Distributed Fault Detection and Recovery for Networked Robots

2014 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2014) September 14-18, 2014, Chicago, IL, USA

Distributed fault detection and recovery for networked robots Filippo Arrichiello, Alessandro Marino, Francesco Pierri

Abstract— The paper deals with the problem of decentralized fault detection, isolation and recovery for teams of networked robots. The proposed strategy is a combination of distributed and local approaches that allow the robots to deal with both recoverable and unrecoverable faults. A local adaptive fault observer is used to locally compensate recoverable faults, while a distributed fault detection and isolation strategy is used to allow each robot to detect unrecoverable faults on other teammates even if not directly connected; once the faulty robots have been isolated, they are removed from the team and the mission is rearranged. Results of numerical simulations and experiments involving a team of 5 mobile robots are provided to show the effectiveness of the approach.

I. I NTRODUCTION Multi-robot systems are becoming pervasive in the robotics community due to the advantages they exhibit with respect to single robots in term of flexibility and robustness to faults. However, the complexity of controlling multi-robot systems rapidly grows when a central unit able to coordinate the team is lacking. In such a case, despite the need to cooperate in order to achieve a common global task, each unit is required to be able to compute its own control input based on local information coming from on-board sensors or communicated by neighbors. Nowadays, a wide literature facing control issues for networked robots there exists and relevant works are analyzed in [10]. One of the advantages of multi-robot systems is their robustness to the fault of one or more units. However, such a feature is only potential if a suitable control scheme is not designed for the problem at hand. To the purpose, each robot is required to be able to recognize the presence of a faulty robot in the team (fault detection), to identify the robot in fault (fault isolation), and to compensate the fault or to exclude the faulty robot from the team rearranging the mission (fault recovery). Fault detection, isolation and reconfiguration problems have been widely addressed in the past years for the case of single unit systems [8] as well as for the case of not distributed multi-robot systems [16], [12]. The FDI problem for distributed systems, indeed, only recently has attracted the research community. The work in [6] deals with the FDI problem for networked systems in case of communication failures in term of time delays, F. Arrichiello is with the University of Cassino and Southern Lazio, Cassino (FR), Italy [email protected] A. Marino is with the University of Salerno, Salerno (SA), Italy

random packet losses and non-linear perturbations. A bank of local adaptive observers to detect and isolate faults in interconnected subsystems is presented in [7] and [18]. Unknown Input Observers are proposed in [14] for a network of interconnected systems controlled with a decentralized control law. An observer-based approach is presented in [13] for the FDI of faults affecting both the local dynamics and the subsystems interconnections. In [9], each subsystem is monitored by a local fault detection scheme that requires the input and output measurements of the monitored subsystem and the measurements of all interconnected subsystems. The recent work in [5] presents a FDI approach for distributed and heterogeneous networked systems where each agent can detect and isolate not only its own faults but also the faults of its nearest neighbors. A different approach is used in [15], where the conditions so that a distributed controller guarantees pre-specified performance levels even in case of nodal failures and communication noise are found. In [3], we developed a schema that allows each robot of a networked system to detect and isolate faulty members even if not directly connected to them. To this aim, the observer-controller schema presented in [1], [2] was modified and adapted. In a recent paper [4], we presented a recovery strategy consisting in removing the faulty robot from the team, after the detection and isolation, and rearranging the mission accordingly. Here, we build upon these results in order to elaborate a more effective solution, based on a twolevel FDI and recovery strategy. Two types of faults are considered: recoverable and unrecoverable faults. In the first case, the faulty robot tries to locally recover from the fault thanks to an adaptive compensation term; in this case, no action is required by the healthy teammates and the mission does not require to be rescheduled. In case of unrecoverable faults (e.g., the robot permanently stops), the only solution is to exclude the robot from the team and reconfigure the mission accordingly. The proposed approach is validated via both numerical simulation and experimental results. II. DYNAMICS

We consider a system composed of N robots, where the ith robot’s state is denoted by xi ∈ IRn . Each robot is characterized by a single-integrator dynamics x˙ i = ui + φi ,

[email protected] F. Pierri is with the University

of Basilicata,

Potenza, Italy

[email protected] The research leading to these results has received funding from the Italian Government, under Grant FIRB - Futuro in ricerca 2008 n. RBFR08QWUV (project NECTAR). *Authors are in alphabetic order.

