Int. J. Appl. Math. Comput. Sci., 2012, Vol. 22, No. 1, 109–124DOI: 10.2478/v10006-012-0008-7

SLIDING MODE METHODS FOR FAULT DETECTION AND FAULT TOLERANTCONTROL WITH APPLICATION TO AEROSPACE SYSTEMS

CHRISTOPHER EDWARDS ∗ , HALIM ALWI ∗, CHEE PIN TAN ∗∗

∗ Department of EngineeringUniversity of Leicester, University Road, Leicester, LE1 7RH, UK

e-mail: ce14,ha18@le.ac.uk

∗∗School of Engineering, Sunway CampusMonash University, Jalan Lagoon Selatan, 46150 Sunway, Selangor, Malaysia

e-mail: tan.chee.pin@eng.monash.edu.my

Sliding mode methods have been historically studied because of their strong robustness properties with regard to a certainclass of uncertainty, achieved by employing nonlinear control/injection signals to force the system trajectories to attain infinite time a motion along a surface in the state-space. This paper will consider how these ideas can be exploited for faultdetection (specifically fault signal estimation) and subsequently fault tolerant control. It will also describe applications ofthese ideas to aerospace systems, including piloted flight simulator results associated with the GARTEUR AG16 ActionGroup on Fault Tolerant Control. The results demonstrate a successful real-time implementation of the proposed faulttolerant control scheme on a motion flight simulator configured to represent the post-failure EL-AL aircraft.

Keywords: sliding modes, fault detection, fault tolerant control, control allocation.

1. Introduction

The fundamental purpose of a Fault Detection and Isola-tion (FDI) scheme is to generate an alarm when a fault oc-curs and to pin-point the source (Patton et al., 1989). FaultTolerant Control (FTC) systems seek to provide, at worst,a degraded level of performance (compared to the faultfree situation) in the event of a fault or failure developingin the system. Most existing FDI schemes in the literatureare concerned with the design of the so-called residuals.These residual signals are used as ‘alarms’ to indicate theoccurrence of a fault and, if properly designed, give infor-mation from which the source of the fault may be identi-fied.

In analytic redundancy approaches, the residuals are(usually dynamic) weightings of the difference betweenthe measured plant output and the output of a model of thesystem. Many fault detection methods are observer based;the observer will usually be designed from a model whichwill inevitably not be a perfect representation of the realsystem. In terms of the observer design, the plant/modelmismatch will usually be encapsulated as uncertainty. Thedesign procedure for the FDI scheme must then seek tomitigate the effect of the uncertainty on the residuals in

an effort to minimize false alarms and missed faults whenthe scheme is implemented on a real system (Chen andPatton, 1999).

In the last decade the use of sliding mode observersfor FDI has been explored. The novelty of the approachlies in the ability of sliding mode observers to recon-struct unmeasurable signals within a process by appro-priate scaling and filtering of the so-called ‘equivalentoutput error injection’ (Edwards et al., 2000). This isa unique property of sliding mode observers, which em-anates from the fact that the introduction of a sliding mo-tion forces the outputs of the observer to perfectly trackthe plant measurements (Edwards et al., 2000). Recon-struction approaches attempt to capture both the magni-tude and ‘shape’ of the faults, which can be advantageous.

The fact that even in the presence of faults the out-put of the sliding mode observer still perfectly follows theplant output means that residuals formulated in the usualway, i.e., as functions of the output estimation error, wouldalways be zero. Instead, the effect of the faults is seenthrough the fact that the equivalent output error injectionterm must compensate for the fault in order to maintainsliding. The work of Edwards et al. (2000) relies on the

110 C. Edwards et al.

assumption that the transfer function matrix relating thefaults to the measurement signals has relative degree oneminimum phase properties. Robustness to uncertainty inthe modelling process is vital. Edwards et al. (2000) aswell as Edwards and Spurgeon (2000) used a sliding modeobserver to reconstruct faults, in which there was no ex-plicit consideration of the disturbances or uncertainty. Tanand Edwards (2003) built on the work of Edwards andSpurgeon (2000) as well as Edwards et al. (2000) and pre-sented a design algorithm for the observer, using LinearMatrix Inequalities (LMIs) (Boyd et al., 1994), such thatthe L2 gain from the disturbances to the fault reconstruc-tion is minimized. Subsequent work has sought to developschemes which relax the conditions imposed by Edwardset al. (2000).

FDI schemes often represent only a subcomponentof the overall control architecture. In safety critical sys-tems, there is an inherent requirement that, overall, somelevel of possibly degraded performance must be main-tained even in the event of serious faults or failures oc-curring within the system. The ability to deal with situa-tions in which faults and failures occur originally coinedthe term ‘self repairing control’, although now this is morecommonly referred to by the moniker ‘fault tolerant con-trol’.

Generally speaking, fault tolerant control schemesare classified as either passive or active (Blanke et al.,2006). Passive schemes operate independently of anyfault information and basically exploit the robustness ofthe underlying control paradigm (Blanke et al., 2006; Pat-ton, 1997). Such schemes are usually less complex, but inorder to cope with ‘worst case’ fault effects they are con-servative. In this situation, nominal performance must of-ten be sacrificed to achieve fault tolerance (Banda, 1999).Active fault tolerant controllers react to the occurrence offaults, typically by using information from a fault detec-tion and isolation scheme, and invoke some form of recon-figuration. This represents a more flexible architecture.

In some situations the faults can be accommodated,i.e., a new controller can be found (at least theoretically)to recover an acceptable level of performance (Blankeet al., 2006). Reconfiguration is usually necessary inthe event of severe faults such as total failures in actua-tors/sensors. For example, if a sensor or actuator fails to-tally, no adaptation within that feedback loop can recoverperformance without modification to the choice of actua-tors and sensors coupled via the controller (i.e., reconfigu-ration). Furthermore, often the reference trajectory needsto be reconfigured to acknowledge the loss of performanceas a result of faults and failures (Theilliol et al., 2008).

Historically, sliding mode concepts have been the fo-cus of research because of their robustness to the so-calledmatched uncertainty (Utkin, 1992). The possibilities ofexploiting the inherent robustness properties of slidingmodes for fault tolerance has previously been explored

for aerospace applications (Hess and Wells, 2003; Sht-essel et al., 2002). In fact, the work of Hess and Wells(2003) argued that sliding mode control has the potentialto become an alternative to reconfigurable control.

This paper will describe how sliding mode ideas canbe exploited for fault detection (specifically fault signalestimation) and subsequently fault tolerant control. It willalso describe applications of these ideas to aerospace sys-tems and describe piloted flight simulator results associ-ated with the GARTEUR AG16 action group on fault tol-erant control. The results demonstrate a successful real-time implementation of the proposed fault tolerant controlscheme on a motion flight simulator configured to repre-sent the EL-AL aircraft associated with the Bijlmermeerincident (Edwards et al., 2010).

2. First order sliding mode observers

Historically, sliding mode ideas emerged from the formerUSSR in the 1950s (Utkin, 1992). Usually, these ideasare discussed for control system design, in which casethe control law is designed to drive the states onto andforces them to remain on a predetermined surface in thestate space. The motion while constrained to the surfaceis termed the sliding motion. There are two advantages ofthis approach:

• the sliding motion is of lower order than the originalsystem;

• sliding mode systems exhibit insensitivity propertiesto the so-called matched uncertainty (Drazenovic,1969)

The latter property has fuelled research in the area of slid-ing modes (and this robustness can be exploited for faulttolerant control). In this section, sliding modes will beconsidered from the perspective of observer design.

As an example consider the equations of motion fora pendulum

φ(t) = − sin(φ(t))

written as

x(t) =[

0 10 0

]x(t) +

[01

]ξ(t, x), (1)

where x1 = φ, x2 = φ and ξ(t, x) = − sin(φ). Artifi-cially choose y(t) = Cx(t), where

C =[

1 1]. (2)

The aim is to simultaneously estimate both x(t) andξ(t, x) from y(t) and u(t). A sliding mode observer isgiven by

z(t) =[

0 10 0

]z(t)−

[11

]ey(t)−

[01

]2sign(ey)︸ ︷︷ ︸

ν

,

(3)

Sliding mode methods for fault detection and fault tolerant control. . . 111

0 2 4 6 8 10 12 14 16 18 20−2

−1

0

1

2

Time, sec

Out

puts

Fig. 1. Comparison of the outputs from the plant and the ob-server.

