Fault Detection and Isolation using Viability Theory and Interval Observers

This paper proposes the use of interval observers and viability theory in fault detection and isolation (FDI). Viability theory develops mathematical and algorithmic methods for investigating the adaptation to viability constraints of evolutions governed by complex systems under uncertainty. These methods can be used for checking the consistency between observed and predicted behavior by using simple sets that approximate the exact set of possible behavior (in the parameter or state space). In this paper, fault detection is based on checking for an inconsistency between the measured and predicted behaviors using viability theory concepts and sets. Finally, an example is provided in order to show the usefulness of the proposed approach.


Introduction
Conventional feedback control systems are vulnerable to malfunctions in sensors, actuators or other system components. So, diagnosing which kind of faults are developing is an important task to prevent physical damage and performance degradation. Fault detection and isolation (FDI) could also lead to more reliable and efficient systems. Set theory has been started to be used in fault detection and fault tolerant context since more that one decade [12]. There are two main approaches in using set theory for fault detection: the set-membership and the set-invariance approach. One of the most used techniques in the set-membership approach is based on interval observers. Interval observer-based fault detection (FD) consists in generating adaptive intervals for system outputs by considering the bounds of uncertainties, propagating their effect through the mathematical models of the system and testing the consistency between the predicted output intervals and the corresponding measurements of outputs [5], [8]. Another set-theoretic fault detection and isolation (FDI) approach is to consider invariant sets. A system can switch among several modes (a healthy one and at least a faulty one). For each mode, an invariant set for the residual can be obtained [11]. Once the system operates in steady state, it is possible to confine the residual to one of these invariant sets and, as long as all the invariant sets are disjoint, FDI can be performed. Most importantly, in the case that the invariant sets intersect, FD can still be done whenever the residual exits its healthy invariant set [15], [11]. An extensive comparison between these two approaches has been done in [17].
Viability theory develops mathematical and algorithmic methods for investigating the adaptation to viability constraints of evolutions governed by complex systems under uncertainty [2]. Viability is a theory that until now mostly used in safety verification in control systems [7]. It provides some concepts that is actually more general than what is used in set theory for fault detection. Viability kernel is an acceptable tool for safety verification. However, the problem with this theory is how to compute the involved sets. Nowadays, there have been proposed some algorithms that can approximate this kernel effectively. The algorithms are surveyed in this paper. This theory is used in different areas of study like economics, biology and etc. Finding the concepts that can be used in fault detection is major contribution of this paper. Also, we compare these concepts with the concepts in set theory that are used for fault detection.
The main contribution of this paper is to propose the combined use of interval observers and viability theory in fault detection and isolation (FDI). Fault detection is based on checking for an inconsistency between the measured and predicted behaviors using viability theory concepts and sets. Finally, an example is provided in order to show the usefulness of the proposed approach.
This paper is organized as follows. In Section 2, some definitions and preliminary concepts are provided in context of viability theory. Also, some algorithms in finding some important sets as the viability kernel are investigated. How viability theory can be used in fault detection and isolation is a task that is carried out in Section 3. In Section 4, the viability based FDI approach is integrated with the interval observer approach. An illustrative example is provided in Section 5 in order to show the concepts. Finally, in Section 6 concluding remarks are drawn.

Preliminary Concepts
In this section, some concepts of viability theory are recalled that can be used in fault detection and isolation [2]. Assume a simple nonlinear autonomous system in differential inclusion form: It is assumed that the above system is defined in a proper open set O ⊆ R n and that there exist a globally defined solution for every initial condition x (0) ∈ O. The evolutionary system: S : X → C (0, +∞; X) maps any initial state x ∈ X to the set S (x) of evolutions x (.) starting from x (0) and governed by differential inclusion (1).

Concepts definition
Definition 1 (Invariance Kernel) Let K ⊂ X be an environment and C ⊂ K be a target. The subset Inv S (K,C) of initial states x (0) ∈ K such that all evolutions x (t) ∈ S (x) starting at x (0) are viable in K for all t 0 or viable in K until they reach C in finite time is called the invariance kernel of K with target C under S. The above definition is similar to the invariance set definition in set theory that has been used extensively for fault detection recently, see for example [11], [15]. In viability theory, there are some more general concepts that can be used in fault detection and isolation.
Definition 2 (Viability Kernel). The viability kernel of K under the evolutionary system S is the set Viab S (k) of initial states x (0) ∈ K from which starts at least one evolution x (t) ∈ S (x) viable in K for all times t 0: Definition 3 (Capture Basin). The capture basin of C (viable in K) under the evolutionary system S is the set Capt S (K,C) of initial states x (0) ∈ K from which starts at least one evolution x (t) ∈ S (x) viable in K on [0, T ) until the finite time T when the evolution reaches the target at x (T ) ∈ C.