978-1-4799-6934-0/14/$31.00 ©2014 IEEE

AND COMMUNICATION MODELING

(1)

where ui ∈ IRn is the input vector, and φi ∈ IRn is an additive fault term that is zero in normal operating  conditions. The team state is given by  collective Nn T T . . . x x = xT ∈ IR and the collective dynamics 1 N

3734

is, then, expressed as x˙ = u + φ, (2)  T T where u = uT ∈ IRN n is the collective input, 1 . . . uN  T  Nn T T φ = φ1 . . . φN ∈ IR is the collective fault. Each robot has access to a noisy measure xi,m of its own state: 

xi,m = xi + η i ,

(3)

where η i ∈ IRn is the additive noise, assumed norm-bounded by a positive scalar η, i.e., kηi (t)k ≤ η

∀t, ∀i = 1, 2, . . . , N.

(4)

The collective noisy measure of the system state is xm = x + η ,

(5)

T T where η = [η T ∈ IRN n is the collective noise. 1 . . . ηN ] The collective state x and the collective input u are not available to the vehicles in team. Thus, it is necessary that each vehicle implements a distributed observer to estimate these quantities. The information exchange between the robots is described by a graph G(E, V) characterized by its topology, i.e., the set V of the indexes labeling the N vertices (nodes), the set of edges (arcs) E = V × V connecting the nodes, and its L(N × N ) Laplacian matrix [11]. We assume that the i th robot receives information from a reduced set of neighbors Ni = {j ∈ V : (j, i) ∈ E}, and it does not know the overall topology. Some properties and definitions about the communication graphs are listed in [1].

III. D ECENTRALIZED OBSERVER - CONTROLLER SCHEME Here, we report a decentralized observer-controller schema inherited form [1], [2], [3] that allows each robot to estimate the overall team state on the base of a decentralized observers, and to compute its motion directives on the base of the estimated system state to make the overall team track desired time varying trajectories of global task functions. A. State observer Let Γ i be a (n × N n) selection matrix · · · On } In |{z} i th node that allows to extract the components of the i th robot from a collective vector, and let define Π i as the (N n × N n) matrix Π i = Γ T i Γ i . The estimate of the collective state x is computed by the i th robot using the observer   X

j i˙ ˆ  + iu ˆ , (6) ˆ − iy ˆ + Π i ym − iy y x ˆ = ko  Γ i = {On

···

j∈Ni

where ko isR a positive scalar gain R to be designed; t t ˆ (τ )dτ , where ˆ = ix ˆ − t0 i u y m = xm − t0 u(τ )dτ , and i y iˆ iˆ iˆ t0 is the initial time instant; u = u(t, x) is the estimate of the collective input as computed by the i th robot by using ˆ. the estimated state, i x

The observer in (6) depends only on local information ˆ and xm,i ), and on the vectors available to vehicle i (i y jˆ ˆ ∈ IRN n is the y received from direct neighbors. Thus, j y only information required to be exchanged. By defining the vectors 2

ˆ T . . .N x ˆ T ]T∈IRN n [1 x 2 ˆ T . . .N y ˆ T ]T∈IRN n [1 y  ˆ (t, 1 x ˆ )T . . . ˆ ⋆ = 1u 1N ⊗ η u 2 ⋆ ˆ ∈ IRN n 1N ⊗ y − y Rt with y = x− t0 u(τ )dτ , it is ˆ⋆ x ˆ⋆ y η⋆ ˜⋆ y

= = = =

T Nu ˆ (t, N x ˆ )T

2

∈ IRN n (7)

ˆ ⋆ + ko Π ⋆ y ˜ ⋆ + ko Π ⋆ η ⋆ + u ˆ ⋆, x ˆ˙ ⋆ = −ko L⋆ y

(8)

where L⋆ = L ⊗ I N n , with ⊗ denoting the Kronecker product operator and   (9) Π ⋆ = diag Π 1 . . . Π N . B. Nominal control law

The control objective is to make the team centroid and the relative formation follow desired time-varying references. To this aim, the task σ ∈ IRN n is defined as     σ1 J1 ˙ σ= = x = J x, σ˙ = J x, (10) σ2 J2 where J ∈ IRN n×N n , σ 1 and σ 2 are the centroid and formation task functions defined as: σ 1 (x) =

