CONTROLLER DESIGN FOR MTTF OPTIMIZATION IN FTCS'S ...

CONTROLLER DESIGN FOR MTTF OPTIMIZATION IN FTCS’S Hongbin Li, Qing Zhao 1 Department of Electrical & Computer Engineering, University of Alberta Edmonton, AB, Canada, T6G 2V4 Abstract: Mean Time To Failure (MTTF) is an important reliability index of Fault Tolerant Control Systems (FTCS’s). This paper discusses controller design based on MTTF optimization. The main idea is to perform a gradient-based search on control performance parameters; a sequential randomized algorithm is then applied to update the controller at each iteration to satisfy control performance. This scheme uses H∞ performance as a link between controller and the long-term reliability index, and can design a controller with desired MTTF index. Keywords: Reliability, fault tolerant systems, semi-Markov processes

1. INTRODUCTION In order to meet high reliability requirement of safetycritical processes, major progress has been made in Fault Tolerant Control Systems (FTCS’s) Blanke et al. (2003). As the main motivation for developing FTCS’s, reliability has been a major concern in system analysis and design. Many evaluation results from the reliability perspective have been reported in the literature. For example, Wu (2004) studied a Markov process model built from serialparallel block diagrams. Walker (1997) proposed a semiMarkov model by defining its states as the mode combinations of faults and Fault Detection & Isolation (FDI) schemes. However, these models provide rough descriptions only as the unique characteristics of FTCS’s are not reflected. In previous work Li and Zhao (2005), we have developed a new reliability index and its evaluation method, incorporating the dynamical characteristics of FTCS’s. In this paper, we focus on the design of FTCS’s using a reliability criterion. The reliability-based design of FTCS’s is basically an optimization problem by designing controller to achieve higher reliability. In the active control of civil engineering structures, reliability-based design is usually converted to covariance control or a classical optimization problem using approximate reliability measures Field and Bergman (1998); Spencer et al. (1994). Similarly, reliable control aims to guarantee stability and/or control performance under component faults Veillette et al. (1992). However, the reliability index of FTCS’s is usually evaluated by stochastic models and cannot be converted to control objectives. Owing to the numerical procedures of building and solving stochastic reliability models, it is generally hard to write reliability indices as analytical functions of controller parameters. To overcome this difficulty, Li and Zhao (2006) developed stabilizing controller parameterization and randomization-based methods to find the statistically optimal controller with the highest reliability. But, the parameterization method applies to specific

models only, so it is hard to extend the results to general forms. This paper discusses a new controller design method to optimize a long-run reliability index, Mean Time To Failure (MTTF). The main idea is to decompose optimization procedure into two stages by relating MTTF to a controller via control performance parameters. In the first stage, control performance requirements are iterated to improve MTTF using a gradient-based algorithm. A sequential randomized algorithm is then applied in the controller design for the requirements. Therefore, controller is designed to improve MTTF indirectly through the connection parameter. This method is easy to implement and guaranteed with probability one to converge to a controller with required MTTF. The sequential randomized algorithm has been used for probabilistic controller design under various scenarios, such as robust guaranteed cost control Polyak and Tempo (2001), Linear Parameter Varying (LPV) design Fujisaki et al. (2003), etc. In this paper, it is applied in the design for probabilistic H∞ performance under multiple regime models. The main difference from previous work lies in the weighted composite violation function, proposed to handle multiple performance requirements. The convexity and convergence are proved for this new violation function, and the weights are determined in each iteration to adjust increasing direction and to reduce iteration number. The remainder of this paper is organized as follows: Section 2 states system model; Section 3 introduces reliability criteria; Section 4 presents sequential algorithm for MTTF optimization; and Section 5 gives an example. 2. SYSTEM MODEL Consider the following Markov dynamical model of FTCS’s with modeling uncertainties Mahmoud et al. (2003); Srichander and Walker (1993): x(t) ˙ = A(ζ(t), ∆)x(t)+B(ζ(t), ∆)u(η(t), t)+E(ζ(t), ∆)w(t),

1

The corresponding author. Tel: +1-780-4925792; Fax: +1-7804921811; Email: [email protected].