0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5−1.5

−1

−0.5

0

0.5

Time, sec

Out

put e

rror

Fig. 2. Output estimation error.

where ey(t) = Cz(t)−y(t) is the output estimation error.Here

sign(ey) =

+1 if ey > 0,−1 otherwise.

Notice that without the last term in (3) the equations havea traditional Kalman filter/Luenberger observer structure,i.e., a model of the plant driven by signals depending onthe output estimation error.

When the initial conditions of the true states and ob-server states are deliberately set to different values, thefollowing simulation results can be obtained. Figure 1shows the outputs of the plant and the observer. It canbe seen that that of the observer quickly tracks the outputof the plant.

Figure 2 shows that a sliding motion takes place after0.2 seconds, i.e., ey is forced to zero and remains at zerofor all subsequent time despite the presence of uncertainty.The figure demonstrates the finite time response that is acharacteristic of sliding modes.

Figure 3 shows the states of the observer and theplant. Although the difference between the output of theplant and the observer becomes zero in finite time, thestate estimation error persists, although it decays to zeroasymptotically despite the plant/observer mismatch (sincethe sine term has been ignored for the purpose of observerdesign).

Figure 4 shows a low pass filtered version of the non-linear injection ν. The key issue to notice in Fig. 4 is that,on average, the nonlinear term ν = 2sign(ey) replicatesthe ‘unknown signal’ ξ without any knowledge of the sig-nal beyond a bound on its magnitude.

0 2 4 6 8 10 12 14 16 18 20−2

−1.5

−1

−0.5

0

0.5

1

1.5

Time, sec

1st S

tate

0 2 4 6 8 10 12 14 16 18 20−1.5

−1

−0.5

0

0.5

1

1.5

Time, sec

2nd

Sta

teFig. 3. Comparison of the states of the observer and the plant.

0 2 4 6 8 10 12 14 16 18 20−2

−1

0

1

2

Time, sec

Out

put e

rror

inje

ctio

n

Fig. 4. Evolution of the ‘equivalent output error injection’ of theobserver.

3. Sliding mode observers for fault detection

This section considers the use of sliding mode observersfor fault detection. A relevant model of the problem maybe posed as

x = Ax + Qξ(x, t) + Mfi(u, t), (4)

y = Cx, (5)

where A ∈ Rn×n, Q ∈ R

n×h, M ∈ Rn×q and C ∈

Rp×n. The state x(t) is assumed to be unknown. The

bounded unknown function fi(u, t) represents the actu-ator fault to be estimated. The term ξ(x, t) representsbounded uncertainty affecting the system and the fault isassumed to satisfy

‖fi(u, t)‖ ≤ k1 + α(t, u, y), (6)

where k1 is a positive scalar and α(·) is a known function.The aim is to design an observer of the form

z(t) = Az(t) + Bu(t)−Gley(t) + Gnν, (7)

112 C. Edwards et al.

where

ν = −ρ(t, u, y)ey(t)‖ey(t)‖ if ey(t) = 0 (8)

and ey(t) = y(t) − y(t). The two gains Gl, Gn ∈ Rn×p

are to be determined and the modulation function ρ : R+×R

p × Rm → R+ is chosen to satisfy

ρ(t, y, u) ≥ k1 + α(t, u, y) + η, (9)

where η ∈ R+. A fixed gain W ∈ Rq×p will also be

sought to form a reconstruction signal

fi(t) = Wν(t). (10)

Under the following assumptions:

A1: CM has rank q;

A2: (A, M, C) is minimum phase;

the gains Gl and Gn can be chosen so that R(M) ⊂R(Gn) and the transfer function C(sI −A + GlC)−1Gn

is strictly positive real. As a result, the signal fi in (10)can be designed to have the following properties:

• if ξ = 0, then fi → fi (at worst asymptotically);

• if ξ = 0, then there exists a positive scalar γ suchthat∫ ∞

0

‖fi(t)− fi(t)‖2 dt ≤ γ2

∫ ∞

0

‖ξ(t)‖2 dt,

(11)where γ represents the L2 gain between the uncer-tainty/disturbance ξ and the fault estimation error(Tan and Edwards, 2003).

Remark 1. This is a fault estimation approach, i.e., notresidual based. Moreover, provided the gain γ is small,isolation is inherent in the scheme.

As a result of A1 and A2, there exists a change ofcoordinates such that

A =[

A11 A12

A21 A22

], M =

[0

Mo

], (12)

Q =[

Q1

Q2

], C =

[0 T

], (13)

where A11 ∈ R(n−p)×(n−p), Mo ∈ R

q×q is nonsin-gular and T ∈ R

p×p is orthogonal (Edwards and Spur-geon, 1998).

Define A211 as the top p − q rows of A21. It canbe shown that (A11, A211) is detectable. Furthermore, theunobservable modes are the invariant zeros of (A, M, C)(Edwards and Spurgeon, 1998). It can be shown that asuitable choice of the gain Gn is

Gn =[

LT T

T T

], (14)

whereL =

[Lo 0

](15)

with Lo ∈ R(n−p)×(p−q), and

fi = fi + G(s)ξ, (16)

where

G(s) :=WA21(sI − (A11 + LA211)−1(Q1 + LQ21)+ WQ2,

where Q21 represents the top p−q rows of Q2. The objec-tive is to minimize the effect of ξ on fi in an L2 sense asin (11), with respect to the choice of L and W . The syn-thesis of the observer design parameters can be posed as aconvex optimization problem and solved using LMI tech-niques in a systematic way (Tan and Edwards, 2003). If‘precise’ fault reconstruction is not possible, the LMI op-timization seeks to minimize the effect of the uncertaintyon the reconstruction.

Remark 2. In this paper, a clear distinction is made be-tween faults and disturbances. The faults are to be recon-structed as accurately as possible, but there is no require-ment per se to estimate the disturbances. Other workshave not made this distinction. For example, Saif andGuan (1993) aggregate the faults and disturbances to forman augmented ‘fault’ vector and suggest using a linear un-known input observer to reconstruct the new ‘fault’ vec-tor. A necessary condition in the works of Edwards et al.(2000), Edwards and Spurgeon (2000), Tan and Edwards(2003) as well as Saif and Guan (1993) is that the firstMarkov parameter of the system connecting the fault tothe output must be full rank (i.e., Assumption A1). Thislimits the class of systems to which the results of Edwardset al. (2000), Edwards and Spurgeon (2000), Tan and Ed-wards (2003) as well as Saif and Guan (1993) are applica-ble.

Recently, fault reconstruction schemes for systemsfor which CM is not full rank have been developed.Higher order sliding mode schemes have been suggestedby Bejarano et al. (2007), Chen and Saif (2007), Fridmanet al. (2007), Davila et al. (2010) as well as Moreno andOsorio (2008). The work of Fridman et al. (2007) usesthe notion of ‘strong observability’ together with the so-called higher order sliding mode observers. Strong ob-servability concepts have also been exploited by Bejaranoet al. (2007) using a hierarchy of observers. Chen and Saif(2007) advocate a bank of high-order sliding-mode differ-entiators to obtain derivatives of the outputs and then es-timate the faults from these signals. Floquet et al. (2007)suggest the use of exact differentiators to generate deriva-tives of the measurements to ‘create’ additional outputs tocircumvent relative degree assumptions.

Sliding mode methods for fault detection and fault tolerant control. . . 113

The problem of input reconstruction has also beenconsidered from a geometric perspective by Edelmayeret al. (2004). The works of Chen and Saif (2007), Flo-quet et al. (2007), Bejarano et al. (2007), or Fridman et al.(2007) do not consider uncertainty, unless the faults anduncertainty are augmented and treated as ‘unknown in-puts.’ In this case the number of disturbances plus faultsmust not exceed that of outputs. This limits the class ofsystems for which the results are applicable. Ng et al.(2007) extended the work of Tan and Edwards (2003) ex-ploiting two sliding mode observers in cascade. Knownsignals from the first observer were considered as out-puts of a ‘fictitious’ system which has a full rank (first)Markov parameter. Then a second sliding mode observeris designed based on the fictitious system to reconstructthe fault. This enables robust fault reconstruction for sys-tems where the number of disturbances and faults exceedsthat of outputs. The next section builds on the results ofNg et al. (2007) using multiple observers in cascade.

