Observer-based residual generation for nonlinear discrete-time systems

The paper studies the possibility of constructing observer-based residuals to detect faults in a nonlinear discrete-time system. The residuals are generated in such a manner that they detect one specific fault and are not affected by other faults and disturbances. Thus, a bank of residuals has been found to detect and isolate different faults in the system. An algebraic method called functions’ algebra is used to construct an algorithm which computes the residuals. The key fact in residual generation is that any discrete-time observable system can be taken into the extended observer form. This form is used to construct the observer to estimate the system states under the assumption that there are no faults in the system. The state estimates are then compared to the measured values of the states. An example is added to illustrate the theoretical results. In the example it is also demonstrated how to combine the fault detection with the plant reconfiguration step of fault tolerant control.


INTRODUCTION
Fault tolerant control (FTC) is a branch of control engineering that aims at developing control strategies which can handle possible faults in the system. It means that the system is able to preserve stability, thus avoiding possible system breakdown and ensuring safety, and at the same time keeping also a satisfactory level of performance. Generally, FTC methods are classified into two types: passive and active. Passive controllers are designed to be robust against a class of presumed faults or are adaptive. Active FTC methods react to faults directly and depend heavily on fault detection and isolation (FDI).
A huge number of publications are available on different aspects of active FTC; see [23] for an overview. Since FDI is the first and essential part of active FTC, it is the most studied part of the FTC scheme; see [2,15,22,23] and references therein. There are many different approaches for FDI: model-based and data-based, quantitative and qualitative. The goal of model-based quantitative FDI methods is to construct signals, called residuals, which detect faults. The main approaches to the generation of residuals are the parameter estimation approach [7], parity space approach [20], and observer-based approach [15,17]. In this paper the observer-based approach is studied for nonlinear discrete-time systems.
In [17] a geometric approach was used to study the so-called fundamental problem of residual generation for nonlinear continuous-time systems, extending the solution from linear systems. The problem was to construct a residual, which is sensitive to one specific fault and not influenced by other faults and disturbances affecting the system behaviour. Later, this solution was rewritten in [1] using an algebraic approach called functions' algebra, which allowed the generalization of the class of systems from control affine to general nonlinear systems.
In this paper the fundamental problem of residual generation is studied for nonlinear discrete-time systems using the functions' algebra approach. An algorithm is given (similar to the results of [1,17]) to construct a residual to detect a given fault in the system. The solutions in [1,17], as observer-based FDI schemes in general, depend heavily on the possibility of constructing an observer for a certain subsystem of the given system, which is, in general, a very difficult problem for nonlinear systems. In [17] additional restrictive assumptions were introduced in order to be able to construct the observer. The paper [1] only cites other articles, where observer construction is studied for nonlinear systems. The algorithm suggested in this paper does not depend on any restrictions. This is the key aspect and main novelty of our approach. Here we use the fact that for any observable discrete-time nonlinear system one can always construct an extended observer (depending also on the past values of outputs and inputs) to find the observer with linear error dynamics and construct a residual, which solves the fundamental problem of residual generation. That is, in principle, we do not have to make any additional restrictive assumptions to estimate system outputs, based on which the residual is constructed. An example of a three-tank system is used to demonstrate the usefulness of the approach for residual generation. In the example we also briefly talk about plant reconfiguration, which is the next possible step after FDI. In [8] the plant reconfiguration problem was studied, which can be connected with the FDI step described in this paper, since the same methodology is used. Connecting FDI and the reconfigurable control steps has been one of the main obstacles to applying different FDI approaches in practice [23].
Unlike the well-known differential geometric approach, used in [17], functions' algebra suits better for studying generic, not local properties. This means that we do not fix a point and work in the neighbourhood of this point; instead, the results of this paper are valid locally around every point where the computations can be done and all the necessary transformations can be defined uniquely. This allows us to simplify the presentation of the results compared to the local case, where a working point and its neighbourhood have to be fixed.
The paper is organized as follows. In Section 2 the problem statement is described. Section 3 gives an overview of functions' algebra and Section 4 of observability and observer construction. The main results are provided in Section 5, where the algorithm for residual generation is presented. The paper ends with an example and conclusions.