z(t) = C(ζ(t), ∆)x(t)+D(ζ(t), ∆)u(η(t), t)+F (ζ(t), ∆)w(t),

where x(t) ∈ Rn , z(t) ∈ Rm , u(η(t), t) ∈ Rp , and w(t) ∈ Rq denote system state, controlled output, control input, and exogenous inputs respectively, and Rn denotes real vector space with dimension n. A, B, C, D, E, and F denote system matrices with compatible dimensions determined by discrete modes ζ(t) and η(t), and affected by an uncertainty parameter ∆ ∈ Rl . ∆ is assumed to be a random vector with known probability distribution in a bounded set Ω, and the entries in system matrices is affected by uncertainty parameters in ∆. To describe system fault modes, ζ(t) represents a homogeneous continuous-time Markov process with a finite state space S1 = {0, 1, · · · , N1 }, N1 ∈ N, where N denotes the set of nonnegative integers. ζ(t) is usually not directly known, so an estimate η(t) provided by an FDI scheme determines control input u(η(t), t). η(t) is assumed to be a conditionally Markov process with state space S2 = {0, 1, · · · , N2 } to describe FDI results, N2 ∈ N. The static state feedback controller in a switching structure is considered for FTCS’s: u(η(t), t) = K(η(t))x(t). This type of controller is composed of a set of static gains, K = {K(η(t)), η(t) ∈ S2 }, and K(j) is engaged for the plant when η(t) is in mode j. Using this controller, the closed-loop system equations become  x(t) ˙ = [A(ζ(t), ∆) + B(ζ(t), ∆)K(η(t))]x(t)     +E(ζ(t), ∆)w(t), (1)  z(t) = [C(ζ(t), ∆) + D(ζ(t), ∆)K(η(t))]x(t)    +F (ζ(t), ∆)w(t).

The system in (1) contains two discrete modes ζ(t) and η(t), also referred to as system regimes. For fixed regime modes ζ(t) = i and η(t) = j, the transfer function from w(t) to z(t) is denoted by Gij (s, ∆), called a regime model. So, (1) represents a collection of linear uncertain regime models, {Gij (s, ∆), i ∈ S1 , j ∈ S2 }, and each controller K(j) is used for N1 + 1 possible regime models: G0j (s, ∆), · · · , GN1 j (s, ∆), j ∈ S2 . This is the major difference from jump linear systems, where the number of controllers equals that of regime models Ugrinovskii (2005).

Assume that the control performance of Gij (s, ∆) can be represented by a model-based criterion, such as system norms. Let ̟(Gij (s, ∆)) denote the performance measure calculated for fixed regime modes ζ(t) = i, η(t) = j, and a particular uncertainty sample ∆. The allowable performance bound when ζ(t) = i is denoted by ρi . To take into account the random uncertainty ∆, a probabilistic performance description is considered for each regime model: γij , Pr{̟(Gij (s, ∆)) ≤ ρi }, i ∈ S1 , j ∈ S2 .

(2)

For fixed regime modes i and j, probabilistic performance γij can be estimated by using Monte Carlo simulation: γij ≈

N 1 X 1̟(Gij (s,∆h ))≤ρi , N

(3)

h=1

where ∆h denotes the generated uncertainty samples according to its distribution, and Gij (s, ∆h ) the correspond-

ing close-loop transfer function. The indicator function 1̟(Gij (s,∆h ))≤ρi equals 1 if ̟(Gij (s, ∆h )) ≤ ρi and 0 otherwise. N can be determined using statistical theory, such as Chernoff’s bound Polyak and Tempo (2001). If N is large enough, the estimation error can be ignored and (3) can be deemed as the true performance γij . 3. RELIABILITY CRITERIA The reliability indices in FTCS’s are defined as follows Li and Zhao (2005): Definition 1. The reliability function R(t) is the probability that, during time interval [0, t], FTCS’s either satisfy control objectives or violate them only temporally no longer than the presumed hard deadline. R(t) is a function criterion, and an alternative scalar index, MTTF, is often preferable in controller design. It is defined as the expected lifetime of satisfactory operation: Z ∞ MTTF = (1 − R(t))dt. 0