N 1 X xi = J 1 x, N i=1

(11)

with J 1 ∈ IRn×N n the corresponding Jacobian matrix;  T σ 2 (x)= (x2 − x1 )T . . . (xN − xN −1 )T = J 2 x, (12)

with J 2 ∈ IR(N −1)n×N n the corresponding Jacobian. Each ˆ , computes an robot, using its collective state estimate i x estimate of the collective input via the control law:   i ˆ = iu ˆ (t, i x ˆ ) = J † σ˙ d + kc i σ( ˜ ix ˆ) , u (13) i    ˜ (i x ˆ) ˆ) σ σ 1,d − i σ 1 (i x ˜ ix ˆ) = i 1 i where i σ( = is the ˜ 2( x ˆ) ˆ) σ σ 2,d − i σ 2 (i x ˜ = [σ ˜ 1 (x)T σ ˜ 2 (x)T ]T , and estimate of the task error σ where σ 1,d and σ 2,d are the desired values of the task functions. The input vector ui in (1) is computed selecting ˆ , i.e., the relative component from i u ˆ i = Γ iiu ˆ. ui = i u

(14)

IV. FAULT T OLERANCE We propose a Fault Tolerant Control (FTC) schema to deal with both non disruptive (e.g., a bias between the commanded input and the actual one) and disruptive failures (e.g., permanent actuator failure). For non disruptive faults, each robot locally modifies the nominal control law (14) so as to compensate the effects of the fault on its dynamics. For disruptive faults, the faulty vehicle needs to be removed from the team (as well as the corresponding elements from the ˆ and i y ˆ ) and the mission needs to be rescheduled. vectors i x

3735

To this aim, each robot computes a residual vector designed to be sensitive to the faults of any robots of the team. In order to avoid false alarms due to measurement noise η and non perfect compensation of recoverable faults, an adaptive threshold is designed for the detection residuals. A. Local fault accommodation In presence of non disruptive faults, an active fault tolerance approach is pursued, i.e., the nominal control law (14) is ˆ . Therefore, reconfigured by adding a compensation term, φ i a new input vector ui , given by ˆ , ˆ −φ ui = Γ i i u i

(15)

ˆ should be adopted instead of (14). The adaptive term φ i provides an estimate of the fault. To estimate and locally accommodate the fault φi , a local state observer is designed as in [17] ˆ + K(xi,m − z i ), z˙ i = Γ i i u

(16)

where K ∈ IRn×n is a symmetric and positive definite gain matrix. The update law for the fault estimation is derived as ˆ˙ (t) = G−1 (e˙ i (t) + Kei (t)) , φ i

(17)

where ei (t) = xi − z i and G ∈ IRn×n is a symmetric positive matrix to be designed. Remark 4.1: From (17), it can be easily recognized that the on-line fault estimator has the following expression ! Z t −1 ˆ (t) = G ei (τ )dτ , (18) ei (t) + K φ i tf,i

where tf,i is the instant in which vehicle i detects the fault. The integral term allows to achieve an asymptotic estimate of a constant fault while, in the presence of time-varying faults, it can be proven that the estimation error is bounded. By taking into account the robot dynamics (1) and the modified control (15) with the adaption law (17), it holds ˆ +Kη = −Kei + φ ˜ +Kη , (19) e˙ i (t) = −Kei +φi − φ i i i i ˜ = φ −φ ˆ is the fault estimation error. In absence where φ i i i ˆ is zero (in absence of measurement of faults, the term φ i noise η i ), provided that the initial observer error is zero.   T T ∈ IRN n and By defining the vectors e = eT 1 , . . . , eN T T T ˜ = [φ ˜ , ..., φ ˜ ] ∈ IRN n , from (17) and (19) it holds φ 1

C. Fault detection and isolation In presence of a disruptive fault, the faulty vehicle is removed from the team and the remaining vehicles reconfigure themselves. At first, a detection strategy was developed as in [3] to make each robot able to detect the occurrence of a fault and recognize the faulty vehicle. Let us define the following residual vector for the i th robot X
i j ˆ − iy ˆ + Π i (y m − y ˆ i ); r= y (22) j∈Ni

it is worth noticing that the above quantity does not require additional information exchange since it makes use of the same terms used by the state observer (6). The  vector i r can be seen T as aN nstacked vector, i.e., i i rT . . . irT r = i rT ∈ IR , where each com1 2 N ponent i rk ∈ IRn represents the residual computed by robot i relative to robot k, and, from (22), it can be expressed as X i j ˜k − ˜ k + i δk η k , (23) rk = Γ k i r = (di + i δk )i y y j∈Ni

where i δk = 1|i=k , i δk = 0|i6=k , di is the dimension of Ni . In [3], [4] it has been shown that a fault φl occurring on the l th robot at time tf > 0, in absence of compensation term, can be detected and isolated by the robot i if  ∃t > tf : ki rl (t)k > i µl (t) (24) ∀k ∈ (1, . . . , N ), k 6= l, ∀t > 0, ki rk (t)k ≤ i µk (t),