Algorithms
The viability kernel has been approximated using two main group of methods: Eulerian methods and Lagrangian methods. First Eulerian algorithm was proposed by Saint Pierre [13]. In this one, the socalled viability algorithm, the continuous dynamical system of the forṁ is considered. This algorithm provides an approximation of the viability kernel when f is Lipschitz. The idea of the algorithm is first to discretize the dynamical system in time. Choosing a time step dt and using the Euler approximation of system (3): then using discretization in the state space and defining a grid of points K h of resolution h covering K such that: Then, Saint-Pierre considers the sequence And there exits one integer p such that This sequence gives an iterative algorithm to approximate viability kernels by using a discrete approximation. In summary, the algorithm can be described as: where K is initial guess and Moreover, Saint-Pierre shows that when f is µ-Lipschitz, the discrete viability kernel tends to the viability kernel of the initial system when the resolution of the grid h tends to 0. Level set approach is also an Eulerian algorithm that is proposed in [9]. Eulerian methods requires gridding state space and time, hence, their run time and memory complexity grow exponentially with the state dimension. In practice, this approach is infeasible for systems with more than three or fourt states.
Lagrangian methods also have been applied to the computation of viability kernels, for example in [3], but the implementation has relied on polyhedral set representations that also do not scale well with the number of states. Lagrangian methods have been applied successfully to the computation of reachable sets [6]. In contrast to Eulerian methods, Lagrangian methods use representations that follow the vector field's flow. Since Lagrangian methods do not depend on gridding the state space, it is computationally feasible to analyse high-dimensional systems. In [7], an algorithm is proposed to approximate viability kernel using maximal reach sets. It is shown that (5) can be reformulated in terms of backward reach set over one discrete time step:  3. Fault Detection and Isolation using Viability Theory 3.1. Review of FDI using sets A fault in a dynamical system is a deviation of the system structure or the system parameters from the nominal situation. The principle of model-based fault detection is to test whether the measured system inputs and outputs are consistent with the system behavior described by a fault-less model. If the measurements are inconsistent with the model of the healthy system, the existence of a fault is proved. For a dynamical system, consider that the output y (t) is the reaction of the plant to the input u (t). The pair (u, y) is called input/output (I/O) pair. (U,Y ) is the set of all possible I/O pairs. Faults leads to deviations of the dynamical input/output (I/O) properties of the plant from the nominal ones and hence, change the performance of the closed-loop system which further results in a degradation or even the loss of the system function.
A fault changes the system behavior as illustrated in Fig. 4. If the system works in white set (A), it is working in healthy mode. The system behavior can be moved by a fault toward the grey set (B). If a common input u is applied to the healthy and faulty systems, then both systems answer with different outputs A = (u, y A ) and B = (u, y B ). This change in the system behavior makes the detection of the fault possible, unless the faulty I/O pair lies in the intersection of A and B.
For isolation of more than one fault, in each faulty situations, a proper set must be determined. For example, in Fig. 4, there are two faulty cases, f 1 and f 2 . If the I/O pair lies in the set b, our suggestion is that the system is working in faulty mode f 1 . But, if the I/O pair lies in set C, it is more probable that the system works in the faulty mode f 2 . If the I/O pair is in the intersection and outside of these predefined sets, nothing can be said about the system status.
The basic idea of using sets in fault detection is to find a predefined set that can assure safety if the system works on that set (see Fig. 5).
In the framework of the analytical redundancy concept, the process model that is driven by the same process input will run in parallel to the process. It is reasonable to expect that, in the fault-free case, both process and its model shows similar behavior. Comparing outputs leads to a signal that can be used

Fault detection using viability theory
Using the viability theory concepts introduced in Section 2, the FDI problem presented in previous section using sets can be addressed using viability theory concepts. These concepts can be used for evaluating the residual as it is shown in Fig. 6 and illustrated in the following subsections.