PROBLEM STATEMENT
Consider a nonlinear discrete-time system of the form where and y(t) ∈ Y ⊂ R p is the output vector. The functions f and h are assumed to be analytic. The goal of fault detection is to construct a signal r(t), called a residual, which is equal to zero when there is no fault (w(t) = 0) and becomes non-zero when the fault occurs (w(t) ̸ = 0). The basic idea of observer-based residual generation is the following. Based on the system equations and the outputs/measurements, one can construct an observer for estimating the states of the system in the fault-free case. Then the residual can be constructed as difference between the estimated and measured functions. For instance, when we want to detect the fault w(t) in the system it is enough to construct an observer for the case w(t) = 0 and define the residual as r(t) = y(t) −x 1 (t), wherex 1 (t) is the estimate of the state variable x 1 (t). The observer together with r(t) = y(t) −x 1 (t) is called a residual generator.
In this paper we assume additionally that the system equations depend also on some disturbances d(t) ∈ D ⊂ R q : Now the situation is more complex, since to be able to construct an observer, one has to find a subsystem, which does not depend explicitly on the disturbances. Finding a residual r(t) that detects the fault but does not depend explicitly on the disturbances, and converges asymptotically to zero in the fault free-case, is called the fundamental problem of residual generation. Moreover, when there are multiple faults, it is also important to isolate them, i.e., to determine which fault affects the system. Letw(t) ∈W ⊂ R s be a vector of faults. Then it may be possible to construct a vector of residualsr(t) ∈ R s such that every residualr i (t) detects exactly one faultw i (t) and is not affected by other faults. For that purpose one has to take w(t) =w i (t) and d(t) = (w 1 (t), . . . ,w i−1 (t),w i+1 (t), . . . ,w s (t)) T for all i in the problem statement above and check the solvability conditions (Theorem 2 below) for every i.
Finally, note that the results of this paper are not global, but we study the generic case.

FUNCTIONS' ALGEBRA
In this section the method of functions' algebra is briefly described. In what follows, the notations x, x [k] , k ∈ Z are used, instead of x(t) and x(t + k). Similar notations are used for the other variables as well as for functions. Compared to x(t + k) the element x [k] must be understood as a variable and not as a function of time t. The approach is developed for a discrete-time system given by its state-space equations, such as (1) (to describe the approach, we take w(t) = 0). Consider an infinite set of variables V = {x, u, u [1] , . . . , u [k] , . . .} and denote by F a set of analytic functions 1 in a finite number of variables from the set V . A specific subset of F is the set F x , which is used to denote the set of analytic functions depending only on the variables x. In functions' algebra we work with the vectors (of any finite dimension) whose elements are functions from F or F x . Denote the corresponding sets of vectors by S F and S F x , respectively. The elements of S F or S F x are called vector functions. On the set S F we define a preorder ≤.
The equivalence relation ∼ = divides the elements of S F into the equivalence classes. Let S F \ ∼ = be the set of the equivalence classes. The relation ≤ was defined on the set S F , but can also be understood 2 as a relation on S F \ ∼ =, where it becomes a partial order. Then the pair (S F \ ∼ =, ≤) becomes a lattice, where k is chosen high enough. The vector function 1 corresponds to the equivalence class containing constant vector functions.

Remark 1.
In the rest of the paper the equivalence classes are identified by their representatives, which are vector functions from S F or S F x and thus, a vector function should always be understood as an equivalence class. The operations ×, ⊕, m, M and the relation ∆, below, are defined on the set of equivalence classes, although in terms of the representatives. Also, since we work with equivalence classes, the sign " = " should be understood as " ∼ = ".
Since (S F \ ∼ =, ≤) is a lattice, we can define the binary operations × and ⊕ as for all α, β ∈ S F \ ∼ =. In (3) the infimum and supremum are considered with respect to the partial-order relation ≤. Similarly, the notions of maximal/minimal vector function mean maximality/minimality with respect to ≤. The lattice (S F \ ∼ =, ≤) will be connected to the system dynamics f (·) through the binary relation ∆.
Definition 2. Given α, β ∈ S F x \ ∼ =, one says that the ordered pair (α, β ) satisfies the binary relation ∆, denoted as α∆β , if for all x ∈ X and u ∈ U there exists a function f * such that The binary relation ∆ is used for the definition of the operators m and M.
Important concepts in functions' algebra are the invariant vector functions.
Definition 4. The vector function δ is said to be invariant with respect to the system dynamics f (·) or, said

OBSERVER CONSTRUCTION
In this section we study the observability property and observer construction for a nonlinear discrete-time system. An algorithm that computes the maximal observable subspace of the state space is given. Also, a method to construct an observer for an observable system is described. Observer construction is a key element in the solution of the residual generation problem in Section 5. Consider a nonlinear discrete-time system of the form where x(t), u(t), y(t), f , and h are as above.
The use of analytic functions in (5) and Assumption 1 guarantee that single-experiment observability of system (5) (necessary for observer construction) is equivalent to the multiple-experiment observability (easily studied by the methods of functions' algebra), see [21]. Therefore, in what follows, we just speak about the observability of system (5).