(20)

where i µl and i µk are suitable defined adaptive thresholds. In order choose the thresholds,  let us consider the vector  to N ˜ T T ∈ IRN n , collecting the 2 ˜T ˜ ⋆k = 1 y y ˜T . . . y y k k k estimation errors of y k computed by the observers of each robot. It can be easily shown that it holds:

(21)

˜ ⋆k = diag{Γ k , Γ k , . . . , Γ k }˜ ˜ ⋆. y y ⋆ = Γ ⋆k y

N

˜ + (I N ⊗ K)η, e˙ = −(I N ⊗ K)e + φ ˜˙ = φ˙ − I N ⊗ G−1 (e˙ + e) . φ

In presence of a non disruptive fault and the adaptive fault observer (17), by assuming that fault velocity is

the

bounded with a known bound φd , i.e. φ˙ i (t) ≤ φd ∈ IR, ∀t, i = 1, 2, . . . , N , the following theorems hold: Theorem 1: In presence of a connected undirected com˜ ⋆ and munication graph, with the update laws (8) and (17), y ˜ φ are uniformly ultimately bounded. Proof: The proof is in Appendix A. Theorem 2: In presence of a connected undirected com˜ ⋆ and munication graph, with the update laws (8) and (17), x ˜ l (l = 1, 2) are uniformly ultimately bounded. σ Proof: The proof can be obtained by resorting to similar arguments as in [3] and is not reported here for brevity.

(25)

⋆

B. Convergence of the overall observer-controller schema The convergence properties of the observer (8) were analyzed in [3]-[4] where it was proven that, without local fault estimation (17), in the absence of faults and measurement noise and under the assumption of a connected undirected graph, the stacked vector of the collective state estimation ˜ ⋆ , exponentially converges to zero; in the presence errors, x ˜ ⋆ is globally uniformly of bounded measurement noise, x ultimately bounded.

˜ is ultimately bounded (see Theorem 1), from Since y ˜ ⋆k is ultimately bounded and its ultimate bound is (25) also y lower than the one given in (38). Therefore, there exists a constant λ > 0 such that k˜ y ⋆k k ≤ k˜ y ⋆k (0)k e−λt + β(η, φd ).

(26)

j By virtue⋆ of (23) and taking into account that

y ˜ k ≤ k˜ y k k, the following chain of inequalities holds

⋆

i

rk ≤ (di + i δk ) i y ˜ k + di k˜ y ⋆k k + i δk kη k k

3736

Thus, on the basis of (26), the following time-varying threshold i µk can be defined for the residual i rk i

µk=(2di+i δk )k˜ y ⋆k (0)k e−λt+(2di+i δk )β(η, φd )+i δk η. (28)

The threshold calculation requires a reliable estimate of k˜ y ⋆k (0)k, λ and β(η, φd ). The latter can be computed as shown in Appendix A and depends on the bounds on the noise and on the fault rate as well as on the parameters in (35). Parameter λ can be estimated as the minimum ˜ ⋆k computed by considering the eigenvalue of the matrix L worst case for the Laplacian matrix. Constant k˜ y ⋆k (0)k can be estimated on the basis of approximate information about the initial conditions of the system (e.g., the vehicles start from a known bounded area). D. Exclusion of the faulty vehicle Once the faulty vehicle has been recognized by the other teammates, it must be excluded from the team and the task function references must be re-planned. The exclusion of a faulty vehicle requires to change the dimension of all the involved variables, i.e. each healthy robot must resize the ˆ ), the input (i u ˆ ) and the estimate of the collective state (i x i ˆ ), whose dimensions become (N −1)n exchanged variable ( y instead of N n. The detection time instant t in (24) is, in general, different for each robot, since they detects the fault asynchronously from each other. Thus, if after the detection ˆ but one or more of its of a fault a vehicle resizes the vector i y neighbors has not yet detected the fault, they would receive a reduced size vector without having any information about the faulty teammate; so they do not know which components remove from their collective state estimate. This issue does not arise if the neighbors have already isolated the faulty vehicle, therefore the above problem can be avoided by allowing a vehicle to exchange a reduced size vector only when all the other healthy teammates have detected and isolated the fault. Considering a fault affecting the robot l and defining the detection the ith robot, i td , as the