Steady State
As with all the methods based on the set invariance approach, we can use invariance kernel for fault detection. Hence, residual signal must lie in the invariance kernel of the system residual under healthy functioning, i.e., r (k) ∈ Inv S r (K,C) in which C can be any arbitrary target around equilibrium point. If the residual exits its healthy invariant set, it indicates that a fault has occurred. Otherwise, it is assumed that the system is still healthy.

Transient
In transient state, because changes in system states are somewhat unpredictable and also, we do not know initial state of system, we cannot use invariance kernel in fault detection appropriately. In this situation, the question to be answered is: Is there any possible action that bring our system near steady state? Translating this question to the concepts in viability theory, we can use viability kernel for fault detection r (k) ∈ Viab S r (K,C) That is while the system is in the viability kernel means that the system can find a way to be safe. Actually in this manner, we can not say anything about convergence of the system toward steady-state. Note that in the constructing viability kernel, system constraints are considered. So, being in viability kernel also means the system do not violate constraints. Satisfying constraints and have the opportunity to come back to steady state can ensure us that our system is in healthy state.
In most practical cases, we have time constraint in the transient mode, which means system must come back near steady state in finite time. In this situation, we can use capture basin for fault detection.
r (k) ∈ Capt S r (K,C) It means that the system has a limited time T to go to steady state. So, being in capture basin means that the system can find a way to come back to target in limited time instants. The point is that a target can be

Fault isolation using viability theory
Consider that our system can have i = 0, 1, 2, ..., N different states: The first one is healthy mode and others are different faulty modes to be detected. In this situation, considering that we can construct a kernel for every types of fault, faults can be isolated if kernels are separable. Therefore, residual equation is written for every fault as follows: So, the condition for faults to be isolable is that those kernels are separable: Considering this condition, if r (k) ∈ Inv S r 1 (K,C) means that the system have works in mode 1 in steady state, that is actually a faulty situation.

Interval observers
The application of the viability theory to FDI requires the generation of the residual signal. Residuals can be generated in many ways as discussed in [4]. A particular well established way of residual generation is based on the use of observers. Viability theory is well suited for dealing with FDI in non-linear systems since most of the concepts have been developed in this context (see Section 2). Designing observers for nonlinear systems is a difficult problem. A possible approach to deal with the observer design for for nonlinear systems by approximating them as linear parameter varying (LPV) system [14] and apply LMI based designs. LPV is a class of nonlinear systems whose state space matrices depend on a set of timevarying parameters that are not known in advance, but it can be measured or estimated upon operation of the system [1]. The system to be monitored can be described by a nonlinear uncertain dynamic model in a state-space form as follows: is measurement noise and F i is actuator fault matrix: if F i = 1, the system is working in healthy mode, otherwise there is fault in the actuator. The parameter ρ is an a priori unknown time-varying parameter whose measurement is available. For design purposes, the LPV system (13) can be expressed in polytopic form for certain constant matrices A j , B j ,C j and continuous functions ζ j such that ζ j (ρ) 0 and N ∑ j=1 ζ j (ρ) = 1 for all ρ. Assume that the pairs A j , B j are stabilisable and the pairs A j ,C j are detectable for j = 1, ..., N. An LPV observer for this system is defined as: where u(k) ∈ U is the measured system input vector,x (k) ∈X is the estimated system state vector,ŷ (k) is the estimated system output vector, the uncertain variables ω (k) and η (k) are used to describe the effect of variable ω (k) and η (k) on the plant (13), respectively. The uncertain variables ω (k) and η (k) are different from ω (k), but are defined to have the same bounds, respectively (i.e. ω (k) ∈ W and η (k) ∈ V ). According to [10], taking into account uncertainty bounds when obtaining the observer estimation, intervals that bound the estimated state and output can be generated. This type of observer is known as an interval observer and it is well accepted approach in robust FDI.
The observer gains L j have to be designed in order to stabilize the observer given by (14). According to [10], observer gain can be determined through the following LMIs: where L j = W j X −1 j T . In order to be able to detect a fault, a residual is generated: where the state estimation errorx (k) of the observer is defined as Furthermore, by using (13) and (14), the dynamics ofx (k) can be derived as Consider the evolutionary system S r : X → C (0, +∞; X) maps any initial state x ∈ X to the set S r (x) of evolutions x (.) starting from x (0) and governed by 16.