4. Cascade based robust faultreconstruction scheme

The use of sliding mode observers in a cascade frame-work for unknown input estimation is not new (see, e.g.,Sharam and Aldeen, 2007; Wang et al., 2003; Haskaraet al., 1998; Krasnova et al., 2001). However, the workof Haskara et al. (1998) assumes full state measurement,whilst Wang et al. (2003) do not consider any external dis-turbances. Although Sharam and Aldeen (2007) considerboth faults and uncertainties, they are aggregated and bothtreated as unknown inputs—this introduces unnecessaryconservatism.

In this section the faults and disturbances are treateddifferently. Using similar techniques as Ng et al. (2007)did, measurable signals from an observer are used as out-puts of a fictitious system. The next observer is designedfor the fictitious system, and the known signals from thisobserver are used as outputs of another fictitious system.The process is repeated until a fictitious system is ob-tained, whose (first) Markov parameter is full rank. Thetechnique proposed by Tan and Edwards (2003) is thenused to robustly reconstruct the fault. This results in arobust fault scheme reconstruction applicable to a widerclass of systems than in the work of Ng et al. (2007).

The final fictitious system is found to be in the sameframework as in the case of Tan and Edwards (2003),which minimizes the L2 gain from the disturbances to thefault reconstruction. This means the algorithm is applica-ble for systems where the number of outputs is less thanthe sum of the faults and disturbance channels. In addi-tion, it is found that the design of previous observers doesnot affect the sliding motion of the final observer, whichimplies that the L2 gain from the disturbances to the faultreconstruction is not affected (Tan and Edwards, 2010).

The recursive scheme will now be described. First,re-write the system in (4)–(5) as

x1 = A1x1 + M1f1 + Q1ξ1, (17)

y1 = C1x1, (18)

where x1 ∈ Rn1

are the states, y1 ∈ Rp are the outputs

and f1 ∈ Rq are unknown faults. The signals ξ1 ∈ R

h

are uncertainties that represent the mismatch between thelinear model (17) and the real plant. Assume withoutloss of generality that rank(M1) = q, rank(C1) = pand rank(C1M1) = r1 < q, which implies that r1 ≤min p, q. The objective is to reconstruct f1 whilst min-imizing the effects of ξ1 on the fault reconstruction. Ifh + q > p and r1 < q, then the approaches suggestedby Edwards et al. (2000), Edwards and Spurgeon (2000),Saif and Guan (1993), Tan and Edwards (2003), Sharamand Aldeen (2007), Bejarano et al. (2007), Chen and Saif(2007), Fridman et al. (2007) as well as Floquet et al.(2007) are not applicable. In this situation, the followingproposes the cascade observer scheme.

y1SMO 1z1

z1

2

z11

Filterz1

f

1st SMO and filter structure

y2SMO 2z2

z2

2

z21

Filterz2

f

2nd SMO and filter structure

y3..... yk

SMO kνkeq

W f1

k-th SMO

Fig. 5. Observer scheme.

For the algorithm which will be described in the se-quel, partition the matrices from (17) as

A1 =[

A11 A1

2

A13 A1

4

], M1 =

[M1

1

M12

],

Q1 =[

Q11

Q12

]n1−p

p,

where A11 is square. Since C1 =

[0 Ip

]and

rank(C1M1) = r1, we have rank(M12 ) = r1. In the

above, Q1 has no particular structure. The idea is to cre-ate a systematic way of

• computing the number of observers required,

• calculating the gains of the sliding mode observers.

Consider a recursive sequence of ‘systems’ of theform

xi = Aixi + M if i + Qiξi, yi = Cixi, (19)

where xi ∈ Rni

are the states, yi ∈ Rpi

the outputs andf i ∈ R

q are unknown faults to be estimated. The sig-nals ξi ∈ R

h are uncertainties. The following propositionunderpins the strategy.

114 C. Edwards et al.

Proposition 1. (Tan and Edwards, 2010) Assume thatrank(CiM i) = ri < qi where qi = rank(M i). Thenthere exists a change of coordinates xi → T i

1xi and a

nonsingular scaling f i → f i+1 := T i2f

i such that

• the fault matrix has the structure

M i=[M i

1

M i2

]=

⎡⎣M i

11 00 00 M i

22

⎤⎦ ni−pi

pi−ri

ri

, (20)

where M i22 ∈ R

ri×ri

is invertible with M i11 being

full column rank;

• the output matrix has the structure

Ci=[0 Ci

2

], (21)

where Ci2 ∈ R

pi×pi

and is full rank;

• the matrices Ai, Qi have no particular structure butare partitioned as

Ai =[

Ai1 Ai

2

Ai3 Ai

4

], Qi =

[Qi

1

Qi2

]ni−pi

pi.

(22)At Step i suppose that rank(CiM i) = ri < qi,

where qi = rank(M i). This is certainly true wheni = 1, otherwise the method proposed by Tan and Ed-wards (2003) can be used directly.

A key assumption is that ξ is smooth and an upperbound on its bandwidth is known. As a result, write

ξ1 = Ω(s)ξk, (23)

where Ω(s) is a known filter with low-pass characteristicsof appropriate bandwidth and ξk is a bounded unknownsignal. The transfer function matrix Ω(s) can be viewedas a ‘weighting function’ often used in frequency domainapproaches to control (Zhou et al., 1996). Furthermore,assume that each ξi satisfies

ξi = AiΩξi + Bi

Ωξi+1, (24)

where AiΩ is a stable matrix and where, by definition,

ξ1 := ξ. Suitable choices for AiΩ and Bi

Ω need to be madeto capture the characteristics of ξk. The idea is then toaugment (19) and (24) to obtain

˙xi = Aixi + M if i + Qiξi+1, yi = Cixi. (25)

For each intermediate system (25), an observer of theform

˙zi = Aizi − Gil e

iy + Gi

nνi (26)

is used, where zi ∈ Rn is the estimate of xi and ei

y =Cizi − yi. The matrices Gi

l , Gin ∈ R

ni×pi

are observergains (to be designed). Structurally this is the observer

from (7). In the canonical form coordinates associatedwith Proposition 1,

Gin =

[ −Li

Ip

](PoC2)−1, Li =

[Li

o 0], (27)

where Po ∈ Rpi×pi

is semi-positive definite and Lio ∈

R(ni−pi)×mi+1

. The term νi is a nonlinear discontinuousterm defined by

νi = −ρei

y

‖eiy‖

, ρ ∈ R+ for eiy = 0. (28)

If the modulation function ρ is chosen to ensure a slidingmotion, then, during sliding, in appropriate coordinates

˙ei1 = (Ai

1 + LioA

i31)e

i1 − M i

1fi+1 − Qi

1ξi+1, (29)

0 = Ci2A

i3e

i1 − Ci

2Mi2f

i+1 + (P io)−1νi

eq , (30)

where νieq is the equivalent output injection. Making a

change of variables wi := −ei1 and re-arranging (29)–(30)

gives the representation

wi = (Ai1 + Li

oAi31)w

i + M i1f

i+1

+ Qi1ξ

i+1, (31)

(P ioCi

2)−1νi

eq = Ai3w

i + M i2f

i+1, (32)

Define

zi := (P ioCi

2)−1νi

eq =[

zi1

zi2

]mi+1

p−mi+1 .

Then in a suitable coordinate system,

zi1 =

[0 Imi+1

]wi, (33)

zi2 = Ai

32wi +

[0 00 M i

22

]f i+1. (34)

Define a signal zif (a filtered version of zi

2) such that

zif := −αizi

f + αizi2, (35)

where αi ∈ R+. From Eqns. (34) and (35),

zif = −αizi

f + αiAi32w

i +[

0 00 αiM i

22

]f i+1. (36)

Combining (31), (33) and (36) yields the state-space sys-tem representation

xi+1 = Ai+1xi+1 + M i+1f i+1 + Qi+1ξi+1, (37)

yi+1 = Ci+1xi+1, (38)

where xi+1 := col(wi, zi

f

), yi+1 := col

(zi1, z

if

)and

Ai+1 :=[

A11 + L1

oA131 0

α1A132 −α1I

],

M i+1 =

⎡⎣ M1

1[0 00 α1M1

22

] ⎤⎦ ,

Sliding mode methods for fault detection and fault tolerant control. . . 115

where Qi+1 = col(Q1

1, 0)

and Ci+1 =[

0 Ip

].

