FDI tells you something is wrong. Fault-Tolerant Control is what the controller does about it. The question splits cleanly into two philosophies — passive (design once to absorb a known class of faults without ever knowing one occurred) and active (detect the fault, then reconfigure). Almost every working system uses some mix of both.
This monograph is the second of a four-part series on diagnostics and fault-handling:
- Fault Detection and Isolation
- Fault-Tolerant Control (this post)
- Prognostics and Health Management
- Frontiers in Diagnostics
What it covers
Six chapters plus references. About thirty-five minutes to read.
§1 — The response after the diagnosis. Why fault-tolerance is a control problem in its own right, not just a downstream consequence of detection.
§2 — Passive FTC. Designed to absorb. Robust controllers, sliding modes, designed-in redundancy. The “set it and forget it” approach that ships in mass-produced systems where intelligent reconfiguration would be too expensive.
§3 — Active FTC. Detect, then reconfigure. The harder problem; the more powerful approach. Control allocation, online identification, reference model adaptation.
§4 — The reference governor. A clever trick — reshape what the controller is asked to do in response to the fault, rather than reshape the controller itself. Often simpler and more reliable.
§5 — Graceful degradation. The practical face of FTC. What ships in real automotive, aerospace, and industrial systems. Limp-home modes. Emergency stops with style.
§6 — Stability and performance during the transition. The hardest question. The plant is changing, the controller is reconfiguring, and you have to guarantee stability the whole time.
Read it
← Back to Autonomy