Observability
Some preliminary results on observability, using functions' algebra, are given in [12].
In plain words, observability means a possibility of recovering the state x of system (5) from the knowledge of the output y, the input u, and a finite number of their forward-shifts y [k] , u [k] , k ∈ N. A formal definition is given via the observable space O(x), which, in terms of functions' algebra, can be defined as Now the observability can be defined.
By Definition 5 the observable space O(x) is a minimal vector function, in terms of ≤, which is observable.
for some k.

Proof. By the definition of operator
The definition of the observable space and the observable vector function λ (x) yield Therefore, the observability of a vector function λ (x) ∈ S F x is equivalent to which, in turn, is equivalent to Algorithm 1 below computes the observable space of system (5).
Algorithm 1. Compute the sequence of vector functions θ i , for i ≥ 0, as Theorem 1. The limit of Algorithm 1 is the observable space of system (5).
An obvious consequence of Theorem 1 is

Observer
Observer construction with linear error dynamics is in general a difficult problem for nonlinear discretetime control systems. However, the problem becomes relatively easy when the state equations are in the observer form. Unfortunately, the conditions for transforming system equations (5) into such a form by state transformation are extremely restrictive [3,14]. One possibility of weakening the conditions is to search for an extended state transformation φ(·, ξ 1 , . . . , ξ 2N ) : X → X, parametrized by (ξ 1 , . . . , ξ 2N ) and defined by such that in the new coordinates system (5) is transformed into the so-called extended observer form with buffer N ∈ {1, . . . , n − 1}: where the pair (C, A) is in dual Brunovsky form as defined in [13] and Φ is an n-dimensional column vector. For system (9) one can construct an extended observer with buffer N where matrix K is chosen such that the eigenvalues of A + KC are inside the unit circle. It has been proven in [5] that any single-output observable discrete-time system without inputs can be taken into the extended observer form with buffer n − 1. The proof carries over to the input-dependent and multi-input multi-output case (MIMO). Thus, in principle, one can always construct an extended observer for an observable nonlinear discrete-time system with linear error dynamics that converges asymptotically to zero. In some cases it is possible to choose the buffer N smaller than n − 1. The existence of the extended state transformation (8) to transform a given system (5) into the extended observer form (9) with buffer N ∈ {1, . . . , n − 1} is studied for special cases in [4,6,9,11] and the general solution for MIMO systems is presented in [10]. For continuous-time systems the extended observer form depends not on the past values of y(t) and u(t) but on their derivatives [18]. In this case the conditions for the existence of the extended state transformation remain restrictive (though less restrictive than in the case when derivatives are not allowed), even when the derivatives up to the order n − 1 are chosen.