Notice that (38) is in the form of (19). Now only twoscenarios can occur:

• rank(Ci+1M i+1) < rank(M i+1) and the processcontinues with i← i + 1.

• rank(Ci+1M i+1) = rank(M i+1) and a slidingmode observer of the type as in the work of Tan andEdwards (2003) based on Ai+1, M i+1, Ci+1, Qi+1

can be used to reconstruct f i+1 and also minimizethe L2 gain from ξi+1 to the fault reconstruction.

Key results can be stated following Tan and Edwards(2010):

• If (A, M, C) is minimum phase, then all the fictitioussystems (Ai, M i, Ci) are minimum phase. (Thisguarantees the existence of stable sliding motions.)

• The gain matrix Li−1 affects only the last p columnsof Ai, and it can be shown that Li−1 will not affectthe reduced order sliding motion of observer i and allsubsequent observers.

Therefore, the quality of the fault reconstruction de-pends on the sliding motion of the last observer i = k.

Remark 3. The choice of the filter in (24) is importantto capture the characteristics of the uncertainty ξk. Thechoice of the filters (Ai

Ω, BiΩ) is not unique. The crucial

decision is the choice of the filter bandwidth and not theparticular choice of the filter itself. In the example whichfollows, first order filters have been chosen, although ahigher order filter could have been used. The hypothesishere is that the uncertainties ξk are assumed to be smoothand an upper bound on their bandwidth known. The as-sumption that there is a bound on the frequency content ofthe disturbances is common in the applications literature.This sort of information has been used in the developmentof models of practical engineering systems such as, e.g.,satellites and ships and for process control, (typically, thedisturbances are then assumed to be of low frequency incharacter). Insight into the underlying physics is usuallyemployed to decide on the meaningful frequency range ofthe disturbance (Tan and Edwards, 2010).

Remark 4. A common approach in terms of practicalimplementation of classical sliding mode schemes is toreplace the unit vector terms with a sigmoidal approxi-mation (e.g., Edwards and Spurgeon, 1998). In the cas-cade scheme this will lead to a loss of accuracy. Instead,the unit vector can be replaced by a super-twist scheme(Levant, 2003) term to preserve accuracy. The super-twistscheme can be included within the Lyapunov analysis asdiscussed by Tan and Edwards (2010).

4.1. Design example. The method described abovewill now be demonstrated using a model of a civil aircraft(Edwards et al., 2010) whose system matrices are given asfollows:

A1 =

⎡⎢⎢⎢⎢⎣

−0.5137 −0.5831 −0.62281.0064 −0.6284 −0.0352

0 0 −37.00000 1.7171 0

1.0000 0 0

0.0004 0−0.0021 0

0 0−0.0166 −9.8046

0 0

⎤⎥⎥⎥⎥⎦ ,

M1 =[

0 0 37 0 0]T

,

where the states are the pitch rate, angle of attack, ele-vator position, total airspeed and pitch angle. The inputis the elevator command. It is assumed that the first andsecond rows of the matrix A1 contain uncertainties asso-ciated with the aerodynamic derivatives. The problem isto reconstruct actuator faults using only measurements ofthe speed and pitch angle. If the signals f1 and ξ1 are aug-mented to form a new ‘fault’ vector, this results in a new‘fault’ vector having three components.

The filter matrices that describe the characteristics ofξ1 are chosen here as A1

Ω = −10I2 and B1Ω = 10I2. Note

that this choice is not unique: first order linear filter re-alizations have been chosen, although higher order filterscould have been used as well. The crucial decision is thechoice of the filter bandwidth and not the particular choiceof the filter itself. With this choice of filter, it can be shownthat C2M2 = 0, and hence r2 = 0, which results in r2 =0. The matrices of the filter associated with ξ2 have beenchosen as A2

Ω = −10I2, B2Ω = 10I2. It can be shown that

this gives m3 = 1 and rank(C3M3) = rank(M3), andthe robust sliding mode observer can be designed basedon A3, M3, C3, Q3 as described in Section 3.

Figure 6 shows the nominal case when there is nouncertainty. Figure 7 compares the disturbances ξ1 thatimpact on the system and shows ξ3, which is the fictitiousdisturbance signal associated with ξ1 = Ω(s)ξ3. It can beseen that ξ3 is visually identical to ξ1, which implies theweighting function for the disturbance is valid. Figure 8shows the fault reconstruction in the presence of the uncer-tainty. Although there is a slight degradation due to ΔA1,the reconstruction is not severely affected by ξ1 (which issignificant—being more than 10% of the magnitude of thefault).

116 C. Edwards et al.

0 2 4 6 8 10 12 14 16 18 20−0.02

0

0.02

0.04

0.06

0.08

0.1

0.12

time, sec

Fig. 6. Fault applied to the actuator and its reconstruction whenΔA1 = 0, i.e., when there is no uncertainty.

0 2 4 6 8 10 12 14 16 18 20−0.03

−0.025

−0.02

−0.015

−0.01

−0.005

0

0.005

time, sec

Fig. 7. Components of ξ1 and the fictitious signal ξ3.

0 2 4 6 8 10 12 14 16 18 20−0.02

0

0.02

0.04

0.06

0.08

0.1

0.12

time, sec

Fig. 8. Fault reconstruction in the presence of uncertainty.

5. Reconstruction of incipient sensor faults

Consider initially1 a nominal dynamical system affectedby sensor faults modelled as

x(t) = Ax(t) + Bu(t), (39)

y(t) = Cx(t) + Ffo(t), (40)

where A ∈ Rn×n, B ∈ R

n×m, C ∈ Rp×n and F ∈

Rp×q , with n ≥ p > q. The methods for sensor fault

estimation proposed by Tan and Edwars (2002; 2003) re-quire one (testable) assumption, to guarantee the existenceof the observer design. Tan and Edwards (2002) suggestintroducing a new state xf ∈ R

p satisfying

xf (t) = −Afxf (t) + Afy(t), (41)

where −Af ∈ Rp×p is a stable matrix. Equations (39)

and (41) can be combined to give a system of order n + pwith states xa = col(xp, xf ) in the form

xa(t) = Aaxa(t) + Bau(t) + Mafo(t), (42)

xf (t) = Caxa(t), (43)

1An extension to uncertain systems is discussed by Alwi et al.(2009a).

It can be shown that the invariant zeros of(Aa, Ma, Ca) are a subset of the open loop poles of theplant (cf. Tan and Edwards, 2002; 2003). A sufficientcondition for using observers of the structure as in Sec-tion 2 is therefore that the system is open-loop stable inorder to robustly estimate the sensor faults. Open-loopstability is not a necessary condition, but for open-loopunstable systems with certain classes of faults, examplescan be constructed such that the methods given by Tan andEdwards (2003; 2002) are not applicable. Note that clas-sical linear Unknown Input Observers (UIOs) cannot beemployed in this situation (Edwards and Tan, 2006; Chenet al., 1996; Chen and Zhang, 1991; Darouach, 1994; Saifand Guan, 1993). This section discusses a new observerdesign for sensor fault reconstruction which addresses thisrestriction.

Without loss of generality, it can be assumed that theoutputs of the system have been reordered (and scaled ifnecessary) so that

F =[

0Iq

], C =

[C1

C2

]. (44)

The function fo : R+ → Rq is assumed to be unknown

but smooth and bounded. The objective is to design asliding mode observer to reconstruct the faults fo(t) us-ing only y(t) and u(t). Define

ϕ(t) := fo(t). (45)

It is assumed that the sensor faults are incipient(Patton et al., 1989) and hence ‖ϕ(t)‖ is small, but overtime the effects of the fault increment and become signif-icant. Equations (39) and (45) can be combined to give asystem of order n + q with states xa := col(x, fo) in theform[

x

fo

]=

[A 00 0

]︸ ︷︷ ︸

Aa

[xfo

]+

[B0

]︸ ︷︷ ︸

Ba

u +[

0Iq

]︸ ︷︷ ︸

Fa

ϕ, (46)

y=[

C F]

︸ ︷︷ ︸Ca

[x

fo

]. (47)

Equations (46) and (47) represent an unknown input prob-lem for (Aa, Fa, Ca) driven by the unknown signal ϕ(t).