of

first instant at

i time i

which r l > µl , i.e., i td = min i rl (t) > i µl (t), let us

to be a normally distributed random vector with null mean, uncorrelated components and standard deviation of 0.01 m. The network topology is assumed to be circular. The desired path of the centroid, σ 1,d (t) is reported in Fig. 1 (dashed blue line), while the desired formation σ 2,d (t) is constant and it corresponds to a square of side 0.42 m around the desired centroid. Two almost simultaneous faults on vehicle 1 and 2 were considered. In particular, fault on vehicle 1 happens at tf,1 = 35.9 s and has the following expression: (  T 0, 0 , for t < tf,1 φ1 = t−tf,1  T − 0.9 −0.2, 0.25 (1 − e ), for t ≥ tf,1 while fault on vehicle 2 happens at tf,2 = 42.6 s and: (  T 0, 0 , for t < tf,2 φ2 = t−tf,1  T − 0.45 0.3, −0.35 (1 − e ), for t ≥ tf,2 .

The vehicle paths are shown in Fig. 1 (green and red dashed lines). Figure 2 shows the components of φ1 and φ2 and of ˆ and φ ˆ . The good tracking performance of their estimates φ 1 2 the local fault observer are highlighted also by Fig. 3 where ˜ 1 and σ ˜ 2 are plotted. These errors are only the task errors σ slightly affected by the local recovery strategy.

3

V. N UMERICAL

SIMULATIONS

A team of 4 robots (N = 4) moving in the plane (n = 2) is considered. Gains ko , kc , K, G in (6), (13), (16), (17) were set to ko = 5, kc = 3, K = 2I 2 , G = 0.05I 2 , respectively. The measurement noise ηi in (3) is assumed

tf,1

1 Desired centroid

0

Start

1

2

0

1

2

1 4

2 3

End

4

3

3

[m]

4

5

Fig. 1. Simulation case study. Dashed green and red lines respectively show the paths of healthy and faulty vehicles; the blue line is the desired centroid path. The team configurations at tf,1 and tf,2 are shown.

0.4

0.4

0.2

t

define i ∆td = i td − tf as the time occurring from the fault occurrence and its detection/isolation by vehicle ith, and the maximum detection delay as ∆d,max = maxi=1,...,N i ∆td . If robot i sends a reduced size vector starting from i td + ∆d,max , all the neighbors have knowledge about the faulty vehicle as well, and can resize their state estimate accordingly. In sum, the resize of the team occurs after tr = mini i td + ∆d,max . Thus, the problem is how to get a reliable estimate of ∆d,max . A possible solution for this problem, for a limited class of faults, can be found in [4].

tf,2

2

ˆ1,x φ ˆ1,y φ φ1,x φ1,y

0

-0.2 -0.40

0.2 m/s

(27)

[m]

(2di + i δk ) k˜ y ⋆k k + i δk η.

m/s

≤

ˆ2,x φ ˆ2,y φ φ2,x φ2,y

0

-0.2 20

40 t [s]

60

80

-0.40

20

40 t [s]

60

80

Fig. 2. Simulation case study. Left. Fault φ1 starting at instant ˆ . Right. Fault φ on vehicle tf,1 = 35.9 s on vehicle 1 and its estimate φ 1 2 ˆ . 2 starting at instant tf,2 = 42.6 s and its estimate φ 2

Finally, Fig. 4 shows the global residuals calculated by all the vehicles of the team and relative

to the faulty vehicle 1. In detail, the residual norms i r 1 (i = 1, 2, 3, 4) (continuous blue lines) and the corresponding thresholds (dashed green lines) are plotted; moreover, in each plot, it is also highlighted the instant tf,1 in which the fault on vehicle 1 occurs (black vertical line). All the residuals are kept below the corresponding threshold in case of non-disruptive faults. The same happens for residuals relative to the faulty vehicle

3737

[m]

0.04 4

k˜ x⋆ k

2

˜ 1, σ ˜ 2 ). In absence of fault, mation task function errors (σ the task function errors remain limited and close to zero. When the fault occurs, both the centroid and formation task function errors increase until the robot is excluded from the formation (around 80 s); then, the desired formation switches from a pentagon to a square (the desired centroid is the same) and the task errors decreases again. The small errors can be justified by the scarce localization accuracy of the robots.

