Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization

ABSTRACT: Reference Governor is an important component of Active Fault Tolerant Control. One of the main reasons for using Reference Governor is to adjust/modify the reference trajectories to maintain the stability of the post-fault system, especially when a series of actuator faults occur and the faulty system can not retain the pre-fault performance. Fault estimation error and delay are important properties of Fault Detection and Diagnosis and have destructive effects on the performance of the Active Fault Tolerant Control. It is shown that, if the fault estimation provided by the Fault Detection and Diagnosis (initial “fault estimation”) is assumed to be precise (an ideal assumption), the controller may not show an acceptable performance. Then, it is shown that, if the worst “fault estimation” is considered, it will be possible to reduce the effects of fault estimation error and delay and to preserve the performance of the controller. To reduce the effects of this conservative assumption (worst “fault estimation”), a quadratic cost function is defined and optimized. One of the advantages of this method is that it gives the designer an option to select a less sophisticated Fault Detection and Diagnosis for the mission. The angular velocity stabilization of a spacecraft subjected to multiple actuator faults is considered as a case study.


INTRODUCTION
Active Fault Tolerant Control (AFTC) is an important field in automatic control that has attracted a large amount of attention.The main responsibility of an AFTC is to tolerate component malfunctions while maintaining desirable performance and stability properties of the faulty system (Zhang and Jiang 2008).Latterly, a review paper published recent developments of the spacecraft AFTC system (Yin et al. 2016).
One of the main components of any AFTC is the Fault Detection and Diagnosis (FDD) module.There are several challenges that FDD designs have in common (Zhang and Jiang 2008).Among them, fault estimation error and delay are considered in this paper.These challenges have destructive effects on the stability and performance (Zhang and Jiang 2008).
Reference Governor (RG) is one of the components of the general AFTC structure (Zhang and Jiang 2008).The terms Command Governor (CG) and Reference Trajectory Management (RTM) have been also used in the literature.The main responsibility of RG is to adjust/modify the reference trajectories, so the post-fault model of the system remains stable, even after the occurrence of multiple actuator faults (Garone et al. 2016).There are several papers in the literature that have studied the effects of RG on the performance and stability of the post-fault model (Boussaid et al. 2010;Boussaid et al. 2011;Boussaid et al. 2014;Almeida 2011).According to these papers, RG has been able to deal with the actuator faults/ failures efficiently.
To the authors' best knowledge, reducing the effects of fault estimation error and delay using the concept of RG still remains an open problem.This is the main subject that is pursued in this paper.It is shown that, as long as the estimated fault reported by the FDD (initial "fault estimation") is assumed to be precise (an ideal assumption), the controller may not show an acceptable performance.
However, if the maximum fault estimation error is considered (worst "fault estimation"), RG can be used to reduce the eff ects of FDD errors and preserve the performance of the closed-loop system.To reduce the eff ects of this conservative assumption (considering maximum fault estimation error), a quadratic cost function is defi ned and optimized.
In order to validate the results, the angular velocity stabilization of a spacecraft subjected to multiple actuator faults is considered.It is shown that, if the initial "fault estimation" (the fault estimation reported by the FDD) is considered accurate, the response will not converge to the origin.However, if RG is designed based on the worst "fault estimation", AFTC will be able to asymptotically stabilize the faulty spacecraft in a wide range of actuator fault and despite FDD errors.Th is paper consists of the following sections: fi rstly, the modeling of the proposed RG is described.Th en, the spacecraft dynamics and controller are shown.Finally, results obtained and the discussions are presented.