Proposition 2. (Alwi et al., 2009b) The pair (Aa, Ca)is observable if (A, C1) does not have an unobservablemode at zero or if the open loop system in (39) is stable.

After an appropriate change of coordinates (Alwiet al., 2009a), the triple in the new coordinates is givenby

Aa =[

A 0C2A 0

], Ca =

[0 Ip

], Fa =

[0Iq

],

(48)

Sliding mode methods for fault detection and fault tolerant control. . . 117

where C2 ∈ Rq×n. In the xa coordinates,

fo(t) = Cfxa(t), (49)

where Cf :=[

0q×n Iq

]. Write

Aa =

⎡⎣ A11 A12

A211

A212A22

⎤⎦ , (50)

where the matrices A11 ∈ R(n+q−p)×(n+q−p) and

A211 ∈ R(p−q)×(n+q−p). By construction, the unob-

servable modes of (A11, A211) are the invariant zeros of(Aa, Fa, Ca) (Edwards et al., 2000). For the system in(46) and (47), consider a sliding mode observer of theform given in (7) and (8). An appropriate gain Gn forthe nonlinear injection term ν in (28) is

Gn =[ −L

Ip

], L =

[L1 L2

], (51)

where L1 ∈ R(n+q−p)×(p−q) and L2 ∈ R

(n+q−p)×q

represent design freedom (Edwards and Spurgeon, 1994).The reduced order sliding motion can be written as

˙e1(t) =(A11 + L1A211 + L2A212

)e1(t) + L2ϕ, (52)

ey(t) = ey(t) = 0. (53)

The matrices L1 and L2 have to be chosen to ensurethat A11 + LA211 + L2A212 is stable. The effect of ϕ onthe estimation fo is given by G(s)ϕ, where

G(s) :=[

A11 + L1A211 + L2A212 L2

Ce 0

], (54)

with Ce =[

0n−p×q Iq

]Since the pair (Aa, Ca) is

observable, there exist matrices L1 and L2 so that the sys-tem matrix A11 + L1A211 + L2A212 is stable.

Proposition 3. If (Aa, Fa, Ca) from (39) and (40) is min-imum phase, then a sliding mode observer exists such thatfo = Cfxa → fo as t→∞ (choosing L2 = 0).

Proposition 4. If the system matrix A from (39) is sta-ble, then a sliding mode observer exists such that fo =Cfza → fo as t→∞.

Remark 5. If A from (39) is unstable, then for cer-tain fault conditions (A, C1) may be unobservable andperfect reconstruction is not possible. Furthermore, if(A, C1) is undetectable making (Aa, Fa, Ca) nonmini-mum phase, then, as argued by Edwards and Tan (2006),unknown input observers cannot be employed to rejectϕ, (see Saif and Guan, 1993; Darouach, 1994; Chen andZhang, 1991; Chen et al., 1996). As described by Alwiet al. (2009a), the gains L1 and L2 must be chosen to en-sure that ‖G(s)‖∞ is minimised.

5.1. Simulation results. The ADMIRE model repre-sents a small rigid fighter aircraft with a delta-canard con-figuration (Forssell and Nilsson, 2005). The linear modelused for design has been obtained at a low speed flightcondition similar to the one given by Harkegard and Glad(2005). The controlled outputs are angle of attack, sideslipthe angle and roll rate. The linear model is open-loop un-stable, which is typical for fighter aircraft to allow highmanoeuvrability. It is assumed that the sensor for the pitchrate (q) is prone to faults. It can be shown that the asso-ciated augmented system (Aa, Fa, Ca) is non-minimumphase (Alwi et al., 2009a).

The simulation displayed in Figs. 9 and 10 has beenobtained from the full nonlinear ADMIRE model with theaircraft undergoing a banking manoeuvre and change inaltitude. Figure 10 shows the results of the fault recon-struction using different sensor fault shapes, to show theeffectiveness of the method. In both conditions, the pro-posed scheme provides satisfactory fault reconstructionsfor the q-th sensor. As expected, perfect fault estimationcannot be achieved.

0 20 40 60 80 100 120 140 160 180 200−5

0

5

10

15

20

25

30

time (sec)

Sen

sor f

ault

(deg

)

estimated faultactual fault

Fig. 9. Sensor fault reconstruction on the pitch rate.

6. Fault tolerant control

The inherent robustness properties of sliding modes tomatched uncertainty make it a natural candidate for pas-sive fault tolerant control. It is argued by Alwi and Ed-wards (2008a; 2008b) that a broad class of actuator faultscan be accommodated by an appropriate scheme whichmonitors quantitatively the extent to which a sliding mo-tion (in a control context) is being maintained and thentriggers an adaptive mechanism if there is deteriorationin performance. The controller is based around a state-

0 20 40 60 80 100 120 140 160 180 200−20

−10

0

10

20

30

40

50

time (sec)

Sen

sor f

ault

(deg

)

estimated faultactual fault

Fig. 10. Sensor fault reconstruction on the pitch rate.

118 C. Edwards et al.

feedback sliding mode scheme and the gain associatedwith the nonlinear term is allowed to adaptively increasewhen the onset of a fault is detected. Compared withother FTC schemes which have been implemented on thismodel, the controller is simple and yet is shown to workacross the entire ‘up and away’ flight envelope.

Although sliding mode controllers (e.g., Alwi andEdwards, 2008a) cope easily with faults, they are not ableto directly deal with failures, i.e., the total loss of an ac-tuator. In order to overcome this, the integration of a slid-ing mode scheme with a control allocation framework hasbeen considered (Alwi and Edwards, 2008b), where theeffectiveness level of the actuators is used to redistributethe control signals to the ‘healthier’ actuators when a faultoccurs.

One of the challenges of using traditional controlideas for systems with redundancy, i.e., over-actuated sys-tems, is how to deal with these additional degrees of free-dom. Control Allocation (CA) has emerged as one of themost studied techniques when dealing with such problems(e.g., Enns, 1998; Boskovic and Mehra, 2002; Buffingtonet al., 1999; Davidson et al., 2001). One benefit of using aCA structure for fault tolerant control is that the controllerremains the same and the control effort is distributed to allavailable actuators without reconfiguration. This is vitalin terms of simplicity of design.

Recently, Alwi and Edwards (2008b) developed arigorous design procedure from a theoretical perspectiveto achieve FTC while proving stability for a class of faultsand failures. Their work has been used to design lat-eral and longitudinal controllers for the GARTEUR FM-AG16 benchmark problem (Edwards et al., 2010). TheGARTEUR FM-AG16 action group has undertaken an ex-tensive study to establish the benefits of using state ofthe art fault detection and FTC methods for aerospacesystems. The different paradigms which have been ap-plied are described by Edwards et al. (2010). The con-trol allocation scheme described here uses the effective-ness levels to redistribute the control signals to function-ing healthy actuators when a fault/failure occurs (Alwi andEdwards, 2008b; Alwi et al., 2008).

6.1. Design procedures. Consider an over-actuatedsystem subject to actuator faults,

x(t) = Ax(t) + Bu(t)−BKu(t), (55)

where A ∈ Rn×n and B ∈ R

n×m. The matrix K =diag(k1, . . . , km), where the scalars 0 ≤ ki ≤ 1 modela decrease in effectiveness of an actuator. If ki = 0, theactuator is healthy, otherwise a fault is present, and if ki =1 the actuator has failed totally. The work of Alwi andEdwards (2008b) advocates reordering the states such that

B =[

B1

B2

], (56)

where B2 ∈ Rl×m has rank l and ‖B2‖ = 1 with ‖B1‖

1. Here l reflects the number of controlled outputs. Let the‘virtual control’ ν(t) := B2u(t) so that u(t) = B†

2ν(t),where

B†2 := WBT

2 (B2WBT2 )−1 (57)

and W ∈ Rm×m. Note B2B

†2 = Il for any choice of W .