1 0 0

20

40 ˜ 1 k , kσ ˜ 2k kσ

60

80

20

40 t [s]

60

80

[m]

0.2

0 0

[m]

˜ 1 k (green line) and kσ ˜ 2k Fig. 3. Simulation case study. Task errors kσ (blue line). Dashed black lines are in correspondence of tf,1 and tf,2 .



i

r1

0.15

5 12 4 3

0 20

40 t [s]

60

80

Fig. 4. Simulation case study. Norm of residuals i r 1 (i = 1, 2, 3, 4) (solid lines) as calculated by vehicle i and relative to the faulty vehicle 1. Dashed black line are the corresponding thresholds.

8

10 [m]

12

14

16

18

20

Fig. 5. Experiment case study. Followed robots paths during the mission; when the fault is detected by all the robots, the faulty robot is excluded and the desired formation switches from a pentagon to a square.



2, i r 2 , and healthy vehicles i r j (i = 1, 2, 3, 4 and j = 3, 4) are omitted for the sake of brevity.

0.5 20

40

60

80 t [s]

100

120

140

160

20

40

60

80 t [s]

100

120

140

160

80 t [s]

100

ki r 5 k

0 0

0.5 0 0

Fig. 6. Experiment case study. Norm of the residual components i r j (i = 1, 2, . . . , N ) (solid lines) as computed by the different robots relative to a healthy robot (top), robot 3 in this case, and to the faulty robot (bottom), robot 5. Dashed black lines are the corresponding thresholds. ˜ 1 k, kσ ˜ 2 k[m] kσ

VI. E XPERIMENTS In this section, we present the results of an experiment performed with a team of networked mobile robots where a disruptive fault occurs. The team is composed of five Khepera III mobile robots that are small size wheeled robots and is described in detail in [2]. The team was commanded to move in a indoor environment keeping a regular polygon formation. During the mission execution, an abrupt stop was induced via software to one of the robot to simulate a unrecoverable actuator fault (φ5 (t) = −u5 (t) for t > 60 s). Applying the strategy described in the previous sections, all the robots were able to detect and isolate the fault, and to recover the mission by excluding the faulty robot and adjusting the formation. Each robot implemented the local observer in (6) and the control algorithm in (13), and the gains ko , kc , G and K are selected as in Section V. The network topology is assumed as a circular undirected graph. Figure 5 shows the paths of the robots during the mission as well as few intermediate positions. From the figure, it is possible noticing that robot 5 stops during the course of the mission due to the fault occurrence (t > 60 s). The formation is recovered when all the other robots are able to detect and isolate the fault. Figure 6 (top) and (bottom) respectively show the components of the residuals related to a not faulty vehicle (robot 3 in this case) and to the faulty robot (robot 5) as calculated by all the member of the team. As long as no fault happens, all the residuals are below the corresponding threshold. When the fault affects robot 5, the residuals components relative to it grows until they overcome the thresholds; thus all the robots are able to detect the fault, even if not directly connected to it. When the faulty robots is excluded (around 80 s) according to strategy as in Section IVD (∆d,max = 18 s), the residual components for that robot are not computed anymore. Finally, Fig. 7 shows the norm of the centroid and for-

6

4

2

1 4 2 3

5

ki r 3 k

00

4 3 2 1 0

2.5 2 1.5 1 0.5 00

20

40

60

120

140

160

˜ 1 (green line) Fig. 7. Experiment case study. Norm of the tracking errors σ ˜ 2 (blue line). and σ

VII. C ONCLUSIONS In this paper, a distributed fault tolerant scheme for multirobot system was presented. The approach makes use of a previously designed observer-controller scheme and of the combination of a local and of a distributed fault-tolerant scheme. The local fault tolerant strategy allows each robot to recover from recoverable fault; for non-recoverable faults, proper residuals and adaptive thresholds are defined based on the observer error in order to detect and isolate faulty robots. Once all the healthy robots have detected the faulty one, the latter is removed from the team and the mission rearranged. The approach was successfully proved via numerical simulation and experiment on a real setup. A PPENDIX A. Proof of Theorem 1 System in eq. (8) can be rearranged as ˜ ⋆y ˜ ⋆+koΠ ⋆η ⋆ , ˆ ⋆+ko Π ⋆ y ˜ ⋆+koΠ ⋆ η ⋆=koL y ˆ˙ ⋆ =x ˆ˙ ⋆−ˆ u⋆=−koL⋆ y (29)