MODELING THE REFERENCE GOVERNOR
Th e structure of the considered AFTC is shown in Fig. 1.It is assumed that the FDD block provides "an estimation of " the post-fault model of the system.Th e RG block uses the proposed methodology to fi nd the most suitable reference trajectories for the post-fault model, despite the presence of fault estimation error and delay.Th e signals ω and ω d are the plant output (angular velocity) and the desired reference trajectory vectors, respectively.
It is assumed that the actuator fault/failure occurs at t = t fault and the FDD determines ˆ t fault (estimated t fault ) with a fault estimation delay equal to: In this paper, the mission of the controller is to make the origin an asymptotically stable equilibrium for the post-fault system, i.e. ω → 0 as t → t f (fi nal time).which is a positive value, since ˆ t fault is always bigger than t fault .Fault estimation error is another property of the considered FDD block.Th e control inputs are bounded according to the following saturation function: where u max is the maximum torque that can be produced by the actuators.
Th e reduction in the actuator region is considered as the actuator fault and is modeled according to Eq. 3 (Miksch and Gambier 2011): The subscript p-f shows the post-fault condition.The relation between pre-and post-fault actuator region is given according to: where a is the actuator eff ectiveness coeffi cient (Sobhani-Tehrani and Khosravi 2009), a real value between 0 and 1; u max is the pre-fault actuator region.FDD determines the estimated value of a (shown by â).It is assumed that the FDD provides â with an estimation error given by: where δ a/â is a value between 0 and 1. Th e larger/smaller values of δ a/â show better/worse fault estimation, respectively.
According to the considered mission, the goal of RG is to determine ω d such that the faulty model of the system remains asymptotically stable, even aft er the occurrence of multiple actuator faults and in the presence of fault estimation error and delay Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization in the FDD module.Th e RG fl owchart is presented in Fig. 2. Th e consecutive steps are explained in the following paragraphs.
According to Fig. 3, ω d (t 1 ) ... ω d (t n ) are initialized by the solver, which is the Genetic Algorithm (GA), as will be explained in the results section.
Note 1: although the GA is used to solve the problem, other numerical solvers can be also employed.However, the main concern of this paper is to fi nd a method to decrease the consequences of fault estimation error and delay.Th erefore, any numerical solver (possibly faster than GA) that solve the problem can be considered as well.
Note 2: as will be seen in the simulation section, GA can fi nd a solution within a reasonable time.
When these points are determined, a cubic spline is passed through them, similarly to Fig. 4. A detailed analysis about cubic spline interpolation can be found in de Boor (1978).One of the main advantages of cubic splines is their smoothness (they are twice continuously diff erentiable).Th is will prevent the controller inputs from being discontinuous (refer to .
According to the FDD information, an estimation of the post-fault model of the system is known.Th e faulty closed-loop system is simulated from t fault to t f .Th is simulation is a part of the fl owchart shown in Fig. 2 and several simulations may be needed to obtain ω d .
Aft er simulation, the value of ω (t f ) is checked to see whether the following equality is satisfi ed or not:    Such a fi nal state constraint is well-known in the literature and is introduced to ensure asymptotic stability (Fontes 2001).Since this equality will never hold numerically, Eq. 34 will be considered in simulations.
Note 3: to ensure that ω d approaches the origin before t = t f , its value is set to 0 as t passes t s (settling time).In other words: To give the solver more fl exibility, another variable (k s ) is introduced, satisfying Eq. 8: In addition to ω d (t 1 ) ... ω d (t n ), k s is another variable that should be found by the solver.

SPACeCRAFT dyNAMICS
The rigid body spacecraft rotational dynamics in the principal coordinate system is described by the following equations (Sidi 2000): where ω 1 , ω 2 , ω 3 are the angular velocities; u ´ 1 , u ´ 2 , u ´ 3 are the normalized control inputs; J 1 , J 2 , J 3 are the principal moments of inertia of the rigid body.Th e relation between control torques and inputs are given by Eqs. 12 -14: and the following form of control inputs where u 1 , u 2 , u 3 are the control moments acting on the spacecraft .