These reliability criteria provide quantitative measures on overall and long-term performance of FTCS’s. The interested problem in this paper is to design a controller achieving suboptimal MTTF exceeding MTTF, where MTTF represents the minimum MTTF requirement. For the sake of reliability evaluation, a semi-Markov process XR (t) was constructed in Li and Zhao (2005). Its state space SR is composed of operational or up states and an unique down state. The transition characteristics of XR (t) is defined by its semi-Markov kernel Q(Xk , Xh , t) based on probabilistic performance γij , where Xk and Xh represent the states of XR (t). The derivation and detailed formulas of Q(Xk , Xh , t) can be found in Li and Zhao (2005). MTTF can then be calculated by Limnios and Oprisan (2001): MTTF = pT0 (I − Pup )−1 µ,

(4)

where I denotes the identity matrix, p0 the initial probability distribution, Pup the limiting transition probability, and µ the vector of expected sojourn time at up states. These three parameters are defined by p0 (Xk ) = Pr{XR (0) = Xk }, Pup (Xk , Xh ) = lim Q(Xk , Xh , t), t→∞ Z ∞ X µ(xk ) = (1 − Q(Xk , Xl , t))dt, 0

Xl ∈SR

where Xk , Xh ∈ SR , and both are up states. If I − Pup is not invertible, MTTF = ∞, which is generally not achievable in practice. In the sequel, I − Pup is assumed to be invertible. Owing to the construction of XR (t), it is difficult to establish the analytical relation between K and MTTF. Considering that Q(Xk , Xh , t) is calculated based on γij , MTTF is also determined by it. So, γij can be used as a connection parameter between controller and MTTF. As

a result of (4), the derivative of MTTF with respect to γij is dMTTF dPup = pT0 (I − Pup )−1 (I − Pup )−1 µ dγij dγij dµ +pT0 (I − Pup )−1 . (5) dγij For fixed j ∈ S2 , K(j) determines N1 + 1 probabilistic performance parameters γij , i = 0, · · · , N1 , and denote γ j , [γ0j

T [ dMTTF · · · dMTTF dγ0j dγN1 j ] · · · γN1 j ] , ∇MTTFj , qP . dMTTF 2 i∈S1 ( dγij ) T

γ j is the vector composed of probabilistic performance related to K(j), and ∇MTTFj composed of the derivatives of MTTF with respect to γij , i ∈ S1 . In order to design a controller for MTTF, the following iterative algorithm is adopted.

The proof is standard by using a quadratic Lyapunov function Zhou and Doyle (1997) and omitted here. Different from previous work on sequential randomized algorithms, the controller is designed for multiple regime models simultaneously. Also, γij has to increase along the gradient direction of MTTF in order to reduce iteration number. In this section, a weighted composite violation function is proposed, and the weights are determined at each iteration to adjust the increasing direction of γij . The following notations are used in this section: The space of real symmetric n × n matrices is a Hilbert space with the innerPproduct hR, Si , Tr(RT S) and Frobenius norm n kRk , ( i,j=1 R(i, j))1/2 , where Tr(·) denotes the trace of a matrix. For a real symmetric matrix R, its projection onto the convex cone of nonnegative definite matrices is R+ , arg min kR − Sk. S≥0

Algorithm 1: MTTF optimization

+

(1) Initialization: Set l = 0 and select MTTF. (2) At iteration l, calculate MTTF based on controller Kl . If MTTF > MTTF, stop. (3) For each j ∈ S2 , calculate ∇MTTFlj and probabilisl l tic performance vector γ lj ; let γ l∗ j = γ j + τ ∇MTTFj with step size τ > 0, the required performance by updating Kj .  (4) Use Algorithm 2 to obtain Kl+1 = Kjl+1 : j ∈ S2 such that Kjl+1 achieves γ l∗ j . (5) Go to step (2) and start the new iteration l + 1.