In the work of Alwi and Edwards (2008b) the choice

W = I −K (58)

is suggested (assuming good estimates of ki are avail-able). In a fault free situation W = I , which is a com-mon choice in the CA literature. Sliding mode controlmethods (Utkin, 1992; Edwards and Spurgeon, 1998) willbe used to synthesize ν(t). Define a switching functionσ(t) : R

n → Rl to be

σ(t) = Sx(t),

where S ∈ Rl×n and det(SBν) = 0. After an appropriate

coordinate transformation x → x = Trx, the system canbe written as[ ˙x1(t)

˙x2(t)

]=

[A11 A12

A21 A22

][x1(t)x2(t)

]+

[B1B

N2 B+

2

I

]ν(t), (59)

where

BN2 := (I −BT

2B2), B+2 = W 2BT

2 (B2W2BT

2 )−1

andν(t) := (B2W

2BT2 )(B2WBT

2 )−1ν(t). (60)

The following proposition is crucial:

Proposition 5. (Alwi and Edwards, 2008b) There exists ascalar γ0 such that

‖B+2 ‖ < γ0 (61)

for all W = diag(w1, . . . , wm) such that 0 < wi ≤ 1.

In the x(t) coordinates,

S := ST−1r =

[N I

], (62)

where N ∈ Rl×(n−l) represents design freedom. If

(A, Bν) is controllable, then (A11, A12) is controllableand N can be chosen to make A11 − A12N stable. Thesliding motion is governed by

˙x1(t) = (A11−B1BN2 B+

2 (I+NB1BN2 B+

2 )−1A21)x1(t).(63)

In fault free conditions, BN2 B+

2 |W=I = 0, and thesystem in (63) ‘collapses’ to

˙x1(t) = A11x1(t).

Sliding mode methods for fault detection and fault tolerant control. . . 119

The system in (63) depends on W and stability needsto be established. Define

G(s) := A21(sI − A11)−1B1BN2 , (64)

where A11 = A11−A12N and A21 := NA11+A21−A22.By construction, G(s) is stable.

Define γ2 = ‖G(s)‖∞ and

γ1 := ‖MB1BN2 ‖. (65)

The following proposition provides stability guaranteesfor the closed-loop fault system.

Proposition 6. (Alwi and Edwards, 2008b) During a faultor failure condition, for any 0 < wi ≤ 1, the closed–loopsystem will be stable if

0 <γ2γ0

1− γ1γ0< 1, (66)

where γ0 = ‖B+2 ‖ as defined in Proposition 5.

The proposed control law is

ν(t) = νl(t) + νn(t),

where νl(t) := −A21e1(t)− A22σ(t) and

νn(t) := −(ρ(t, x) + η)σ(t)‖σ(t)‖ for σ(t) = 0. (67)

The gain from (67) is

ρ(t) = r(t)(l1‖x(t)‖+ l2). (68)

The scalar variable r(t) is an adaptive gain satisfying

r(t) = a(l1‖x(t)‖+ l2

)Dε(‖σ(t)‖) − br(t), (69)

where r(0) = 0, and the a and b are design constants. Thefunction Dε : R → R is the nonlinear function

Dε(‖σ‖) =

0 if ‖σ‖ < ε,‖σ‖ otherwise,

(70)

where ε is a positive scalar. The idea is only to trigger theadaptive scheme if a fault is present and a degradation inthe sliding motion begins to appear (Alwi et al., 2010).

7. Implementation results

7.1. Actuator faults. The SIMONA (SImulation, MO-tion and NAvigation) simulator is a motion simulator de-veloped by the Delft University of Technology. The flightdeck provides pilots with simulated instruments. The pilotinterfaces with the ‘aircraft’ by a traditional control col-umn or a sidestick controller, rudder pedals with enginecontrols and a Mode Control Panel (MCP). The windows

Fig. 11. SIMONA flight simulator at the TU Delft.

Fig. 12. SIMONA flight deck.

give a view of a virtual environment and a motion sys-tem moves the entire cabin to simulate aircraft motion. Anetwork of PCs provides the processing power to run thesimulator. A flexible software architecture (DUECCA) al-lows the integration of the controller in a realistic aircraftenvironment.

The design objective is to bring a faulty aircraft tonear landing conditions. This is achieved by tracking:

• roll (φ) and sideslip (β) using the lateral controller,

• Flight Path Angle (FPA) and airspeed (Vtas) com-mands using the longitudinal controller.

The lateral control surfaces are the ailerons (four),spoilers (ten) and EPR (differential). The longitudinalcontrol surfaces are the elevator, horizontal stabilizer andtotal EPR.

The controller was implemented using Matlab’sRTW utility. The Ode4 solver with a fixed time step of0.01 s was employed running on a dual Pentium III 1 GHzprocessor. A connection with the MCP enables the selec-tion of ‘control modes’, e.g., altitude hold, heading select,etc.

Figures 14 and 15 show the responses in the face of ahorizontal stabilizer runaway, where the stabilizer movesat its maximum deflection rate to its maximum deflection

120 C. Edwards et al.

Actuators

MCP inputs

Pilot inputs

and switches

SMC controller

FDI

Aircraft model

Actuator

command

Sensor data

Data logging

SIMONA simulator

Fig. 13. Schematic of the SIMONA setup.

position of 3 deg. The aircraft performs a series of 90degree turns after the fault has occurred followed by anattempt to reduce altitude to bring the aircraft to near land-ing conditions. It can be seen in Figs. 14 and 15 that goodperformance can be maintained despite the severe failurewhich has occurred in the system.

0 200 400 600−1

−0.5

0

0.5

1

side

slip

ang

le (

deg)

Lateral states

0 200 400 6000

50

100

150

head

ing

angl

e (d

eg)

time (sec)

0 200 400 60080

85

90

95

Vta

s (m

/sec

)

Longitudinal states

0 200 400 6000

200

400

600

altit

ude

(m)

time (sec)

statescmd

Fig. 14. Horizontal stabilizer runaway fault.

0 200 400 600

1

1.1

1.2

1.3

EP

R 1

−4

0 200 400 600

0

1

2

spoi

lers

le

ft (d

eg)

sp1−4sp5

0 200 400 6000

2

4

spoi

lers

rig

ht (

deg)

sp8sp9−12

0 200 400 600−2

0

2

4

aile

rons

le

ft (d

eg)

aolail

0 200 400 600−4

−2

0

2

aile

rons

rig

ht (

deg)

airaor

0 200 400 600

−1.5

−1

−0.5

0

0.5

rudd

ers

(deg

)

rurl

0 200 400 600

−20

−10

0

elev

ator

(de

g)

time (sec)0 200 400 600

−2

0

2

4

horiz

onta

l

st

abili

zer

(deg

)

time (sec)

Fig. 15. Horizontal stabilizer runaway (control signal).

Figures 16 and 17 are associated with a lateral fault,specifically, a rudder runaway. The aircraft is piloted tofollow the same flight path as in Figs. 14 and 15. Againit can be seen from Figs. 16 and 17 that good performancecan be maintained and the aircraft can be brought to a nearlanding condition.

0 500 1000

−0.5

0

0.5

side

slip

ang

le (

deg)

Lateral states

0 500 10000

50

100

150

head

ing

angl

e (d

eg)

time (sec)

0 500 100090

95

100

105

110

115

Vta

s (m

/sec

)

Longitudinal states

0 500 10000

200

400

600

altit

ude

(m)

time (sec)

statescmd

Fig. 16. Rudder runaway.

0 500 10000.8

1

1.2

EP

R 1

−4

0 500 10000

2

4

spoi

lers

le

ft (d

eg)

sp1−4sp5

0 500 1000

0

1

2

spoi

lers

rig

ht (

deg)

sp8sp9−12

0 500 1000−4

−2

0

2

aile

rons

le

ft (d

eg)

aolail

0 500 1000−2

0

2

4

aile

rons

rig

ht (

deg)

airaor

0 500 10000

2

4

6

rudd

ers

(deg

)

rurl

0 500 10001.5

2

2.5

3

3.5

elev

ator

(de

g)

time (sec)0 500 1000

−3

−2

−1

horiz

onta

l

st

abili

zer

(deg

)

time (sec)

Fig. 17. Rudder runaway (control signal).