CoNTRoLLeR STRUCTURe
Th e error signal is defi ned as: where ω d and ω e are the desired and error angular velocity vectors, respectively.
Inserting the scalar form of Eq. 15 into Eqs.9 -11 and eliminating ω, one has: Canceling the non-linear terms using feedback linearization, the closed-loop system will change into the following simple linear time invariant form: will lead to the exponential stabilization of ω e to 0; consequently, ω will converge to ω d exponentially.Th e numerical values of k 1 , k 2 and k 3 determine the exponential convergence rate of ω e to 0. Th erefore, larger values of k 1 , k 2 and k 3 mean a faster response and vice-versa.
Considering Eqs.16 -18 and Eqs.22 -24, the following relations will be obtained: For feedback purposes, it is better to rewrite u ´ 1 , u ´ 2 and u ´ 3 as a function of the original variables: According to Eqs. 28 -30, for the control inputs to be continuous, the desired reference trajectory (ω d ) should be continuously differentiable.As stated previously, this is one of the main reasons for using cubic spline interpolation to find ω d .These are the desired control inputs that will lead to the exponential convergence of ω to ω d .
If ω d = 0, the equations of closed-loop system will be: Clearly, as long as there is no saturation and the actuators can produce the required control inputs, will remain globally exponentially stable (GES).However, aft er the occurrence of severe actuator faults, GES will not be guaranteed.

RESULTS
Th e system/controller parameters and initial conditions are given in Table 1.Th e values chosen for the moments of inertia are taken from Wang et al. (2013), and the range of variables is presented in Table 2. respectively.Th e direction of the arrows shows the direction of the forces produced by the thrusters (Fig. 5).Th erefore, the relation between control torques (u 1 , u 2 , u 3 ) and T 1 -T 6 can be obtained according to the following equations: Table 2. Range of variables.
In order to satisfy the fi nal state constraint given by Eq. 6, the following inequality is defi ned: As already mentioned, to determine ω d , GA (Goldberg 989) is used as the solver; [ω 1d (t 1 ) ... ω 1d (t n )], [ω 2d (t 1 ) ... ω 2d (t n )] and [ω 3d (t 1 ) ... ω 3d (t n )] are initialized every 10 s ( ∆t = 10 s or equivalently, n = 10) from the beginning of the fault time (t fault ).Th erefore, considering k s , the total number of decision variables will be 31.Th e considered parameters for GA are presented in Table 3.Other GA parameters are the default values considered in MATLAB® (MathWorks® 2011).
The actuation system consists of 6 thrusters (without considering hardware redundancy), that are placed in opposite directions, and each thruster can produce maximum 50 N variable thrust.Th e eff ective moment arm of all thrusters is 1 m along the principal body axis.However, the confi guration of the thrusters is such that (T 1 − T 2 ), (T 3 − T 4 ) and (T 5 − T 6 ) produce net moments about the fi rst, second and third principal axes, where the superscripts + and -show the positive and negative control torques, respectively.Note 4: it seems that the thrusters T 3 , T 4 , T 5 and T 6 pass through the center of gravity.However, as indicated before, they have a moment arm of 1 m along the fi rst body axis.Th ree important concepts are introduced: • Initial "fault estimation": the fault estimation reported by the FDD.

•
Worst "fault estimation": the biggest error of the FDD in providing the fault information.Its value is determined from the initial "fault estimation", according to the experience or the FDD specifi cations.

•
Real fault: the fault that happens in reality (unknown).Th e fault scenario that FDD reports is:

•
Worst "fault estimation": based on the experience or the FDD specifications; in the worst case, the following parameters are given: δt fault = 5 s and δ a/â = 0.01.Th erefore, it can be concluded that, in the worst case, a 5 = a 6 = 0.0001, i.e.T 5 and T 6 can produce a maximum 0.05 N thrust and the fault occurrence time is t fault = 5 s .Note 5: it is assumed that the real fault is less severe than the one reported by the worst "fault estimation".In this case, the controller will show an acceptable performance for less severe, and therefore, a wide range of faults.
Qualitatively, it is assumed that the severity of the faults satisfi es the following inequalities: where S is a quality that represents the severity of the fault; the subscripts w.f.e, r.f and i.f.e stand for worst "fault estimation", real fault and initial "fault estimation", respectively.
According to the previous discussion, the proposed method is very conservative, because it considers the worst "fault estimation".To reduce the adverse eff ects of this assumption, the following quadratic cost function is introduced: Minimizing this cost function will decrease the adverse eff ects of considering the worst fault estimation.Th e considered sample time for integration is 0.1 s.Th e problem consists of 2 phases: first, GA tries to satisfy the constraint given by Eq. 34.Then, the result is used as an initial solution to optimize Eq. 39.Th e following penalty on cost function is considered: It was verified that 1,000 s elapsed time is considered as the stopping criterion for the second phase -Intel(R) Core™ 2 CPU, T7200@2.00GHz; MATLAB® (MathWorks® 2011).To observe the consequences of employing the proposed method, 2 different cases are considered and summarized in Table 4.

Case
Fault estimation 1 Considering the initial "fault estimation" 2 Considering the worst "fault estimation"

CASe 1
If the initial "fault estimation" is considered (FDD is assumed to report the precise fault information), the results shown in Figs. 6 and 7 will be obtained.Eq. 34 is satisfi ed Eq. 34 is not satisfi ed Figure 6 shows that RG can not make the closed-loop system asymptotically stable, because it assumes the fault scenario reported by the FDD (initial "fault estimation"), which is precise.However, since the real fault is worse than the fault reported by the FDD (initial "fault estimation"), does not converge to the origin.This simulation shows the consequences of considering the initial "fault estimation".The main conclusion of this simulation is: if the FDD is assumed to report the precise fault information, the response of the controller may not be acceptable.

CASe 2
The result of considering the worst "fault estimation" is illustrated in Fig. 8.The control inputs are illustrated in Fig. 9.
According to Fig. 8, RG can asymptotically stabilize the closed-loop system, when the worst "fault estimation" is considered.A comparison of Figs. 6 and 8 shows the consequences of considering the worst "fault estimation" in the RG design.Clearly, considering the initial "fault estimation" (case 1) can lead to the poor performance of the controller and even to a non-convergent response.On the other hand, if RG is designed for the worst "fault estimation" (case 2), it can cover less severe faults and stabilize the faulty system for a wide range of faults (Note 5).
Since the assumption of worst "fault estimation" is conservative, the response is optimized via minimizing the cost function (Eq.39).The GA performance is illustrated in Fig. 10.As stated previously, the quadratic cost function has been introduced to reduce the adverse consequences of considering the worst "fault estimation" (maximum fault estimation error).According to Fig. 10, after 14 generations (1,000 s elapsed time), the cost function is reduced from 8,758 to 5,944 (about 32%).This reduction in the cost function decreases the adverse consequences of considering the worst fault estimation.

DISCUSSION
Fault estimation error and delay are important characteristics of FDD schemes.RG is a method to adjust/ modify the reference trajectories to handle actuator fault/ failure.It was shown that, if the initial "fault estimation" was assumed to be precise (an ideal assumption), the controller might not be able to show an acceptable performance.On the other hand, if the worst "fault estimation" was considered, it would be possible to reduce the destructive effects of fault estimation error.A quadratic cost function was defined to reduce the adverse consequences of this conservative assumption (assuming maximum fault estimation error).Therefore, a less sophisticated FDD can be used to satisfy the mission objectives.
ω d (t 1 ) ... ω d (t n ) are initialized Determine ω d via cubic interpolating splines Simulate the closed loop system from t fault to t f Equation 34 is satisfied Yes No ω d ω d (t 1 )
Reducing the Effects of Inaccurate Fault Estimation in Spacecraft Stabilization

Table 1 .
System/controller parameters and initial conditions