RESIDUAL GENERATION
The method described below for finding residual generators consists roughly of three steps: 1. Find a subsystem of (2), not depending explicitly on disturbances d; 2. Find the observable space of the subsystem, computed in the previous step; 3. Construct an observer.
Step 1. First, let α 0 (x) be a minimal vector function, such that α 0 ( f (x, u, w, d)) does not depend on the disturbance d. Define also the vector function β 0 (x), similar to α 0 (x), except that now we require that β 0 ( f (x, u, w, d)) should not depend on the fault w.
Algorithm 2. Given α 0 , compute the sequence of non-decreasing vector functions for i ≥ 0. The sequence α i , i ≥ 0, of vector functions converges, i.e., for some j, α j+1 = α j . It has been proven in [19] that α := α j is the minimal (h, f )-invariant vector function that satisfies α 0 ≤ α. Now, based on the vector function α and assuming that h(x)⊕α(x) ̸ = 1, one can construct the subsystem of (2), by defining z = α(x): whereh(z(t)) is the vector function h(x) ⊕ α(x), written in terms of z = α(x). In (12) u(t), y(t), and w(t) are considered input variables. Note that the function F(·) in (12) does not depend on the disturbance d, since by definition, the forward shift of α 0 does not depend on the disturbance and, because α 0 (x) ≤ α(x) = z, the forward shift of z does not depend on the disturbance either.
Step 2. The next step is to compute the observable space of system (12). This can be done via Algorithm 1. Let β be the result of the application of Algorithm 1 to system (12). By Corollary 1 the vector function β is F-invariant and one can construct the observable subsystem of (12): where η = β (z) andh is the functionh rewritten in η variables.
Step 3. The final step is to construct an observer for system (13) in the case when w(t) = 0. In order to be able to construct a residual for system (2), the condition β 0 × β = x must be true. Note that the dimension of vector β 0 is always n − 1. Therefore, if β depends on the fault w, then the condition β 0 × β = x has to be satisfied. If the condition β 0 × β = x is violated, then system (13) does not depend on the fault w and one cannot construct a residual. The residual is defined as whereη(t) andĥ are the estimates of η(t) andh, respectively, in the case when w(t) = 0. Clearly, in the fault-free case r(t) converges asymptotically to zero, since r(t) is defined as difference between measured and estimated functions and the error dynamics converges to zero. In the case when fault w(t) occurs, the residual r(t) ̸ = 0 since (13) depends on the fault w(t). Also, since system (13) does not depend explicitly on the disturbances d(t), the residual r(t) is not influenced by changes in d(t).
The previous discussion is now concluded in Algorithm 3 below, which can be used to construct the residual r(t) to detect the fault w(t) in (2). Algorithm 3. Given system (2), compute the following: 1. Find α 0 and β 0 . 2. Compute the vector function α by Algorithm 2. Check whether h(x) ⊕ α(x) ̸ = 1. If not, then stop, the method cannot be used to compute the residual. 3. Construct system (12), where z = α(x) andh(z(t)) is the vector function h(x) ⊕ α(x), written in terms of z = α(x). 4. Check whether system (12) satisfies Assumption 1. If not, then stop, otherwise compute the observable space β of system (12) as the limit of Algorithm 1. 5. Check whether β × β 0 = x. If not, then stop, the method cannot find a residual to detect the fault w. 6. Construct system (13), where η = β (z) andh is the functionh rewritten in η variables. 7. Find an observer for system (13), taking w = 0. 8. Define r(t) =ȳ(t) −ĥ(η(t)), whereη(t) andĥ are the estimates of η(t) andh, respectively. The section can be concluded by the following theorem.
Theorem 2. Under the assumption that subsystem (12) satisfies Assumption 1, one can construct a residual to detect the fault w(t) in system (2) Proof. When the conditions h ⊕ α ̸ = 1 and β × β 0 = x are satisfied, then, under the assumption that subsystem (12) is reversible, Algorithm 3 yields always a residual to detect the fault w.

Comparison
A similar method for residual generation as described above has been used before for continuous-time inputaffine systems of the formẋ by using a differential geometric approach [17] or for general nonlinear continuous-time systems by functions' algebra [1]. Below, some comparisons are made with these papers.
All the specific vector functions and algorithms, described in this section, have direct counterparts in terms of differential geometry, as shown in Table 1, where the notations from [17] are used. In Table 1, P = span{p 1 , . . . , p d }, where p = (p 1 , . . . , p d ).
Note that in [17] there is no condition corresponding to α ⊕ h ̸ = 1. This condition is checked while computing o.c.a.((Σ P * ) ⊥ ), which stands for the maximal observability codistribution contained in (Σ P * ) ⊥ . That is, if α ⊕ h = 1, then the algorithm in [17] gives o.c.a.((Σ P * ) ⊥ ) = 0, which corresponds to β = 1. The results of [17] were rewritten in terms of functions' algebra in [1]. Moreover, in [17] and [1] not much is said about observer construction, which is a difficult problem for nonlinear systems, but necessary for residual construction. In [17] a residual is constructed under additional restrictive assumptions on the analogue of system (13).
Equations (14) constitute a modified sampled-data model of the well-known example of the three-tank system ( [16], see Fig. 1). The system consists of three consecutively united tanks with areas of the crosssection ϑ 1 , ϑ 2 , and ϑ 3 . The tanks are linked by pipes with areas of the cross-section ϑ 4 and ϑ 5 . The liquid flows into the first and the second tank and out of the third one through the pipe with the area of the crosssection ϑ 6 located at height ϑ 7 ; ϑ 8 is the gravitational constant. The levels of liquid in the tanks are x 1 , x 2 , and x 3 , respectively. The liquid levels in the first and the second tank are measured. Assume that two faults may occur. The first fault w 1 is an actuator fault that results in inaccurate addition of liquid into the first tank. The second fault w 2 is in the plant, which results in ϑ 4 being a function of w 2 .