7.2. Sensor faults. Now a sensor fault scenario is con-sidered. A general configuration representing the pro-posed sensor FTC scheme is given in Fig. 18. The out-

faultestimator

Controller Plantyref

fo

++

fo

u y

Fig. 18. Sensor fault tolerant control scheme.

put of the FDI module is the sensor fault estimate fo. Theestimated sensor fault fo will be used to correct the mea-sured output signal, and y − fo will be used in the con-trol law calculations to generate u. The controller is de-signed for an ‘up and away’ flight envelope with FlightPath Angle (FPA) and true airspeed (Vtas) as controlledoutputs. A nominal fault-free sliding mode controller hasbeen designed requiring the pitch rate, true airspeed, an-gle of attack, and pitch angle. A key aspect of the designis to establish the matrix Q from (42). For details, see thework of Alwi and Edwards (2008a). Principal component

Sliding mode methods for fault detection and fault tolerant control. . . 121

analysis based on the computed difference between the re-sponses of the linear/nonlinear model was used to obtainQ as suggested by Patton and Chen (1993).

Assume that the pitch rate, true air speed, and angleof attack (α) measurements are fault free and therefore

FT =[

0 0 0 1]. (71)

The reference command sequence is such that the aircraftis returned to (approximately) the initial flight conditions(Fig. 19). The nominal tracking error is shown in Fig. 20.The Root Mean Square (RMS) of the signal is 0.0150.

0 50 100 150 200 250 300 350 400 450 500−4

−2

0

2

4

Time (sec)

FP

A a

ngle

− (

deg)

0 50 100 150 200 250 300 350 400 450 500−5

0

5

10

15

20

25

Time (sec)

true

air

spee

d (m

/s)

ctrller performanceref cmd

Fig. 19. Nominal closed loop performance.

0 50 100 150 200 250 300 350 400 450 500−2

−1

0

1

2

Time (sec)

FP

A tr

acki

ng e

rror

(de

g)

Fig. 20. Flight path tracking error.

Now a fault on the pitch sensor is introduced. Thistakes the form of a slowly increasing drift in the form ofa ramp, which reaches a peak and then returns to nominalperformance. Figure 21 shows the effect on the trackingerror of using this faulty measurement in the control law.The performance of the closed loop system as shown inFig. 21 is dangerously unacceptable. This motivates theuse of the sensor fault tolerant control scheme shown inFig. 18. The same fault as deployed in Fig. 21 is intro-duced. Figure 22 shows the actual fault f0 and the esti-mate f0 obtained from the sliding mode observer. Usingthe sensor fault tolerant control scheme shown in Fig. 18,the closed loop performance is given in Fig. 23. Much bet-ter performance is maintained. In fact , the RMS in Fig. 23is 0.0154, which is close to the fault free case (0.0150).

0 50 100 150 200 250 300 350 400 450 500−4

−2

0

2

4

6

Time (sec)

FP

A tr

acki

ng e

rror

(de

g)

Fig. 21. Tracking error in the presence of a sensor fault (noFTC).

0 50 100 150 200 250 300 350 400 450 5000

1

2

3

4

5

6

Time (sec)

pitc

h (d

eg)

recons Foactual Fo

Fig. 22. Estimate of the fault signal f0.

0 50 100 150 200 250 300 350 400 450 500−2

−1

0

1

2

Time (sec)

FP

A tr

acki

ng e

rror

(de

g)

Fig. 23. Tracking error in the presence of a sensor fault (noFTC)

8. EL-AL Bijlmermeer accident

Figure 24 summarizes the results of piloted tests based onthe EL-AL 1862 failure scenario in which engines nos. 3and 4 detached from the right wing of a B747 and causeda significant damage (Edwards et al., 2010). The figureshows the comparisons between the implemented slidingmode CA scheme and the piloted classical controller. Fig-ure 24 clearly shows that the proposed scheme manages tomaintain nominal performance and achieve safe landing.Meanwhile, the piloted classical controller crashes duringthe final stage of the test flight before lining up with therunway.

9. Conclusions

Sliding mode methods have been historically studied be-cause of their strong robustness properties to a certainclass of uncertainty. This paper has considered how theseideas can be exploited for fault detection (specifically faultsignal estimation) using sliding mode observers, and sub-sequently fault tolerant control. It has discussed applica-tions of these ideas to aerospace systems. In particular,

122 C. Edwards et al.

0

0.5

1

1.5

2

2.5

x 104

−1

0

1

2

3

4

5

x 104

0

200

400

600

800

yexe

he

SMC: ELAL 1862 scenarioclassical: ELAL 1862 scenarioSMC: nominal

glideslope intercept

Xengine 3 & 4 missing

rightturn

rightturn

right turn&localizerintercept

start

end

X

X crash

Fig. 24. EL-AL incident flight path.

piloted flight simulator results associated with the EL-AL1862 Bijlmermeer scenario studied as part of the GAR-TEUR AG16 action group on fault tolerant control. Theresults demonstrate a successful real-time implementationof the proposed fault tolerant control scheme on a mo-tion flight simulator configured to represent the EL-ALaircraft.

Acknowledgment

The authors gratefully acknowledge the contribution ofProf. J.A. (Bob) Mulder and Olaf Stroosma from theAerospace Research Group at the Technical University ofDelft for their work on implementing the controllers onthe SIMONA simulator within the GARTEUR FM-AG16Action Group on Fault Tolerant Control. The contributionof the other members of FM-AG16 in the discussion anddevelopment of the benchmark is also acknowledged.

References

Alwi, H. and Edwards, C. (2008a). Fault detection and fault-tolerant control of a civil aircraft using a sliding-mode-based scheme, IEEE Transactions on Control SystemsTechnology 16(3): 499–510.

Alwi, H. and Edwards, C. (2008b). Fault tolerant control usingsliding modes with on-line control allocation, Automatica44(7): 1859–1866.

Alwi, H., Edwards, C., Stroosma, O. and Mulder, J.A. (2008).Fault tolerant sliding mode control design with piloted sim-ulator evaluation, AIAA Journal of Guidance, Control andDynamics 31(5): 1186–1201.

Alwi, H., Edwards, C., Stroosma, O. and Mulder, J.A. (2010).Evaluation of a sliding mode fault tolerant controller forthe EL-AL incident, AIAA Journal of Guidance, Controland Dynamics 33(3): 667–677.

Alwi, H., Edwards, C. and Tan, C. (2009a). Sliding mode es-timation schemes for incipient sensor faults, Automatica45(7): 1679–1685.

Banda, S. (1999). Special issue editorial, International Journalof Robust and Nonlinear Control 9(14): 997–998.

Bejarano, F., Fridman, L. and Poznyak, A. (2007). Hierarchicalobserver for strongly detectable systems via second ordersliding mode, Proceedings of the IEEE CDC’07, New Or-leans, LA, USA, pp. 3709–3713.

Blanke, M., Kinnaert, M., Lunze, J. and Staroswiecki, M.(2006). Diagnosis and Fault-Tolerant Control, 2nd Edn.,Springer, Berlin/Heidelberg.

Boskovic, J.D. and Mehra, R.K. (2002). Control allocation inoveractuated aircraft under position and rate limiting, Pro-ceedings of the American Control Conference, Anchorage,AL, USA, pp. 791–796.

Boyd, S., Ghaoui, L.E., Feron, E. and Balakrishnan, V. (1994).Linear Matrix Inequalities in Systems and Control Theory,SIAM, Philadelphia, PA.

Buffington, J., Chandler, P. and Pachter, M. (1999). On-line sys-tem identification for aircraft with distributed control effec-tors, International Journal of Robust and Nonlinear Con-trol 9(14): 1033–1049.

Chen, J. and Patton, R.J. (1999). Robust Model-Based Fault Di-agnosis for Dynamic Systems, Kluwer Academic Publish-ers, Boston, MA.

Chen, J., Patton, R. and Zhang, H. (1996). Design of unknowninput observers and robust fault detection filters, Interna-tional Journal of Control 63(1): 85–105.

Chen, J. and Zhang, H. (1991). Robust detection of faulty actua-tors via unknown input observers, International Journal ofSystems Science 22(10): 1829–1839.

Chen, W. and Saif, M. (2007). Actuator fault diagnosis for uncer-tain linear systems using a high-order sliding-mode robustdifferentiator, International Journal of Robust and Nonlin-ear Control 18(4–5): 413–426.