R can be computed explicitly as follows Polyak and Tempo (2001): If R = U ΛU T , where U is orthogonal and Λ is diagonal with entries λ1 , · · · , λn , then R+ = U Λ+ U T , where Λ+ is diagonal with entries max{0, λ1 }, · · · , max{0, λn }. 4.1 Violation function and gradient computation Let us begin with a special case that Di = Fi = 0, and the left-hand side of the inequality in Lemma 1 is simplified and denoted as Vij , i ∈ S1 , j ∈ S2 :

As shown in this algorithm, γ l∗ j is iterated along the gradient of MTTF and used to direct controller update in Algorithm 2 presented in the next section.

Vij , ATi Pij + Pij Ai + KjT BiT Pij + Pij Bi Kj

4. SEQUENTIAL RANDOMIZED ALGORITHMS

Let f denote a functional on the space of symmetric matrices which assigns a matrix R a real number f (R). The gradient of f (R) is denoted as ∂R f , meaning

For notational simplicity, for ζ(t) = i, η(t) = j, i ∈ S1 , j ∈ S2 , denote Ai , A(ζ(t), ∆), Bi , B(ζ(t), ∆), Ci , C(ζ(t), ∆), Di , D(ζ(t), ∆), Ei , E(ζ(t), ∆), Fi , F (ζ(t), ∆), Kj , K(η(t)), Aij (∆) , A(ζ(t), ∆) + B(ζ(t), ∆)Kj , and C ij (∆) , C(ζ(t), ∆) + D(ζ(t), ∆)Kj . As a result, for ζ(t) = i, η(t) = j, i ∈ S1 , j ∈ S2 , (1) becomes ( x(t) ˙ = Aij (∆)x(t) + Ei (∆)w(t), (6) z(t) = C ij (∆)x(t) + Fi (∆)w(t). In the following, the performance criterion is selected as H∞ norm, ̟(Gij (s, ∆)) = kGij (s, ∆)k∞ . The following result is used to check controller sub-optimality with respect to H∞ norm in a fixed linear regime system, and ∆ is not shown in system matrices for notational simplicity. Lemma 1. For the closed-loop system in (6), assume that x(0) = 0 and ρ2i I − FiT Fi > 0, where I denotes an identity matrix with compatible dimension. For ζ(t) = i, η(t) = j, and any uncertainty parameter ∆, kGij (s)k∞ ≤ ρi if there exists Pij ≥ 0 such that (Aij )T Pij + Pij Acij + (C ij )T C ij + (Pij Ei + (C ij )T Fi ) (ρ2i I − FiT Fi )−1 (EiT Pij + FiT C ij ) ≤ 0.

(7)

+Pij Ei EiT Pij /ρ2i + CiT Ci ≤ 0.

(8)

f (R + δR) = f (R) + h∂R f, δRi + o(kδRk), where δR denotes a small perturbation in R and o(·) the higher order infinitesimal term. Moreover, f (R) is convex if and only if (Boyd and Vandenberghe, 2004, chap. 4) f (R + δR) ≥ f (R) + h∂R f, δRi. Lemma 2. Liberzon and Tempo (2003) The functional f (R) , 12 kR+ k2 is convex and differential with gradient given by ∂R f (R) = R+ . Using f (R) in Lemma 3, a violation function is defined as vij (Kj , Pij , ∆) , f (Vij ) =

1 k(ATi Pij + Pij Ai + KjT BiT Pij 2

+Pij Bi Kj + Pij Ei EiT Pij /ρ2i + CiT Ci )+ k2 ,

(9)

where i ∈ S1 , and j ∈ S2 . Obviously, vij (Kj , Pij , ∆) ≥ 0, and vij (Kj , Pij , ∆) = 0 if and only if Vij ≤ 0. In other words, (7) holds if and only if vij (Kj , Pij , ∆) = 0. Lemma 3. vij (Kj , Pij , ∆) is convex in Kj and Pij respectively, and its gradients in these two matrix variables are given respectively as:

∂Kj vij (Kj , Pij , ∆) = 2BiT Pij Vij+ , ∂Pij vij (Kj , Pij , ∆) = (Bi Kj + Ai + Ei EiT Pij /ρ2i )Vij+ +Vij+ (KjT BiT + ATi + Pij Ei EiT /ρ2i ). In case that Di 6= 0 and Fi 6= 0, the gradients are ∂Kj vij (Kj , Pij , ∆) = 2[BiT Pij +DiT Fi (ρ2i I−FiT Fi )−1 EiT PijT +DiT Ci + (DiT Di + DiT Fi (ρ2i I − FiT Fi )−1 FiT Di )Kj ]Vij+ , ∂Pij vij (Kj , Pij , ∆) = [Ei (ρ2i I − FiT Fi )−1 FiT (Ci + Di Kj ) Ai + Bi Kj + Ei (ρ2i I − FiT Fi )−1 EiT ]VijT + VijT [ATi + KjT Bi +(Ci +Di Kj )T Fi (ρ2i I−FiT Fi )−1 Ei +Ei (ρ2i I−FiT Fi )−1 EiT ]. Lemma 3 can be proved using the definition of convexity and the property of trace. Owing to the fact that the control can access FDI mode η(t) only, for fixed j ∈ S2 , each Kj appears in N1 + 1 inequalities of (8), Vij ≤ 0 for i = 0, 1, · · · , N1 . To take these N1 + 1 inequalities into account simultaneously, a weighted composite violation function is defined as N1 X ψj (Kj , P0j , · · · , PN1 j , ∆) = θij vij (Kj , Pij , ∆), (10) i=0

where θij denotes a positive weight corresponding to inequality Vij ≤ 0 for ζ(t) = i, and 0 < θij < 1, i ∈ S1 , j ∈ S2 .

Lemma 4. Given j ∈ S2 , the non-negative composite violation function ψj (Kj , P0j , · · · , PN1 j ) = 0 if and only if Vij ≤ 0 simultaneously for i = 0, 1, · · · , N1 . Moreover, ψj (Kj , P0j , · · · , PN1 j ) is convex in Kj and Pij , i ∈ S1 , and its gradients are given by ∂Kj ψj (Kj , P0j , · · · , PN1 j , ∆) =

N1 X

θij ∂Kj vij ,

(11)

i=0

∂Pij ψj (Kj , P0j , · · · , PN1 j , ∆) = θij ∂Pij vij . (12) Lemma 4 is obvious considering (10) and the properties of gradient and convexity. 4.2 Convergence result At iteration k ∈ N of the sequential algorithm, if k ψj (Kjk , P0j , · · · , PNk 1 j , ∆k ) > 0, update Kjk+1 and Pijk+1 as follows, i ∈ S1 , j ∈ S2 , Kjk+1 = Kjk − µkj Pijk+1 = [Pijk − µkj

k ∂Kj ψj (Kjk , P0j , · · · , PNk 1 j , ∆k ) k , · · · , P k , ∆k ) φj (Kjk , P0j N1 j

,

(13)

k ∂Pij ψj (Kjk , P0j , · · · , PNk 1 j , ∆k )

]+ , (14) k , · · · , P k , ∆k ) φj (Kjk , P0j N1 j where φj represents the overall size of the gradient: k φj (Kjk , P0j , · · · , PNk 1 j , ∆k ) , (k∂Kj ψj k2 +

N1 X

k∂Pij ψj k2 )1/2 .

i=0

µkj denotes the step-size calculated by µkj ,

k ψj (Kjk , P0j , · · · , PNk 1 j , ∆k ) k , · · · , P k , ∆k ) φj (Kjk , P0j N1 j

+ rj ,

(15)

where rj > 0 denotes the radius of SKP centered at # (Kj# , P0j , · · · , PN#1 j ), and SKP , {(Kj , P0j , P1j , · · · , PN1 j ) : ψj (Kj , P0j , · · · , PN1 j , ∆) = 0, ∀∆ ∈ Ω}.

Two assumptions are made to obtain convergence result Polyak and Tempo (2001): First, SKP contains nonempty interior for any j ∈ S2 ; second, if (Kj , P0j , P1j , · · · , PN1 j ) ∈ / SKP , Pr{ψj (Kj , P0j , · · · , PN1 j , ∆) > 0} > 0. Theorem 1. If the assumptions are satisfied, iteration (13)-(14) ensure the following inequality N1

2 X

2

2

k+1

k+1

# # #

Kj − Kj +

Pij − Pij ≤ Kjk − Kj i=0

+

N1 X i=0

2

k #

Pij − Pij − rj2 ,

(16)

# where (Kj# , P0j , · · · , PN#1 j ) denotes the center of robust k solution set SKP . Moreover, (Kjk , P0j , · · · , PNk 1 j ) converges to a robust solution in SKP in a finite number of iterations with probability one.