Fault detection
Our goal is to construct a residual to detect the actuator fault w 1 . Thus, we look at w 2 as disturbance d. To construct the residual r(t), we apply Algorithm 3 to system (14).
2. Compute by (11) 3. The first condition of Theorem 2 is satisfied since α ⊕ h = x 1 + x 2 ̸ = 1. Thus, one can construct system (12): (15) is obviously reversible and thus one can utilize Algorithm 1 to compute the observable space of system (15) when w 1 = 0: x 3 ] T is satisfied and therefore, by Theorem 2, one can construct a residual to detect the fault w 1 . 6. Since system (15) is observable, system (13) is equal to (15) for this example, i.e., η = z andȳ =ỹ. 7. Following the work in [10], system (15), where w 1 = 0, can be transformed into an extended observer form with buffer 1 and thus an extended observer can be constructed to estimate the variables z 1 and z 2 : where 8. The residual to detect the fault w 1 can be written as r(t) =ỹ(t) −ẑ 1 (t) or in terms of original system outputs r(t) = y 1 (t) + y 2 (t) −ẑ 1 (t).
Simulation results are presented in Figs 2 and 3, which show the effectiveness of the residual. Throughout the simulation the constant inputs u 1 = 0.003, u 2 = 0 and constant disturbance w 2 = 0.001 are used. Initial values are chosen as: x 1 (0) = 3, x 2 (0) = 2, x 3 (0) = 1,ẑ 1 (0) = 5, andẑ 2 (0) = 0. The fault w 1 appears at the time instant t = 80 and is generated as a random sequence of values between -0.001 and 0.001 (see Fig. 2). At first, the residual (Fig. 3) converges to zero as the estimateẑ 1 (t) converges to the measured value of y 1 (t) + y 2 (t). After the occurrence of the fault w 1 the residual clearly becomes nonzero. It is common that a fault is detected if the residual signal exceeds some threshold. This adds more robustness to fault detection. In our setting we have decoupled system disturbances from the residual signal, which means that we can possibly take this threshold smaller than with other methods.

Plant reconfiguration
In active FTC the FDI part is followed by fault accommodation or plant reconfiguration steps. Linking these parts together is one of the main challenges in active FTC [23]. Thus we shortly demonstrate how to use functions' algebra for the plant reconfiguration part in this example.
After detecting the fault w 1 in system (14), one can use the results of [8] on plant reconfiguration to find a maximal subsystem of (14), which can be decoupled from the effects of the fault w 1 . Thus one can control the subsystem normally even when the fault w 1 appears. The paper [8] uses also functions' algebra to achieve its goal and therefore can be combined with the results of this paper. Assume now that the fault w 2 is not present and apply the results of [8] (more precisely Algorithm 3 in [8]) to show that the subsystem corresponding to the state variables x 2 and x 3 can be decoupled from the fault w 1 . Therefore we show that one can control the liquid levels of the second and third tanks even when the fault w 1 occurs. Note that the starting point in [8] is the vector function β 0 . Now one can check that the vector function ξ = [x 2 , x 3 ] T can be decoupled from the fault w 1 by a static output feedback u 2 = ϑ 2 v 2 + ϑ 2 θ 1 √ y 1 − y 2 .
After applying the feedback (17), system (14), where the fault w 2 is not present, takes the form

CONCLUSIONS
The problem of fault detection and isolation has been studied in this paper for nonlinear discrete-time systems. An algorithm has been derived to compute a residual, which detects exactly one fault and is not affected by other faults or disturbances. The solution is based on the construction of an observer for the subsystem, which depends on the specific fault but not on the other faults and disturbances. Since one can always construct an extended observer for any observable nonlinear discrete-time system, it is enough to check whether it is possible to construct subsystem (13), depending on the fault. The same mathematical approach (i.e., functions' algebra) has previously been used to study the plant reconfiguration problem [8], which possibly allows unifying the problems in the future studies.