3738

˜ ⋆ = L⋆ + Π ⋆ and by exploitibg the property with L L⋆ (1N ⊗y) = (L⊗I N n )(1N ⊗y) = (L1N )⊗(I N ny ) = 0. ˜ it holds By noticing that from eqs. (2) and (15) y˙ = φ, ˜⋆ ˜ ⋆y ˜ ⋆ − ko Π ⋆ η⋆ + φ y ˜˙ ⋆ = −ko L

(30)

⋆

˜ = 1N ⊗ φ. ˜ In [2], it was proved that matrix −L ˜ ⋆ is with φ Hurwitz provided that the communication graph is strongly ˆ = 0) and connected. Thus, in absence of faults (φ = φ measurement noise (η = 0), eq. (30) the exponential stability of the origin ∀ ko > 0 is guaranteed. On the contrary, in presence of fault and measurement noise, let us consider the following Lyapunov function ˜ T (I ⊗ G)φ. ˜ ˜ ⋆T y ˜ ⋆ + eT e + φ V =y

(32)

⋆

⋆

˜ −2eT(I ⊗K)e ˜ y ˜ ⋆T Π ⋆ η ⋆+ 2˜ ˜ ⋆T L ˜ ⋆ −2ko y y ⋆T φ =−2ko y T ˜ ˜ + 2eT (I N ⊗ K)η + 2φ ˜ (I N ⊗ G)φ˙ − 2φ ˜ Tφ +2eT φ T ˜ (I N ⊗ K)η. −2φ

Let us recall the following property [17]: 2xT y ≤ xT Ex + y T E −1 y,

(33)

where E is any symmetric positive definite matrix. Then, the following inequalities are true:  ˜ ⋆T + γ1 η 2 ˜ ⋆T Π ⋆ η⋆ ≤ y ˜ ⋆T E 1 y −2ko y    T T  ˜ + γ2 φ2 ˜ (I N ⊗ G)φ˙ ≤ φ ˜ E2φ   2φ d T T ˜ + γ3 η 2 ˜ (I N ⊗ K)η ≤ φ ˜ E3φ (34) −2 φ   2 T T  2e (I ⊗ K)η ≤ e E e + γ η N 4 4    ˜ ⋆ ≤ γ −1 y ˜ Tφ ˜ ˜ ⋆T y ˜ ⋆ + γ5 N φ 2˜ y ⋆T φ 5

where  γ1 =    γ2 =  γ3 =   γ4 =

⋆ N λmax (Π ⋆ E −1 1 Π )
−1 λmax (I N ⊗ G)E 2 (I N ⊗ G)
N λmax ( (I N ⊗ K)E −1 3 (I N ⊗ K)
) N λmax ( (I N ⊗ K)E −1 4 (I N ⊗ K) ),

⋆

˜ − E 1 − γ −1 I N 2 n ) > 0 and with ρ1 = λmin (ko L 5 ˜ ⋆, ρ2 = λmin (Λ) > 0. Finally, it is easy to recognize that y ⋆ ˜ are uniformly ultimately bounded and that y ˜ converges e, φ to the set Ω={˜ y ⋆ | k˜ y ⋆ k ≤ β(η, φd )} with s (γ1 + γ3 + γ4 )η 2 + γ2 φ2d . (38) β(η, φd ) = ρ1 R EFERENCES

(31)

T T where e = [eT 1 , . . . , eN ] . From (16), (19) and (30), it is

˜i⋆ ˜ ⋆y ˜ ⋆T Π ⋆ η ⋆ + 2˜ ˜h⋆T L ˜ ⋆ − 2ko y y⋆T φ V˙ =−2ko y ˜ + (I N ⊗ K)η +2eT −(I N ⊗ K)e + φ h i ˜ T (I N ⊗ G) φ˙ − I N ⊗ G−1 (e˙ + Ke) +2φ

exists and the LMI Toolbox of Matlab can be used to the purpose. Moreover, by choosing ko and E 1 in such a way ˜ ⋆ − E 1 − γ −1 I > 0, it holds, that ko L 5

2

2 ˜ T ]T V˙ ≤−ρ1 k˜ y ⋆ k −ρ2 [eT, φ

+(γ1+γ3+γ4 )η 2+γ2 φ2d (37)

(35)

