The Development of Safety Control Systems
Over the last few years, the growing demand for safety, survivability, and high-precision control performance in aerospace engineering systems has motivated significant research on fault-tolerant control systems (FTCSs) and anti-disturbance control systems (ADCSs). The major objective of FTCSs and ADCSs, named as safety control systems (SCSs) in this monograph, is to effectively handle abnormal situations under more realistic aerospace vehicle operations where both faults and disturbances could occur simultaneously, so that the safety can be guaranteed. An autonomous SCS should consist of dis- turbance/fault analysis, task reconfiguration, and safety control law, respectively. Before designing an autonomous SCS, it is of paramount importance to analyze the impact of uncertainty, disturbances, and faults that may induce catastrophic consequences. The system may no longer accomplish the preassigned task, due to the capability of the overall system is degraded. In this case, task should be reconfigured according to the quantitative analysis of capability. Subsequently, safety control law is triggered autonomously to ensure the safety of the system. Note that this monograph focuses on the disturbance/fault analysis and safety control law design. In the following, the existing FTCS and ADCS approaches are reviewed.
A control system that can accommodate faults among system components automatically while maintaining system stability along with a desired level of overall performance is denoted as a FTCS [1, 2, 3, 4]. Several approaches of designing FTCSs have been developed for safety-critical applications [1, 2, 3,
In an FTCS, the achievable system performance depends on the availability of redundancies in the control system as well as the design approaches used in the synthesis of fault-tolerant controllers. Depending on how redundancies are being utilized, current FTCSs can be classified into two categories, namely, active FTCSs [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17], and passive FTCSs [18, 19, 20, 21, 22, 23, 24, 25, 26, 27]. These two approaches use different design methodologies for the same control objective. Even though, as far as the main control objectives are concerned, both methods lead to similar results, however, due to the distinctive design approaches used, each method can result in some unique properties.
A systematic development of fault-tolerant control (FTC) is presented in . The authors consider the entire design process for FTC from engineering of interfaces to structural implementation. A temperature control loop for a fluid cooling system and an attitude control system for a satellite are selected as examples to illustrate the development process. The state-of-the-art of FTCS technologies for aerospace systems has been examined . It provides a comprehensive literature review covering most areas of FTC. Design of FTC, role of FDD unit, and the interaction between the FTC and the FDD are investigated. Based on the concept of redundancies, an introductory overview on the development of FTCS is presented by  from a practical and industrial perspective. The analysis techniques for active and passive FTCSs are listed. By using several practical applications, such as commercial jets and nuclear power plants, the relationships among redundancy, safety, and performance are explained. The philosophies of active and passive FTCSs are given as well as the potential challenges.  presents an extensive bibliographical review on the historical and current development in active FTCS. The motivation, objective, and structure of active FTCS are discussed. The existing methodologies on FDD and reconfigurable control are classified based on algorithm and field of applications. The features of current techniques are briefly summarized.
In addition to malfunctions, multiple disturbances widely exist in any aerospace vehicles. Multiple disturbances create great difficulties of achieving high-precision control performance and high degree of safety . The disturbances and noises can be characterized as an uncertain norm-bounded variable, a harmonic, a step signal, a non-Gaussian/Gaussian random variable, a variable with bounded change rate, output variables of a neutral stable system, and other types of disturbances. Furthermore, multiple disturbances arising from multiple resources are exposed on various channels of aerospace engineering system. Depending on the different places where disturbances act on, disturbances can be further categorized into internal disturbances, external disturbances, and model uncertainties, respectively. In an effort to enhance both the performance and safety, the issue of disturbance attenuation or rejection has drawn tremendous research interest in aerospace engineering community.