This theorem ensures the convergence to a controller with any probabilistic performance γij . The proof parallels the one in Fujisaki et al. (2003) and is omitted here. 4.3 Algorithms for controller design Recalling Algorithm 1, at iteration l of MTTF optimization, the required probabilistic performance vector l∗ l∗ T γ l∗ is imposed for the controller in j , [γ0j · · · γN1 j ] l-th iteration. The objective of this section is to find l+1 (Kjl+1 , P0j , · · · PNl+1 ) by applying the iterations (13)-(14) 1j l∗ such that γ j is satisfied. In the following algorithm, i denotes fault mode, j FDI mode, l iteration index in Algorithm 1, and k iteration index in Algorithm 2. Algorithm 2: Controller design (1) Initialization: Set k = 0, Kjl0 = Kjl , and Pijl0 = Pijl , taken from iteration l in Algorithm 1, i ∈ S1 , j ∈ S2 . (2) At iteration k, estimate the probabilistic perforlk lk l∗ mance γij of Kjlk using (3). If γij ≥ γij for all i ∈ S1 , lk stop and return Kj to Algorithm 1 as Kjl+1 . lk lk (3) Determine weight θij based on γij using Algorithm 3 in the sequel, i ∈ S1 . (4) Update Kjlk and Pijlk using (13) and (14) respectively; then, goto step (2). Algorithm 2 completes step (3) in Algorithm 1, and Theorem 1 guarantees its convergence with probability lk l∗ one. Note that the stop criterion is to have γij ≥ γij , lk l∗ so γij may not be equal to γij exactly. But, if the step sizes in (13) and (14) are small, its influence on MTTF is negligible. As the probabilistic performance requirements are calculated based on the gradient of MTTF, it is ideal to lk have γij increase along the gradient direction. Based on lk (10), θij represents the weight in the composite violation lk function (10) and its gradients (11)-(12). So θij can be lk used to adjust the increasing direction of γij . Considering that the convergence result is independent of weights, lk θij is determined at each iteration to adjust the increase lk direction of γij . The basic idea is illustrated in Fig. 1.

’MTTF lj

T jlk

Weight determination

Iterative update of controller

K lkj

Probabilistic performance estimate

’MTTFlj

J lj*

J lj 0

Fig. 1. Weight determination in Algorithm 2. As shown in Fig. 1, the weight determination in Algorithm lk 2 is analogous to a feedback system. θij is adjusted in lk accordance with γij at each iteration. Denote γ l0 , j l0 l0 T [γ0j · · · γN1 j ] as the probabilistic performance of the initial controller and

dMTTF l dγij

as the derivative of MTTF lk θj

at the iteration l in Algorithm 1. , [θ0j · · · θN1 j ]T denotes the vector of weights and ǫ a small positive number. Algorithm 3: Weight determination l

lk (1) If dMTTF ≤ 0, let θij = ǫ, i ∈ S1 , and remove this dγij mode i from S1 in steps 2 and 3. In the following l steps, assume that dMTTF > 0 for all i ∈ S1 . dγij (2) Let a subset M1 denote the set of element i ∈ S1 such lk lk that: ∀i ∈ M1 ⊂ S1 , γij = 0; ∀i ∈ S1 \M1 , γij 6= 0, where S1 \M1 denotes the complement set of M1 in lk S1 composed by elements in S1 but not in M1 . θij is then determined by  ǫ, i ∈ M1 ;      dMTTFl /dγij lk q (1 − ǫ|M1 |), θij = P l 2  (dMTTF /dγ ) ij  i∈S1 \M1    i ∈ S1 \M1 ,

where |M1 | denotes the number of elements in M1 . lk (3) If γij > 0 for all i ∈ S1 , let lk