E 1 , E 2 , E 3 , E 4 are positive definite symmetric matrices of proper dimensions and γ 5 is a positive scalar. In virtue of (35), (32) becomes ˜ ⋆−E 1−γ −1 I N n )˜ V˙ ≤−˜ y ⋆T (2ko L y ⋆− eT (2(I N ⊗ K)−E 4 )e 5 T T ˜ e−φ ˜ (2I N n − E 2 − E 3 − γ5 N I N n )φ ˜ +2φ +(γ1 + γ3 + γ4 )η 2 + γ2 φ2d . Let us consider the following matrix   2(I N ⊗ K)−E 4 −I Nn , (36) Λ= −I Nn (2I Nn − E 2 − E 3 − γ5 N I Nn )

and let K, E 2 , E 3 , E 4 , γ5 such as the following matrix inequality holds Λ > εI N 2 n for some scalar ε > 0. It is easy to see that solution to this matrix inequality always

[1] G. Antonelli, F. Arrichiello, F. Caccavale, and A. Marino. A decentralized controller-observer scheme for multi-agent weighted centroid tracking. IEEE Trans. on Aut. Control, 58(5):1310 – 1316, May 2013. [2] G. Antonelli, F. Arrichiello, F. Caccavale, and A. Marino. Decentralized time-varying formation control for multi-robot systems. The International Journal of Robotics Research, 33(7):1029–1043, 2014. [3] F. Arrichiello, A. Marino, and F. Pierri. A decentralized observer for a general class of lipschitz systems. In Proceedings 2013 Int. Conf. on Advanced Robotics, Montevideo, Uruguay, November 2013. [4] F. Arrichiello, A. Marino, and F. Pierri. A decentralized fault tolerant control strategy for multi-robot systems. In Proceedings 19th World Congress of the International Federation of Automatic Control, Cape Town, South Africa, August 2014. [5] M.R. Davoodi, K. Khorasani, H.A. Talebi, and H.R. Momeni. Distributed fault detection and isolation filter design for a network of heterogeneous multiagent systems. IEEE Transactions on Control Systems Technology, 22(3):1061–1069, 2014. [6] J. Feng, S. Wang, and Q. Zhao. Closed-loop design of fault detection for networked non-linear systems with mixed delays and packet losses. Control Theory & Applications, IET, 7(6), 2013. [7] R.M.G. Ferrari, T. Parisini, and M.M. Polycarpou. Distributed fault diagnosis with overlapping decomposition: an adaptive approximantion approach. IEEE Trans. on Automatic Control, 54(4):794–799, 2009. [8] I. Hwang, S. Kim, Y. Kim, and C. E. Seah. A survey of fault detection, isolation, and reconfiguration methods. IEEE Transactions on Control Systems Technology, 18(3):636–653, 2010. [9] C. Keliris, M.M. Polycarpou, and T. Parisini. A distributed fault detection filtering approach for a class of interconnected continuoustime nonlinear systems. IEEE Transactions on Automatic Control, 58(8):2032–2047, 2013. [10] V. Kumar, D. Rus, and S. Sukhatme. Springer Handbook of Robotics, chapter Networked Robots, pages 943–958. B. Siciliano, O. Khatib, (Eds.), Springer-Verlag, Heidelberg, D, 2008. [11] M. Mesbahi and M. Egerstedt. Graph theoretic methods in multiagent networks. Princeton University Press, 2010. [12] N Meskin, K Khorasani, and CA Rabbath. A hybrid fault detection and isolation strategy for a network of unmanned vehicles in presence of large environmental disturbances. IEEE Transactions on Control Systems Technology, 18(6):1422–1429, 2010. [13] P. Panagi and M.M. Polycarpou. Decentralized fault tolerant control of a class of interconnected nonlinear systems. IEEE Transactions on Automatic Control, 56(1):178–184, 2011. [14] I. Shames, A.M.H. Teixeira, H. Sandberg, and K.H. Johansson. Distributed fault detection for interconnected second-order systems. Automatica, 47(12):2757–2764, 2011. [15] P.G. Voulgaris and Shengxiang Jiang. Failure-robust distributed controller architectures. In IEEE Conference on Decision and Control, volume 1, pages 513–518, 2004. [16] Y. Wang, H. Ye, S.X. Ding, Y. Cheng, P. Zhang, and G. Wang. Fault detection of networked control systems with limited communication. International Journal of Control, 82(7):1344–1356, 2009. [17] K. Zhang, B. Jiang, and P. Shi. Observer-Based Fault Estimation and Accomodation for Dynamic Systems. Springer, 2013. [18] X. Zhang and Q. Zhang. Distributed fault diagnosis in a class of interconnected nonlinear uncertain systems. International Journal of Control, 85(11):1644–1662, 2012.

3739