Integrated Systems Vladimir Pasca , Lorena Anghel, Mounir Benabdenbi TIMA Laboratory Outline 3D Integration Opportunities Challenges and Solutions Fault Tolerant Communication in 3D Systems

516 views • 24 slides
Fault-tolerant logical gates in quantum error-correcting codes Fernando Pastawski and Beni

Fault-tolerant logical gates in quantum error-correcting codes Fernando Pastawski and Beni

Fault-tolerant logical gates in quantum error-correcting codes Fernando Pastawski and Beni Yoshida (Caltech) arXiv:1408.1720 Phys Rev A xxxxxxx Jan 2015 @ QIP (Sydney, Australia) Fault-tolerant logical gates How do we implement a logical

515 views • 33 slides
Leveraging Lightweight Virtual Machines to Easily and Efficiently Construct Fault-Tolerant

Leveraging Lightweight Virtual Machines to Easily and Efficiently Construct Fault-Tolerant

Tardigrade: Leveraging Lightweight Virtual Machines to Easily and Efficiently Construct Fault-Tolerant Services Jacob R. Lorch Andrew Baumann Lisa Glendenning Dutch T. Meyer Andrew Warfield Our goal: Turn existing binaries into fault-

831 views • 41 slides
BSc Project What kinds of fault we may confront in a control loop? Fault Detection &

BSc Project What kinds of fault we may confront in a control loop? Fault Detection &

13/12/2016 2 of 23 Content What is fault? Why we detect fault in a control loop? BSc Project What kinds of fault we may confront in a control loop? Fault Detection & Diagnosis What is stiction? in Control Valves

406 views • 6 slides
A Fault Tolerant Superscalar Processor 1 [Based on Coverage of a Microarchitecture-level

A Fault Tolerant Superscalar Processor 1 [Based on Coverage of a Microarchitecture-level

A Fault Tolerant Superscalar Processor 1 [Based on Coverage of a Microarchitecture-level Fault Check Regimen in a Superscalar Processor by V. Reddy and E. Rotenberg (2008)] P R E S E N T E D B Y N A N Z H E N G [Part of slides borrowed

398 views • 21 slides
Overview Motivation ECE 753: FAULT-TOLERANT About the Course and the Instructor

Overview Motivation ECE 753: FAULT-TOLERANT About the Course and the Instructor

1/20/2014 Overview Motivation ECE 753: FAULT-TOLERANT About the Course and the Instructor Conduct, Outline, Coursepack COMPUTING Introduction Terminology and definitions Sources, Overview and Comments Sources

703 views • 10 slides
Re Resilient Distributed Datasets: A Fa Fault-To Tolerant Abstraction for In In-Me Memor

Re Resilient Distributed Datasets: A Fa Fault-To Tolerant Abstraction for In In-Me Memor

Re Resilient Distributed Datasets: A Fa Fault-To Tolerant Abstraction for In In-Me Memor ory Cl Cluster r Com Computi ting Authors: Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin Ma, Murphy McCauley, Michael J.

733 views • 27 slides
Yee Jiun Song i S Cornell University. CS5410 Fall 2008. Fault Tolerant Systems By now,

Yee Jiun Song i S Cornell University. CS5410 Fall 2008. Fault Tolerant Systems By now,

Yee Jiun Song i S Cornell University. CS5410 Fall 2008. Fault Tolerant Systems By now, probably obvious that systems reliability/availability is a key concern Downtime is expensive Replication is a general technique for providing fault

844 views • 34 slides

More recommend