β j , ∇MTTFlj − qP

l0 γ lk j − γj lk l0 2 i∈S1 (γij − γij )

,

lk

where β j represents the difference direction vector lk as shown in Fig. 2 and its element is denoted as βij , i ∈ S1 . Let M2 denote the set of element i ∈ S1 such lk lk that: ∀i ∈ M2 ⊂ S1 , βij ≤ 0; ∀i ∈ S1 \M2 , βij > 0. lk θij is then determined by   ǫ, i ∈ M2 ;     dMTTFl /dγij lk q (1 − ǫ|M2 |), θij = P l 2  (dMTTF /dγ ) ij  i∈S \M 1 2    i ∈ S1 \M2 , where |M2 | denotes the number of elements in M2 l

lk In case 1, if dMTTF ≤ 0, θij = ǫ and γij is expected dγij lk to decrease. In case 2, some γij remains 0 falling behind lk other positive ones, so θij are given high weights. Case 3 considers the general case, where the weights are determined based on the difference direction vector between the current increasing direction and expected gradient direction, as illustrated by the following figure.

E jlk

J lkj

Fig. 2. Weight determination to adjust increasing direction of γ0 . 5. EXAMPLE We consider a demonstration example used in Polyak and Tempo (2001) which studies the lateral motion of an aircraft. The system model under fault-free mode is  1 0 0 Lp Lβ Lr   x(t) 0 Yβ −1  Np Nβ + Nβ˙ Yβ Nr − Nβ˙    0 0 0.05  0 −3.91    u(t) + 0.05 w(t), +  0.035   0 0.05 −2.53 0.31 0.05 

0  0 x(t) ˙ = g/V Nβ˙  z(t) = x(t),

where each state represents respectively the bank angle, the directive of bank angle, the sideslip angle, and the yaw rate. Two control inputs are rudder deflection and aileron deflection respectively. The considered faulty mode is the loss of effectiveness in the rudder deflection, represented by the reduction of the first column of B0 :   0 0  0 −3.91 . B1 =   0.0175 0  −1.265 0.31 The following nominal values of aircraft parameters are used: Lp = −2.93, Lβ = −4.75, Lr = 0.78, g/V = 0.086, Yβ = −0.11, Nβ˙ = 0.1, Np = −0.042, Nβ = 2.601, and Nr = −0.29. The modelling uncertainties are considered in these parameters only: each parameter is perturbed by a relative uncertainty of 10%, and the perturbed parameter value is assumed to be uniformly distributed in the bounded interval.

Now, we demonstrate the effects of adjustable weights in Algorithm 2. Here, the initial value of K0 is a random matrix, and the sequential randomized algorithm is used to design K0 iteratively such that γ00 and γ10 increase along direction [0.6 0.2]T till probabilistic performance γ00 ≥ 0.6 and γ10 ≥ 0.2. Two converge trajectories are shown in Fig. 3: the upper one used adjustable weights in Algorithm 3, and the lower one used fixed weights, 0.6 and 0.2, among two inequalities (7) corresponding to ζ(t) = 0 and 1. It is clearly shown that the convergence direction under adjustable weights in Algorithm 3 is close to the expected gradient increasing direction [0.6 0.2]T , but the method with fixed weights cannot achieves this goal. Consequently, the upper trajectory reaches the required probabilistic performance after 306 iterations, while the

lower one needs 409 iterations. Even worse, the lower one gives a controller with performance far over [0.6 0.2]T . 0.4 Adjustable weights

γ10

0.3 0.2 Expected direction 0.1 0 0

0.1

0.2

γ

0.3

0.4

00

0.5

0.6

0.7

0.25 Fixed weights Expected direction

0.15

γ

10

0.2

0.1 0.05 0 0

0.1

0.2

0.4 γ

0.3

0.5

0.6

0.7

0.8

0.9

00

Fig. 3. Compare convergence trajectory for adjustable and fixed weights.