Interval observers and set invariance
Recently, a lot of effort have been done in order to use interval observers and set invariance in fault detection and isolation, see for example [8], [14]. In [17], a relationship between these two methods is constructed. Interval observers have the advantage of considering noise and uncertainty in on-line phase of fault detection, which makes this method more robust, but with more computational demand. Set invariance is more conservative than interval observer, but it has guaranteed fault detection capability. Interval observers and set invariance are used for fault detection in steady state. Here, we propose using viability theory in order to make it possible to detect faults in transient states combining interval observers for generating residuals and viability theory concepts for evaluating them in FDI as described in Section 4. The main motivation for this integration is because viability offers a general framework for dealing with nonlinear systems. Another thing is that in viability theory, sets can be defined without considering any specific shape (as e.g., ellipsoids or zonotopes), which makes it less conservative and more general implementation can be achieved.

Illustrative Example
In this section, the fault detection scheme developed in previous sections is applied to a two-tank nonlinear SISO system described by [14] h where u (t) is the voltage applied to the pump, h 1 (t), h 2 (t) are system states, ω 1 (t), ω 2 (t) are bounded state perturbation and the parameters are as follows: S = 15.5179cm 2 is the cross section area of the tanks; s = 0.1781cm 2 the cross section of the tanks outflow orifice; κ = 3.3cm 3 V s the gain of the pump; and g = 981cm s 2 the gravitational constant. After Euler discretisation with sampling period τ = 1 s, the whole system is formulated in its quasi-LPV form through parameter non-linear embbeding approach where actuator fault is modelled by F i and is measurement noise matrix. Disturbances and noises are considered bounded by means of zonotopes with center in 0.01 and segment of 0.01. The varying parameters can be shown as , i = 1, 2 The system states and parameters are bounded as Hence, an LPV model with convex polytopic description can be obtained from (19) by taking α i A i . These weights can be computed using following equations, which is valid for the case of polytopes with four vertices:  Considering (14) as observer and using (15), observer gains are derived as: Initial condition for the system is 10 0 T and for the observer is 8 3 T .Residual signal can be defined as Invariance kernel, viability kernel and capture basin for residual signal in healthy mode are shown in Fig.  7. This figure is only for comparing the size of the kernels for residual signal with one graded axes.  Figure 9. Invariance kernel, capture basin and viability kernel for residual signal presented including two faults in the actuator parameterised as in (13) F 1 = 0, 200 k 400 F 2 = 0.5, 700 k 900 The residual signal from (16) is depicted in Fig. 9. It is clear that residual in steady state is inside the invariance kernel in healthy mode. Fault makes the residual going outside invariance kernel, which means a fault occur. The first fault also makes the residual going outside the capture basin, which means there is no possibility to come back to invariance kernel in less that five sample times. In both situations, when fault disappears, it takes more than ten sample times to come back to invariance kernel. But, for second fault, we can not say that there is a fault in transient mode, as long as it lies in capture basin. During the whole simulation time, residual lies in viability kernel, which means system is safe and have the opportunity to come back to invariance kernel.
Invariance kernel for the applied faults can be detemined to be in [−1.2, −1.45] for the first fault and to be [−0.3, −0.5] for the second fault. Because, invariance kernel in healthy and faulty modes are separable according to Section 3.3, so the faults can be isolated. In Fig. 10, it can be seen that when fault occurs, residual signal goes from healthy invariance kernel to one of faulty invariance kernels.

Conclusions
In this paper, the application of viability theory to fault detection and isolation has been developed regarding its application to nonlinear systems. Concepts of invariance kernel, viability kernel and capture basin are introduced and adapted to be used in fault detection and isolation. It is shown that fault detection and isolation in steady state and transient mode can be done using those proposed concepts. Moreover, the integration of the proposed fault detection and isolation approach with interval observers has been presented. Finally, a simulation has been done in order to show effectiveness of the proposed approach.
The main advantage of this approach is that fault detection can be carried out in transient mode. Using interval observer, noise can be considered in residual generation phase. Therefore, the proposed method is more robust against noises. The difficulty with fault detection in transient mode is residual evaluation that can be done by viability theory concepts. The main drawback of this method is the difficulty with computation of these kernels.