Darouach, M. (1994). On the novel approach to the design ofunknown input observers, IEEE Transactions on AutomaticControl 39(3): 698–699.

Davidson, J.B., Lallman, F.J. and Bundick, W.T. (2001). Real-time adaptive control allocation applied to a high perfor-mance aircraft, 5th SIAM Conference on Control & Its Ap-plication, San Diego, CA, USA, pp. 1–11.

Davila, A., Moreno, J.A. and Fridman, L. (2010). Variablegains super-twisting algorithm: A Lyapunov based design,IEEE American Control Conference, Baltimore, MD, USA,pp. 968–973.

Drazenovic, B. (1969). The invariance conditions in variablestructure systems, Automatica 5(3): 287–295.

Edelmayer, A., Bokor, J., Szabo, Z. and Szigeti, F. (2004). Inputreconstruction by means of system inversion: A geometricapproach to fault detection and isolation in nonlinear sys-tems, International Journal of Applied Mathematics andComputer Science 14(2): 189-199.

Sliding mode methods for fault detection and fault tolerant control. . . 123

Edwards, C., Lombaerts, T. and Smaili, H. (Eds.) (2010). FaultTolerant Flight Control: A Benchmark Challenge, Lec-ture Notes in Control and Information Sciences, Vol. 399,Springer-Verlag, Berlin/Heidelberg.

Edwards, C. and Spurgeon, S. (1994). On the development ofdiscontinuous observers, International Journal of Control59(4): 1211–1229.

Edwards, C. and Spurgeon, S.K. (1998). Sliding Mode Control:Theory and Applications, Taylor & Francis, London.

Edwards, C. and Spurgeon, S.K. (2000). A sliding mode con-trol observer based FDI scheme for the ship benchmark,European Journal of Control 6(4): 341–356.

Edwards, C., Spurgeon, S. and Patton, R. (2000). Sliding modeobservers for fault detection, Automatica 36(4): 541–553.

Edwards, C. and Tan, C.P. (2006). A comparison of sliding modeand unknown input observers for fault reconstruction, Eu-ropean Journal of Control 12(3): 245–260.

Enns, D. (1998). Control allocation approaches, AIAA Guidance,Navigation and Control Conference and Exhibit, Boston,MA, USA, pp. 98–108.

Floquet, T., Edwards, C. and Spurgeon, S. (2007). On slidingmode observers for systems with unknown inputs, Interna-tional Journal of Adaptive Control and Signal Processing21(8–9): 638–656.

Forssell, L. and Nilsson, U. (2005). ADMIRE, the aero-datamodel in a research environment version 4.0: Model de-scription, Technical Report FOI-R-1624–SE, Swedish De-fence Agency (FOI), Stockholm.

Fridman, L., Davila, J. and Levant, A. (2007). High-ordersliding-mode observation and fault detection, Proceedingsof the IEEE Conference on Decision and Control, New Or-leans, LA, pp. 4317–4322.

Harkegard, O. and Glad, S.T. (2005). Resolving actuatorredundancy—Optimal control vs. control allocation, Auto-matica 41(1): 137–144.

Haskara, I., Ozguner, U. and Utkin, V. (1998). On sliding modeobservers via equivalent control approach, InternationalJournal of Control 71(6): 1051–1067.

Hess, R.A. and Wells, S.R. (2003). Sliding mode control appliedto reconfigurable flight control design, Journal of Guid-ance, Control and Dynamics 26(3): 452–462.

Krasnova, S., Utkin, V. and Mikheev, Y. (2001). Cascade de-sign of state observers, Automation and Remote Control62(2): 207–226.

Levant, A. (2003). Higher-order sliding modes, differentiationand output-feedback control, International Journal of Con-trol 76(9–10): 924–41.

Moreno, J.A. and Osorio, M. (2008). A Lyapunov approach tosecond-order sliding mode controllers and observers, 47thIEEE Conference on Decision and Control, Cancun, Mex-ico, pp. 2856–2861.

Ng, K., Tan, C., Edwards, C. and Kuang, Y. (2007). New re-sults in robust actuator fault reconstruction in linear uncer-tain systems, International Journal Robust and NonlinearControl 17(4): 1294–1319.

Patton, R. (1997). Robustness in model-based fault diagnosis:The 1997 situation, IFAC Annual Reviews 21: 101–121.

Patton, R. and Chen, J. (1993). Optimal unknown input distribu-tion matrix selection in robust fault diagnosis, Automatica29(4): 837–841.

Patton, R., Frank, P. and Clark, R. (1989). Fault Diagnosis inDynamic Systems: Theory and Application, Prentice Hall,New York, NY.

Saif, M. and Guan, Y. (1993). A new approach to robust fault de-tection and identification, IEEE Transactions on Aerospaceand Electronic Systems 29(3): 685–695.

Sharam, R. and Aldeen, M. (2007). Fault detection in nonlin-ear systems with unknown inputs using sliding mode ob-server, Proceedings of the American Control Conference,New York, NY, USA, pp. 432–437.

Shtessel, Y., Buffington, J. and Banda, S. (2002). Tailless aircraftflight control using multiple time scale re-configurablesliding modes, IEEE Transactions on Control SystemsTechnology 10(2): 288–296.

Tan, C. and Edwards, C. (2010). Robust fault reconstruction inuncertain linear systems using multiple sliding mode ob-servers in cascade, IEEE Transactions on Automatic Con-trol 55(4): 855–867.

Tan, C.P. and Edwards, C. (2002). Sliding mode observers fordetection and reconstruction of sensor faults, Automatica38(2): 1815–1821.

Tan, C.P. and Edwards, C. (2003). Sliding mode observers forrobust detection and reconstruction of actuator and sensorfaults, International Journal of Robust and Nonlinear Con-trol 13(5): 443–463.

Theilliol, D., Join, C. and Zhang, Y. (2008). Actuator fault tol-erant control design based on a reconfigurable referenceinput, International Journal of Applied Mathematics andComputer Science 18(4): 553-560, DOI: 10.2478/v10006-008-0048-1.

Utkin, V.I. (1992). Sliding Modes in Control Optimization,Springer-Verlag, Berlin.

Wang, J., Tsang, K., Li, G. and Zhang, L. (2003). Cas-cade observer-based fault diagnosis for nonlinear systems,Proceedings of the IASTED International Conference onModelling, Simulation and Optimization, Banff, Alberta,Canada, pp. 253–258.

Zhou, K., Doyle, J. and Glover, K. (1996). Robust and OptimalControl, Prentice Hall, Upper Siddle River, NJ.

Christopher Edwards was born in Swansea,South Wales. He graduated from Warwick Uni-versity in 1987 with a B.Sc. in mathematics.In 1987–91 he was employed as a research of-ficer for British Steel Technical in Port Talbot,where he was involved with mathematical mod-elling of rolling and finishing processes. In 1991he moved to Leicester University as a Ph.D. stu-dent supported by a British Gas Research Schol-arship and was awarded a Ph.D. in 1995. He was

appointed as a lecturer in the Control Systems Research Group at Le-icester University in 1996, and promoted to a senior lecturer in 2004 anda reader in 2007. He is a co-author of over 180 refereed papers and twobooks on sliding mode control.

124 C. Edwards et al.

Halim Alwi was born in Klang, Malaysia. Af-ter completing his secondary school educationat the Royal Military College, Kuala Lumpur,Malaysia, he studied at the University of Leices-ter, UK, and graduated in 2000 with a B.Eng.(Hons.) degree in mechanical engineering. In2000–2004 he was an engineer at the New StraitsTimes Press, Malaysia, where he was involved inthe installation and commissioning of a new au-tomated system for the mailroom, as well as over-

seeing the maintenance of mailroom machines. He obtained his Ph.D. in2008 from the University of Leicester in the area of fault tolerant controlapplied to aerospace systems.

Chee Pin Tan obtained a B.Eng. (Hons.) inelectrical and electronic engineering and a Ph.D.from the University of Leicester, UK, in 1998 and2002, respectively. Currently he is a senior lec-turer at the School of Engineering, Monash Uni-versity (Sunway Campus) in Malaysia. His re-search interests include sliding mode observersand robust fault reconstruction.

Received: 23 January 2011Revised: 23 June 2011