0.2

K

γ

10

Real value 0.1

0 0

0

Gradient expected

0.1

0.2

0.3

0.4

0.5

γ

0.6

0.7

0.8

0.9

1

0.6

0.7

0.8

0.9

1

00

0.2

K

1

γ

11

Real value 0.1

0 0

Gradient expected

0.1

0.2

0.3

0.4

0.5

γ

01

150

MTTF

Real value 100

Expected value

50 0 1

2

3

4

5

6

7

Iterations

Fig. 4. Gradient search trajectory. Figure 4 shows a searching trajectory of designing controller in order to make MTTF greater than 100, where the triangles show the probabilistic performance and MTTF of controllers, and circles show those of expected values provided by gradient-based search at iteration steps. Obviously, the controller provides values close to and over the expected ones at each step. Moreover, while there are differences on probabilistic performance, the values of MTTF are very close and non-differentiable from each other. Starting from random matrices, the following controller achieves MTTF = 117.3788:   0.7656 0.4988 0.1231 0.8682 K0 = , 1.3932 0.7256 0.1358 −0.1861   0.7680 0.4820 0.1235 0.8758 K1 = . 1.4016 0.7086 0.1325 −0.1800

Therefore, the algorithm provides an effective method for MTTF design. 6. CONCLUSIONS

This paper discusses the design of MTTF suboptimal controller for FTCS’s. The reliability criterion is evaluated from a semi-Markov process model which is built based on

probabilistic control performance. But, MTTF cannot be written as an analytical expression of controller parameters. To overcome this difficulty, a gradient-based search is first made on probabilistic performance parameters; the controller is then updated iteratively to achieve this performance. This two-stage method gives a controller achieving required MTTF. REFERENCES M. Blanke, M. Kinnaert, J. Lunze, and M. Staroswiecki. Diagnosis and Fault-Tolerant control. Springer, Berlin, 2003. S. Boyd and L. Vandenberghe. Convex Optimization. Cambridge University Press, New York, 2004. R. Field and L. Bergman. Reliability-based approach to linear covariance control design. J. Engineering Mechanics, 124(2):193–199, 1998. Y. Fujisaki, F. Dabbene, and R. Tempo. Probabilistic robust design of LPV control systems. Automatica, 39 (8):1323–1337, 2003. H. Li and Q. Zhao. Probabilistic design of fault tolerant control via parameterization. Circuits, Sys., & Signal Processing, 2006. submitted. H. Li and Q. Zhao. Reliability modeling of fault tolerant control systems. In Proc. Joint 44th IEEE Conf. Decision Contr. European Contr. Conf., pages 2397– 2402. Seville, Spain, 2005. D. Liberzon and R. Tempo. Gradient algorithms for finding common lyapunov functions. In Proc. 42nd IEEE Conf. Decision and Control, pages 4782–4786. Hawaii, USA, 2003. N. Limnios and G. Oprisan. Semi-markov processes and reliability. Birkhauser, Boston, 2001. M. Mahmoud, J. Jiang, and Y. Zhang. Control Systems: Stochastic Analysis and Synthesis. Springer-Verlag, Berlin, 2003. B.T. Polyak and R. Tempo. Probabilistic robust design with linear quadratic regulators. Sys. Contr. Lett., 43 (5):343–353, 2001. B. Spencer, M. Sain, C. Won, D. Kaspari, and P. Sain. Reliability-based measures of structural control robustness. Structural safety, 15:111–129, 1994. R. Srichander and B. Walker. Stochastic stability analysis for continuous-time fault tolerant control systems. Int. J. Contr., 57:433–452, 1993. V. Ugrinovskii. Randomized algorithms for robust stability and guaranteed cost control of stochastic jump parameter systems with uncertain switching policies. J. Optim. Theory Appl., 124:227–245, 2005. R. Veillette, J. Medanic, and W. Perkins. Design of reliable control systems. IEEE Trans. Automatic Contr., 37(3):290–304, 1992. B. Walker. Fault tolerant control system reliability and performance prediction using semi-markov models. In R. Patton and J. Chen, editors, Proc. SAFEPROCESS, volume 3, pages 1053–1064. IFAC, Kingston Upon Hull, UK, 1997. N. Wu. Coverage in fault-tolerant control. Automatica, 40:537–548, 2004. K. Zhou and J. Doyle. Essentials of Robust Control. Prentice Hall, Upper Saddle River, 1997.